provider/aws: Support IPSets with 0 descriptors

hashicorp · Apr 23, 2017 · cafce1a · cafce1a
1 parent 876bde0
commit cafce1a
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 10 deletions.
diff --git a/builtin/providers/aws/resource_aws_waf_ipset.go b/builtin/providers/aws/resource_aws_waf_ipset.go
@@ -100,29 +100,34 @@ func resourceAwsWafIPSetRead(d *schema.ResourceData, meta interface{}) error {
 func resourceAwsWafIPSetUpdate(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).wafconn
 
-	o, n := d.GetChange("ip_set_descriptors")
-	oldD, newD := o.(*schema.Set).List(), n.(*schema.Set).List()
+	if d.HasChange("ip_set_descriptors") {
+		o, n := d.GetChange("ip_set_descriptors")
+		oldD, newD := o.(*schema.Set).List(), n.(*schema.Set).List()
 
-	err := updateWafIpSetDescriptors(d.Id(), oldD, newD, conn)
-	if err != nil {
-		return fmt.Errorf("Error Updating WAF IPSet: %s", err)
+		err := updateWafIpSetDescriptors(d.Id(), oldD, newD, conn)
+		if err != nil {
+			return fmt.Errorf("Error Updating WAF IPSet: %s", err)
+		}
 	}
+
 	return resourceAwsWafIPSetRead(d, meta)
 }
 
 func resourceAwsWafIPSetDelete(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).wafconn
 
 	oldDescriptors := d.Get("ip_set_descriptors").(*schema.Set).List()
-	noDescriptors := []interface{}{}
 
-	err := updateWafIpSetDescriptors(d.Id(), oldDescriptors, noDescriptors, conn)
-	if err != nil {
-		return fmt.Errorf("Error updating IPSetDescriptors: %s", err)
+	if len(oldDescriptors) > 0 {
+		noDescriptors := []interface{}{}
+		err := updateWafIpSetDescriptors(d.Id(), oldDescriptors, noDescriptors, conn)
+		if err != nil {
+			return fmt.Errorf("Error updating IPSetDescriptors: %s", err)
+		}
 	}
 
 	wr := newWafRetryer(conn, "global")
-	_, err = wr.RetryWithToken(func(token *string) (interface{}, error) {
+	_, err := wr.RetryWithToken(func(token *string) (interface{}, error) {
 		req := &waf.DeleteIPSetInput{
 			ChangeToken: token,
 			IPSetId:     aws.String(d.Id()),

diff --git a/builtin/providers/aws/resource_aws_waf_ipset_test.go b/builtin/providers/aws/resource_aws_waf_ipset_test.go
@@ -138,6 +138,29 @@ func TestAccAWSWafIPSet_changeDescriptors(t *testing.T) {
 	})
 }
 
+func TestAccAWSWafIPSet_noDescriptors(t *testing.T) {
+	var ipset waf.IPSet
+	ipsetName := fmt.Sprintf("ip-set-%s", acctest.RandString(5))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSWafIPSetDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSWafIPSetConfig_noDescriptors(ipsetName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSWafIPSetExists("aws_waf_ipset.ipset", &ipset),
+					resource.TestCheckResourceAttr(
+						"aws_waf_ipset.ipset", "name", ipsetName),
+					resource.TestCheckResourceAttr(
+						"aws_waf_ipset.ipset", "ip_set_descriptors.#", "0"),
+				),
+			},
+		},
+	})
+}
+
 func TestDiffWafIpSetDescriptors(t *testing.T) {
 	testCases := []struct {
 		Old             []interface{}
@@ -369,3 +392,9 @@ func testAccAWSWafIPSetConfigChangeIPSetDescriptors(name string) string {
   }
 }`, name)
 }
+
+func testAccAWSWafIPSetConfig_noDescriptors(name string) string {
+	return fmt.Sprintf(`resource "aws_waf_ipset" "ipset" {
+  name = "%s"
+}`, name)
+}