WAFv2: Added support for label_match_statement and rule_label

[andyalm]

This adds support to rules in both rule_group and web_acl resources for two label related attributes:

• label_match_statement - allows rule statements that match on labels from other rules.
• rule_label - The rule_label block allows you to assign labels to the current web request when your rule matches.

Note that this addresses #19486, however, I went with a slightly different naming choice for the rule_label block than was suggested in the issue. rule_label is what its called for this part of the AWS api (its actually RuleLabels, but since this is a repeated block, I've given it a singular name). I'm open to changing the name, but it was my understanding that terraform resources generally follow the AWS api naming structures very closely.

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Relates OR Closes #19486

Output from acceptance testing:

make testacc TESTARGS='-run=TestAccAwsWafv2WebACL_.+' && make testacc TESTARGS='-run=TestAccAwsWafv2RuleGroup_.+' 
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsWafv2WebACL_.+ -timeout 180m
=== RUN   TestAccAwsWafv2WebACL_basic
=== PAUSE TestAccAwsWafv2WebACL_basic
=== RUN   TestAccAwsWafv2WebACL_updateRule
=== PAUSE TestAccAwsWafv2WebACL_updateRule
=== RUN   TestAccAwsWafv2WebACL_UpdateRuleProperties
=== PAUSE TestAccAwsWafv2WebACL_UpdateRuleProperties
=== RUN   TestAccAwsWafv2WebACL_ChangeNameForceNew
=== PAUSE TestAccAwsWafv2WebACL_ChangeNameForceNew
=== RUN   TestAccAwsWafv2WebACL_Disappears
=== PAUSE TestAccAwsWafv2WebACL_Disappears
=== RUN   TestAccAwsWafv2WebACL_ManagedRuleGroupStatement
=== PAUSE TestAccAwsWafv2WebACL_ManagedRuleGroupStatement
=== RUN   TestAccAwsWafv2WebACL_Minimal
=== PAUSE TestAccAwsWafv2WebACL_Minimal
=== RUN   TestAccAwsWafv2WebACL_RateBasedStatement
=== PAUSE TestAccAwsWafv2WebACL_RateBasedStatement
=== RUN   TestAccAwsWafv2WebACL_GeoMatchStatement
=== PAUSE TestAccAwsWafv2WebACL_GeoMatchStatement
=== RUN   TestAccAwsWafv2WebACL_GeoMatchStatement_ForwardedIPConfig
=== PAUSE TestAccAwsWafv2WebACL_GeoMatchStatement_ForwardedIPConfig
=== RUN   TestAccAwsWafv2WebACL_LabelMatchStatement
=== PAUSE TestAccAwsWafv2WebACL_LabelMatchStatement
=== RUN   TestAccAwsWafv2WebACL_RuleLabels
=== PAUSE TestAccAwsWafv2WebACL_RuleLabels
=== RUN   TestAccAwsWafv2WebACL_IPSetReferenceStatement
=== PAUSE TestAccAwsWafv2WebACL_IPSetReferenceStatement
=== RUN   TestAccAwsWafv2WebACL_IPSetReferenceStatement_IPSetForwardedIPConfig
=== PAUSE TestAccAwsWafv2WebACL_IPSetReferenceStatement_IPSetForwardedIPConfig
=== RUN   TestAccAwsWafv2WebACL_RateBasedStatement_ForwardedIPConfig
=== PAUSE TestAccAwsWafv2WebACL_RateBasedStatement_ForwardedIPConfig
=== RUN   TestAccAwsWafv2WebACL_RuleGroupReferenceStatement
=== PAUSE TestAccAwsWafv2WebACL_RuleGroupReferenceStatement
=== RUN   TestAccAwsWafv2WebACL_CustomRequestHandling
=== PAUSE TestAccAwsWafv2WebACL_CustomRequestHandling
=== RUN   TestAccAwsWafv2WebACL_CustomResponse
=== PAUSE TestAccAwsWafv2WebACL_CustomResponse
=== RUN   TestAccAwsWafv2WebACL_Tags
=== PAUSE TestAccAwsWafv2WebACL_Tags
=== RUN   TestAccAwsWafv2WebACL_MaxNestedRateBasedStatements
=== PAUSE TestAccAwsWafv2WebACL_MaxNestedRateBasedStatements
=== RUN   TestAccAwsWafv2WebACL_MaxNestedOperatorStatements
=== PAUSE TestAccAwsWafv2WebACL_MaxNestedOperatorStatements
=== CONT  TestAccAwsWafv2WebACL_basic
=== CONT  TestAccAwsWafv2WebACL_RuleLabels
=== CONT  TestAccAwsWafv2WebACL_CustomRequestHandling
=== CONT  TestAccAwsWafv2WebACL_CustomResponse
=== CONT  TestAccAwsWafv2WebACL_MaxNestedOperatorStatements
=== CONT  TestAccAwsWafv2WebACL_MaxNestedRateBasedStatements
=== CONT  TestAccAwsWafv2WebACL_RuleGroupReferenceStatement
=== CONT  TestAccAwsWafv2WebACL_RateBasedStatement_ForwardedIPConfig
=== CONT  TestAccAwsWafv2WebACL_IPSetReferenceStatement_IPSetForwardedIPConfig
=== CONT  TestAccAwsWafv2WebACL_IPSetReferenceStatement
=== CONT  TestAccAwsWafv2WebACL_Minimal
=== CONT  TestAccAwsWafv2WebACL_LabelMatchStatement
=== CONT  TestAccAwsWafv2WebACL_GeoMatchStatement_ForwardedIPConfig
=== CONT  TestAccAwsWafv2WebACL_GeoMatchStatement
=== CONT  TestAccAwsWafv2WebACL_RateBasedStatement
=== CONT  TestAccAwsWafv2WebACL_ChangeNameForceNew
=== CONT  TestAccAwsWafv2WebACL_ManagedRuleGroupStatement
=== CONT  TestAccAwsWafv2WebACL_Disappears
=== CONT  TestAccAwsWafv2WebACL_UpdateRuleProperties
=== CONT  TestAccAwsWafv2WebACL_updateRule
--- PASS: TestAccAwsWafv2WebACL_Disappears (44.86s)
=== CONT  TestAccAwsWafv2WebACL_Tags
--- PASS: TestAccAwsWafv2WebACL_CustomRequestHandling (93.64s)
--- PASS: TestAccAwsWafv2WebACL_Minimal (97.99s)
--- PASS: TestAccAwsWafv2WebACL_CustomResponse (101.39s)
--- PASS: TestAccAwsWafv2WebACL_ChangeNameForceNew (104.45s)
--- PASS: TestAccAwsWafv2WebACL_MaxNestedOperatorStatements (108.26s)
--- PASS: TestAccAwsWafv2WebACL_RateBasedStatement_ForwardedIPConfig (108.64s)
--- PASS: TestAccAwsWafv2WebACL_RuleLabels (110.22s)
--- PASS: TestAccAwsWafv2WebACL_GeoMatchStatement (113.22s)
--- PASS: TestAccAwsWafv2WebACL_LabelMatchStatement (121.10s)
--- PASS: TestAccAwsWafv2WebACL_GeoMatchStatement_ForwardedIPConfig (133.75s)
--- PASS: TestAccAwsWafv2WebACL_MaxNestedRateBasedStatements (137.17s)
--- PASS: TestAccAwsWafv2WebACL_ManagedRuleGroupStatement (142.42s)
--- PASS: TestAccAwsWafv2WebACL_Tags (102.14s)
--- PASS: TestAccAwsWafv2WebACL_RuleGroupReferenceStatement (148.45s)
--- PASS: TestAccAwsWafv2WebACL_UpdateRuleProperties (151.24s)
--- PASS: TestAccAwsWafv2WebACL_IPSetReferenceStatement (164.71s)
--- PASS: TestAccAwsWafv2WebACL_basic (172.31s)
--- PASS: TestAccAwsWafv2WebACL_IPSetReferenceStatement_IPSetForwardedIPConfig (181.05s)
--- PASS: TestAccAwsWafv2WebACL_RateBasedStatement (189.05s)
--- PASS: TestAccAwsWafv2WebACL_updateRule (272.67s)
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       274.056s
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsWafv2RuleGroup_.+ -timeout 180m
=== RUN   TestAccAwsWafv2RuleGroup_basic
=== PAUSE TestAccAwsWafv2RuleGroup_basic
=== RUN   TestAccAwsWafv2RuleGroup_updateRule
=== PAUSE TestAccAwsWafv2RuleGroup_updateRule
=== RUN   TestAccAwsWafv2RuleGroup_updateRuleProperties
=== PAUSE TestAccAwsWafv2RuleGroup_updateRuleProperties
=== RUN   TestAccAwsWafv2RuleGroup_ByteMatchStatement
=== PAUSE TestAccAwsWafv2RuleGroup_ByteMatchStatement
=== RUN   TestAccAwsWafv2RuleGroup_ByteMatchStatement_FieldToMatch
=== PAUSE TestAccAwsWafv2RuleGroup_ByteMatchStatement_FieldToMatch
=== RUN   TestAccAwsWafv2RuleGroup_ChangeNameForceNew
=== PAUSE TestAccAwsWafv2RuleGroup_ChangeNameForceNew
=== RUN   TestAccAwsWafv2RuleGroup_ChangeCapacityForceNew
=== PAUSE TestAccAwsWafv2RuleGroup_ChangeCapacityForceNew
=== RUN   TestAccAwsWafv2RuleGroup_ChangeMetricNameForceNew
=== PAUSE TestAccAwsWafv2RuleGroup_ChangeMetricNameForceNew
=== RUN   TestAccAwsWafv2RuleGroup_Disappears
=== PAUSE TestAccAwsWafv2RuleGroup_Disappears
=== RUN   TestAccAwsWafv2RuleGroup_RuleLabels
=== PAUSE TestAccAwsWafv2RuleGroup_RuleLabels
=== RUN   TestAccAwsWafv2RuleGroup_GeoMatchStatement
=== PAUSE TestAccAwsWafv2RuleGroup_GeoMatchStatement
=== RUN   TestAccAwsWafv2RuleGroup_GeoMatchStatement_ForwardedIPConfig
=== PAUSE TestAccAwsWafv2RuleGroup_GeoMatchStatement_ForwardedIPConfig
=== RUN   TestAccAwsWafv2RuleGroup_LabelMatchStatement
=== PAUSE TestAccAwsWafv2RuleGroup_LabelMatchStatement
=== RUN   TestAccAwsWafv2RuleGroup_IpSetReferenceStatement
=== PAUSE TestAccAwsWafv2RuleGroup_IpSetReferenceStatement
=== RUN   TestAccAwsWafv2RuleGroup_IpSetReferenceStatement_IPSetForwardedIPConfig
=== PAUSE TestAccAwsWafv2RuleGroup_IpSetReferenceStatement_IPSetForwardedIPConfig
=== RUN   TestAccAwsWafv2RuleGroup_LogicalRuleStatements
=== PAUSE TestAccAwsWafv2RuleGroup_LogicalRuleStatements
=== RUN   TestAccAwsWafv2RuleGroup_Minimal
=== PAUSE TestAccAwsWafv2RuleGroup_Minimal
=== RUN   TestAccAwsWafv2RuleGroup_RegexPatternSetReferenceStatement
=== PAUSE TestAccAwsWafv2RuleGroup_RegexPatternSetReferenceStatement
=== RUN   TestAccAwsWafv2RuleGroup_RuleAction
=== PAUSE TestAccAwsWafv2RuleGroup_RuleAction
=== RUN   TestAccAwsWafv2RuleGroup_RuleAction_CustomRequestHandling
=== PAUSE TestAccAwsWafv2RuleGroup_RuleAction_CustomRequestHandling
=== RUN   TestAccAwsWafv2RuleGroup_RuleAction_CustomResponse
=== PAUSE TestAccAwsWafv2RuleGroup_RuleAction_CustomResponse
=== RUN   TestAccAwsWafv2RuleGroup_SizeConstraintStatement
=== PAUSE TestAccAwsWafv2RuleGroup_SizeConstraintStatement
=== RUN   TestAccAwsWafv2RuleGroup_SqliMatchStatement
=== PAUSE TestAccAwsWafv2RuleGroup_SqliMatchStatement
=== RUN   TestAccAwsWafv2RuleGroup_Tags
=== PAUSE TestAccAwsWafv2RuleGroup_Tags
=== RUN   TestAccAwsWafv2RuleGroup_XssMatchStatement
=== PAUSE TestAccAwsWafv2RuleGroup_XssMatchStatement
=== CONT  TestAccAwsWafv2RuleGroup_basic
=== CONT  TestAccAwsWafv2RuleGroup_IpSetReferenceStatement
=== CONT  TestAccAwsWafv2RuleGroup_RuleAction_CustomRequestHandling
=== CONT  TestAccAwsWafv2RuleGroup_RuleAction
=== CONT  TestAccAwsWafv2RuleGroup_RegexPatternSetReferenceStatement
=== CONT  TestAccAwsWafv2RuleGroup_Minimal
=== CONT  TestAccAwsWafv2RuleGroup_LogicalRuleStatements
=== CONT  TestAccAwsWafv2RuleGroup_RuleAction_CustomResponse
=== CONT  TestAccAwsWafv2RuleGroup_Tags
=== CONT  TestAccAwsWafv2RuleGroup_XssMatchStatement
=== CONT  TestAccAwsWafv2RuleGroup_ByteMatchStatement_FieldToMatch
=== CONT  TestAccAwsWafv2RuleGroup_ChangeCapacityForceNew
=== CONT  TestAccAwsWafv2RuleGroup_IpSetReferenceStatement_IPSetForwardedIPConfig
=== CONT  TestAccAwsWafv2RuleGroup_ChangeMetricNameForceNew
=== CONT  TestAccAwsWafv2RuleGroup_LabelMatchStatement
=== CONT  TestAccAwsWafv2RuleGroup_GeoMatchStatement_ForwardedIPConfig
=== CONT  TestAccAwsWafv2RuleGroup_GeoMatchStatement
=== CONT  TestAccAwsWafv2RuleGroup_RuleLabels
=== CONT  TestAccAwsWafv2RuleGroup_Disappears
=== CONT  TestAccAwsWafv2RuleGroup_SizeConstraintStatement
--- PASS: TestAccAwsWafv2RuleGroup_Disappears (55.20s)
=== CONT  TestAccAwsWafv2RuleGroup_ChangeNameForceNew
--- PASS: TestAccAwsWafv2RuleGroup_RegexPatternSetReferenceStatement (63.57s)
=== CONT  TestAccAwsWafv2RuleGroup_updateRuleProperties
--- PASS: TestAccAwsWafv2RuleGroup_RuleAction_CustomResponse (70.52s)
=== CONT  TestAccAwsWafv2RuleGroup_ByteMatchStatement
--- PASS: TestAccAwsWafv2RuleGroup_Minimal (75.75s)
=== CONT  TestAccAwsWafv2RuleGroup_updateRule
--- PASS: TestAccAwsWafv2RuleGroup_basic (77.91s)
=== CONT  TestAccAwsWafv2RuleGroup_SqliMatchStatement
--- PASS: TestAccAwsWafv2RuleGroup_IpSetReferenceStatement (94.90s)
--- PASS: TestAccAwsWafv2RuleGroup_GeoMatchStatement (103.20s)
--- PASS: TestAccAwsWafv2RuleGroup_LabelMatchStatement (119.17s)
--- PASS: TestAccAwsWafv2RuleGroup_ChangeCapacityForceNew (125.20s)
--- PASS: TestAccAwsWafv2RuleGroup_LogicalRuleStatements (143.00s)
--- PASS: TestAccAwsWafv2RuleGroup_ChangeNameForceNew (91.02s)
--- PASS: TestAccAwsWafv2RuleGroup_RuleLabels (147.18s)
--- PASS: TestAccAwsWafv2RuleGroup_ByteMatchStatement (77.76s)
--- PASS: TestAccAwsWafv2RuleGroup_Tags (159.17s)
--- PASS: TestAccAwsWafv2RuleGroup_ChangeMetricNameForceNew (164.57s)
=== RUN   TestAccAwsWafv2RuleGroup_updateRule
=== PAUSE TestAccAwsWafv2RuleGroup_updateRule
=== RUN   TestAccAwsWafv2RuleGroup_updateRuleProperties
=== PAUSE TestAccAwsWafv2RuleGroup_updateRuleProperties
=== CONT  TestAccAwsWafv2RuleGroup_updateRule
=== CONT  TestAccAwsWafv2RuleGroup_updateRuleProperties
--- PASS: TestAccAwsWafv2RuleGroup_updateRuleProperties (63.48s)
--- PASS: TestAccAwsWafv2RuleGroup_SqliMatchStatement (97.71s)
--- PASS: TestAccAwsWafv2RuleGroup_updateRuleProperties (114.68s)
--- PASS: TestAccAwsWafv2RuleGroup_updateRule (46.11s)
--- PASS: TestAccAwsWafv2RuleGroup_SizeConstraintStatement (181.03s)
--- PASS: TestAccAwsWafv2RuleGroup_RuleAction_CustomRequestHandling (185.99s)
--- PASS: TestAccAwsWafv2RuleGroup_XssMatchStatement (187.91s)
--- PASS: TestAccAwsWafv2RuleGroup_IpSetReferenceStatement_IPSetForwardedIPConfig (203.87s)
--- PASS: TestAccAwsWafv2RuleGroup_RuleAction (215.84s)
--- PASS: TestAccAwsWafv2RuleGroup_ByteMatchStatement_FieldToMatch (223.75s)
--- PASS: TestAccAwsWafv2RuleGroup_GeoMatchStatement_ForwardedIPConfig (291.58s)
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       292.916s

[mcab]

I went with a slightly different naming choice for the rule_label block than was suggested in the issue. [...] I'm open to changing the name, but it was my understanding that terraform resources generally follow the AWS api naming structures very closely.

As the original writer of the issue, the choice of rule_label is definitely more indicative of the intent and a lot more clear.

As a follow up, AWS's API reference for Rule notes that RuleLabels can take an array of Label objects:

Type: Array of Label objects

Would it help simplify the code and syntax if it mirrored such?

    rule_label = [
        "Hashicorp:Test:Label1",
        "Hashicorp:Test:Label2"
    ]

[andyalm]

@mcab I certainly agree that the way the API is right now, where labels only have a name, that an array of strings would be simpler and easier to use. The disadvantage of going that way would be if amazon added another attribute to the RuleLabel object, then we would be a little stuck. I'm not sure how likely that is. I am interested to know what hashicorp's standard approach is for situations like this. Its been my observation that most of the provider structures have been sticking very close to the amazon api's, which is what led me to implement it as a repeating block. I'll be interested to hear a maintainer/reviewer chime in on this.

[andyalm]

@anGie44 sorry to bother you, but you were so helpful with my last PR. I've had a couple additional PR's open for several weeks now and no one seems to be looking at them. What do I need to do to get a maintainer to review them? Have I missed an important step?

[zhelding]

Pull request #21306 has significantly refactored the AWS Provider codebase. As a result, most PRs opened prior to the refactor now have merge conflicts that must be resolved before proceeding.

Specifically, PR #21306 relocated the code for all AWS resources and data sources from a single aws directory to a large number of separate directories in internal/service, each corresponding to a particular AWS service. This separation of code has also allowed for us to simplify the names of underlying functions -- while still avoiding namespace collisions.

We recognize that many pull requests have been open for some time without yet being addressed by our maintainers. Therefore, we want to make it clear that resolving these conflicts in no way affects the prioritization of a particular pull request. Once a pull request has been prioritized for review, the necessary changes will be made by a maintainer -- either directly or in collaboration with the pull request author.

For a more complete description of this refactor, including examples of how old filepaths and function names correspond to their new counterparts: please refer to issue #20000.

For a quick guide on how to amend your pull request to resolve the merge conflicts resulting from this refactor and bring it in line with our new code patterns: please refer to our Service Package Refactor Pull Request Guide.

[breathingdust]

Hi all 👋 Just letting you know that this is issue is featured on this quarters roadmap. If a PR exists to close the issue a maintainer will review and either make changes directly, or work with the original author to get the contribution merged. If you have written a PR to resolve the issue please ensure the "Allow edits from maintainers" box is checked. Thanks for your patience and we are looking forward to getting this merged soon!

[anGie44]

Hi @andyalm , thanks so much for another great contribution! LGTM, just 2 minor nits I can add in and get this merged for our upcoming release 👍

Output of acceptance tests:

--- PASS: TestAccWAFV2RuleGroup_disappears (252.46s)
--- PASS: TestAccWAFV2RuleGroup_minimal (325.55s)
--- PASS: TestAccWAFV2RuleGroup_RuleAction_customResponse (522.35s)
--- PASS: TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement (594.82s)
--- PASS: TestAccWAFV2RuleGroup_ipSetReferenceStatement (595.61s)
--- PASS: TestAccWAFV2RuleGroupDataSource_basic (688.71s)
--- PASS: TestAccWAFV2RuleGroup_geoMatchStatement (718.44s)
--- PASS: TestAccWAFV2RuleGroup_RuleAction_customRequestHandling (789.87s)
--- PASS: TestAccWAFV2RuleGroup_changeMetricNameForceNew (802.58s)
--- PASS: TestAccWAFV2RuleGroup_changeCapacityForceNew (937.89s)
--- PASS: TestAccWAFV2RuleGroup_basic (424.12s)
--- PASS: TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP (1063.35s)
--- PASS: TestAccWAFV2RuleGroup_sizeConstraintStatement (1063.35s)
--- PASS: TestAccWAFV2RuleGroup_RuleLabels (940.40s)
--- PASS: TestAccWAFV2RuleGroup_tags (1273.63s)
--- PASS: TestAccWAFV2RuleGroup_byteMatchStatement (849.34s)
--- PASS: TestAccWAFV2RuleGroup_xssMatchStatement (1464.38s)
--- PASS: TestAccWAFV2RuleGroup_updateRule (954.23s)
--- PASS: TestAccWAFV2RuleGroup_sqliMatchStatement (1538.95s)
--- PASS: TestAccWAFV2RuleGroup_ruleAction (1582.47s)
--- PASS: TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP (1694.05s)
--- PASS: TestAccWAFV2RuleGroup_LabelMatchStatement (1730.09s)
--- PASS: TestAccWAFV2RuleGroup_updateRuleProperties (1064.15s)
--- PASS: TestAccWAFV2RuleGroup_logicalRuleStatements (1771.03s)
--- PASS: TestAccWAFV2RuleGroup_changeNameForceNew (1816.35s)
--- PASS: TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch (1499.74s)

--- PASS: TestAccWAFV2WebACL_RateBased_maxNested (938.59s)
--- PASS: TestAccWAFV2WebACL_basic (1012.95s)
--- PASS: TestAccWAFV2WebACL_minimal (1054.21s)
--- PASS: TestAccWAFV2WebACL_RateBased_forwardedIP (1067.08s)
--- PASS: TestAccWAFV2WebACL_GeoMatch_basic (1211.42s)
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_basic (1306.20s)
--- PASS: TestAccWAFV2WebACL_disappears (414.84s)
--- PASS: TestAccWAFV2WebACL_Update_nameForceNew (1376.59s)
--- PASS: TestAccWAFV2WebACL_Custom_requestHandling (1435.81s)
--- PASS: TestAccWAFV2WebACL_RuleLabels (1435.93s)
--- PASS: TestAccWAFV2WebACL_RuleGroupReference_basic (1469.11s)
--- PASS: TestAccWAFV2WebACL_GeoMatch_forwardedIP (1469.32s)
--- PASS: TestAccWAFV2WebACL_LabelMatchStatement (1580.54s)
--- PASS: TestAccWAFV2WebACL_Operators_maxNested (1580.89s)
--- PASS: TestAccWAFV2WebACL_IPSetReference_basic (1593.40s)
--- PASS: TestAccWAFV2WebACL_Update_rule (1594.14s)
--- PASS: TestAccWAFV2WebACL_Custom_response (1595.87s)
--- PASS: TestAccWAFV2WebACL_RateBased_basic (1638.41s)
--- PASS: TestAccWAFV2WebACL_tags (1639.01s)
--- PASS: TestAccWAFV2WebACL_Update_ruleProperties (1667.76s)
--- PASS: TestAccWAFV2WebACL_IPSetReference_forwardedIP (1706.09s)

[github-actions]

This functionality has been released in v3.67.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.