filter: move validation to schema

While making changes to filters you need to run apply to actually find out whether the expression is valid. This is a slow feedback cycle for developers and there is an API endpoint that allows you to validate expressions before using them so it's a no brainer to improve the validation in the schema. This updates the ValidateFunc for expression to call out to the validation API endpoint and raise those exceptions earlier in the development cycle. Take 2 of #848 now that API tokens are supported in the routes. Closes #846
cloudflare · Nov 1, 2021 · 53dfba5 · 53dfba5
1 parent c6a77db
commit 53dfba5
Show file tree

Hide file tree

Showing 3 changed files with 82 additions and 3 deletions.
diff --git a/.changelog/1290.txt b/.changelog/1290.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/cloudflare_filter: move `expression` validation into schema
+```
diff --git a/cloudflare/resource_cloudflare_filter.go b/cloudflare/resource_cloudflare_filter.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"html"
 	"log"
+	"os"
 	"strings"
 
 	cloudflare "github.com/cloudflare/cloudflare-go"
@@ -38,6 +39,29 @@ func resourceCloudflareFilter() *schema.Resource {
 				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
 					return strings.TrimSpace(new) == old
 				},
+				ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) {
+					var api *cloudflare.API
+					var err error
+
+					// Establish a bare bones cloudflare client to make the validation call.
+					if os.Getenv("CLOUDFLARE_API_TOKEN") != "" {
+						api, err = cloudflare.NewWithAPIToken(os.Getenv("CLOUDFLARE_API_TOKEN"), cloudflare.UserAgent("terraform-provider-cloudflare/unknown"))
+						if err != nil {
+							log.Fatal(err)
+						}
+					} else {
+						api, err = cloudflare.New(os.Getenv("CLOUDFLARE_API_KEY"), os.Getenv("CLOUDFLARE_EMAIL"), cloudflare.UserAgent("terraform-provider-cloudflare/unknown"))
+						if err != nil {
+							log.Fatal(err)
+						}
+					}
+
+					expression := val.(string)
+					if err := api.ValidateFilterExpression(context.Background(), expression); err != nil {
+						errs = append(errs, fmt.Errorf("filter expression is invalid: %s", err))
+					}
+					return
+				},
 			},
 			"description": {
 				Type:         schema.TypeString,

diff --git a/cloudflare/resource_cloudflare_filter_test.go b/cloudflare/resource_cloudflare_filter_test.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"regexp"
 	"testing"
 
 	"github.com/cloudflare/cloudflare-go"
@@ -42,7 +43,7 @@ func testSweepCloudflareFilterSweeper(r string) error {
 	return nil
 }
 
-func TestAccFilterSimple(t *testing.T) {
+func TestAccCloudflareFilter_Simple(t *testing.T) {
 	rnd := generateRandomResourceName()
 	name := "cloudflare_filter." + rnd
 	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")
@@ -67,6 +68,57 @@ func TestAccFilterSimple(t *testing.T) {
 	})
 }
 
+func TestAccCloudflareFilter_InvalidExpressionWithAPIToken(t *testing.T) {
+	// Temporarily unset CLOUDFLARE_API_TOKEN to confirm users depending on API
+	// tokens can also work with the filter validation.
+	if os.Getenv("CLOUDFLARE_API_TOKEN") != "" {
+		defer func(apiToken string) {
+			os.Setenv("CLOUDFLARE_API_TOKEN", apiToken)
+		}(os.Getenv("CLOUDFLARE_API_TOKEN"))
+		os.Setenv("CLOUDFLARE_API_TOKEN", "")
+	}
+	rnd := generateRandomResourceName()
+	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config:      testFilterInvalidExpression(rnd, zoneID),
+				ExpectError: regexp.MustCompile("filter expression is invalid"),
+			},
+		},
+	})
+}
+
+func TestAccCloudflareFilter_InvalidExpressionWithAPIKey(t *testing.T) {
+	rnd := generateRandomResourceName()
+	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config:      testFilterInvalidExpression(rnd, zoneID),
+				ExpectError: regexp.MustCompile("filter expression is invalid"),
+			},
+		},
+	})
+}
+
+func testFilterInvalidExpression(resourceID, zoneID string) string {
+	return fmt.Sprintf(`
+		resource "cloudflare_filter" "%[1]s" {
+		  zone_id = "%[2]s"
+		  paused = "true"
+		  description = "example"
+		  expression = "(foo eq \"bar\")"
+		}
+		`, resourceID, zoneID)
+}
+
 func testFilterConfig(resourceID, zoneID, paused, description, expression string) string {
 	return fmt.Sprintf(`
 		resource "cloudflare_filter" "%[1]s" {
@@ -89,7 +141,7 @@ EOF
 }
 `
 
-func TestAccFilterWhitespace(t *testing.T) {
+func TestAccCloudflareFilter_Whitespace(t *testing.T) {
 	rnd := generateRandomResourceName()
 	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")
 
@@ -105,7 +157,7 @@ func TestAccFilterWhitespace(t *testing.T) {
 	})
 }
 
-func TestAccFilterHTMLEntity(t *testing.T) {
+func TestAccCloudflareFilter_HTMLEntity(t *testing.T) {
 	rnd := generateRandomResourceName()
 	name := "cloudflare_filter." + rnd
 	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")