Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Resource: aws_wafregional_sql_injection_match_set #1013

Conversation

DennyLoko
Copy link
Contributor

@DennyLoko DennyLoko commented Jun 29, 2017

This PR implements the aws_wafregional_sql_injection_match_set resource.

resource "aws_wafregional_sql_injection_match_set" "sql_injection_match_set" {
  name = "tf-sql_injection_match_set"
  sql_injection_match_tuples {
    text_transformation = "URL_DECODE"
    field_to_match {
      type = "QUERY_STRING"
    }
  }
}

@DennyLoko DennyLoko changed the title Add support for resource_aws_wafregional_sql_injection_match_set Add support for aws_wafregional_sql_injection_match_set Jun 29, 2017
@radeksimko radeksimko added the new-resource Introduces a new resource. label Jul 3, 2017
@DennyLoko DennyLoko force-pushed the resource_aws_wafregional_sql_injection_match_set branch from b6260c8 to 2991e59 Compare July 4, 2017 17:16
Copy link
Member

@radeksimko radeksimko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR, I left you some comments there. Let me know if you have any questions.

Required: true,
ForceNew: true,
},
"sql_injection_match_tuples": &schema.Schema{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As we discussed in the other resource do you mind renaming this field to singular? i.e. sql_injection_match_tuple?

return err
}

d.Set("name", resp.SqlInjectionMatchSet.Name)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we're missing some fields here, specifically sql_injection_match_tuples and all nested fields under it. The expectation from the Terraform user is that for any resource Terraform will detect drifts from the configuration. In order to do that we need to set all the available data from the API via d.Set() here in Read func.

},
})
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because there has been a bug in the past affecting all WAF resources I'd like to see 2 more tests here, specifically with no tuples and another one changing tuples, see https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/resource_aws_waf_sql_injection_match_set_test.go#L103-L173 for inspiration and eacece2 for context (bugfix).


func resourceAwsWafRegionalSqlInjectionMatchSetUpdate(d *schema.ResourceData, meta interface{}) error {
log.Printf("[INFO] Updating SqlInjectionMatchSet: %s", d.Get("name").(string))
err := updateSqlInjectionMatchSetResourceWR(d, meta, waf.ChangeActionInsert)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this isn't right, because during update we may be both inserting and deleting tuples, not just inserting. See eacece2 for more context.

The following arguments are supported:

* `name` - (Required) The name or description of the SizeConstraintSet.
* `sql_injection_match_tuples` - The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mind documenting the nested fields here, too?


func testAccCheckAWSWafRegionalSqlInjectionMatchSetDestroy(s *terraform.State) error {
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_wafregional_byte_match_set" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is typo 👀

@radeksimko radeksimko added the waiting-response Maintainers are waiting on response from community or contributor. label Jul 18, 2017
@DennyLoko
Copy link
Contributor Author

Hello, please for review my PR. I'll make the changes during this week.

@grubernaut grubernaut added enhancement Requests to existing resources that expand the functionality or scope. and removed waiting-response Maintainers are waiting on response from community or contributor. labels Jul 25, 2017
@radeksimko radeksimko added the waiting-response Maintainers are waiting on response from community or contributor. label Jul 25, 2017
@radeksimko
Copy link
Member

Hi @DennyLoko
let me know if there's anything I can help you with.

Eventually if you don't have time to invest into these WAF PRs do let me know too. I'm happy to finish it (while keeping your authorship in existing commits).

@radeksimko
Copy link
Member

FYI - As this PR has been stale for a couple of months I will take it over in coming week(s) unless you tell me not to.

@radeksimko radeksimko added the size/L Managed by automation to categorize the size of a PR. label Nov 15, 2017
@radeksimko radeksimko added the service/waf Issues and PRs that pertain to the waf service. label Jan 12, 2018
@radeksimko radeksimko changed the title Add support for aws_wafregional_sql_injection_match_set New Resource: aws_wafregional_sql_injection_match_set Jan 16, 2018
@radeksimko radeksimko added this to the v1.12.0 milestone Jan 16, 2018
@BSick7
Copy link
Contributor

BSick7 commented Jan 30, 2018

@radeksimko I am trying to finalize this PR @ #3199

@radeksimko radeksimko force-pushed the resource_aws_wafregional_sql_injection_match_set branch from 2991e59 to a747666 Compare March 14, 2018 09:32
@ghost ghost added size/XL Managed by automation to categorize the size of a PR. and removed size/L Managed by automation to categorize the size of a PR. labels Mar 14, 2018
@radeksimko radeksimko removed the waiting-response Maintainers are waiting on response from community or contributor. label Mar 14, 2018
@radeksimko radeksimko dismissed their stale review March 14, 2018 09:35

Implemented feedback

@radeksimko
Copy link
Member

I believe I addressed all things I saw myself as blockers, I think it's worth one more review from someone with a fresh eye though.

==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAWSWafRegionalSqlInjectionMatchSet_ -timeout 120m
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_basic
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_basic (46.09s)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_changeNameForceNew
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_changeNameForceNew (78.77s)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_disappears
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_disappears (38.74s)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_changeTuples
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_changeTuples (75.93s)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_noTuples
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_noTuples (38.09s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	277.655s

@radeksimko radeksimko requested a review from bflad March 14, 2018 09:37
Copy link
Contributor

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall in pretty awesome shape as usual! Few nitpicks then its good to ship! :shipit:

5 tests passed (all tests)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_disappears
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_disappears (10.55s)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_noTuples
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_noTuples (19.74s)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_changeTuples
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_changeTuples (22.75s)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_changeNameForceNew
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_changeNameForceNew (23.86s)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_basic
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_basic (25.59s)

Delete: resourceAwsWafRegionalSqlInjectionMatchSetDelete,

Schema: map[string]*schema.Schema{
"name": &schema.Schema{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nitpick: Extraneous &schema.Schema

Schema: map[string]*schema.Schema{
"name": &schema.Schema{
Type: schema.TypeString,
Required: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Something up for discussion: should we automatically be adding ValidateFunc: validation.NoZeroValues, for Required: true and Type: schema.TypeString where it makes sense?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, I'm not sure - it sounds like something that should be solved at higher (schema) level. I mean if from provider-dev perspective I say "it's required" I'd just assume that's enough to say there are no empty strings allowed.

Maybe there are edge cases when we do not want that though? 🤷‍♂️

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree that it likely should be fixed upstream 😄 The only weird edge cases I can think of are module usage somehow, but even that sounds pretty far fetched.

Provides a AWS WAF Regional SqlInjectionMatchSet resource for use with ALB.
---

# aws\_wafregional\_sql\_injection\_match\_set
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nitpick: Extraneous backslashes

See [docs](https://docs.aws.amazon.com/waf/latest/APIReference/API_regional_FieldToMatch.html)
for all supported values.

## Remarks
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick: Extraneous header


## Example Usage

```
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick: Should define syntax as hcl

}`, name)
}

func testAccAWSWafRegionalSqlInjectionMatchSetConfigChangeName(name string) string {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick: this function looks like it duplicates the above one

return conn.UpdateSqlInjectionMatchSet(req)
})
if err != nil {
return errwrap.Wrapf("[ERROR] Error updating SqlInjectionMatchSet: {{err}}", err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nitpick: errwrap.Wrapf() usage instead of fmt.Errorf() (same with below)

@radeksimko radeksimko force-pushed the resource_aws_wafregional_sql_injection_match_set branch from a747666 to f5ee8a9 Compare March 15, 2018 08:39
@ghost ghost added the size/XL Managed by automation to categorize the size of a PR. label Mar 15, 2018
@radeksimko radeksimko merged commit f617d80 into hashicorp:master Mar 15, 2018
@bflad
Copy link
Contributor

bflad commented Mar 23, 2018

This has been released in version 1.12.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

@ghost
Copy link

ghost commented Apr 4, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 4, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement Requests to existing resources that expand the functionality or scope. new-resource Introduces a new resource. service/waf Issues and PRs that pertain to the waf service. size/XL Managed by automation to categorize the size of a PR.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants