Skip to content

Commit

Permalink
Merge pull request #5337 from julienduchesne/import-web-acl-rule
Browse files Browse the repository at this point in the history 
Allow WAF web ACL rule import
  • Loading branch information
@bflad
bflad authored Jul 26, 2018
2 parents 7a6a7a9 + 98acda2 commit 153dfbc
Show file tree
Hide file tree
Showing 3 changed files with 84 additions and 38 deletions.
3 changes: 3 additions & 0 deletions aws/resource_aws_waf_web_acl.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ func resourceAwsWafWebAcl() *schema.Resource {
Read: resourceAwsWafWebAclRead,
Update: resourceAwsWafWebAclUpdate,
Delete: resourceAwsWafWebAclDelete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},

Schema: map[string]*schema.Schema{
"name": &schema.Schema{
Expand Down
109 changes: 71 additions & 38 deletions aws/resource_aws_waf_web_acl_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,35 +16,44 @@ import (
func TestAccAWSWafWebAcl_basic(t *testing.T) {
var v waf.WebACL
wafAclName := fmt.Sprintf("wafacl%s", acctest.RandString(5))
resourceName := "aws_waf_web_acl.waf_acl"

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSWafWebAclDestroy,
Steps: []resource.TestStep{
resource.TestStep{
{
Config: testAccAWSWafWebAclConfig(wafAclName),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSWafWebAclExists("aws_waf_web_acl.waf_acl", &v),
testAccCheckAWSWafWebAclExists(resourceName, &v),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "default_action.#", "1"),
resourceName, "default_action.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "default_action.4234791575.type", "ALLOW"),
resourceName, "default_action.4234791575.type", "ALLOW"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "name", wafAclName),
resourceName, "name", wafAclName),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "rules.#", "1"),
resourceName, "rules.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "metric_name", wafAclName),
resourceName, "metric_name", wafAclName),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
// The WAF ACL rule resource doesn't GET rules
ImportStateVerifyIgnore: []string{"rules"},
},
},
})
}

func TestAccAWSWafWebAcl_group(t *testing.T) {
var v waf.WebACL
wafAclName := fmt.Sprintf("wafaclgroup%s", acctest.RandString(5))
resourceName := "aws_waf_web_acl.waf_acl"

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Expand All @@ -54,19 +63,26 @@ func TestAccAWSWafWebAcl_group(t *testing.T) {
resource.TestStep{
Config: testAccAWSWafWebAclGroupConfig(wafAclName),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSWafWebAclExists("aws_waf_web_acl.waf_acl", &v),
testAccCheckAWSWafWebAclExists(resourceName, &v),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "default_action.#", "1"),
resourceName, "default_action.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "default_action.4234791575.type", "ALLOW"),
resourceName, "default_action.4234791575.type", "ALLOW"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "name", wafAclName),
resourceName, "name", wafAclName),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "rules.#", "1"),
resourceName, "rules.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "metric_name", wafAclName),
resourceName, "metric_name", wafAclName),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
// The WAF ACL rule resource doesn't GET rules
ImportStateVerifyIgnore: []string{"rules"},
},
},
})
}
Expand All @@ -75,6 +91,7 @@ func TestAccAWSWafWebAcl_changeNameForceNew(t *testing.T) {
var before, after waf.WebACL
wafAclName := fmt.Sprintf("wafacl%s", acctest.RandString(5))
wafAclNewName := fmt.Sprintf("wafacl%s", acctest.RandString(5))
resourceName := "aws_waf_web_acl.waf_acl"

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Expand All @@ -84,35 +101,42 @@ func TestAccAWSWafWebAcl_changeNameForceNew(t *testing.T) {
{
Config: testAccAWSWafWebAclConfig(wafAclName),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSWafWebAclExists("aws_waf_web_acl.waf_acl", &before),
testAccCheckAWSWafWebAclExists(resourceName, &before),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "default_action.#", "1"),
resourceName, "default_action.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "default_action.4234791575.type", "ALLOW"),
resourceName, "default_action.4234791575.type", "ALLOW"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "name", wafAclName),
resourceName, "name", wafAclName),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "rules.#", "1"),
resourceName, "rules.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "metric_name", wafAclName),
resourceName, "metric_name", wafAclName),
),
},
{
Config: testAccAWSWafWebAclConfigChangeName(wafAclNewName),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSWafWebAclExists("aws_waf_web_acl.waf_acl", &after),
testAccCheckAWSWafWebAclExists(resourceName, &after),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "default_action.#", "1"),
resourceName, "default_action.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "default_action.4234791575.type", "ALLOW"),
resourceName, "default_action.4234791575.type", "ALLOW"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "name", wafAclNewName),
resourceName, "name", wafAclNewName),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "rules.#", "1"),
resourceName, "rules.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "metric_name", wafAclNewName),
resourceName, "metric_name", wafAclNewName),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
// The WAF ACL rule resource doesn't GET rules
ImportStateVerifyIgnore: []string{"rules"},
},
},
})
}
Expand All @@ -121,6 +145,7 @@ func TestAccAWSWafWebAcl_changeDefaultAction(t *testing.T) {
var before, after waf.WebACL
wafAclName := fmt.Sprintf("wafacl%s", acctest.RandString(5))
wafAclNewName := fmt.Sprintf("wafacl%s", acctest.RandString(5))
resourceName := "aws_waf_web_acl.waf_acl"

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Expand All @@ -130,42 +155,50 @@ func TestAccAWSWafWebAcl_changeDefaultAction(t *testing.T) {
{
Config: testAccAWSWafWebAclConfig(wafAclName),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSWafWebAclExists("aws_waf_web_acl.waf_acl", &before),
testAccCheckAWSWafWebAclExists(resourceName, &before),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "default_action.#", "1"),
resourceName, "default_action.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "default_action.4234791575.type", "ALLOW"),
resourceName, "default_action.4234791575.type", "ALLOW"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "name", wafAclName),
resourceName, "name", wafAclName),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "rules.#", "1"),
resourceName, "rules.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "metric_name", wafAclName),
resourceName, "metric_name", wafAclName),
),
},
{
Config: testAccAWSWafWebAclConfigDefaultAction(wafAclNewName),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSWafWebAclExists("aws_waf_web_acl.waf_acl", &after),
testAccCheckAWSWafWebAclExists(resourceName, &after),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "default_action.#", "1"),
resourceName, "default_action.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "default_action.2267395054.type", "BLOCK"),
resourceName, "default_action.2267395054.type", "BLOCK"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "name", wafAclNewName),
resourceName, "name", wafAclNewName),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "rules.#", "1"),
resourceName, "rules.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_web_acl.waf_acl", "metric_name", wafAclNewName),
resourceName, "metric_name", wafAclNewName),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
// The WAF ACL rule resource doesn't GET rules
ImportStateVerifyIgnore: []string{"rules"},
},
},
})
}

func TestAccAWSWafWebAcl_disappears(t *testing.T) {
var v waf.WebACL
wafAclName := fmt.Sprintf("wafacl%s", acctest.RandString(5))
resourceName := "aws_waf_web_acl.waf_acl"

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Expand All @@ -175,7 +208,7 @@ func TestAccAWSWafWebAcl_disappears(t *testing.T) {
{
Config: testAccAWSWafWebAclConfig(wafAclName),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSWafWebAclExists("aws_waf_web_acl.waf_acl", &v),
testAccCheckAWSWafWebAclExists(resourceName, &v),
testAccCheckAWSWafWebAclDisappears(&v),
),
ExpectNonEmptyPlan: true,
Expand Down
10 changes: 10 additions & 0 deletions website/docs/r/waf_web_acl.html.markdown
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,3 +92,13 @@ See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ActivatedRule.
In addition to all arguments above, the following attributes are exported:

* `id` - The ID of the WAF WebACL.

## Import

WAF Web ACL can be imported using the `id`, e.g.

```
$ terraform import aws_waf_web_acl.main 0c8e583e-18f3-4c13-9e2a-67c4805d2f94
```

~> **Note:** The `rules` will not be imported.

0 comments on commit 153dfbc

Please sign in to comment.