From 7dcd11df06f888ab08443ff1d63b959150b3e0a5 Mon Sep 17 00:00:00 2001 From: Yusuke Goto Date: Sat, 15 Apr 2017 17:51:31 +0000 Subject: [PATCH] provider/aws: Use mutex & retry for WAF Regional change operations --- ...resource_aws_wafregional_byte_match_set.go | 88 +++++++---------- ...rce_aws_wafregional_byte_match_set_test.go | 60 +++++------ .../aws/resource_aws_wafregional_ipset.go | 87 +++++++--------- .../resource_aws_wafregional_ipset_test.go | 57 +++++------ .../aws/resource_aws_wafregional_rule.go | 90 ++++++++--------- .../aws/resource_aws_wafregional_rule_test.go | 59 +++++------ ...rce_aws_wafregional_size_constraint_set.go | 88 +++++++---------- ...ws_wafregional_size_constraint_set_test.go | 58 +++++------ ...aws_wafregional_sql_injection_match_set.go | 84 +++++++--------- ...afregional_sql_injection_match_set_test.go | 56 +++++------ .../aws/resource_aws_wafregional_web_acl.go | 99 +++++++++---------- .../resource_aws_wafregional_web_acl_test.go | 61 +++++------- .../resource_aws_wafregional_xss_match_set.go | 83 +++++++--------- ...urce_aws_wafregional_xss_match_set_test.go | 56 +++++------ .../aws/wafregionl_token_handlers.go | 51 ++++++++++ 15 files changed, 500 insertions(+), 577 deletions(-) create mode 100644 builtin/providers/aws/wafregionl_token_handlers.go diff --git a/builtin/providers/aws/resource_aws_wafregional_byte_match_set.go b/builtin/providers/aws/resource_aws_wafregional_byte_match_set.go index ad644eee1267..8dbe93f3730e 100644 --- a/builtin/providers/aws/resource_aws_wafregional_byte_match_set.go +++ b/builtin/providers/aws/resource_aws_wafregional_byte_match_set.go @@ -69,24 +69,19 @@ func resourceAwsWafRegionalByteMatchSetCreate(d *schema.ResourceData, meta inter log.Printf("[INFO] Creating ByteMatchSet: %s", d.Get("name").(string)) - // ChangeToken - var ct *waf.GetChangeTokenInput - - res, err := conn.GetChangeToken(ct) - if err != nil { - return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) - } - - params := &waf.CreateByteMatchSetInput{ - ChangeToken: res.ChangeToken, - Name: aws.String(d.Get("name").(string)), - } - - resp, err := conn.CreateByteMatchSet(params) + wr := newWafRegionalRetryer(conn) + out, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + params := &waf.CreateByteMatchSetInput{ + ChangeToken: token, + Name: aws.String(d.Get("name").(string)), + } + return conn.CreateByteMatchSet(params) + }) if err != nil { return errwrap.Wrapf("[ERROR] Error creating ByteMatchSet: {{err}}", err) } + resp := out.(*waf.CreateByteMatchSetOutput) d.SetId(*resp.ByteMatchSet.ByteMatchSetId) @@ -138,17 +133,14 @@ func resourceAwsWafRegionalByteMatchSetDelete(d *schema.ResourceData, meta inter return errwrap.Wrapf("[ERROR] Error deleting ByteMatchSet: {{err}}", err) } - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - - req := &waf.DeleteByteMatchSetInput{ - ChangeToken: resp.ChangeToken, - ByteMatchSetId: aws.String(d.Id()), - } - - _, err = conn.DeleteByteMatchSet(req) - + wr := newWafRegionalRetryer(conn) + _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.DeleteByteMatchSetInput{ + ChangeToken: token, + ByteMatchSetId: aws.String(d.Id()), + } + return conn.DeleteByteMatchSet(req) + }) if err != nil { return errwrap.Wrapf("[ERROR] Error deleting ByteMatchSet: {{err}}", err) } @@ -159,34 +151,30 @@ func resourceAwsWafRegionalByteMatchSetDelete(d *schema.ResourceData, meta inter func updateByteMatchSetResourceWR(d *schema.ResourceData, meta interface{}, ChangeAction string) error { conn := meta.(*AWSClient).wafregionalconn - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - if err != nil { - return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) - } - - req := &waf.UpdateByteMatchSetInput{ - ChangeToken: resp.ChangeToken, - ByteMatchSetId: aws.String(d.Id()), - } + wr := newWafRegionalRetryer(conn) + _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.UpdateByteMatchSetInput{ + ChangeToken: token, + ByteMatchSetId: aws.String(d.Id()), + } - ByteMatchTuples := d.Get("byte_match_tuples").(*schema.Set) - for _, ByteMatchTuple := range ByteMatchTuples.List() { - ByteMatch := ByteMatchTuple.(map[string]interface{}) - ByteMatchUpdate := &waf.ByteMatchSetUpdate{ - Action: aws.String(ChangeAction), - ByteMatchTuple: &waf.ByteMatchTuple{ - FieldToMatch: expandFieldToMatchWR(ByteMatch["field_to_match"].(*schema.Set).List()[0].(map[string]interface{})), - PositionalConstraint: aws.String(ByteMatch["positional_constraint"].(string)), - TargetString: []byte(ByteMatch["target_string"].(string)), - TextTransformation: aws.String(ByteMatch["text_transformation"].(string)), - }, + ByteMatchTuples := d.Get("byte_match_tuples").(*schema.Set) + for _, ByteMatchTuple := range ByteMatchTuples.List() { + ByteMatch := ByteMatchTuple.(map[string]interface{}) + ByteMatchUpdate := &waf.ByteMatchSetUpdate{ + Action: aws.String(ChangeAction), + ByteMatchTuple: &waf.ByteMatchTuple{ + FieldToMatch: expandFieldToMatch(ByteMatch["field_to_match"].(*schema.Set).List()[0].(map[string]interface{})), + PositionalConstraint: aws.String(ByteMatch["positional_constraint"].(string)), + TargetString: []byte(ByteMatch["target_string"].(string)), + TextTransformation: aws.String(ByteMatch["text_transformation"].(string)), + }, + } + req.Updates = append(req.Updates, ByteMatchUpdate) } - req.Updates = append(req.Updates, ByteMatchUpdate) - } - _, err = conn.UpdateByteMatchSet(req) + return conn.UpdateByteMatchSet(req) + }) if err != nil { return errwrap.Wrapf("[ERROR] Error updating ByteMatchSet: {{err}}", err) } diff --git a/builtin/providers/aws/resource_aws_wafregional_byte_match_set_test.go b/builtin/providers/aws/resource_aws_wafregional_byte_match_set_test.go index 5ee4c564ea0a..6ec02813d72d 100644 --- a/builtin/providers/aws/resource_aws_wafregional_byte_match_set_test.go +++ b/builtin/providers/aws/resource_aws_wafregional_byte_match_set_test.go @@ -96,49 +96,43 @@ func testAccCheckAWSWafRegionalByteMatchSetDisappears(v *waf.ByteMatchSet) resou return func(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).wafregionalconn - // ChangeToken - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - if err != nil { - return fmt.Errorf("Error getting change token: %s", err) - } - - req := &waf.UpdateByteMatchSetInput{ - ChangeToken: resp.ChangeToken, - ByteMatchSetId: v.ByteMatchSetId, - } + wr := newWafRegionalRetryer(conn) + _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.UpdateByteMatchSetInput{ + ChangeToken: token, + ByteMatchSetId: v.ByteMatchSetId, + } - for _, ByteMatchTuple := range v.ByteMatchTuples { - ByteMatchUpdate := &waf.ByteMatchSetUpdate{ - Action: aws.String("DELETE"), - ByteMatchTuple: &waf.ByteMatchTuple{ - FieldToMatch: ByteMatchTuple.FieldToMatch, - PositionalConstraint: ByteMatchTuple.PositionalConstraint, - TargetString: ByteMatchTuple.TargetString, - TextTransformation: ByteMatchTuple.TextTransformation, - }, + for _, ByteMatchTuple := range v.ByteMatchTuples { + ByteMatchUpdate := &waf.ByteMatchSetUpdate{ + Action: aws.String("DELETE"), + ByteMatchTuple: &waf.ByteMatchTuple{ + FieldToMatch: ByteMatchTuple.FieldToMatch, + PositionalConstraint: ByteMatchTuple.PositionalConstraint, + TargetString: ByteMatchTuple.TargetString, + TextTransformation: ByteMatchTuple.TextTransformation, + }, + } + req.Updates = append(req.Updates, ByteMatchUpdate) } - req.Updates = append(req.Updates, ByteMatchUpdate) - } - _, err = conn.UpdateByteMatchSet(req) + return conn.UpdateByteMatchSet(req) + }) if err != nil { return errwrap.Wrapf("[ERROR] Error updating ByteMatchSet: {{err}}", err) } - resp, err = conn.GetChangeToken(ct) + _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { + opts := &waf.DeleteByteMatchSetInput{ + ChangeToken: token, + ByteMatchSetId: v.ByteMatchSetId, + } + return conn.DeleteByteMatchSet(opts) + }) if err != nil { - return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) + return errwrap.Wrapf("[ERROR] Error deleting ByteMatchSet: {{err}}", err) } - opts := &waf.DeleteByteMatchSetInput{ - ChangeToken: resp.ChangeToken, - ByteMatchSetId: v.ByteMatchSetId, - } - if _, err := conn.DeleteByteMatchSet(opts); err != nil { - return err - } return nil } } diff --git a/builtin/providers/aws/resource_aws_wafregional_ipset.go b/builtin/providers/aws/resource_aws_wafregional_ipset.go index e913710401f2..065075bdce46 100644 --- a/builtin/providers/aws/resource_aws_wafregional_ipset.go +++ b/builtin/providers/aws/resource_aws_wafregional_ipset.go @@ -46,23 +46,18 @@ func resourceAwsWafRegionalIPSet() *schema.Resource { func resourceAwsWafRegionalIPSetCreate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).wafregionalconn - // ChangeToken - var ct *waf.GetChangeTokenInput - - res, err := conn.GetChangeToken(ct) - if err != nil { - return fmt.Errorf("Error getting change token: %s", err) - } - - params := &waf.CreateIPSetInput{ - ChangeToken: res.ChangeToken, - Name: aws.String(d.Get("name").(string)), - } - - resp, err := conn.CreateIPSet(params) + wr := newWafRegionalRetryer(conn) + out, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + params := &waf.CreateIPSetInput{ + ChangeToken: token, + Name: aws.String(d.Get("name").(string)), + } + return conn.CreateIPSet(params) + }) if err != nil { return err } + resp := out.(*waf.CreateIPSetOutput) d.SetId(*resp.IPSet.IPSetId) return resourceAwsWafRegionalIPSetUpdate(d, meta) } @@ -118,18 +113,15 @@ func resourceAwsWafRegionalIPSetDelete(d *schema.ResourceData, meta interface{}) return fmt.Errorf("Error Removing IPSetDescriptors: %s", err) } - // ChangeToken - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - - req := &waf.DeleteIPSetInput{ - ChangeToken: resp.ChangeToken, - IPSetId: aws.String(d.Id()), - } - log.Printf("[INFO] Deleting WAF IPSet") - _, err = conn.DeleteIPSet(req) - + wr := newWafRegionalRetryer(conn) + _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.DeleteIPSetInput{ + ChangeToken: token, + IPSetId: aws.String(d.Id()), + } + log.Printf("[INFO] Deleting WAF IPSet") + return conn.DeleteIPSet(req) + }) if err != nil { return fmt.Errorf("Error Deleting WAF IPSet: %s", err) } @@ -140,33 +132,28 @@ func resourceAwsWafRegionalIPSetDelete(d *schema.ResourceData, meta interface{}) func updateIPSetResourceWR(d *schema.ResourceData, meta interface{}, ChangeAction string) error { conn := meta.(*AWSClient).wafregionalconn - // ChangeToken - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - if err != nil { - return fmt.Errorf("Error getting change token: %s", err) - } - - req := &waf.UpdateIPSetInput{ - ChangeToken: resp.ChangeToken, - IPSetId: aws.String(d.Id()), - } + wr := newWafRegionalRetryer(conn) + _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.UpdateIPSetInput{ + ChangeToken: token, + IPSetId: aws.String(d.Id()), + } - IPSetDescriptors := d.Get("ip_set_descriptors").(*schema.Set) - for _, IPSetDescriptor := range IPSetDescriptors.List() { - IPSet := IPSetDescriptor.(map[string]interface{}) - IPSetUpdate := &waf.IPSetUpdate{ - Action: aws.String(ChangeAction), - IPSetDescriptor: &waf.IPSetDescriptor{ - Type: aws.String(IPSet["type"].(string)), - Value: aws.String(IPSet["value"].(string)), - }, + IPSetDescriptors := d.Get("ip_set_descriptors").(*schema.Set) + for _, IPSetDescriptor := range IPSetDescriptors.List() { + IPSet := IPSetDescriptor.(map[string]interface{}) + IPSetUpdate := &waf.IPSetUpdate{ + Action: aws.String(ChangeAction), + IPSetDescriptor: &waf.IPSetDescriptor{ + Type: aws.String(IPSet["type"].(string)), + Value: aws.String(IPSet["value"].(string)), + }, + } + req.Updates = append(req.Updates, IPSetUpdate) } - req.Updates = append(req.Updates, IPSetUpdate) - } - _, err = conn.UpdateIPSet(req) + return conn.UpdateIPSet(req) + }) if err != nil { return fmt.Errorf("Error Updating WAF IPSet: %s", err) } diff --git a/builtin/providers/aws/resource_aws_wafregional_ipset_test.go b/builtin/providers/aws/resource_aws_wafregional_ipset_test.go index 7727525accaf..521b12273972 100644 --- a/builtin/providers/aws/resource_aws_wafregional_ipset_test.go +++ b/builtin/providers/aws/resource_aws_wafregional_ipset_test.go @@ -100,46 +100,39 @@ func testAccCheckAWSWafRegionalIPSetDisappears(v *waf.IPSet) resource.TestCheckF return func(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).wafregionalconn - // ChangeToken - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - if err != nil { - return fmt.Errorf("Error getting change token: %s", err) - } - - req := &waf.UpdateIPSetInput{ - ChangeToken: resp.ChangeToken, - IPSetId: v.IPSetId, - } + wr := newWafRegionalRetryer(conn) + _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.UpdateIPSetInput{ + ChangeToken: token, + IPSetId: v.IPSetId, + } - for _, IPSetDescriptor := range v.IPSetDescriptors { - IPSetUpdate := &waf.IPSetUpdate{ - Action: aws.String("DELETE"), - IPSetDescriptor: &waf.IPSetDescriptor{ - Type: IPSetDescriptor.Type, - Value: IPSetDescriptor.Value, - }, + for _, IPSetDescriptor := range v.IPSetDescriptors { + IPSetUpdate := &waf.IPSetUpdate{ + Action: aws.String("DELETE"), + IPSetDescriptor: &waf.IPSetDescriptor{ + Type: IPSetDescriptor.Type, + Value: IPSetDescriptor.Value, + }, + } + req.Updates = append(req.Updates, IPSetUpdate) } - req.Updates = append(req.Updates, IPSetUpdate) - } - _, err = conn.UpdateIPSet(req) + return conn.UpdateIPSet(req) + }) if err != nil { return fmt.Errorf("Error Updating WAF IPSet: %s", err) } - resp, err = conn.GetChangeToken(ct) + _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { + opts := &waf.DeleteIPSetInput{ + ChangeToken: token, + IPSetId: v.IPSetId, + } + return conn.DeleteIPSet(opts) + }) if err != nil { - return fmt.Errorf("Error getting change token for waf IPSet: %s", err) - } - - opts := &waf.DeleteIPSetInput{ - ChangeToken: resp.ChangeToken, - IPSetId: v.IPSetId, - } - if _, err := conn.DeleteIPSet(opts); err != nil { - return err + return fmt.Errorf("Error Deleting WAF IPSet: %s", err) } return nil } diff --git a/builtin/providers/aws/resource_aws_wafregional_rule.go b/builtin/providers/aws/resource_aws_wafregional_rule.go index 52b854f9770e..487e42923290 100644 --- a/builtin/providers/aws/resource_aws_wafregional_rule.go +++ b/builtin/providers/aws/resource_aws_wafregional_rule.go @@ -71,24 +71,20 @@ func resourceAwsWafRegionalRule() *schema.Resource { func resourceAwsWafRegionalRuleCreate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).wafregionalconn - // ChangeToken - var ct *waf.GetChangeTokenInput - - res, err := conn.GetChangeToken(ct) - if err != nil { - return fmt.Errorf("Error getting change token: %s", err) - } - - params := &waf.CreateRuleInput{ - ChangeToken: res.ChangeToken, - MetricName: aws.String(d.Get("metric_name").(string)), - Name: aws.String(d.Get("name").(string)), - } + wr := newWafRegionalRetryer(conn) + out, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + params := &waf.CreateRuleInput{ + ChangeToken: token, + MetricName: aws.String(d.Get("metric_name").(string)), + Name: aws.String(d.Get("name").(string)), + } - resp, err := conn.CreateRule(params) + return conn.CreateRule(params) + }) if err != nil { return err } + resp := out.(*waf.CreateRuleOutput) d.SetId(*resp.Rule.RuleId) return resourceAwsWafRegionalRuleUpdate(d, meta) } @@ -143,18 +139,15 @@ func resourceAwsWafRegionalRuleDelete(d *schema.ResourceData, meta interface{}) if err != nil { return fmt.Errorf("Error Removing WAF Rule Predicates: %s", err) } - // ChangeToken - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - - req := &waf.DeleteRuleInput{ - ChangeToken: resp.ChangeToken, - RuleId: aws.String(d.Id()), - } - log.Printf("[INFO] Deleting WAF Rule") - _, err = conn.DeleteRule(req) - + wr := newWafRegionalRetryer(conn) + _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.DeleteRuleInput{ + ChangeToken: token, + RuleId: aws.String(d.Id()), + } + log.Printf("[INFO] Deleting WAF Rule") + return conn.DeleteRule(req) + }) if err != nil { return fmt.Errorf("Error deleting WAF Rule: %s", err) } @@ -165,34 +158,29 @@ func resourceAwsWafRegionalRuleDelete(d *schema.ResourceData, meta interface{}) func updateWafRegionalRuleResource(d *schema.ResourceData, meta interface{}, ChangeAction string) error { conn := meta.(*AWSClient).wafregionalconn - // ChangeToken - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - if err != nil { - return fmt.Errorf("Error getting change token: %s", err) - } - - req := &waf.UpdateRuleInput{ - ChangeToken: resp.ChangeToken, - RuleId: aws.String(d.Id()), - } + wr := newWafRegionalRetryer(conn) + _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.UpdateRuleInput{ + ChangeToken: token, + RuleId: aws.String(d.Id()), + } - predicatesSet := d.Get("predicates").(*schema.Set) - for _, predicateI := range predicatesSet.List() { - predicate := predicateI.(map[string]interface{}) - updatePredicate := &waf.RuleUpdate{ - Action: aws.String(ChangeAction), - Predicate: &waf.Predicate{ - Negated: aws.Bool(predicate["negated"].(bool)), - Type: aws.String(predicate["type"].(string)), - DataId: aws.String(predicate["data_id"].(string)), - }, + predicatesSet := d.Get("predicates").(*schema.Set) + for _, predicateI := range predicatesSet.List() { + predicate := predicateI.(map[string]interface{}) + updatePredicate := &waf.RuleUpdate{ + Action: aws.String(ChangeAction), + Predicate: &waf.Predicate{ + Negated: aws.Bool(predicate["negated"].(bool)), + Type: aws.String(predicate["type"].(string)), + DataId: aws.String(predicate["data_id"].(string)), + }, + } + req.Updates = append(req.Updates, updatePredicate) } - req.Updates = append(req.Updates, updatePredicate) - } - _, err = conn.UpdateRule(req) + return conn.UpdateRule(req) + }) if err != nil { return fmt.Errorf("Error Updating WAF Rule: %s", err) } diff --git a/builtin/providers/aws/resource_aws_wafregional_rule_test.go b/builtin/providers/aws/resource_aws_wafregional_rule_test.go index 8a91f5f7deff..a4acd95dd41c 100644 --- a/builtin/providers/aws/resource_aws_wafregional_rule_test.go +++ b/builtin/providers/aws/resource_aws_wafregional_rule_test.go @@ -99,47 +99,40 @@ func testAccCheckAWSWafRegionalRuleDisappears(v *waf.Rule) resource.TestCheckFun return func(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).wafregionalconn - // ChangeToken - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - if err != nil { - return fmt.Errorf("Error getting change token: %s", err) - } - - req := &waf.UpdateRuleInput{ - ChangeToken: resp.ChangeToken, - RuleId: v.RuleId, - } + wr := newWafRegionalRetryer(conn) + _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.UpdateRuleInput{ + ChangeToken: token, + RuleId: v.RuleId, + } - for _, Predicate := range v.Predicates { - Predicate := &waf.RuleUpdate{ - Action: aws.String("DELETE"), - Predicate: &waf.Predicate{ - Negated: Predicate.Negated, - Type: Predicate.Type, - DataId: Predicate.DataId, - }, + for _, Predicate := range v.Predicates { + Predicate := &waf.RuleUpdate{ + Action: aws.String("DELETE"), + Predicate: &waf.Predicate{ + Negated: Predicate.Negated, + Type: Predicate.Type, + DataId: Predicate.DataId, + }, + } + req.Updates = append(req.Updates, Predicate) } - req.Updates = append(req.Updates, Predicate) - } - _, err = conn.UpdateRule(req) + return conn.UpdateRule(req) + }) if err != nil { return fmt.Errorf("Error Updating WAF Rule: %s", err) } - resp, err = conn.GetChangeToken(ct) + _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { + opts := &waf.DeleteRuleInput{ + ChangeToken: token, + RuleId: v.RuleId, + } + return conn.DeleteRule(opts) + }) if err != nil { - return fmt.Errorf("Error getting change token for waf Rule: %s", err) - } - - opts := &waf.DeleteRuleInput{ - ChangeToken: resp.ChangeToken, - RuleId: v.RuleId, - } - if _, err := conn.DeleteRule(opts); err != nil { - return err + return fmt.Errorf("Error Deleting WAF Rule: %s", err) } return nil } diff --git a/builtin/providers/aws/resource_aws_wafregional_size_constraint_set.go b/builtin/providers/aws/resource_aws_wafregional_size_constraint_set.go index 997fc7463ff8..5076c8ea50df 100644 --- a/builtin/providers/aws/resource_aws_wafregional_size_constraint_set.go +++ b/builtin/providers/aws/resource_aws_wafregional_size_constraint_set.go @@ -69,24 +69,19 @@ func resourceAwsWafRegionalSizeConstraintSetCreate(d *schema.ResourceData, meta log.Printf("[INFO] Creating SizeConstraintSet: %s", d.Get("name").(string)) - // ChangeToken - var ct *waf.GetChangeTokenInput - - res, err := conn.GetChangeToken(ct) - if err != nil { - return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) - } - - params := &waf.CreateSizeConstraintSetInput{ - ChangeToken: res.ChangeToken, - Name: aws.String(d.Get("name").(string)), - } - - resp, err := conn.CreateSizeConstraintSet(params) + wr := newWafRegionalRetryer(conn) + out, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + params := &waf.CreateSizeConstraintSetInput{ + ChangeToken: token, + Name: aws.String(d.Get("name").(string)), + } + return conn.CreateSizeConstraintSet(params) + }) if err != nil { return errwrap.Wrapf("[ERROR] Error creating SizeConstraintSet: {{err}}", err) } + resp := out.(*waf.CreateSizeConstraintSetOutput) d.SetId(*resp.SizeConstraintSet.SizeConstraintSetId) @@ -134,17 +129,14 @@ func resourceAwsWafRegionalSizeConstraintSetDelete(d *schema.ResourceData, meta return errwrap.Wrapf("[ERROR] Error deleting SizeConstraintSet: {{err}}", err) } - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - - req := &waf.DeleteSizeConstraintSetInput{ - ChangeToken: resp.ChangeToken, - SizeConstraintSetId: aws.String(d.Id()), - } - - _, err = conn.DeleteSizeConstraintSet(req) - + wr := newWafRegionalRetryer(conn) + _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.DeleteSizeConstraintSetInput{ + ChangeToken: token, + SizeConstraintSetId: aws.String(d.Id()), + } + return conn.DeleteSizeConstraintSet(req) + }) if err != nil { return errwrap.Wrapf("[ERROR] Error deleting SizeConstraintSet: {{err}}", err) } @@ -155,34 +147,30 @@ func resourceAwsWafRegionalSizeConstraintSetDelete(d *schema.ResourceData, meta func updateSizeConstraintSetResourceWR(d *schema.ResourceData, meta interface{}, ChangeAction string) error { conn := meta.(*AWSClient).wafregionalconn - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - if err != nil { - return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) - } - - req := &waf.UpdateSizeConstraintSetInput{ - ChangeToken: resp.ChangeToken, - SizeConstraintSetId: aws.String(d.Id()), - } + wr := newWafRegionalRetryer(conn) + _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.UpdateSizeConstraintSetInput{ + ChangeToken: token, + SizeConstraintSetId: aws.String(d.Id()), + } - sizeConstraints := d.Get("size_constraints").(*schema.Set) - for _, sizeConstraint := range sizeConstraints.List() { - sc := sizeConstraint.(map[string]interface{}) - sizeConstraintUpdate := &waf.SizeConstraintSetUpdate{ - Action: aws.String(ChangeAction), - SizeConstraint: &waf.SizeConstraint{ - FieldToMatch: expandFieldToMatch(sc["field_to_match"].(*schema.Set).List()[0].(map[string]interface{})), - ComparisonOperator: aws.String(sc["comparison_operator"].(string)), - Size: aws.Int64(int64(sc["size"].(int))), - TextTransformation: aws.String(sc["text_transformation"].(string)), - }, + sizeConstraints := d.Get("size_constraints").(*schema.Set) + for _, sizeConstraint := range sizeConstraints.List() { + sc := sizeConstraint.(map[string]interface{}) + sizeConstraintUpdate := &waf.SizeConstraintSetUpdate{ + Action: aws.String(ChangeAction), + SizeConstraint: &waf.SizeConstraint{ + FieldToMatch: expandFieldToMatch(sc["field_to_match"].(*schema.Set).List()[0].(map[string]interface{})), + ComparisonOperator: aws.String(sc["comparison_operator"].(string)), + Size: aws.Int64(int64(sc["size"].(int))), + TextTransformation: aws.String(sc["text_transformation"].(string)), + }, + } + req.Updates = append(req.Updates, sizeConstraintUpdate) } - req.Updates = append(req.Updates, sizeConstraintUpdate) - } - _, err = conn.UpdateSizeConstraintSet(req) + return conn.UpdateSizeConstraintSet(req) + }) if err != nil { return errwrap.Wrapf("[ERROR] Error updating SizeConstraintSet: {{err}}", err) } diff --git a/builtin/providers/aws/resource_aws_wafregional_size_constraint_set_test.go b/builtin/providers/aws/resource_aws_wafregional_size_constraint_set_test.go index be4471764137..5ea620104aca 100644 --- a/builtin/providers/aws/resource_aws_wafregional_size_constraint_set_test.go +++ b/builtin/providers/aws/resource_aws_wafregional_size_constraint_set_test.go @@ -96,45 +96,39 @@ func testAccCheckAWSWafRegionalSizeConstraintSetDisappears(v *waf.SizeConstraint return func(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).wafregionalconn - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - if err != nil { - return fmt.Errorf("Error getting change token: %s", err) - } - - req := &waf.UpdateSizeConstraintSetInput{ - ChangeToken: resp.ChangeToken, - SizeConstraintSetId: v.SizeConstraintSetId, - } + wr := newWafRegionalRetryer(conn) + _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.UpdateSizeConstraintSetInput{ + ChangeToken: token, + SizeConstraintSetId: v.SizeConstraintSetId, + } - for _, sizeConstraint := range v.SizeConstraints { - sizeConstraintUpdate := &waf.SizeConstraintSetUpdate{ - Action: aws.String("DELETE"), - SizeConstraint: &waf.SizeConstraint{ - FieldToMatch: sizeConstraint.FieldToMatch, - ComparisonOperator: sizeConstraint.ComparisonOperator, - Size: sizeConstraint.Size, - TextTransformation: sizeConstraint.TextTransformation, - }, + for _, sizeConstraint := range v.SizeConstraints { + sizeConstraintUpdate := &waf.SizeConstraintSetUpdate{ + Action: aws.String("DELETE"), + SizeConstraint: &waf.SizeConstraint{ + FieldToMatch: sizeConstraint.FieldToMatch, + ComparisonOperator: sizeConstraint.ComparisonOperator, + Size: sizeConstraint.Size, + TextTransformation: sizeConstraint.TextTransformation, + }, + } + req.Updates = append(req.Updates, sizeConstraintUpdate) } - req.Updates = append(req.Updates, sizeConstraintUpdate) - } - _, err = conn.UpdateSizeConstraintSet(req) + return conn.UpdateSizeConstraintSet(req) + }) if err != nil { return errwrap.Wrapf("[ERROR] Error updating SizeConstraintSet: {{err}}", err) } - resp, err = conn.GetChangeToken(ct) + _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { + opts := &waf.DeleteSizeConstraintSetInput{ + ChangeToken: token, + SizeConstraintSetId: v.SizeConstraintSetId, + } + return conn.DeleteSizeConstraintSet(opts) + }) if err != nil { - return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) - } - - opts := &waf.DeleteSizeConstraintSetInput{ - ChangeToken: resp.ChangeToken, - SizeConstraintSetId: v.SizeConstraintSetId, - } - if _, err := conn.DeleteSizeConstraintSet(opts); err != nil { return err } return nil diff --git a/builtin/providers/aws/resource_aws_wafregional_sql_injection_match_set.go b/builtin/providers/aws/resource_aws_wafregional_sql_injection_match_set.go index 008ba88447cc..038b6764c13a 100644 --- a/builtin/providers/aws/resource_aws_wafregional_sql_injection_match_set.go +++ b/builtin/providers/aws/resource_aws_wafregional_sql_injection_match_set.go @@ -61,25 +61,19 @@ func resourceAwsWafRegionalSqlInjectionMatchSetCreate(d *schema.ResourceData, me log.Printf("[INFO] Creating SqlInjectionMatchSet: %s", d.Get("name").(string)) - // ChangeToken - var ct *waf.GetChangeTokenInput - - res, err := conn.GetChangeToken(ct) - if err != nil { - return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) - } - - params := &waf.CreateSqlInjectionMatchSetInput{ - ChangeToken: res.ChangeToken, - Name: aws.String(d.Get("name").(string)), - } - - resp, err := conn.CreateSqlInjectionMatchSet(params) + wr := newWafRegionalRetryer(conn) + out, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + params := &waf.CreateSqlInjectionMatchSetInput{ + ChangeToken: token, + Name: aws.String(d.Get("name").(string)), + } + return conn.CreateSqlInjectionMatchSet(params) + }) if err != nil { return errwrap.Wrapf("[ERROR] Error creating SqlInjectionMatchSet: {{err}}", err) } - + resp := out.(*waf.CreateSqlInjectionMatchSetOutput) d.SetId(*resp.SqlInjectionMatchSet.SqlInjectionMatchSetId) return resourceAwsWafRegionalSqlInjectionMatchSetUpdate(d, meta) @@ -126,17 +120,15 @@ func resourceAwsWafRegionalSqlInjectionMatchSetDelete(d *schema.ResourceData, me return errwrap.Wrapf("[ERROR] Error deleting SqlInjectionMatchSet: {{err}}", err) } - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - - req := &waf.DeleteSqlInjectionMatchSetInput{ - ChangeToken: resp.ChangeToken, - SqlInjectionMatchSetId: aws.String(d.Id()), - } - - _, err = conn.DeleteSqlInjectionMatchSet(req) + wr := newWafRegionalRetryer(conn) + _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.DeleteSqlInjectionMatchSetInput{ + ChangeToken: token, + SqlInjectionMatchSetId: aws.String(d.Id()), + } + return conn.DeleteSqlInjectionMatchSet(req) + }) if err != nil { return errwrap.Wrapf("[ERROR] Error deleting SqlInjectionMatchSet: {{err}}", err) } @@ -147,32 +139,28 @@ func resourceAwsWafRegionalSqlInjectionMatchSetDelete(d *schema.ResourceData, me func updateSqlInjectionMatchSetResourceWR(d *schema.ResourceData, meta interface{}, ChangeAction string) error { conn := meta.(*AWSClient).wafregionalconn - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - if err != nil { - return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) - } - - req := &waf.UpdateSqlInjectionMatchSetInput{ - ChangeToken: resp.ChangeToken, - SqlInjectionMatchSetId: aws.String(d.Id()), - } + wr := newWafRegionalRetryer(conn) + _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.UpdateSqlInjectionMatchSetInput{ + ChangeToken: token, + SqlInjectionMatchSetId: aws.String(d.Id()), + } - sqlInjectionMatchTuples := d.Get("sql_injection_match_tuples").(*schema.Set) - for _, sqlInjectionMatchTuple := range sqlInjectionMatchTuples.List() { - simt := sqlInjectionMatchTuple.(map[string]interface{}) - sizeConstraintUpdate := &waf.SqlInjectionMatchSetUpdate{ - Action: aws.String(ChangeAction), - SqlInjectionMatchTuple: &waf.SqlInjectionMatchTuple{ - FieldToMatch: expandFieldToMatch(simt["field_to_match"].(*schema.Set).List()[0].(map[string]interface{})), - TextTransformation: aws.String(simt["text_transformation"].(string)), - }, + sqlInjectionMatchTuples := d.Get("sql_injection_match_tuples").(*schema.Set) + for _, sqlInjectionMatchTuple := range sqlInjectionMatchTuples.List() { + simt := sqlInjectionMatchTuple.(map[string]interface{}) + sizeConstraintUpdate := &waf.SqlInjectionMatchSetUpdate{ + Action: aws.String(ChangeAction), + SqlInjectionMatchTuple: &waf.SqlInjectionMatchTuple{ + FieldToMatch: expandFieldToMatch(simt["field_to_match"].(*schema.Set).List()[0].(map[string]interface{})), + TextTransformation: aws.String(simt["text_transformation"].(string)), + }, + } + req.Updates = append(req.Updates, sizeConstraintUpdate) } - req.Updates = append(req.Updates, sizeConstraintUpdate) - } - _, err = conn.UpdateSqlInjectionMatchSet(req) + return conn.UpdateSqlInjectionMatchSet(req) + }) if err != nil { return errwrap.Wrapf("[ERROR] Error updating SqlInjectionMatchSet: {{err}}", err) } diff --git a/builtin/providers/aws/resource_aws_wafregional_sql_injection_match_set_test.go b/builtin/providers/aws/resource_aws_wafregional_sql_injection_match_set_test.go index 0f8f376d855c..014f74edbbf1 100644 --- a/builtin/providers/aws/resource_aws_wafregional_sql_injection_match_set_test.go +++ b/builtin/providers/aws/resource_aws_wafregional_sql_injection_match_set_test.go @@ -96,44 +96,38 @@ func testAccCheckAWSWafRegionalSqlInjectionMatchSetDisappears(v *waf.SqlInjectio return func(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).wafregionalconn - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - if err != nil { - return fmt.Errorf("Error getting change token: %s", err) - } - - req := &waf.UpdateSqlInjectionMatchSetInput{ - ChangeToken: resp.ChangeToken, - SqlInjectionMatchSetId: v.SqlInjectionMatchSetId, - } + wr := newWafRegionalRetryer(conn) + _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.UpdateSqlInjectionMatchSetInput{ + ChangeToken: token, + SqlInjectionMatchSetId: v.SqlInjectionMatchSetId, + } - for _, sqlInjectionMatchTuple := range v.SqlInjectionMatchTuples { - sqlInjectionMatchTupleUpdate := &waf.SqlInjectionMatchSetUpdate{ - Action: aws.String("DELETE"), - SqlInjectionMatchTuple: &waf.SqlInjectionMatchTuple{ - FieldToMatch: sqlInjectionMatchTuple.FieldToMatch, - TextTransformation: sqlInjectionMatchTuple.TextTransformation, - }, + for _, sqlInjectionMatchTuple := range v.SqlInjectionMatchTuples { + sqlInjectionMatchTupleUpdate := &waf.SqlInjectionMatchSetUpdate{ + Action: aws.String("DELETE"), + SqlInjectionMatchTuple: &waf.SqlInjectionMatchTuple{ + FieldToMatch: sqlInjectionMatchTuple.FieldToMatch, + TextTransformation: sqlInjectionMatchTuple.TextTransformation, + }, + } + req.Updates = append(req.Updates, sqlInjectionMatchTupleUpdate) } - req.Updates = append(req.Updates, sqlInjectionMatchTupleUpdate) - } - _, err = conn.UpdateSqlInjectionMatchSet(req) + return conn.UpdateSqlInjectionMatchSet(req) + }) if err != nil { return errwrap.Wrapf("[ERROR] Error updating SqlInjectionMatchSet: {{err}}", err) } - resp, err = conn.GetChangeToken(ct) + _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { + opts := &waf.DeleteSqlInjectionMatchSetInput{ + ChangeToken: token, + SqlInjectionMatchSetId: v.SqlInjectionMatchSetId, + } + return conn.DeleteSqlInjectionMatchSet(opts) + }) if err != nil { - return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) - } - - opts := &waf.DeleteSqlInjectionMatchSetInput{ - ChangeToken: resp.ChangeToken, - SqlInjectionMatchSetId: v.SqlInjectionMatchSetId, - } - if _, err := conn.DeleteSqlInjectionMatchSet(opts); err != nil { - return err + return errwrap.Wrapf("[ERROR] Error deleting SqlInjectionMatchSet: {{err}}", err) } return nil } diff --git a/builtin/providers/aws/resource_aws_wafregional_web_acl.go b/builtin/providers/aws/resource_aws_wafregional_web_acl.go index ea1382cb2c4c..95498f585711 100644 --- a/builtin/providers/aws/resource_aws_wafregional_web_acl.go +++ b/builtin/providers/aws/resource_aws_wafregional_web_acl.go @@ -77,25 +77,21 @@ func resourceAwsWafRegionalWebAcl() *schema.Resource { func resourceAwsWafRegionalWebAclCreate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).wafregionalconn - // ChangeToken - var ct *waf.GetChangeTokenInput - - res, err := conn.GetChangeToken(ct) - if err != nil { - return fmt.Errorf("Error getting change token: %s", err) - } - - params := &waf.CreateWebACLInput{ - ChangeToken: res.ChangeToken, - DefaultAction: expandDefaultActionWR(d), - MetricName: aws.String(d.Get("metric_name").(string)), - Name: aws.String(d.Get("name").(string)), - } + wr := newWafRegionalRetryer(conn) + out, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + params := &waf.CreateWebACLInput{ + ChangeToken: token, + DefaultAction: expandDefaultAction(d), + MetricName: aws.String(d.Get("metric_name").(string)), + Name: aws.String(d.Get("name").(string)), + } - resp, err := conn.CreateWebACL(params) + return conn.CreateWebACL(params) + }) if err != nil { return err } + resp := out.(*waf.CreateWebACLOutput) d.SetId(*resp.WebACL.WebACLId) return resourceAwsWafRegionalWebAclUpdate(d, meta) } @@ -144,18 +140,16 @@ func resourceAwsWafRegionalWebAclDelete(d *schema.ResourceData, meta interface{} return fmt.Errorf("Error Removing WAF ACL Rules: %s", err) } - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - - req := &waf.DeleteWebACLInput{ - ChangeToken: resp.ChangeToken, - WebACLId: aws.String(d.Id()), - } - - log.Printf("[INFO] Deleting WAF ACL") - _, err = conn.DeleteWebACL(req) + wr := newWafRegionalRetryer(conn) + _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.DeleteWebACLInput{ + ChangeToken: token, + WebACLId: aws.String(d.Id()), + } + log.Printf("[INFO] Deleting WAF ACL") + return conn.DeleteWebACL(req) + }) if err != nil { return fmt.Errorf("Error Deleting WAF ACL: %s", err) } @@ -164,38 +158,33 @@ func resourceAwsWafRegionalWebAclDelete(d *schema.ResourceData, meta interface{} func updateWebAclResourceWR(d *schema.ResourceData, meta interface{}, ChangeAction string) error { conn := meta.(*AWSClient).wafregionalconn - // ChangeToken - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - if err != nil { - return fmt.Errorf("Error getting change token: %s", err) - } - - req := &waf.UpdateWebACLInput{ - ChangeToken: resp.ChangeToken, - WebACLId: aws.String(d.Id()), - } + wr := newWafRegionalRetryer(conn) + _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.UpdateWebACLInput{ + ChangeToken: token, + WebACLId: aws.String(d.Id()), + } - if d.HasChange("default_action") { - req.DefaultAction = expandDefaultActionWR(d) - } + if d.HasChange("default_action") { + req.DefaultAction = expandDefaultAction(d) + } - rules := d.Get("rules").(*schema.Set) - for _, rule := range rules.List() { - aclRule := rule.(map[string]interface{}) - action := aclRule["action"].(*schema.Set).List()[0].(map[string]interface{}) - aclRuleUpdate := &waf.WebACLUpdate{ - Action: aws.String(ChangeAction), - ActivatedRule: &waf.ActivatedRule{ - Priority: aws.Int64(int64(aclRule["priority"].(int))), - RuleId: aws.String(aclRule["rule_id"].(string)), - Action: &waf.WafAction{Type: aws.String(action["type"].(string))}, - }, + rules := d.Get("rules").(*schema.Set) + for _, rule := range rules.List() { + aclRule := rule.(map[string]interface{}) + action := aclRule["action"].(*schema.Set).List()[0].(map[string]interface{}) + aclRuleUpdate := &waf.WebACLUpdate{ + Action: aws.String(ChangeAction), + ActivatedRule: &waf.ActivatedRule{ + Priority: aws.Int64(int64(aclRule["priority"].(int))), + RuleId: aws.String(aclRule["rule_id"].(string)), + Action: &waf.WafAction{Type: aws.String(action["type"].(string))}, + }, + } + req.Updates = append(req.Updates, aclRuleUpdate) } - req.Updates = append(req.Updates, aclRuleUpdate) - } - _, err = conn.UpdateWebACL(req) + return conn.UpdateWebACL(req) + }) if err != nil { return fmt.Errorf("Error Updating WAF ACL: %s", err) } diff --git a/builtin/providers/aws/resource_aws_wafregional_web_acl_test.go b/builtin/providers/aws/resource_aws_wafregional_web_acl_test.go index 902e801ea980..671cd87ff002 100644 --- a/builtin/providers/aws/resource_aws_wafregional_web_acl_test.go +++ b/builtin/providers/aws/resource_aws_wafregional_web_acl_test.go @@ -159,47 +159,40 @@ func testAccCheckAWSWafRegionalWebAclDisappears(v *waf.WebACL) resource.TestChec return func(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).wafregionalconn - // ChangeToken - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - if err != nil { - return fmt.Errorf("Error getting change token: %s", err) - } - - req := &waf.UpdateWebACLInput{ - ChangeToken: resp.ChangeToken, - WebACLId: v.WebACLId, - } - - for _, ActivatedRule := range v.Rules { - WebACLUpdate := &waf.WebACLUpdate{ - Action: aws.String("DELETE"), - ActivatedRule: &waf.ActivatedRule{ - Priority: ActivatedRule.Priority, - RuleId: ActivatedRule.RuleId, - Action: ActivatedRule.Action, - }, + wr := newWafRegionalRetryer(conn) + _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.UpdateWebACLInput{ + ChangeToken: token, + WebACLId: v.WebACLId, } - req.Updates = append(req.Updates, WebACLUpdate) - } - _, err = conn.UpdateWebACL(req) - if err != nil { - return fmt.Errorf("Error Updating WAF ACL: %s", err) - } + for _, ActivatedRule := range v.Rules { + WebACLUpdate := &waf.WebACLUpdate{ + Action: aws.String("DELETE"), + ActivatedRule: &waf.ActivatedRule{ + Priority: ActivatedRule.Priority, + RuleId: ActivatedRule.RuleId, + Action: ActivatedRule.Action, + }, + } + req.Updates = append(req.Updates, WebACLUpdate) + } - resp, err = conn.GetChangeToken(ct) + return conn.UpdateWebACL(req) + }) if err != nil { return fmt.Errorf("Error getting change token for waf ACL: %s", err) } - opts := &waf.DeleteWebACLInput{ - ChangeToken: resp.ChangeToken, - WebACLId: v.WebACLId, - } - if _, err := conn.DeleteWebACL(opts); err != nil { - return err + _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { + opts := &waf.DeleteWebACLInput{ + ChangeToken: token, + WebACLId: v.WebACLId, + } + return conn.DeleteWebACL(opts) + }) + if err != nil { + return fmt.Errorf("Error Deleting WAF ACL: %s", err) } return nil } diff --git a/builtin/providers/aws/resource_aws_wafregional_xss_match_set.go b/builtin/providers/aws/resource_aws_wafregional_xss_match_set.go index c24bd0779f64..24c2938309b5 100644 --- a/builtin/providers/aws/resource_aws_wafregional_xss_match_set.go +++ b/builtin/providers/aws/resource_aws_wafregional_xss_match_set.go @@ -61,24 +61,19 @@ func resourceAwsWafRegionalXssMatchSetCreate(d *schema.ResourceData, meta interf log.Printf("[INFO] Creating XssMatchSet: %s", d.Get("name").(string)) - // ChangeToken - var ct *waf.GetChangeTokenInput - - res, err := conn.GetChangeToken(ct) - if err != nil { - return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) - } - - params := &waf.CreateXssMatchSetInput{ - ChangeToken: res.ChangeToken, - Name: aws.String(d.Get("name").(string)), - } - - resp, err := conn.CreateXssMatchSet(params) + wr := newWafRegionalRetryer(conn) + out, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + params := &waf.CreateXssMatchSetInput{ + ChangeToken: token, + Name: aws.String(d.Get("name").(string)), + } + return conn.CreateXssMatchSet(params) + }) if err != nil { return errwrap.Wrapf("[ERROR] Error creating XssMatchSet: {{err}}", err) } + resp := out.(*waf.CreateXssMatchSetOutput) d.SetId(*resp.XssMatchSet.XssMatchSetId) @@ -126,17 +121,15 @@ func resourceAwsWafRegionalXssMatchSetDelete(d *schema.ResourceData, meta interf return errwrap.Wrapf("[ERROR] Error deleting XssMatchSet: {{err}}", err) } - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - - req := &waf.DeleteXssMatchSetInput{ - ChangeToken: resp.ChangeToken, - XssMatchSetId: aws.String(d.Id()), - } - - _, err = conn.DeleteXssMatchSet(req) + wr := newWafRegionalRetryer(conn) + _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.DeleteXssMatchSetInput{ + ChangeToken: token, + XssMatchSetId: aws.String(d.Id()), + } + return conn.DeleteXssMatchSet(req) + }) if err != nil { return errwrap.Wrapf("[ERROR] Error deleting XssMatchSet: {{err}}", err) } @@ -147,32 +140,28 @@ func resourceAwsWafRegionalXssMatchSetDelete(d *schema.ResourceData, meta interf func updateXssMatchSetResourceWR(d *schema.ResourceData, meta interface{}, ChangeAction string) error { conn := meta.(*AWSClient).wafregionalconn - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - if err != nil { - return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) - } - - req := &waf.UpdateXssMatchSetInput{ - ChangeToken: resp.ChangeToken, - XssMatchSetId: aws.String(d.Id()), - } + wr := newWafRegionalRetryer(conn) + _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.UpdateXssMatchSetInput{ + ChangeToken: token, + XssMatchSetId: aws.String(d.Id()), + } - xssMatchTuples := d.Get("xss_match_tuples").(*schema.Set) - for _, xssMatchTuple := range xssMatchTuples.List() { - xmt := xssMatchTuple.(map[string]interface{}) - xssMatchTupleUpdate := &waf.XssMatchSetUpdate{ - Action: aws.String(ChangeAction), - XssMatchTuple: &waf.XssMatchTuple{ - FieldToMatch: expandFieldToMatch(xmt["field_to_match"].(*schema.Set).List()[0].(map[string]interface{})), - TextTransformation: aws.String(xmt["text_transformation"].(string)), - }, + xssMatchTuples := d.Get("xss_match_tuples").(*schema.Set) + for _, xssMatchTuple := range xssMatchTuples.List() { + xmt := xssMatchTuple.(map[string]interface{}) + xssMatchTupleUpdate := &waf.XssMatchSetUpdate{ + Action: aws.String(ChangeAction), + XssMatchTuple: &waf.XssMatchTuple{ + FieldToMatch: expandFieldToMatch(xmt["field_to_match"].(*schema.Set).List()[0].(map[string]interface{})), + TextTransformation: aws.String(xmt["text_transformation"].(string)), + }, + } + req.Updates = append(req.Updates, xssMatchTupleUpdate) } - req.Updates = append(req.Updates, xssMatchTupleUpdate) - } - _, err = conn.UpdateXssMatchSet(req) + return conn.UpdateXssMatchSet(req) + }) if err != nil { return errwrap.Wrapf("[ERROR] Error updating XssMatchSet: {{err}}", err) } diff --git a/builtin/providers/aws/resource_aws_wafregional_xss_match_set_test.go b/builtin/providers/aws/resource_aws_wafregional_xss_match_set_test.go index 98b1cb85331b..18157dcc3f60 100644 --- a/builtin/providers/aws/resource_aws_wafregional_xss_match_set_test.go +++ b/builtin/providers/aws/resource_aws_wafregional_xss_match_set_test.go @@ -96,44 +96,38 @@ func testAccCheckAWSWafRegionalXssMatchSetDisappears(v *waf.XssMatchSet) resourc return func(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).wafregionalconn - var ct *waf.GetChangeTokenInput - - resp, err := conn.GetChangeToken(ct) - if err != nil { - return fmt.Errorf("Error getting change token: %s", err) - } - - req := &waf.UpdateXssMatchSetInput{ - ChangeToken: resp.ChangeToken, - XssMatchSetId: v.XssMatchSetId, - } + wr := newWafRegionalRetryer(conn) + _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.UpdateXssMatchSetInput{ + ChangeToken: token, + XssMatchSetId: v.XssMatchSetId, + } - for _, xssMatchTuple := range v.XssMatchTuples { - xssMatchTupleUpdate := &waf.XssMatchSetUpdate{ - Action: aws.String("DELETE"), - XssMatchTuple: &waf.XssMatchTuple{ - FieldToMatch: xssMatchTuple.FieldToMatch, - TextTransformation: xssMatchTuple.TextTransformation, - }, + for _, xssMatchTuple := range v.XssMatchTuples { + xssMatchTupleUpdate := &waf.XssMatchSetUpdate{ + Action: aws.String("DELETE"), + XssMatchTuple: &waf.XssMatchTuple{ + FieldToMatch: xssMatchTuple.FieldToMatch, + TextTransformation: xssMatchTuple.TextTransformation, + }, + } + req.Updates = append(req.Updates, xssMatchTupleUpdate) } - req.Updates = append(req.Updates, xssMatchTupleUpdate) - } - _, err = conn.UpdateXssMatchSet(req) + return conn.UpdateXssMatchSet(req) + }) if err != nil { return errwrap.Wrapf("[ERROR] Error updating XssMatchSet: {{err}}", err) } - resp, err = conn.GetChangeToken(ct) + _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { + opts := &waf.DeleteXssMatchSetInput{ + ChangeToken: token, + XssMatchSetId: v.XssMatchSetId, + } + return conn.DeleteXssMatchSet(opts) + }) if err != nil { - return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) - } - - opts := &waf.DeleteXssMatchSetInput{ - ChangeToken: resp.ChangeToken, - XssMatchSetId: v.XssMatchSetId, - } - if _, err := conn.DeleteXssMatchSet(opts); err != nil { - return err + return errwrap.Wrapf("[ERROR] Error deleting XssMatchSet: {{err}}", err) } return nil } diff --git a/builtin/providers/aws/wafregionl_token_handlers.go b/builtin/providers/aws/wafregionl_token_handlers.go new file mode 100644 index 000000000000..241b6e2fdc99 --- /dev/null +++ b/builtin/providers/aws/wafregionl_token_handlers.go @@ -0,0 +1,51 @@ +package aws + +import ( + "log" + "time" + + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/aws/aws-sdk-go/service/wafregional" + "github.com/hashicorp/errwrap" + "github.com/hashicorp/terraform/helper/resource" +) + +type WafRegionalRetryer struct { + Connection *wafregional.WAFRegional + Region string +} + +type withRegionalTokenFunc func(token *string) (interface{}, error) + +func (t *WafRegionalRetryer) RetryWithToken(f withRegionalTokenFunc) (interface{}, error) { + awsMutexKV.Lock(t.Region) + defer awsMutexKV.Unlock(t.Region) + + var out interface{} + err := resource.Retry(15*time.Minute, func() *resource.RetryError { + var err error + var tokenOut *waf.GetChangeTokenOutput + + tokenOut, err = t.Connection.GetChangeToken(&waf.GetChangeTokenInput{}) + if err != nil { + return resource.NonRetryableError(errwrap.Wrapf("Failed to acquire change token: {{err}}", err)) + } + + out, err = f(tokenOut.ChangeToken) + if err != nil { + awsErr, ok := err.(awserr.Error) + if ok && awsErr.Code() == "WAFStaleDataException" { + return resource.RetryableError(err) + } + return resource.NonRetryableError(err) + } + return nil + }) + + return out, err +} + +func newWafRegionalRetryer(conn *wafregional.WAFRegional) *WafRegionalRetryer { + return &WafRegionalRetryer{Connection: conn} +}