diff --git a/.travis.yml b/.travis.yml index 04cc6f30960b..491539a24e7f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -29,7 +29,7 @@ script: - GOOS=windows go build branches: only: - - master + - aws-wafregional-ci notifications: irc: channels: diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go index 17105d2598bc..5fc3a5c2d92f 100644 --- a/builtin/providers/aws/config.go +++ b/builtin/providers/aws/config.go @@ -64,6 +64,7 @@ import ( "github.com/aws/aws-sdk-go/service/ssm" "github.com/aws/aws-sdk-go/service/sts" "github.com/aws/aws-sdk-go/service/waf" + "github.com/aws/aws-sdk-go/service/wafregional" "github.com/davecgh/go-spew/spew" "github.com/hashicorp/errwrap" "github.com/hashicorp/go-cleanhttp" @@ -159,6 +160,7 @@ type AWSClient struct { sfnconn *sfn.SFN ssmconn *ssm.SSM wafconn *waf.WAF + wafregionalconn *wafregional.WAFRegional } func (c *AWSClient) S3() *s3.S3 { @@ -339,6 +341,7 @@ func (c *Config) Client() (interface{}, error) { client.sqsconn = sqs.New(sess) client.ssmconn = ssm.New(sess) client.wafconn = waf.New(sess) + client.wafregionalconn = wafregional.New(sess) return &client, nil } diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go index b1f9c2bf4b1f..8e1e35c0ac53 100644 --- a/builtin/providers/aws/provider.go +++ b/builtin/providers/aws/provider.go @@ -445,6 +445,14 @@ func Provider() terraform.ResourceProvider { "aws_waf_web_acl": resourceAwsWafWebAcl(), "aws_waf_xss_match_set": resourceAwsWafXssMatchSet(), "aws_waf_sql_injection_match_set": resourceAwsWafSqlInjectionMatchSet(), + "aws_wafregional_byte_match_set": resourceAwsWafRegionalByteMatchSet(), + "aws_wafregional_ipset": resourceAwsWafRegionalIPSet(), + "aws_wafregional_rule": resourceAwsWafRegionalRule(), + "aws_wafregional_size_constraint_set": resourceAwsWafRegionalSizeConstraintSet(), + "aws_wafregional_web_acl": resourceAwsWafRegionalWebAcl(), + "aws_wafregional_xss_match_set": resourceAwsWafRegionalXssMatchSet(), + "aws_wafregional_sql_injection_match_set": resourceAwsWafRegionalSqlInjectionMatchSet(), + "aws_wafregional_web_acl_association": resourceAwsWafRegionalWebAclAssociation(), }, ConfigureFunc: providerConfigure, } diff --git a/builtin/providers/aws/resource_aws_wafregional_byte_match_set.go b/builtin/providers/aws/resource_aws_wafregional_byte_match_set.go new file mode 100644 index 000000000000..ad644eee1267 --- /dev/null +++ b/builtin/providers/aws/resource_aws_wafregional_byte_match_set.go @@ -0,0 +1,209 @@ +package aws + +import ( + "log" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/errwrap" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsWafRegionalByteMatchSet() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsWafRegionalByteMatchSetCreate, + Read: resourceAwsWafRegionalByteMatchSetRead, + Update: resourceAwsWafRegionalByteMatchSetUpdate, + Delete: resourceAwsWafRegionalByteMatchSetDelete, + + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "byte_match_tuples": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "field_to_match": { + Type: schema.TypeSet, + Required: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "data": { + Type: schema.TypeString, + Optional: true, + }, + "type": { + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, + "positional_constraint": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + "target_string": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + }, + "text_transformation": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, + }, + } +} + +func resourceAwsWafRegionalByteMatchSetCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + log.Printf("[INFO] Creating ByteMatchSet: %s", d.Get("name").(string)) + + // ChangeToken + var ct *waf.GetChangeTokenInput + + res, err := conn.GetChangeToken(ct) + if err != nil { + return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) + } + + params := &waf.CreateByteMatchSetInput{ + ChangeToken: res.ChangeToken, + Name: aws.String(d.Get("name").(string)), + } + + resp, err := conn.CreateByteMatchSet(params) + + if err != nil { + return errwrap.Wrapf("[ERROR] Error creating ByteMatchSet: {{err}}", err) + } + + d.SetId(*resp.ByteMatchSet.ByteMatchSetId) + + return resourceAwsWafRegionalByteMatchSetUpdate(d, meta) +} + +func resourceAwsWafRegionalByteMatchSetRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + log.Printf("[INFO] Reading ByteMatchSet: %s", d.Get("name").(string)) + + params := &waf.GetByteMatchSetInput{ + ByteMatchSetId: aws.String(d.Id()), + } + + resp, err := conn.GetByteMatchSet(params) + if err != nil { + if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "WAFNonexistentItemException" { + log.Printf("[WARN] WAF IPSet (%s) not found, error code (404)", d.Id()) + d.SetId("") + return nil + } + + return err + } + + d.Set("name", resp.ByteMatchSet.Name) + + return nil +} + +func resourceAwsWafRegionalByteMatchSetUpdate(d *schema.ResourceData, meta interface{}) error { + log.Printf("[INFO] Updating ByteMatchSet: %s", d.Get("name").(string)) + + err := updateByteMatchSetResourceWR(d, meta, waf.ChangeActionInsert) + if err != nil { + return errwrap.Wrapf("[ERROR] Error updating ByteMatchSet: {{err}}", err) + } + return resourceAwsWafRegionalByteMatchSetRead(d, meta) +} + +func resourceAwsWafRegionalByteMatchSetDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + log.Printf("[INFO] Deleting ByteMatchSet: %s", d.Get("name").(string)) + + err := updateByteMatchSetResourceWR(d, meta, waf.ChangeActionDelete) + if err != nil { + return errwrap.Wrapf("[ERROR] Error deleting ByteMatchSet: {{err}}", err) + } + + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + + req := &waf.DeleteByteMatchSetInput{ + ChangeToken: resp.ChangeToken, + ByteMatchSetId: aws.String(d.Id()), + } + + _, err = conn.DeleteByteMatchSet(req) + + if err != nil { + return errwrap.Wrapf("[ERROR] Error deleting ByteMatchSet: {{err}}", err) + } + + return nil +} + +func updateByteMatchSetResourceWR(d *schema.ResourceData, meta interface{}, ChangeAction string) error { + conn := meta.(*AWSClient).wafregionalconn + + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + if err != nil { + return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) + } + + req := &waf.UpdateByteMatchSetInput{ + ChangeToken: resp.ChangeToken, + ByteMatchSetId: aws.String(d.Id()), + } + + ByteMatchTuples := d.Get("byte_match_tuples").(*schema.Set) + for _, ByteMatchTuple := range ByteMatchTuples.List() { + ByteMatch := ByteMatchTuple.(map[string]interface{}) + ByteMatchUpdate := &waf.ByteMatchSetUpdate{ + Action: aws.String(ChangeAction), + ByteMatchTuple: &waf.ByteMatchTuple{ + FieldToMatch: expandFieldToMatchWR(ByteMatch["field_to_match"].(*schema.Set).List()[0].(map[string]interface{})), + PositionalConstraint: aws.String(ByteMatch["positional_constraint"].(string)), + TargetString: []byte(ByteMatch["target_string"].(string)), + TextTransformation: aws.String(ByteMatch["text_transformation"].(string)), + }, + } + req.Updates = append(req.Updates, ByteMatchUpdate) + } + + _, err = conn.UpdateByteMatchSet(req) + if err != nil { + return errwrap.Wrapf("[ERROR] Error updating ByteMatchSet: {{err}}", err) + } + + return nil +} + +func expandFieldToMatchWR(d map[string]interface{}) *waf.FieldToMatch { + return &waf.FieldToMatch{ + Type: aws.String(d["type"].(string)), + Data: aws.String(d["data"].(string)), + } +} + +func flattenFieldToMatchWR(fm *waf.FieldToMatch) map[string]interface{} { + m := make(map[string]interface{}) + m["data"] = *fm.Data + m["type"] = *fm.Type + return m +} diff --git a/builtin/providers/aws/resource_aws_wafregional_byte_match_set_test.go b/builtin/providers/aws/resource_aws_wafregional_byte_match_set_test.go new file mode 100644 index 000000000000..5ee4c564ea0a --- /dev/null +++ b/builtin/providers/aws/resource_aws_wafregional_byte_match_set_test.go @@ -0,0 +1,256 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/errwrap" + "github.com/hashicorp/terraform/helper/acctest" +) + +func TestAccAWSWafRegionalByteMatchSet_basic(t *testing.T) { + var v waf.ByteMatchSet + byteMatchSet := fmt.Sprintf("byteMatchSet-%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalByteMatchSetDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSWafRegionalByteMatchSetConfig(byteMatchSet), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalByteMatchSetExists("aws_wafregional_byte_match_set.byte_set", &v), + resource.TestCheckResourceAttr( + "aws_wafregional_byte_match_set.byte_set", "name", byteMatchSet), + resource.TestCheckResourceAttr( + "aws_wafregional_byte_match_set.byte_set", "byte_match_tuples.#", "2"), + ), + }, + }, + }) +} + +func TestAccAWSWafRegionalByteMatchSet_changeNameForceNew(t *testing.T) { + var before, after waf.ByteMatchSet + byteMatchSet := fmt.Sprintf("byteMatchSet-%s", acctest.RandString(5)) + byteMatchSetNewName := fmt.Sprintf("byteMatchSet-%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalByteMatchSetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalByteMatchSetConfig(byteMatchSet), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalByteMatchSetExists("aws_wafregional_byte_match_set.byte_set", &before), + resource.TestCheckResourceAttr( + "aws_wafregional_byte_match_set.byte_set", "name", byteMatchSet), + resource.TestCheckResourceAttr( + "aws_wafregional_byte_match_set.byte_set", "byte_match_tuples.#", "2"), + ), + }, + { + Config: testAccAWSWafRegionalByteMatchSetConfigChangeName(byteMatchSetNewName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalByteMatchSetExists("aws_wafregional_byte_match_set.byte_set", &after), + resource.TestCheckResourceAttr( + "aws_wafregional_byte_match_set.byte_set", "name", byteMatchSetNewName), + resource.TestCheckResourceAttr( + "aws_wafregional_byte_match_set.byte_set", "byte_match_tuples.#", "2"), + ), + }, + }, + }) +} + +func TestAccAWSWafRegionalByteMatchSet_disappears(t *testing.T) { + var v waf.ByteMatchSet + byteMatchSet := fmt.Sprintf("byteMatchSet-%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalByteMatchSetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalByteMatchSetConfig(byteMatchSet), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalByteMatchSetExists("aws_wafregional_byte_match_set.byte_set", &v), + testAccCheckAWSWafRegionalByteMatchSetDisappears(&v), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + +func testAccCheckAWSWafRegionalByteMatchSetDisappears(v *waf.ByteMatchSet) resource.TestCheckFunc { + return func(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + + // ChangeToken + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + if err != nil { + return fmt.Errorf("Error getting change token: %s", err) + } + + req := &waf.UpdateByteMatchSetInput{ + ChangeToken: resp.ChangeToken, + ByteMatchSetId: v.ByteMatchSetId, + } + + for _, ByteMatchTuple := range v.ByteMatchTuples { + ByteMatchUpdate := &waf.ByteMatchSetUpdate{ + Action: aws.String("DELETE"), + ByteMatchTuple: &waf.ByteMatchTuple{ + FieldToMatch: ByteMatchTuple.FieldToMatch, + PositionalConstraint: ByteMatchTuple.PositionalConstraint, + TargetString: ByteMatchTuple.TargetString, + TextTransformation: ByteMatchTuple.TextTransformation, + }, + } + req.Updates = append(req.Updates, ByteMatchUpdate) + } + + _, err = conn.UpdateByteMatchSet(req) + if err != nil { + return errwrap.Wrapf("[ERROR] Error updating ByteMatchSet: {{err}}", err) + } + + resp, err = conn.GetChangeToken(ct) + if err != nil { + return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) + } + + opts := &waf.DeleteByteMatchSetInput{ + ChangeToken: resp.ChangeToken, + ByteMatchSetId: v.ByteMatchSetId, + } + if _, err := conn.DeleteByteMatchSet(opts); err != nil { + return err + } + return nil + } +} + +func testAccCheckAWSWafRegionalByteMatchSetExists(n string, v *waf.ByteMatchSet) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No WAF ByteMatchSet ID is set") + } + + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.GetByteMatchSet(&waf.GetByteMatchSetInput{ + ByteMatchSetId: aws.String(rs.Primary.ID), + }) + + if err != nil { + return err + } + + if *resp.ByteMatchSet.ByteMatchSetId == rs.Primary.ID { + *v = *resp.ByteMatchSet + return nil + } + + return fmt.Errorf("WAF ByteMatchSet (%s) not found", rs.Primary.ID) + } +} + +func testAccCheckAWSWafRegionalByteMatchSetDestroy(s *terraform.State) error { + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_wafregional_byte_match_set" { + continue + } + + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.GetByteMatchSet( + &waf.GetByteMatchSetInput{ + ByteMatchSetId: aws.String(rs.Primary.ID), + }) + + if err == nil { + if *resp.ByteMatchSet.ByteMatchSetId == rs.Primary.ID { + return fmt.Errorf("WAF ByteMatchSet %s still exists", rs.Primary.ID) + } + } + + // Return nil if the ByteMatchSet is already destroyed + if awsErr, ok := err.(awserr.Error); ok { + if awsErr.Code() == "WAFNonexistentItemException" { + return nil + } + } + + return err + } + + return nil +} + +func testAccAWSWafRegionalByteMatchSetConfig(name string) string { + return fmt.Sprintf(` +resource "aws_wafregional_byte_match_set" "byte_set" { + name = "%s" + byte_match_tuples { + text_transformation = "NONE" + target_string = "badrefer1" + positional_constraint = "CONTAINS" + field_to_match { + type = "HEADER" + data = "referer" + } + } + + byte_match_tuples { + text_transformation = "NONE" + target_string = "badrefer2" + positional_constraint = "CONTAINS" + field_to_match { + type = "HEADER" + data = "referer" + } + } +}`, name) +} + +func testAccAWSWafRegionalByteMatchSetConfigChangeName(name string) string { + return fmt.Sprintf(` +resource "aws_wafregional_byte_match_set" "byte_set" { + name = "%s" + byte_match_tuples { + text_transformation = "NONE" + target_string = "badrefer1" + positional_constraint = "CONTAINS" + field_to_match { + type = "HEADER" + data = "referer" + } + } + + byte_match_tuples { + text_transformation = "NONE" + target_string = "badrefer2" + positional_constraint = "CONTAINS" + field_to_match { + type = "HEADER" + data = "referer" + } + } +}`, name) +} diff --git a/builtin/providers/aws/resource_aws_wafregional_ipset.go b/builtin/providers/aws/resource_aws_wafregional_ipset.go new file mode 100644 index 000000000000..e913710401f2 --- /dev/null +++ b/builtin/providers/aws/resource_aws_wafregional_ipset.go @@ -0,0 +1,175 @@ +package aws + +import ( + "fmt" + "log" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsWafRegionalIPSet() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsWafRegionalIPSetCreate, + Read: resourceAwsWafRegionalIPSetRead, + Update: resourceAwsWafRegionalIPSetUpdate, + Delete: resourceAwsWafRegionalIPSetDelete, + + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "ip_set_descriptors": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "type": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + "value": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, + }, + } +} + +func resourceAwsWafRegionalIPSetCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + // ChangeToken + var ct *waf.GetChangeTokenInput + + res, err := conn.GetChangeToken(ct) + if err != nil { + return fmt.Errorf("Error getting change token: %s", err) + } + + params := &waf.CreateIPSetInput{ + ChangeToken: res.ChangeToken, + Name: aws.String(d.Get("name").(string)), + } + + resp, err := conn.CreateIPSet(params) + if err != nil { + return err + } + d.SetId(*resp.IPSet.IPSetId) + return resourceAwsWafRegionalIPSetUpdate(d, meta) +} + +func resourceAwsWafRegionalIPSetRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + params := &waf.GetIPSetInput{ + IPSetId: aws.String(d.Id()), + } + + resp, err := conn.GetIPSet(params) + if err != nil { + if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "WAFNonexistentItemException" { + log.Printf("[WARN] WAF IPSet (%s) not found, error code (404)", d.Id()) + d.SetId("") + return nil + } + + return err + } + + var IPSetDescriptors []map[string]interface{} + + for _, IPSetDescriptor := range resp.IPSet.IPSetDescriptors { + IPSet := map[string]interface{}{ + "type": *IPSetDescriptor.Type, + "value": *IPSetDescriptor.Value, + } + IPSetDescriptors = append(IPSetDescriptors, IPSet) + } + + d.Set("ip_set_descriptors", IPSetDescriptors) + + d.Set("name", resp.IPSet.Name) + + return nil +} + +func resourceAwsWafRegionalIPSetUpdate(d *schema.ResourceData, meta interface{}) error { + err := updateIPSetResourceWR(d, meta, waf.ChangeActionInsert) + if err != nil { + return fmt.Errorf("Error Updating WAF IPSet: %s", err) + } + return resourceAwsWafRegionalIPSetRead(d, meta) +} + +func resourceAwsWafRegionalIPSetDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + err := updateIPSetResourceWR(d, meta, waf.ChangeActionDelete) + if err != nil { + return fmt.Errorf("Error Removing IPSetDescriptors: %s", err) + } + + // ChangeToken + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + + req := &waf.DeleteIPSetInput{ + ChangeToken: resp.ChangeToken, + IPSetId: aws.String(d.Id()), + } + log.Printf("[INFO] Deleting WAF IPSet") + _, err = conn.DeleteIPSet(req) + + if err != nil { + return fmt.Errorf("Error Deleting WAF IPSet: %s", err) + } + + return nil +} + +func updateIPSetResourceWR(d *schema.ResourceData, meta interface{}, ChangeAction string) error { + conn := meta.(*AWSClient).wafregionalconn + + // ChangeToken + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + if err != nil { + return fmt.Errorf("Error getting change token: %s", err) + } + + req := &waf.UpdateIPSetInput{ + ChangeToken: resp.ChangeToken, + IPSetId: aws.String(d.Id()), + } + + IPSetDescriptors := d.Get("ip_set_descriptors").(*schema.Set) + for _, IPSetDescriptor := range IPSetDescriptors.List() { + IPSet := IPSetDescriptor.(map[string]interface{}) + IPSetUpdate := &waf.IPSetUpdate{ + Action: aws.String(ChangeAction), + IPSetDescriptor: &waf.IPSetDescriptor{ + Type: aws.String(IPSet["type"].(string)), + Value: aws.String(IPSet["value"].(string)), + }, + } + req.Updates = append(req.Updates, IPSetUpdate) + } + + _, err = conn.UpdateIPSet(req) + if err != nil { + return fmt.Errorf("Error Updating WAF IPSet: %s", err) + } + + return nil +} diff --git a/builtin/providers/aws/resource_aws_wafregional_ipset_test.go b/builtin/providers/aws/resource_aws_wafregional_ipset_test.go new file mode 100644 index 000000000000..7727525accaf --- /dev/null +++ b/builtin/providers/aws/resource_aws_wafregional_ipset_test.go @@ -0,0 +1,237 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/terraform/helper/acctest" +) + +func TestAccAWSWafRegionalIPSet_basic(t *testing.T) { + var v waf.IPSet + ipsetName := fmt.Sprintf("ip-set-%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalIPSetDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSWafRegionalIPSetConfig(ipsetName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalIPSetExists("aws_wafregional_ipset.ipset", &v), + resource.TestCheckResourceAttr( + "aws_wafregional_ipset.ipset", "name", ipsetName), + resource.TestCheckResourceAttr( + "aws_wafregional_ipset.ipset", "ip_set_descriptors.4037960608.type", "IPV4"), + resource.TestCheckResourceAttr( + "aws_wafregional_ipset.ipset", "ip_set_descriptors.4037960608.value", "192.0.7.0/24"), + ), + }, + }, + }) +} + +func TestAccAWSWafRegionalIPSet_disappears(t *testing.T) { + var v waf.IPSet + ipsetName := fmt.Sprintf("ip-set-%s", acctest.RandString(5)) + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalIPSetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalIPSetConfig(ipsetName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalIPSetExists("aws_wafregional_ipset.ipset", &v), + testAccCheckAWSWafRegionalIPSetDisappears(&v), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + +func TestAccAWSWafRegionalIPSet_changeNameForceNew(t *testing.T) { + var before, after waf.IPSet + ipsetName := fmt.Sprintf("ip-set-%s", acctest.RandString(5)) + ipsetNewName := fmt.Sprintf("ip-set-new-%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalIPSetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalIPSetConfig(ipsetName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSWafRegionalIPSetExists("aws_wafregional_ipset.ipset", &before), + resource.TestCheckResourceAttr( + "aws_wafregional_ipset.ipset", "name", ipsetName), + resource.TestCheckResourceAttr( + "aws_wafregional_ipset.ipset", "ip_set_descriptors.4037960608.type", "IPV4"), + resource.TestCheckResourceAttr( + "aws_wafregional_ipset.ipset", "ip_set_descriptors.4037960608.value", "192.0.7.0/24"), + ), + }, + { + Config: testAccAWSWafRegionalIPSetConfigChangeName(ipsetNewName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSWafRegionalIPSetExists("aws_wafregional_ipset.ipset", &after), + resource.TestCheckResourceAttr( + "aws_wafregional_ipset.ipset", "name", ipsetNewName), + resource.TestCheckResourceAttr( + "aws_wafregional_ipset.ipset", "ip_set_descriptors.4037960608.type", "IPV4"), + resource.TestCheckResourceAttr( + "aws_wafregional_ipset.ipset", "ip_set_descriptors.4037960608.value", "192.0.7.0/24"), + ), + }, + }, + }) +} + +func testAccCheckAWSWafRegionalIPSetDisappears(v *waf.IPSet) resource.TestCheckFunc { + return func(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + + // ChangeToken + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + if err != nil { + return fmt.Errorf("Error getting change token: %s", err) + } + + req := &waf.UpdateIPSetInput{ + ChangeToken: resp.ChangeToken, + IPSetId: v.IPSetId, + } + + for _, IPSetDescriptor := range v.IPSetDescriptors { + IPSetUpdate := &waf.IPSetUpdate{ + Action: aws.String("DELETE"), + IPSetDescriptor: &waf.IPSetDescriptor{ + Type: IPSetDescriptor.Type, + Value: IPSetDescriptor.Value, + }, + } + req.Updates = append(req.Updates, IPSetUpdate) + } + + _, err = conn.UpdateIPSet(req) + if err != nil { + return fmt.Errorf("Error Updating WAF IPSet: %s", err) + } + + resp, err = conn.GetChangeToken(ct) + if err != nil { + return fmt.Errorf("Error getting change token for waf IPSet: %s", err) + } + + opts := &waf.DeleteIPSetInput{ + ChangeToken: resp.ChangeToken, + IPSetId: v.IPSetId, + } + if _, err := conn.DeleteIPSet(opts); err != nil { + return err + } + return nil + } +} + +func testAccCheckAWSWafRegionalIPSetDestroy(s *terraform.State) error { + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_wafregional_ipset" { + continue + } + + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.GetIPSet( + &waf.GetIPSetInput{ + IPSetId: aws.String(rs.Primary.ID), + }) + + if err == nil { + if *resp.IPSet.IPSetId == rs.Primary.ID { + return fmt.Errorf("WAF IPSet %s still exists", rs.Primary.ID) + } + } + + // Return nil if the IPSet is already destroyed + if awsErr, ok := err.(awserr.Error); ok { + if awsErr.Code() == "WAFNonexistentItemException" { + return nil + } + } + + return err + } + + return nil +} + +func testAccCheckAWSWafRegionalIPSetExists(n string, v *waf.IPSet) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No WAF IPSet ID is set") + } + + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.GetIPSet(&waf.GetIPSetInput{ + IPSetId: aws.String(rs.Primary.ID), + }) + + if err != nil { + return err + } + + if *resp.IPSet.IPSetId == rs.Primary.ID { + *v = *resp.IPSet + return nil + } + + return fmt.Errorf("WAF IPSet (%s) not found", rs.Primary.ID) + } +} + +func testAccAWSWafRegionalIPSetConfig(name string) string { + return fmt.Sprintf(` +resource "aws_wafregional_ipset" "ipset" { + name = "%s" + ip_set_descriptors { + type = "IPV4" + value = "192.0.7.0/24" + } +}`, name) +} + +func testAccAWSWafRegionalIPSetConfigChangeName(name string) string { + return fmt.Sprintf(`resource "aws_wafregional_ipset" "ipset" { + name = "%s" + ip_set_descriptors { + type = "IPV4" + value = "192.0.7.0/24" + } +}`, name) +} + +func testAccAWSWafRegionalIPSetConfigChangeIPSetDescriptors(name string) string { + return fmt.Sprintf(`resource "aws_wafregional_ipset" "ipset" { + name = "%s" + ip_set_descriptors { + type = "IPV4" + value = "192.0.8.0/24" + } +}`, name) +} diff --git a/builtin/providers/aws/resource_aws_wafregional_rule.go b/builtin/providers/aws/resource_aws_wafregional_rule.go new file mode 100644 index 000000000000..52b854f9770e --- /dev/null +++ b/builtin/providers/aws/resource_aws_wafregional_rule.go @@ -0,0 +1,201 @@ +package aws + +import ( + "fmt" + "log" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsWafRegionalRule() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsWafRegionalRuleCreate, + Read: resourceAwsWafRegionalRuleRead, + Update: resourceAwsWafRegionalRuleUpdate, + Delete: resourceAwsWafRegionalRuleDelete, + + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "metric_name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "predicates": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "negated": &schema.Schema{ + Type: schema.TypeBool, + Required: true, + }, + "data_id": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { + value := v.(string) + if len(value) > 128 { + errors = append(errors, fmt.Errorf( + "%q cannot be longer than 128 characters", k)) + } + return + }, + }, + "type": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { + value := v.(string) + if value != "IPMatch" && value != "ByteMatch" && value != "SqlInjectionMatch" && value != "SizeConstraint" && value != "XssMatch" { + errors = append(errors, fmt.Errorf( + "%q must be one of IPMatch | ByteMatch | SqlInjectionMatch | SizeConstraint | XssMatch", k)) + } + return + }, + }, + }, + }, + }, + }, + } +} + +func resourceAwsWafRegionalRuleCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + // ChangeToken + var ct *waf.GetChangeTokenInput + + res, err := conn.GetChangeToken(ct) + if err != nil { + return fmt.Errorf("Error getting change token: %s", err) + } + + params := &waf.CreateRuleInput{ + ChangeToken: res.ChangeToken, + MetricName: aws.String(d.Get("metric_name").(string)), + Name: aws.String(d.Get("name").(string)), + } + + resp, err := conn.CreateRule(params) + if err != nil { + return err + } + d.SetId(*resp.Rule.RuleId) + return resourceAwsWafRegionalRuleUpdate(d, meta) +} + +func resourceAwsWafRegionalRuleRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + params := &waf.GetRuleInput{ + RuleId: aws.String(d.Id()), + } + + resp, err := conn.GetRule(params) + if err != nil { + if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "WAFNonexistentItemException" { + log.Printf("[WARN] WAF Rule (%s) not found, error code (404)", d.Id()) + d.SetId("") + return nil + } + + return err + } + + var predicates []map[string]interface{} + + for _, predicateSet := range resp.Rule.Predicates { + predicate := map[string]interface{}{ + "negated": *predicateSet.Negated, + "type": *predicateSet.Type, + "data_id": *predicateSet.DataId, + } + predicates = append(predicates, predicate) + } + + d.Set("predicates", predicates) + d.Set("name", resp.Rule.Name) + d.Set("metric_name", resp.Rule.MetricName) + + return nil +} + +func resourceAwsWafRegionalRuleUpdate(d *schema.ResourceData, meta interface{}) error { + err := updateWafRegionalRuleResource(d, meta, waf.ChangeActionInsert) + if err != nil { + return fmt.Errorf("Error Updating WAF Rule: %s", err) + } + return resourceAwsWafRegionalRuleRead(d, meta) +} + +func resourceAwsWafRegionalRuleDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + err := updateWafRegionalRuleResource(d, meta, waf.ChangeActionDelete) + if err != nil { + return fmt.Errorf("Error Removing WAF Rule Predicates: %s", err) + } + // ChangeToken + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + + req := &waf.DeleteRuleInput{ + ChangeToken: resp.ChangeToken, + RuleId: aws.String(d.Id()), + } + log.Printf("[INFO] Deleting WAF Rule") + _, err = conn.DeleteRule(req) + + if err != nil { + return fmt.Errorf("Error deleting WAF Rule: %s", err) + } + + return nil +} + +func updateWafRegionalRuleResource(d *schema.ResourceData, meta interface{}, ChangeAction string) error { + conn := meta.(*AWSClient).wafregionalconn + + // ChangeToken + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + if err != nil { + return fmt.Errorf("Error getting change token: %s", err) + } + + req := &waf.UpdateRuleInput{ + ChangeToken: resp.ChangeToken, + RuleId: aws.String(d.Id()), + } + + predicatesSet := d.Get("predicates").(*schema.Set) + for _, predicateI := range predicatesSet.List() { + predicate := predicateI.(map[string]interface{}) + updatePredicate := &waf.RuleUpdate{ + Action: aws.String(ChangeAction), + Predicate: &waf.Predicate{ + Negated: aws.Bool(predicate["negated"].(bool)), + Type: aws.String(predicate["type"].(string)), + DataId: aws.String(predicate["data_id"].(string)), + }, + } + req.Updates = append(req.Updates, updatePredicate) + } + + _, err = conn.UpdateRule(req) + if err != nil { + return fmt.Errorf("Error Updating WAF Rule: %s", err) + } + + return nil +} diff --git a/builtin/providers/aws/resource_aws_wafregional_rule_test.go b/builtin/providers/aws/resource_aws_wafregional_rule_test.go new file mode 100644 index 000000000000..8a91f5f7deff --- /dev/null +++ b/builtin/providers/aws/resource_aws_wafregional_rule_test.go @@ -0,0 +1,250 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/terraform/helper/acctest" +) + +func TestAccAWSWafRegionalRule_basic(t *testing.T) { + var v waf.Rule + wafRuleName := fmt.Sprintf("wafrule%s", acctest.RandString(5)) + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalRuleDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSWafRegionalRuleConfig(wafRuleName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalRuleExists("aws_wafregional_rule.wafrule", &v), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "name", wafRuleName), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "predicates.#", "1"), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "metric_name", wafRuleName), + ), + }, + }, + }) +} + +func TestAccAWSWafRegionalRule_changeNameForceNew(t *testing.T) { + var before, after waf.Rule + wafRuleName := fmt.Sprintf("wafrule%s", acctest.RandString(5)) + wafRuleNewName := fmt.Sprintf("wafrulenew%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalIPSetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalRuleConfig(wafRuleName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalRuleExists("aws_wafregional_rule.wafrule", &before), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "name", wafRuleName), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "predicates.#", "1"), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "metric_name", wafRuleName), + ), + }, + { + Config: testAccAWSWafRegionalRuleConfigChangeName(wafRuleNewName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalRuleExists("aws_wafregional_rule.wafrule", &after), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "name", wafRuleNewName), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "predicates.#", "1"), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "metric_name", wafRuleNewName), + ), + }, + }, + }) +} + +func TestAccAWSWafRegionalRule_disappears(t *testing.T) { + var v waf.Rule + wafRuleName := fmt.Sprintf("wafrule%s", acctest.RandString(5)) + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalRuleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalRuleConfig(wafRuleName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalRuleExists("aws_wafregional_rule.wafrule", &v), + testAccCheckAWSWafRegionalRuleDisappears(&v), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + +func testAccCheckAWSWafRegionalRuleDisappears(v *waf.Rule) resource.TestCheckFunc { + return func(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + + // ChangeToken + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + if err != nil { + return fmt.Errorf("Error getting change token: %s", err) + } + + req := &waf.UpdateRuleInput{ + ChangeToken: resp.ChangeToken, + RuleId: v.RuleId, + } + + for _, Predicate := range v.Predicates { + Predicate := &waf.RuleUpdate{ + Action: aws.String("DELETE"), + Predicate: &waf.Predicate{ + Negated: Predicate.Negated, + Type: Predicate.Type, + DataId: Predicate.DataId, + }, + } + req.Updates = append(req.Updates, Predicate) + } + + _, err = conn.UpdateRule(req) + if err != nil { + return fmt.Errorf("Error Updating WAF Rule: %s", err) + } + + resp, err = conn.GetChangeToken(ct) + if err != nil { + return fmt.Errorf("Error getting change token for waf Rule: %s", err) + } + + opts := &waf.DeleteRuleInput{ + ChangeToken: resp.ChangeToken, + RuleId: v.RuleId, + } + if _, err := conn.DeleteRule(opts); err != nil { + return err + } + return nil + } +} + +func testAccCheckAWSWafRegionalRuleDestroy(s *terraform.State) error { + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_wafregional_rule" { + continue + } + + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.GetRule( + &waf.GetRuleInput{ + RuleId: aws.String(rs.Primary.ID), + }) + + if err == nil { + if *resp.Rule.RuleId == rs.Primary.ID { + return fmt.Errorf("WAF Rule %s still exists", rs.Primary.ID) + } + } + + // Return nil if the Rule is already destroyed + if awsErr, ok := err.(awserr.Error); ok { + if awsErr.Code() == "WAFNonexistentItemException" { + return nil + } + } + + return err + } + + return nil +} + +func testAccCheckAWSWafRegionalRuleExists(n string, v *waf.Rule) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No WAF Rule ID is set") + } + + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.GetRule(&waf.GetRuleInput{ + RuleId: aws.String(rs.Primary.ID), + }) + + if err != nil { + return err + } + + if *resp.Rule.RuleId == rs.Primary.ID { + *v = *resp.Rule + return nil + } + + return fmt.Errorf("WAF Rule (%s) not found", rs.Primary.ID) + } +} + +func testAccAWSWafRegionalRuleConfig(name string) string { + return fmt.Sprintf(` +resource "aws_wafregional_ipset" "ipset" { + name = "%s" + ip_set_descriptors { + type = "IPV4" + value = "192.0.7.0/24" + } +} + +resource "aws_wafregional_rule" "wafrule" { + depends_on = ["aws_wafregional_ipset.ipset"] + name = "%s" + metric_name = "%s" + predicates { + data_id = "${aws_wafregional_ipset.ipset.id}" + negated = false + type = "IPMatch" + } +}`, name, name, name) +} + +func testAccAWSWafRegionalRuleConfigChangeName(name string) string { + return fmt.Sprintf(` +resource "aws_wafregional_ipset" "ipset" { + name = "%s" + ip_set_descriptors { + type = "IPV4" + value = "192.0.7.0/24" + } +} + +resource "aws_wafregional_rule" "wafrule" { + depends_on = ["aws_wafregional_ipset.ipset"] + name = "%s" + metric_name = "%s" + predicates { + data_id = "${aws_wafregional_ipset.ipset.id}" + negated = false + type = "IPMatch" + } +}`, name, name, name) +} diff --git a/builtin/providers/aws/resource_aws_wafregional_size_constraint_set.go b/builtin/providers/aws/resource_aws_wafregional_size_constraint_set.go new file mode 100644 index 000000000000..997fc7463ff8 --- /dev/null +++ b/builtin/providers/aws/resource_aws_wafregional_size_constraint_set.go @@ -0,0 +1,191 @@ +package aws + +import ( + "log" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/errwrap" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsWafRegionalSizeConstraintSet() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsWafRegionalSizeConstraintSetCreate, + Read: resourceAwsWafRegionalSizeConstraintSetRead, + Update: resourceAwsWafRegionalSizeConstraintSetUpdate, + Delete: resourceAwsWafRegionalSizeConstraintSetDelete, + + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "size_constraints": &schema.Schema{ + Type: schema.TypeSet, + Required: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "field_to_match": { + Type: schema.TypeSet, + Required: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "data": { + Type: schema.TypeString, + Optional: true, + }, + "type": { + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, + "comparison_operator": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + "size": &schema.Schema{ + Type: schema.TypeInt, + Required: true, + }, + "text_transformation": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, + }, + } +} + +func resourceAwsWafRegionalSizeConstraintSetCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + log.Printf("[INFO] Creating SizeConstraintSet: %s", d.Get("name").(string)) + + // ChangeToken + var ct *waf.GetChangeTokenInput + + res, err := conn.GetChangeToken(ct) + if err != nil { + return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) + } + + params := &waf.CreateSizeConstraintSetInput{ + ChangeToken: res.ChangeToken, + Name: aws.String(d.Get("name").(string)), + } + + resp, err := conn.CreateSizeConstraintSet(params) + + if err != nil { + return errwrap.Wrapf("[ERROR] Error creating SizeConstraintSet: {{err}}", err) + } + + d.SetId(*resp.SizeConstraintSet.SizeConstraintSetId) + + return resourceAwsWafRegionalSizeConstraintSetUpdate(d, meta) +} + +func resourceAwsWafRegionalSizeConstraintSetRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + log.Printf("[INFO] Reading SizeConstraintSet: %s", d.Get("name").(string)) + params := &waf.GetSizeConstraintSetInput{ + SizeConstraintSetId: aws.String(d.Id()), + } + + resp, err := conn.GetSizeConstraintSet(params) + if err != nil { + if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "WAFNonexistentItemException" { + log.Printf("[WARN] WAF IPSet (%s) not found, error code (404)", d.Id()) + d.SetId("") + return nil + } + + return err + } + + d.Set("name", resp.SizeConstraintSet.Name) + + return nil +} + +func resourceAwsWafRegionalSizeConstraintSetUpdate(d *schema.ResourceData, meta interface{}) error { + log.Printf("[INFO] Updating SizeConstraintSet: %s", d.Get("name").(string)) + err := updateSizeConstraintSetResourceWR(d, meta, waf.ChangeActionInsert) + if err != nil { + return errwrap.Wrapf("[ERROR] Error updating SizeConstraintSet: {{err}}", err) + } + return resourceAwsWafRegionalSizeConstraintSetRead(d, meta) +} + +func resourceAwsWafRegionalSizeConstraintSetDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + log.Printf("[INFO] Deleting SizeConstraintSet: %s", d.Get("name").(string)) + err := updateSizeConstraintSetResourceWR(d, meta, waf.ChangeActionDelete) + if err != nil { + return errwrap.Wrapf("[ERROR] Error deleting SizeConstraintSet: {{err}}", err) + } + + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + + req := &waf.DeleteSizeConstraintSetInput{ + ChangeToken: resp.ChangeToken, + SizeConstraintSetId: aws.String(d.Id()), + } + + _, err = conn.DeleteSizeConstraintSet(req) + + if err != nil { + return errwrap.Wrapf("[ERROR] Error deleting SizeConstraintSet: {{err}}", err) + } + + return nil +} + +func updateSizeConstraintSetResourceWR(d *schema.ResourceData, meta interface{}, ChangeAction string) error { + conn := meta.(*AWSClient).wafregionalconn + + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + if err != nil { + return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) + } + + req := &waf.UpdateSizeConstraintSetInput{ + ChangeToken: resp.ChangeToken, + SizeConstraintSetId: aws.String(d.Id()), + } + + sizeConstraints := d.Get("size_constraints").(*schema.Set) + for _, sizeConstraint := range sizeConstraints.List() { + sc := sizeConstraint.(map[string]interface{}) + sizeConstraintUpdate := &waf.SizeConstraintSetUpdate{ + Action: aws.String(ChangeAction), + SizeConstraint: &waf.SizeConstraint{ + FieldToMatch: expandFieldToMatch(sc["field_to_match"].(*schema.Set).List()[0].(map[string]interface{})), + ComparisonOperator: aws.String(sc["comparison_operator"].(string)), + Size: aws.Int64(int64(sc["size"].(int))), + TextTransformation: aws.String(sc["text_transformation"].(string)), + }, + } + req.Updates = append(req.Updates, sizeConstraintUpdate) + } + + _, err = conn.UpdateSizeConstraintSet(req) + if err != nil { + return errwrap.Wrapf("[ERROR] Error updating SizeConstraintSet: {{err}}", err) + } + + return nil +} diff --git a/builtin/providers/aws/resource_aws_wafregional_size_constraint_set_test.go b/builtin/providers/aws/resource_aws_wafregional_size_constraint_set_test.go new file mode 100644 index 000000000000..be4471764137 --- /dev/null +++ b/builtin/providers/aws/resource_aws_wafregional_size_constraint_set_test.go @@ -0,0 +1,232 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/errwrap" + "github.com/hashicorp/terraform/helper/acctest" +) + +func TestAccAWSWafRegionalSizeConstraintSet_basic(t *testing.T) { + var v waf.SizeConstraintSet + sizeConstraintSet := fmt.Sprintf("sizeConstraintSet-%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalSizeConstraintSetDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSWafRegionalSizeConstraintSetConfig(sizeConstraintSet), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalSizeConstraintSetExists("aws_wafregional_size_constraint_set.size_constraint_set", &v), + resource.TestCheckResourceAttr( + "aws_wafregional_size_constraint_set.size_constraint_set", "name", sizeConstraintSet), + resource.TestCheckResourceAttr( + "aws_wafregional_size_constraint_set.size_constraint_set", "size_constraints.#", "1"), + ), + }, + }, + }) +} + +func TestAccAWSWafRegionalSizeConstraintSet_changeNameForceNew(t *testing.T) { + var before, after waf.SizeConstraintSet + sizeConstraintSet := fmt.Sprintf("sizeConstraintSet-%s", acctest.RandString(5)) + sizeConstraintSetNewName := fmt.Sprintf("sizeConstraintSet-%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalSizeConstraintSetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalSizeConstraintSetConfig(sizeConstraintSet), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalSizeConstraintSetExists("aws_wafregional_size_constraint_set.size_constraint_set", &before), + resource.TestCheckResourceAttr( + "aws_wafregional_size_constraint_set.size_constraint_set", "name", sizeConstraintSet), + resource.TestCheckResourceAttr( + "aws_wafregional_size_constraint_set.size_constraint_set", "size_constraints.#", "1"), + ), + }, + { + Config: testAccAWSWafRegionalSizeConstraintSetConfigChangeName(sizeConstraintSetNewName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalSizeConstraintSetExists("aws_wafregional_size_constraint_set.size_constraint_set", &after), + resource.TestCheckResourceAttr( + "aws_wafregional_size_constraint_set.size_constraint_set", "name", sizeConstraintSetNewName), + resource.TestCheckResourceAttr( + "aws_wafregional_size_constraint_set.size_constraint_set", "size_constraints.#", "1"), + ), + }, + }, + }) +} + +func TestAccAWSWafRegionalSizeConstraintSet_disappears(t *testing.T) { + var v waf.SizeConstraintSet + sizeConstraintSet := fmt.Sprintf("sizeConstraintSet-%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalSizeConstraintSetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalSizeConstraintSetConfig(sizeConstraintSet), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalSizeConstraintSetExists("aws_wafregional_size_constraint_set.size_constraint_set", &v), + testAccCheckAWSWafRegionalSizeConstraintSetDisappears(&v), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + +func testAccCheckAWSWafRegionalSizeConstraintSetDisappears(v *waf.SizeConstraintSet) resource.TestCheckFunc { + return func(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + if err != nil { + return fmt.Errorf("Error getting change token: %s", err) + } + + req := &waf.UpdateSizeConstraintSetInput{ + ChangeToken: resp.ChangeToken, + SizeConstraintSetId: v.SizeConstraintSetId, + } + + for _, sizeConstraint := range v.SizeConstraints { + sizeConstraintUpdate := &waf.SizeConstraintSetUpdate{ + Action: aws.String("DELETE"), + SizeConstraint: &waf.SizeConstraint{ + FieldToMatch: sizeConstraint.FieldToMatch, + ComparisonOperator: sizeConstraint.ComparisonOperator, + Size: sizeConstraint.Size, + TextTransformation: sizeConstraint.TextTransformation, + }, + } + req.Updates = append(req.Updates, sizeConstraintUpdate) + } + _, err = conn.UpdateSizeConstraintSet(req) + if err != nil { + return errwrap.Wrapf("[ERROR] Error updating SizeConstraintSet: {{err}}", err) + } + + resp, err = conn.GetChangeToken(ct) + if err != nil { + return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) + } + + opts := &waf.DeleteSizeConstraintSetInput{ + ChangeToken: resp.ChangeToken, + SizeConstraintSetId: v.SizeConstraintSetId, + } + if _, err := conn.DeleteSizeConstraintSet(opts); err != nil { + return err + } + return nil + } +} + +func testAccCheckAWSWafRegionalSizeConstraintSetExists(n string, v *waf.SizeConstraintSet) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No WAF SizeConstraintSet ID is set") + } + + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.GetSizeConstraintSet(&waf.GetSizeConstraintSetInput{ + SizeConstraintSetId: aws.String(rs.Primary.ID), + }) + + if err != nil { + return err + } + + if *resp.SizeConstraintSet.SizeConstraintSetId == rs.Primary.ID { + *v = *resp.SizeConstraintSet + return nil + } + + return fmt.Errorf("WAF SizeConstraintSet (%s) not found", rs.Primary.ID) + } +} + +func testAccCheckAWSWafRegionalSizeConstraintSetDestroy(s *terraform.State) error { + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_wafregional_byte_match_set" { + continue + } + + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.GetSizeConstraintSet( + &waf.GetSizeConstraintSetInput{ + SizeConstraintSetId: aws.String(rs.Primary.ID), + }) + + if err == nil { + if *resp.SizeConstraintSet.SizeConstraintSetId == rs.Primary.ID { + return fmt.Errorf("WAF SizeConstraintSet %s still exists", rs.Primary.ID) + } + } + + // Return nil if the SizeConstraintSet is already destroyed + if awsErr, ok := err.(awserr.Error); ok { + if awsErr.Code() == "WAFNonexistentItemException" { + return nil + } + } + + return err + } + + return nil +} + +func testAccAWSWafRegionalSizeConstraintSetConfig(name string) string { + return fmt.Sprintf(` +resource "aws_wafregional_size_constraint_set" "size_constraint_set" { + name = "%s" + size_constraints { + text_transformation = "NONE" + comparison_operator = "EQ" + size = "4096" + field_to_match { + type = "BODY" + } + } +}`, name) +} + +func testAccAWSWafRegionalSizeConstraintSetConfigChangeName(name string) string { + return fmt.Sprintf(` +resource "aws_wafregional_size_constraint_set" "size_constraint_set" { + name = "%s" + size_constraints { + text_transformation = "NONE" + comparison_operator = "EQ" + size = "4096" + field_to_match { + type = "BODY" + } + } +}`, name) +} diff --git a/builtin/providers/aws/resource_aws_wafregional_sql_injection_match_set.go b/builtin/providers/aws/resource_aws_wafregional_sql_injection_match_set.go new file mode 100644 index 000000000000..008ba88447cc --- /dev/null +++ b/builtin/providers/aws/resource_aws_wafregional_sql_injection_match_set.go @@ -0,0 +1,181 @@ +package aws + +import ( + "log" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/errwrap" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsWafRegionalSqlInjectionMatchSet() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsWafRegionalSqlInjectionMatchSetCreate, + Read: resourceAwsWafRegionalSqlInjectionMatchSetRead, + Update: resourceAwsWafRegionalSqlInjectionMatchSetUpdate, + Delete: resourceAwsWafRegionalSqlInjectionMatchSetDelete, + + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "sql_injection_match_tuples": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "field_to_match": { + Type: schema.TypeSet, + Required: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "data": { + Type: schema.TypeString, + Optional: true, + }, + "type": { + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, + "text_transformation": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, + }, + } +} + +func resourceAwsWafRegionalSqlInjectionMatchSetCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + log.Printf("[INFO] Creating SqlInjectionMatchSet: %s", d.Get("name").(string)) + + // ChangeToken + var ct *waf.GetChangeTokenInput + + res, err := conn.GetChangeToken(ct) + if err != nil { + return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) + } + + params := &waf.CreateSqlInjectionMatchSetInput{ + ChangeToken: res.ChangeToken, + Name: aws.String(d.Get("name").(string)), + } + + resp, err := conn.CreateSqlInjectionMatchSet(params) + + if err != nil { + return errwrap.Wrapf("[ERROR] Error creating SqlInjectionMatchSet: {{err}}", err) + } + + d.SetId(*resp.SqlInjectionMatchSet.SqlInjectionMatchSetId) + + return resourceAwsWafRegionalSqlInjectionMatchSetUpdate(d, meta) +} + +func resourceAwsWafRegionalSqlInjectionMatchSetRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + log.Printf("[INFO] Reading SqlInjectionMatchSet: %s", d.Get("name").(string)) + params := &waf.GetSqlInjectionMatchSetInput{ + SqlInjectionMatchSetId: aws.String(d.Id()), + } + + resp, err := conn.GetSqlInjectionMatchSet(params) + if err != nil { + if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "WAFNonexistentItemException" { + log.Printf("[WARN] WAF IPSet (%s) not found, error code (404)", d.Id()) + d.SetId("") + return nil + } + + return err + } + + d.Set("name", resp.SqlInjectionMatchSet.Name) + + return nil +} + +func resourceAwsWafRegionalSqlInjectionMatchSetUpdate(d *schema.ResourceData, meta interface{}) error { + log.Printf("[INFO] Updating SqlInjectionMatchSet: %s", d.Get("name").(string)) + err := updateSqlInjectionMatchSetResourceWR(d, meta, waf.ChangeActionInsert) + if err != nil { + return errwrap.Wrapf("[ERROR] Error updating SqlInjectionMatchSet: {{err}}", err) + } + return resourceAwsWafRegionalSqlInjectionMatchSetRead(d, meta) +} + +func resourceAwsWafRegionalSqlInjectionMatchSetDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + log.Printf("[INFO] Deleting SqlInjectionMatchSet: %s", d.Get("name").(string)) + err := updateSqlInjectionMatchSetResourceWR(d, meta, waf.ChangeActionDelete) + if err != nil { + return errwrap.Wrapf("[ERROR] Error deleting SqlInjectionMatchSet: {{err}}", err) + } + + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + + req := &waf.DeleteSqlInjectionMatchSetInput{ + ChangeToken: resp.ChangeToken, + SqlInjectionMatchSetId: aws.String(d.Id()), + } + + _, err = conn.DeleteSqlInjectionMatchSet(req) + + if err != nil { + return errwrap.Wrapf("[ERROR] Error deleting SqlInjectionMatchSet: {{err}}", err) + } + + return nil +} + +func updateSqlInjectionMatchSetResourceWR(d *schema.ResourceData, meta interface{}, ChangeAction string) error { + conn := meta.(*AWSClient).wafregionalconn + + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + if err != nil { + return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) + } + + req := &waf.UpdateSqlInjectionMatchSetInput{ + ChangeToken: resp.ChangeToken, + SqlInjectionMatchSetId: aws.String(d.Id()), + } + + sqlInjectionMatchTuples := d.Get("sql_injection_match_tuples").(*schema.Set) + for _, sqlInjectionMatchTuple := range sqlInjectionMatchTuples.List() { + simt := sqlInjectionMatchTuple.(map[string]interface{}) + sizeConstraintUpdate := &waf.SqlInjectionMatchSetUpdate{ + Action: aws.String(ChangeAction), + SqlInjectionMatchTuple: &waf.SqlInjectionMatchTuple{ + FieldToMatch: expandFieldToMatch(simt["field_to_match"].(*schema.Set).List()[0].(map[string]interface{})), + TextTransformation: aws.String(simt["text_transformation"].(string)), + }, + } + req.Updates = append(req.Updates, sizeConstraintUpdate) + } + + _, err = conn.UpdateSqlInjectionMatchSet(req) + if err != nil { + return errwrap.Wrapf("[ERROR] Error updating SqlInjectionMatchSet: {{err}}", err) + } + + return nil +} diff --git a/builtin/providers/aws/resource_aws_wafregional_sql_injection_match_set_test.go b/builtin/providers/aws/resource_aws_wafregional_sql_injection_match_set_test.go new file mode 100644 index 000000000000..0f8f376d855c --- /dev/null +++ b/builtin/providers/aws/resource_aws_wafregional_sql_injection_match_set_test.go @@ -0,0 +1,226 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/errwrap" + "github.com/hashicorp/terraform/helper/acctest" +) + +func TestAccAWSWafRegionalSqlInjectionMatchSet_basic(t *testing.T) { + var v waf.SqlInjectionMatchSet + sqlInjectionMatchSet := fmt.Sprintf("sqlInjectionMatchSet-%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalSqlInjectionMatchSetDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSWafRegionalSqlInjectionMatchSetConfig(sqlInjectionMatchSet), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalSqlInjectionMatchSetExists("aws_wafregional_sql_injection_match_set.sql_injection_match_set", &v), + resource.TestCheckResourceAttr( + "aws_wafregional_sql_injection_match_set.sql_injection_match_set", "name", sqlInjectionMatchSet), + resource.TestCheckResourceAttr( + "aws_wafregional_sql_injection_match_set.sql_injection_match_set", "sql_injection_match_tuples.#", "1"), + ), + }, + }, + }) +} + +func TestAccAWSWafRegionalSqlInjectionMatchSet_changeNameForceNew(t *testing.T) { + var before, after waf.SqlInjectionMatchSet + sqlInjectionMatchSet := fmt.Sprintf("sqlInjectionMatchSet-%s", acctest.RandString(5)) + sqlInjectionMatchSetNewName := fmt.Sprintf("sqlInjectionMatchSetNewName-%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalSqlInjectionMatchSetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalSqlInjectionMatchSetConfig(sqlInjectionMatchSet), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalSqlInjectionMatchSetExists("aws_wafregional_sql_injection_match_set.sql_injection_match_set", &before), + resource.TestCheckResourceAttr( + "aws_wafregional_sql_injection_match_set.sql_injection_match_set", "name", sqlInjectionMatchSet), + resource.TestCheckResourceAttr( + "aws_wafregional_sql_injection_match_set.sql_injection_match_set", "sql_injection_match_tuples.#", "1"), + ), + }, + { + Config: testAccAWSWafRegionalSqlInjectionMatchSetConfigChangeName(sqlInjectionMatchSetNewName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalSqlInjectionMatchSetExists("aws_wafregional_sql_injection_match_set.sql_injection_match_set", &after), + resource.TestCheckResourceAttr( + "aws_wafregional_sql_injection_match_set.sql_injection_match_set", "name", sqlInjectionMatchSetNewName), + resource.TestCheckResourceAttr( + "aws_wafregional_sql_injection_match_set.sql_injection_match_set", "sql_injection_match_tuples.#", "1"), + ), + }, + }, + }) +} + +func TestAccAWSWafRegionalSqlInjectionMatchSet_disappears(t *testing.T) { + var v waf.SqlInjectionMatchSet + sqlInjectionMatchSet := fmt.Sprintf("sqlInjectionMatchSet-%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalSqlInjectionMatchSetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalSqlInjectionMatchSetConfig(sqlInjectionMatchSet), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalSqlInjectionMatchSetExists("aws_wafregional_sql_injection_match_set.sql_injection_match_set", &v), + testAccCheckAWSWafRegionalSqlInjectionMatchSetDisappears(&v), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + +func testAccCheckAWSWafRegionalSqlInjectionMatchSetDisappears(v *waf.SqlInjectionMatchSet) resource.TestCheckFunc { + return func(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + if err != nil { + return fmt.Errorf("Error getting change token: %s", err) + } + + req := &waf.UpdateSqlInjectionMatchSetInput{ + ChangeToken: resp.ChangeToken, + SqlInjectionMatchSetId: v.SqlInjectionMatchSetId, + } + + for _, sqlInjectionMatchTuple := range v.SqlInjectionMatchTuples { + sqlInjectionMatchTupleUpdate := &waf.SqlInjectionMatchSetUpdate{ + Action: aws.String("DELETE"), + SqlInjectionMatchTuple: &waf.SqlInjectionMatchTuple{ + FieldToMatch: sqlInjectionMatchTuple.FieldToMatch, + TextTransformation: sqlInjectionMatchTuple.TextTransformation, + }, + } + req.Updates = append(req.Updates, sqlInjectionMatchTupleUpdate) + } + _, err = conn.UpdateSqlInjectionMatchSet(req) + if err != nil { + return errwrap.Wrapf("[ERROR] Error updating SqlInjectionMatchSet: {{err}}", err) + } + + resp, err = conn.GetChangeToken(ct) + if err != nil { + return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) + } + + opts := &waf.DeleteSqlInjectionMatchSetInput{ + ChangeToken: resp.ChangeToken, + SqlInjectionMatchSetId: v.SqlInjectionMatchSetId, + } + if _, err := conn.DeleteSqlInjectionMatchSet(opts); err != nil { + return err + } + return nil + } +} + +func testAccCheckAWSWafRegionalSqlInjectionMatchSetExists(n string, v *waf.SqlInjectionMatchSet) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No WAF SqlInjectionMatchSet ID is set") + } + + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.GetSqlInjectionMatchSet(&waf.GetSqlInjectionMatchSetInput{ + SqlInjectionMatchSetId: aws.String(rs.Primary.ID), + }) + + if err != nil { + return err + } + + if *resp.SqlInjectionMatchSet.SqlInjectionMatchSetId == rs.Primary.ID { + *v = *resp.SqlInjectionMatchSet + return nil + } + + return fmt.Errorf("WAF SqlInjectionMatchSet (%s) not found", rs.Primary.ID) + } +} + +func testAccCheckAWSWafRegionalSqlInjectionMatchSetDestroy(s *terraform.State) error { + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_wafregional_byte_match_set" { + continue + } + + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.GetSqlInjectionMatchSet( + &waf.GetSqlInjectionMatchSetInput{ + SqlInjectionMatchSetId: aws.String(rs.Primary.ID), + }) + + if err == nil { + if *resp.SqlInjectionMatchSet.SqlInjectionMatchSetId == rs.Primary.ID { + return fmt.Errorf("WAF SqlInjectionMatchSet %s still exists", rs.Primary.ID) + } + } + + // Return nil if the SqlInjectionMatchSet is already destroyed + if awsErr, ok := err.(awserr.Error); ok { + if awsErr.Code() == "WAFNonexistentItemException" { + return nil + } + } + + return err + } + + return nil +} + +func testAccAWSWafRegionalSqlInjectionMatchSetConfig(name string) string { + return fmt.Sprintf(` +resource "aws_wafregional_sql_injection_match_set" "sql_injection_match_set" { + name = "%s" + sql_injection_match_tuples { + text_transformation = "URL_DECODE" + field_to_match { + type = "QUERY_STRING" + } + } +}`, name) +} + +func testAccAWSWafRegionalSqlInjectionMatchSetConfigChangeName(name string) string { + return fmt.Sprintf(` +resource "aws_wafregional_sql_injection_match_set" "sql_injection_match_set" { + name = "%s" + sql_injection_match_tuples { + text_transformation = "URL_DECODE" + field_to_match { + type = "QUERY_STRING" + } + } +}`, name) +} diff --git a/builtin/providers/aws/resource_aws_wafregional_web_acl.go b/builtin/providers/aws/resource_aws_wafregional_web_acl.go new file mode 100644 index 000000000000..ea1382cb2c4c --- /dev/null +++ b/builtin/providers/aws/resource_aws_wafregional_web_acl.go @@ -0,0 +1,237 @@ +package aws + +import ( + "fmt" + "log" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsWafRegionalWebAcl() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsWafRegionalWebAclCreate, + Read: resourceAwsWafRegionalWebAclRead, + Update: resourceAwsWafRegionalWebAclUpdate, + Delete: resourceAwsWafRegionalWebAclDelete, + + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "default_action": &schema.Schema{ + Type: schema.TypeSet, + Required: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "type": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, + "metric_name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "rules": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "action": &schema.Schema{ + Type: schema.TypeSet, + Required: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "type": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, + "priority": &schema.Schema{ + Type: schema.TypeInt, + Required: true, + }, + "rule_id": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, + }, + } +} + +func resourceAwsWafRegionalWebAclCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + // ChangeToken + var ct *waf.GetChangeTokenInput + + res, err := conn.GetChangeToken(ct) + if err != nil { + return fmt.Errorf("Error getting change token: %s", err) + } + + params := &waf.CreateWebACLInput{ + ChangeToken: res.ChangeToken, + DefaultAction: expandDefaultActionWR(d), + MetricName: aws.String(d.Get("metric_name").(string)), + Name: aws.String(d.Get("name").(string)), + } + + resp, err := conn.CreateWebACL(params) + if err != nil { + return err + } + d.SetId(*resp.WebACL.WebACLId) + return resourceAwsWafRegionalWebAclUpdate(d, meta) +} + +func resourceAwsWafRegionalWebAclRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + params := &waf.GetWebACLInput{ + WebACLId: aws.String(d.Id()), + } + + resp, err := conn.GetWebACL(params) + if err != nil { + if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "WAFNonexistentItemException" { + log.Printf("[WARN] WAF ACL (%s) not found, error code (404)", d.Id()) + d.SetId("") + return nil + } + + return err + } + + defaultAction := flattenDefaultActionWR(resp.WebACL.DefaultAction) + if defaultAction != nil { + if err := d.Set("default_action", defaultAction); err != nil { + return fmt.Errorf("error setting default_action: %s", err) + } + } + d.Set("name", resp.WebACL.Name) + d.Set("metric_name", resp.WebACL.MetricName) + + return nil +} + +func resourceAwsWafRegionalWebAclUpdate(d *schema.ResourceData, meta interface{}) error { + err := updateWebAclResourceWR(d, meta, waf.ChangeActionInsert) + if err != nil { + return fmt.Errorf("Error Updating WAF ACL: %s", err) + } + return resourceAwsWafRegionalWebAclRead(d, meta) +} + +func resourceAwsWafRegionalWebAclDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + err := updateWebAclResourceWR(d, meta, waf.ChangeActionDelete) + if err != nil { + return fmt.Errorf("Error Removing WAF ACL Rules: %s", err) + } + + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + + req := &waf.DeleteWebACLInput{ + ChangeToken: resp.ChangeToken, + WebACLId: aws.String(d.Id()), + } + + log.Printf("[INFO] Deleting WAF ACL") + _, err = conn.DeleteWebACL(req) + + if err != nil { + return fmt.Errorf("Error Deleting WAF ACL: %s", err) + } + return nil +} + +func updateWebAclResourceWR(d *schema.ResourceData, meta interface{}, ChangeAction string) error { + conn := meta.(*AWSClient).wafregionalconn + // ChangeToken + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + if err != nil { + return fmt.Errorf("Error getting change token: %s", err) + } + + req := &waf.UpdateWebACLInput{ + ChangeToken: resp.ChangeToken, + WebACLId: aws.String(d.Id()), + } + + if d.HasChange("default_action") { + req.DefaultAction = expandDefaultActionWR(d) + } + + rules := d.Get("rules").(*schema.Set) + for _, rule := range rules.List() { + aclRule := rule.(map[string]interface{}) + action := aclRule["action"].(*schema.Set).List()[0].(map[string]interface{}) + aclRuleUpdate := &waf.WebACLUpdate{ + Action: aws.String(ChangeAction), + ActivatedRule: &waf.ActivatedRule{ + Priority: aws.Int64(int64(aclRule["priority"].(int))), + RuleId: aws.String(aclRule["rule_id"].(string)), + Action: &waf.WafAction{Type: aws.String(action["type"].(string))}, + }, + } + req.Updates = append(req.Updates, aclRuleUpdate) + } + _, err = conn.UpdateWebACL(req) + if err != nil { + return fmt.Errorf("Error Updating WAF ACL: %s", err) + } + return nil +} + +func expandDefaultActionWR(d *schema.ResourceData) *waf.WafAction { + set, ok := d.GetOk("default_action") + if !ok { + return nil + } + + s := set.(*schema.Set).List() + if s == nil || len(s) == 0 { + return nil + } + + if s[0] == nil { + log.Printf("[ERR] First element of Default Action is set to nil") + return nil + } + + dA := s[0].(map[string]interface{}) + + return &waf.WafAction{ + Type: aws.String(dA["type"].(string)), + } +} + +func flattenDefaultActionWR(n *waf.WafAction) []map[string]interface{} { + if n == nil { + return nil + } + + m := setMap(make(map[string]interface{})) + + m.SetString("type", n.Type) + return m.MapList() +} diff --git a/builtin/providers/aws/resource_aws_wafregional_web_acl_association.go b/builtin/providers/aws/resource_aws_wafregional_web_acl_association.go new file mode 100644 index 000000000000..e0a736a3adeb --- /dev/null +++ b/builtin/providers/aws/resource_aws_wafregional_web_acl_association.go @@ -0,0 +1,135 @@ +package aws + +import ( + "fmt" + "log" + "strings" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/wafregional" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsWafRegionalWebAclAssociation() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsWafRegionalWebAclAssociationCreate, + Read: resourceAwsWafRegionalWebAclAssociationRead, + Update: resourceAwsWafRegionalWebAclAssociationUpdate, + Delete: resourceAwsWafRegionalWebAclAssociationDelete, + + Schema: map[string]*schema.Schema{ + "web_acl_id": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + "resource_arn": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + }, + } +} + +func resourceAwsWafRegionalWebAclAssociationCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + log.Printf( + "[INFO] Creating WAF Regional Web ACL association: %s => %s", + d.Get("web_acl_id").(string), + d.Get("resource_arn").(string)) + + params := &wafregional.AssociateWebACLInput{ + WebACLId: aws.String(d.Get("web_acl_id").(string)), + ResourceArn: aws.String(d.Get("resource_arn").(string)), + } + + // create association and wait on retryable error + // no response body + var err error + err = resource.Retry(2*time.Minute, func() *resource.RetryError { + _, err = conn.AssociateWebACL(params) + if err != nil { + if awsErr, ok := err.(awserr.Error); ok { + if awsErr.Code() == "WAFUnavailableEntityException" { + return resource.RetryableError(awsErr) + } + } + return resource.NonRetryableError(err) + } + return nil + }) + if err != nil { + return err + } + + // Store association id + d.SetId(fmt.Sprintf("%s:%s", *params.WebACLId, *params.ResourceArn)) + + return nil +} + +func resourceAwsWafRegionalWebAclAssociationRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + web_acl_id, resource_arn := resourceAwsWafRegionalWebAclAssociationParseId(d.Id()) + + // List all resources for Web ACL and see if we get a match + params := &wafregional.ListResourcesForWebACLInput{ + WebACLId: aws.String(web_acl_id), + } + + resp, err := conn.ListResourcesForWebACL(params) + if err != nil { + return err + } + + // Find match + found := false + for _, list_resource_arn := range resp.ResourceArns { + if resource_arn == *list_resource_arn { + found = true + break + } + } + if !found { + // It seems it doesn't exist anymore, so clear the ID + d.SetId("") + } + + return nil +} + +func resourceAwsWafRegionalWebAclAssociationUpdate(d *schema.ResourceData, meta interface{}) error { + return resourceAwsWafRegionalWebAclAssociationRead(d, meta) +} + +func resourceAwsWafRegionalWebAclAssociationDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + _, resource_arn := resourceAwsWafRegionalWebAclAssociationParseId(d.Id()) + + log.Printf("[INFO] Deleting WAF Regional Web ACL association: %s", resource_arn) + + params := &wafregional.DisassociateWebACLInput{ + ResourceArn: aws.String(resource_arn), + } + + // If action sucessful HTTP 200 response with an empty body + _, err := conn.DisassociateWebACL(params) + if err != nil { + return err + } + + return nil +} + +func resourceAwsWafRegionalWebAclAssociationParseId(id string) (web_acl_id, resource_arn string) { + parts := strings.SplitN(id, ":", 2) + web_acl_id = parts[0] + resource_arn = parts[1] + return +} diff --git a/builtin/providers/aws/resource_aws_wafregional_web_acl_association_test.go b/builtin/providers/aws/resource_aws_wafregional_web_acl_association_test.go new file mode 100644 index 000000000000..4b5795bd4d90 --- /dev/null +++ b/builtin/providers/aws/resource_aws_wafregional_web_acl_association_test.go @@ -0,0 +1,161 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/helper/schema" + "github.com/hashicorp/terraform/terraform" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/aws/aws-sdk-go/service/wafregional" +) + +func TestAccAWSWafRegionalWebAclAssociation_basic(t *testing.T) { + var webAcl waf.WebACL + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckWafRegionalWebAclAssociationDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccCheckWafRegionalWebAclAssociationConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckWafRegionalWebAclAssociationExists("aws_wafregional_web_acl_association.foo", &webAcl), + ), + }, + }, + }) +} + +func testAccCheckWafRegionalWebAclAssociationDestroy(s *terraform.State) error { + return testAccCheckWafRegionalWebAclAssociationDestroyWithProvider(s, testAccProvider) +} + +func testAccCheckWafRegionalWebAclAssociationDestroyWithProvider(s *terraform.State, provider *schema.Provider) error { + conn := provider.Meta().(*AWSClient).wafregionalconn + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_wafregional_web_acl_association" { + continue + } + + web_acl_id, resource_arn := resourceAwsWafRegionalWebAclAssociationParseId(rs.Primary.ID) + + resp, err := conn.ListResourcesForWebACL(&wafregional.ListResourcesForWebACLInput{WebACLId: aws.String(web_acl_id)}) + if err != nil { + found := false + for _, list_resource_arn := range resp.ResourceArns { + if resource_arn == *list_resource_arn { + found = true + break + } + } + if found { + return fmt.Errorf("WebACL: %v is still associated to resource: %v", web_acl_id, resource_arn) + } + } + } + return nil +} + +func testAccCheckWafRegionalWebAclAssociationExists(n string, webAcl *waf.WebACL) resource.TestCheckFunc { + return func(s *terraform.State) error { + return testAccCheckWafRegionalWebAclAssociationExistsWithProvider(s, n, webAcl, testAccProvider) + } +} + +func testAccCheckWafRegionalWebAclAssociationExistsWithProvider(s *terraform.State, n string, webAcl *waf.WebACL, provider *schema.Provider) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No WebACL association ID is set") + } + + web_acl_id, resource_arn := resourceAwsWafRegionalWebAclAssociationParseId(rs.Primary.ID) + + conn := provider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.ListResourcesForWebACL(&wafregional.ListResourcesForWebACLInput{WebACLId: aws.String(web_acl_id)}) + if err != nil { + return fmt.Errorf("List Web ACL err: %v", err) + } + + found := false + for _, list_resource_arn := range resp.ResourceArns { + if resource_arn == *list_resource_arn { + found = true + break + } + } + + if !found { + return fmt.Errorf("Web ACL association not found") + } + + return nil +} + +const testAccCheckWafRegionalWebAclAssociationConfig = ` +resource "aws_wafregional_ipset" "foo" { + name = "foo" + ip_set_descriptors { + type = "IPV4" + value = "192.0.7.0/24" + } +} + +resource "aws_wafregional_rule" "foo" { + depends_on = ["aws_wafregional_ipset.foo"] + name = "foo" + metric_name = "foo" + predicates { + data_id = "${aws_wafregional_ipset.foo.id}" + negated = false + type = "IPMatch" + } +} + +resource "aws_wafregional_web_acl" "foo" { + name = "foo" + metric_name = "foo" + default_action { + type = "ALLOW" + } + rules { + action { + type = "COUNT" + } + priority = 100 + rule_id = "${aws_wafregional_rule.foo.id}" + } +} + +resource "aws_vpc" "foo" { + cidr_block = "10.1.0.0/16" +} + +resource "aws_subnet" "foo" { + vpc_id = "${aws_vpc.foo.id}" + cidr_block = "10.1.1.0/24" +} + +resource "aws_subnet" "bar" { + vpc_id = "${aws_vpc.foo.id}" + cidr_block = "10.1.2.0/24" +} + +resource "aws_alb" "foo" { + subnets = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"] +} + +resource "aws_wafregional_web_acl_association" "foo" { + depends_on = ["aws_alb.foo", "aws_wafregional_web_acl.foo"] + resource_arn = "${aws_alb.foo.arn}" + web_acl_id = "${aws_wafregional_web_acl.foo.id}" +} +` diff --git a/builtin/providers/aws/resource_aws_wafregional_web_acl_test.go b/builtin/providers/aws/resource_aws_wafregional_web_acl_test.go new file mode 100644 index 000000000000..902e801ea980 --- /dev/null +++ b/builtin/providers/aws/resource_aws_wafregional_web_acl_test.go @@ -0,0 +1,374 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/terraform/helper/acctest" +) + +func TestAccAWSWafRegionalWebAcl_basic(t *testing.T) { + var v waf.WebACL + wafAclName := fmt.Sprintf("wafacl%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalWebAclDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSWafRegionalWebAclConfig(wafAclName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalWebAclExists("aws_wafregional_web_acl.waf_acl", &v), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "default_action.#", "1"), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "default_action.4234791575.type", "ALLOW"), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "name", wafAclName), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "rules.#", "1"), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "metric_name", wafAclName), + ), + }, + }, + }) +} + +func TestAccAWSWafRegionalWebAcl_changeNameForceNew(t *testing.T) { + var before, after waf.WebACL + wafAclName := fmt.Sprintf("wafacl%s", acctest.RandString(5)) + wafAclNewName := fmt.Sprintf("wafacl%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalWebAclDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalWebAclConfig(wafAclName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalWebAclExists("aws_wafregional_web_acl.waf_acl", &before), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "default_action.#", "1"), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "default_action.4234791575.type", "ALLOW"), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "name", wafAclName), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "rules.#", "1"), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "metric_name", wafAclName), + ), + }, + { + Config: testAccAWSWafRegionalWebAclConfigChangeName(wafAclNewName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalWebAclExists("aws_wafregional_web_acl.waf_acl", &after), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "default_action.#", "1"), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "default_action.4234791575.type", "ALLOW"), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "name", wafAclNewName), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "rules.#", "1"), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "metric_name", wafAclNewName), + ), + }, + }, + }) +} + +func TestAccAWSWafRegionalWebAcl_changeDefaultAction(t *testing.T) { + var before, after waf.WebACL + wafAclName := fmt.Sprintf("wafacl%s", acctest.RandString(5)) + wafAclNewName := fmt.Sprintf("wafacl%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalWebAclDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalWebAclConfig(wafAclName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalWebAclExists("aws_wafregional_web_acl.waf_acl", &before), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "default_action.#", "1"), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "default_action.4234791575.type", "ALLOW"), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "name", wafAclName), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "rules.#", "1"), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "metric_name", wafAclName), + ), + }, + { + Config: testAccAWSWafRegionalWebAclConfigDefaultAction(wafAclNewName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalWebAclExists("aws_wafregional_web_acl.waf_acl", &after), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "default_action.#", "1"), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "default_action.2267395054.type", "BLOCK"), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "name", wafAclNewName), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "rules.#", "1"), + resource.TestCheckResourceAttr( + "aws_wafregional_web_acl.waf_acl", "metric_name", wafAclNewName), + ), + }, + }, + }) +} + +func TestAccAWSWafRegionalWebAcl_disappears(t *testing.T) { + var v waf.WebACL + wafAclName := fmt.Sprintf("wafacl%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalWebAclDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalWebAclConfig(wafAclName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalWebAclExists("aws_wafregional_web_acl.waf_acl", &v), + testAccCheckAWSWafRegionalWebAclDisappears(&v), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + +func testAccCheckAWSWafRegionalWebAclDisappears(v *waf.WebACL) resource.TestCheckFunc { + return func(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + + // ChangeToken + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + if err != nil { + return fmt.Errorf("Error getting change token: %s", err) + } + + req := &waf.UpdateWebACLInput{ + ChangeToken: resp.ChangeToken, + WebACLId: v.WebACLId, + } + + for _, ActivatedRule := range v.Rules { + WebACLUpdate := &waf.WebACLUpdate{ + Action: aws.String("DELETE"), + ActivatedRule: &waf.ActivatedRule{ + Priority: ActivatedRule.Priority, + RuleId: ActivatedRule.RuleId, + Action: ActivatedRule.Action, + }, + } + req.Updates = append(req.Updates, WebACLUpdate) + } + + _, err = conn.UpdateWebACL(req) + if err != nil { + return fmt.Errorf("Error Updating WAF ACL: %s", err) + } + + resp, err = conn.GetChangeToken(ct) + if err != nil { + return fmt.Errorf("Error getting change token for waf ACL: %s", err) + } + + opts := &waf.DeleteWebACLInput{ + ChangeToken: resp.ChangeToken, + WebACLId: v.WebACLId, + } + if _, err := conn.DeleteWebACL(opts); err != nil { + return err + } + return nil + } +} + +func testAccCheckAWSWafRegionalWebAclDestroy(s *terraform.State) error { + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_wafregional_web_acl" { + continue + } + + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.GetWebACL( + &waf.GetWebACLInput{ + WebACLId: aws.String(rs.Primary.ID), + }) + + if err == nil { + if *resp.WebACL.WebACLId == rs.Primary.ID { + return fmt.Errorf("WebACL %s still exists", rs.Primary.ID) + } + } + + // Return nil if the WebACL is already destroyed + if awsErr, ok := err.(awserr.Error); ok { + if awsErr.Code() == "WAFNonexistentItemException" { + return nil + } + } + + return err + } + + return nil +} + +func testAccCheckAWSWafRegionalWebAclExists(n string, v *waf.WebACL) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No WebACL ID is set") + } + + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.GetWebACL(&waf.GetWebACLInput{ + WebACLId: aws.String(rs.Primary.ID), + }) + + if err != nil { + return err + } + + if *resp.WebACL.WebACLId == rs.Primary.ID { + *v = *resp.WebACL + return nil + } + + return fmt.Errorf("WebACL (%s) not found", rs.Primary.ID) + } +} + +func testAccAWSWafRegionalWebAclConfig(name string) string { + return fmt.Sprintf(`resource "aws_wafregional_ipset" "ipset" { + name = "%s" + ip_set_descriptors { + type = "IPV4" + value = "192.0.7.0/24" + } +} + +resource "aws_wafregional_rule" "wafrule" { + depends_on = ["aws_wafregional_ipset.ipset"] + name = "%s" + metric_name = "%s" + predicates { + data_id = "${aws_wafregional_ipset.ipset.id}" + negated = false + type = "IPMatch" + } +} +resource "aws_wafregional_web_acl" "waf_acl" { + depends_on = ["aws_wafregional_ipset.ipset", "aws_wafregional_rule.wafrule"] + name = "%s" + metric_name = "%s" + default_action { + type = "ALLOW" + } + rules { + action { + type = "BLOCK" + } + priority = 1 + rule_id = "${aws_wafregional_rule.wafrule.id}" + } +}`, name, name, name, name, name) +} + +func testAccAWSWafRegionalWebAclConfigChangeName(name string) string { + return fmt.Sprintf(`resource "aws_wafregional_ipset" "ipset" { + name = "%s" + ip_set_descriptors { + type = "IPV4" + value = "192.0.7.0/24" + } +} + +resource "aws_wafregional_rule" "wafrule" { + depends_on = ["aws_wafregional_ipset.ipset"] + name = "%s" + metric_name = "%s" + predicates { + data_id = "${aws_wafregional_ipset.ipset.id}" + negated = false + type = "IPMatch" + } +} +resource "aws_wafregional_web_acl" "waf_acl" { + depends_on = ["aws_wafregional_ipset.ipset", "aws_wafregional_rule.wafrule"] + name = "%s" + metric_name = "%s" + default_action { + type = "ALLOW" + } + rules { + action { + type = "BLOCK" + } + priority = 1 + rule_id = "${aws_wafregional_rule.wafrule.id}" + } +}`, name, name, name, name, name) +} + +func testAccAWSWafRegionalWebAclConfigDefaultAction(name string) string { + return fmt.Sprintf(`resource "aws_wafregional_ipset" "ipset" { + name = "%s" + ip_set_descriptors { + type = "IPV4" + value = "192.0.7.0/24" + } +} + +resource "aws_wafregional_rule" "wafrule" { + depends_on = ["aws_wafregional_ipset.ipset"] + name = "%s" + metric_name = "%s" + predicates { + data_id = "${aws_wafregional_ipset.ipset.id}" + negated = false + type = "IPMatch" + } +} +resource "aws_wafregional_web_acl" "waf_acl" { + depends_on = ["aws_wafregional_ipset.ipset", "aws_wafregional_rule.wafrule"] + name = "%s" + metric_name = "%s" + default_action { + type = "BLOCK" + } + rules { + action { + type = "BLOCK" + } + priority = 1 + rule_id = "${aws_wafregional_rule.wafrule.id}" + } +}`, name, name, name, name, name) +} diff --git a/builtin/providers/aws/resource_aws_wafregional_xss_match_set.go b/builtin/providers/aws/resource_aws_wafregional_xss_match_set.go new file mode 100644 index 000000000000..c24bd0779f64 --- /dev/null +++ b/builtin/providers/aws/resource_aws_wafregional_xss_match_set.go @@ -0,0 +1,181 @@ +package aws + +import ( + "log" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/errwrap" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsWafRegionalXssMatchSet() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsWafRegionalXssMatchSetCreate, + Read: resourceAwsWafRegionalXssMatchSetRead, + Update: resourceAwsWafRegionalXssMatchSetUpdate, + Delete: resourceAwsWafRegionalXssMatchSetDelete, + + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "xss_match_tuples": &schema.Schema{ + Type: schema.TypeSet, + Required: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "field_to_match": { + Type: schema.TypeSet, + Required: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "data": { + Type: schema.TypeString, + Optional: true, + }, + "type": { + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, + "text_transformation": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, + }, + } +} + +func resourceAwsWafRegionalXssMatchSetCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + log.Printf("[INFO] Creating XssMatchSet: %s", d.Get("name").(string)) + + // ChangeToken + var ct *waf.GetChangeTokenInput + + res, err := conn.GetChangeToken(ct) + if err != nil { + return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) + } + + params := &waf.CreateXssMatchSetInput{ + ChangeToken: res.ChangeToken, + Name: aws.String(d.Get("name").(string)), + } + + resp, err := conn.CreateXssMatchSet(params) + + if err != nil { + return errwrap.Wrapf("[ERROR] Error creating XssMatchSet: {{err}}", err) + } + + d.SetId(*resp.XssMatchSet.XssMatchSetId) + + return resourceAwsWafRegionalXssMatchSetUpdate(d, meta) +} + +func resourceAwsWafRegionalXssMatchSetRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + log.Printf("[INFO] Reading XssMatchSet: %s", d.Get("name").(string)) + params := &waf.GetXssMatchSetInput{ + XssMatchSetId: aws.String(d.Id()), + } + + resp, err := conn.GetXssMatchSet(params) + if err != nil { + if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "WAFNonexistentItemException" { + log.Printf("[WARN] WAF IPSet (%s) not found, error code (404)", d.Id()) + d.SetId("") + return nil + } + + return err + } + + d.Set("name", resp.XssMatchSet.Name) + + return nil +} + +func resourceAwsWafRegionalXssMatchSetUpdate(d *schema.ResourceData, meta interface{}) error { + log.Printf("[INFO] Updating XssMatchSet: %s", d.Get("name").(string)) + err := updateXssMatchSetResourceWR(d, meta, waf.ChangeActionInsert) + if err != nil { + return errwrap.Wrapf("[ERROR] Error updating XssMatchSet: {{err}}", err) + } + return resourceAwsWafRegionalXssMatchSetRead(d, meta) +} + +func resourceAwsWafRegionalXssMatchSetDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + log.Printf("[INFO] Deleting XssMatchSet: %s", d.Get("name").(string)) + err := updateXssMatchSetResourceWR(d, meta, waf.ChangeActionDelete) + if err != nil { + return errwrap.Wrapf("[ERROR] Error deleting XssMatchSet: {{err}}", err) + } + + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + + req := &waf.DeleteXssMatchSetInput{ + ChangeToken: resp.ChangeToken, + XssMatchSetId: aws.String(d.Id()), + } + + _, err = conn.DeleteXssMatchSet(req) + + if err != nil { + return errwrap.Wrapf("[ERROR] Error deleting XssMatchSet: {{err}}", err) + } + + return nil +} + +func updateXssMatchSetResourceWR(d *schema.ResourceData, meta interface{}, ChangeAction string) error { + conn := meta.(*AWSClient).wafregionalconn + + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + if err != nil { + return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) + } + + req := &waf.UpdateXssMatchSetInput{ + ChangeToken: resp.ChangeToken, + XssMatchSetId: aws.String(d.Id()), + } + + xssMatchTuples := d.Get("xss_match_tuples").(*schema.Set) + for _, xssMatchTuple := range xssMatchTuples.List() { + xmt := xssMatchTuple.(map[string]interface{}) + xssMatchTupleUpdate := &waf.XssMatchSetUpdate{ + Action: aws.String(ChangeAction), + XssMatchTuple: &waf.XssMatchTuple{ + FieldToMatch: expandFieldToMatch(xmt["field_to_match"].(*schema.Set).List()[0].(map[string]interface{})), + TextTransformation: aws.String(xmt["text_transformation"].(string)), + }, + } + req.Updates = append(req.Updates, xssMatchTupleUpdate) + } + + _, err = conn.UpdateXssMatchSet(req) + if err != nil { + return errwrap.Wrapf("[ERROR] Error updating XssMatchSet: {{err}}", err) + } + + return nil +} diff --git a/builtin/providers/aws/resource_aws_wafregional_xss_match_set_test.go b/builtin/providers/aws/resource_aws_wafregional_xss_match_set_test.go new file mode 100644 index 000000000000..98b1cb85331b --- /dev/null +++ b/builtin/providers/aws/resource_aws_wafregional_xss_match_set_test.go @@ -0,0 +1,240 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/errwrap" + "github.com/hashicorp/terraform/helper/acctest" +) + +func TestAccAWSWafRegionalXssMatchSet_basic(t *testing.T) { + var v waf.XssMatchSet + xssMatchSet := fmt.Sprintf("xssMatchSet-%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalXssMatchSetDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSWafRegionalXssMatchSetConfig(xssMatchSet), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalXssMatchSetExists("aws_wafregional_xss_match_set.xss_match_set", &v), + resource.TestCheckResourceAttr( + "aws_wafregional_xss_match_set.xss_match_set", "name", xssMatchSet), + resource.TestCheckResourceAttr( + "aws_wafregional_xss_match_set.xss_match_set", "xss_match_tuples.#", "2"), + ), + }, + }, + }) +} + +func TestAccAWSWafRegionalXssMatchSet_changeNameForceNew(t *testing.T) { + var before, after waf.XssMatchSet + xssMatchSet := fmt.Sprintf("xssMatchSet-%s", acctest.RandString(5)) + xssMatchSetNewName := fmt.Sprintf("xssMatchSetNewName-%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalXssMatchSetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalXssMatchSetConfig(xssMatchSet), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalXssMatchSetExists("aws_wafregional_xss_match_set.xss_match_set", &before), + resource.TestCheckResourceAttr( + "aws_wafregional_xss_match_set.xss_match_set", "name", xssMatchSet), + resource.TestCheckResourceAttr( + "aws_wafregional_xss_match_set.xss_match_set", "xss_match_tuples.#", "2"), + ), + }, + { + Config: testAccAWSWafRegionalXssMatchSetConfigChangeName(xssMatchSetNewName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalXssMatchSetExists("aws_wafregional_xss_match_set.xss_match_set", &after), + resource.TestCheckResourceAttr( + "aws_wafregional_xss_match_set.xss_match_set", "name", xssMatchSetNewName), + resource.TestCheckResourceAttr( + "aws_wafregional_xss_match_set.xss_match_set", "xss_match_tuples.#", "2"), + ), + }, + }, + }) +} + +func TestAccAWSWafRegionalXssMatchSet_disappears(t *testing.T) { + var v waf.XssMatchSet + xssMatchSet := fmt.Sprintf("xssMatchSet-%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalXssMatchSetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalXssMatchSetConfig(xssMatchSet), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalXssMatchSetExists("aws_wafregional_xss_match_set.xss_match_set", &v), + testAccCheckAWSWafRegionalXssMatchSetDisappears(&v), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + +func testAccCheckAWSWafRegionalXssMatchSetDisappears(v *waf.XssMatchSet) resource.TestCheckFunc { + return func(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + + var ct *waf.GetChangeTokenInput + + resp, err := conn.GetChangeToken(ct) + if err != nil { + return fmt.Errorf("Error getting change token: %s", err) + } + + req := &waf.UpdateXssMatchSetInput{ + ChangeToken: resp.ChangeToken, + XssMatchSetId: v.XssMatchSetId, + } + + for _, xssMatchTuple := range v.XssMatchTuples { + xssMatchTupleUpdate := &waf.XssMatchSetUpdate{ + Action: aws.String("DELETE"), + XssMatchTuple: &waf.XssMatchTuple{ + FieldToMatch: xssMatchTuple.FieldToMatch, + TextTransformation: xssMatchTuple.TextTransformation, + }, + } + req.Updates = append(req.Updates, xssMatchTupleUpdate) + } + _, err = conn.UpdateXssMatchSet(req) + if err != nil { + return errwrap.Wrapf("[ERROR] Error updating XssMatchSet: {{err}}", err) + } + + resp, err = conn.GetChangeToken(ct) + if err != nil { + return errwrap.Wrapf("[ERROR] Error getting change token: {{err}}", err) + } + + opts := &waf.DeleteXssMatchSetInput{ + ChangeToken: resp.ChangeToken, + XssMatchSetId: v.XssMatchSetId, + } + if _, err := conn.DeleteXssMatchSet(opts); err != nil { + return err + } + return nil + } +} + +func testAccCheckAWSWafRegionalXssMatchSetExists(n string, v *waf.XssMatchSet) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No WAF XssMatchSet ID is set") + } + + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.GetXssMatchSet(&waf.GetXssMatchSetInput{ + XssMatchSetId: aws.String(rs.Primary.ID), + }) + + if err != nil { + return err + } + + if *resp.XssMatchSet.XssMatchSetId == rs.Primary.ID { + *v = *resp.XssMatchSet + return nil + } + + return fmt.Errorf("WAF XssMatchSet (%s) not found", rs.Primary.ID) + } +} + +func testAccCheckAWSWafRegionalXssMatchSetDestroy(s *terraform.State) error { + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_wafregional_byte_match_set" { + continue + } + + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.GetXssMatchSet( + &waf.GetXssMatchSetInput{ + XssMatchSetId: aws.String(rs.Primary.ID), + }) + + if err == nil { + if *resp.XssMatchSet.XssMatchSetId == rs.Primary.ID { + return fmt.Errorf("WAF XssMatchSet %s still exists", rs.Primary.ID) + } + } + + // Return nil if the XssMatchSet is already destroyed + if awsErr, ok := err.(awserr.Error); ok { + if awsErr.Code() == "WAFNonexistentItemException" { + return nil + } + } + + return err + } + + return nil +} + +func testAccAWSWafRegionalXssMatchSetConfig(name string) string { + return fmt.Sprintf(` +resource "aws_wafregional_xss_match_set" "xss_match_set" { + name = "%s" + xss_match_tuples { + text_transformation = "NONE" + field_to_match { + type = "URI" + } + } + + xss_match_tuples { + text_transformation = "NONE" + field_to_match { + type = "QUERY_STRING" + } + } +}`, name) +} + +func testAccAWSWafRegionalXssMatchSetConfigChangeName(name string) string { + return fmt.Sprintf(` +resource "aws_wafregional_xss_match_set" "xss_match_set" { + name = "%s" + xss_match_tuples { + text_transformation = "NONE" + field_to_match { + type = "URI" + } + } + + xss_match_tuples { + text_transformation = "NONE" + field_to_match { + type = "QUERY_STRING" + } + } +}`, name) +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/wafregional/api.go b/vendor/github.com/aws/aws-sdk-go/service/wafregional/api.go new file mode 100644 index 000000000000..41ee4d7281d2 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/wafregional/api.go @@ -0,0 +1,5087 @@ +// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. + +// Package wafregional provides a client for AWS WAF Regional. +package wafregional + +import ( + "github.com/aws/aws-sdk-go/aws/awsutil" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/service/waf" +) + +const opAssociateWebACL = "AssociateWebACL" + +// AssociateWebACLRequest generates a "aws/request.Request" representing the +// client's request for the AssociateWebACL operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See AssociateWebACL for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the AssociateWebACL method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the AssociateWebACLRequest method. +// req, resp := client.AssociateWebACLRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/AssociateWebACL +func (c *WAFRegional) AssociateWebACLRequest(input *AssociateWebACLInput) (req *request.Request, output *AssociateWebACLOutput) { + op := &request.Operation{ + Name: opAssociateWebACL, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &AssociateWebACLInput{} + } + + output = &AssociateWebACLOutput{} + req = c.newRequest(op, input, output) + return +} + +// AssociateWebACL API operation for AWS WAF Regional. +// +// Associates a web ACL with a resource. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation AssociateWebACL for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFInvalidParameterException +// The operation failed because AWS WAF didn't recognize a parameter in the +// request. For example: +// +// * You specified an invalid parameter name. +// +// * You specified an invalid value. +// +// * You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) +// using an action other than INSERT or DELETE. +// +// * You tried to create a WebACL with a DefaultActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a WebACL with a WafActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a ByteMatchSet with a FieldToMatchType other than +// HEADER, QUERY_STRING, or URI. +// +// * You tried to update a ByteMatchSet with a Field of HEADER but no value +// for Data. +// +// * Your request references an ARN that is malformed, or corresponds to +// a resource with which a web ACL cannot be associated. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFUnavailableEntityException +// The operation failed because the entity referenced is temporarily unavailable. +// Retry your request. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/AssociateWebACL +func (c *WAFRegional) AssociateWebACL(input *AssociateWebACLInput) (*AssociateWebACLOutput, error) { + req, out := c.AssociateWebACLRequest(input) + err := req.Send() + return out, err +} + +const opCreateByteMatchSet = "CreateByteMatchSet" + +// CreateByteMatchSetRequest generates a "aws/request.Request" representing the +// client's request for the CreateByteMatchSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See CreateByteMatchSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the CreateByteMatchSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the CreateByteMatchSetRequest method. +// req, resp := client.CreateByteMatchSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/CreateByteMatchSet +func (c *WAFRegional) CreateByteMatchSetRequest(input *waf.CreateByteMatchSetInput) (req *request.Request, output *waf.CreateByteMatchSetOutput) { + op := &request.Operation{ + Name: opCreateByteMatchSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.CreateByteMatchSetInput{} + } + + output = &waf.CreateByteMatchSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateByteMatchSet API operation for AWS WAF Regional. +// +// Creates a ByteMatchSet. You then use UpdateByteMatchSet to identify the part +// of a web request that you want AWS WAF to inspect, such as the values of +// the User-Agent header or the query string. For example, you can create a +// ByteMatchSet that matches any requests with User-Agent headers that contain +// the string BadBot. You can then configure AWS WAF to reject those requests. +// +// To create and configure a ByteMatchSet, perform the following steps: +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of a CreateByteMatchSet request. +// +// Submit a CreateByteMatchSet request. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of an UpdateByteMatchSet request. +// +// Submit an UpdateByteMatchSet request to specify the part of the request that +// you want AWS WAF to inspect (for example, the header or the URI) and the +// value that you want AWS WAF to watch for. +// +// For more information about how to use the AWS WAF API to allow or block HTTP +// requests, see the AWS WAF Developer Guide (http://docs.aws.amazon.com/waf/latest/developerguide/). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation CreateByteMatchSet for usage and error information. +// +// Returned Error Codes: +// * WAFDisallowedNameException +// The name specified is invalid. +// +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFInvalidParameterException +// The operation failed because AWS WAF didn't recognize a parameter in the +// request. For example: +// +// * You specified an invalid parameter name. +// +// * You specified an invalid value. +// +// * You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) +// using an action other than INSERT or DELETE. +// +// * You tried to create a WebACL with a DefaultActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a WebACL with a WafActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a ByteMatchSet with a FieldToMatchType other than +// HEADER, QUERY_STRING, or URI. +// +// * You tried to update a ByteMatchSet with a Field of HEADER but no value +// for Data. +// +// * Your request references an ARN that is malformed, or corresponds to +// a resource with which a web ACL cannot be associated. +// +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFLimitsExceededException +// The operation exceeds a resource limit, for example, the maximum number of +// WebACL objects that you can create for an AWS account. For more information, +// see Limits (http://docs.aws.amazon.com/waf/latest/developerguide/limits.html) +// in the AWS WAF Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/CreateByteMatchSet +func (c *WAFRegional) CreateByteMatchSet(input *waf.CreateByteMatchSetInput) (*waf.CreateByteMatchSetOutput, error) { + req, out := c.CreateByteMatchSetRequest(input) + err := req.Send() + return out, err +} + +const opCreateIPSet = "CreateIPSet" + +// CreateIPSetRequest generates a "aws/request.Request" representing the +// client's request for the CreateIPSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See CreateIPSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the CreateIPSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the CreateIPSetRequest method. +// req, resp := client.CreateIPSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/CreateIPSet +func (c *WAFRegional) CreateIPSetRequest(input *waf.CreateIPSetInput) (req *request.Request, output *waf.CreateIPSetOutput) { + op := &request.Operation{ + Name: opCreateIPSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.CreateIPSetInput{} + } + + output = &waf.CreateIPSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateIPSet API operation for AWS WAF Regional. +// +// Creates an IPSet, which you use to specify which web requests you want to +// allow or block based on the IP addresses that the requests originate from. +// For example, if you're receiving a lot of requests from one or more individual +// IP addresses or one or more ranges of IP addresses and you want to block +// the requests, you can create an IPSet that contains those IP addresses and +// then configure AWS WAF to block the requests. +// +// To create and configure an IPSet, perform the following steps: +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of a CreateIPSet request. +// +// Submit a CreateIPSet request. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of an UpdateIPSet request. +// +// Submit an UpdateIPSet request to specify the IP addresses that you want AWS +// WAF to watch for. +// +// For more information about how to use the AWS WAF API to allow or block HTTP +// requests, see the AWS WAF Developer Guide (http://docs.aws.amazon.com/waf/latest/developerguide/). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation CreateIPSet for usage and error information. +// +// Returned Error Codes: +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFDisallowedNameException +// The name specified is invalid. +// +// * WAFInvalidParameterException +// The operation failed because AWS WAF didn't recognize a parameter in the +// request. For example: +// +// * You specified an invalid parameter name. +// +// * You specified an invalid value. +// +// * You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) +// using an action other than INSERT or DELETE. +// +// * You tried to create a WebACL with a DefaultActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a WebACL with a WafActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a ByteMatchSet with a FieldToMatchType other than +// HEADER, QUERY_STRING, or URI. +// +// * You tried to update a ByteMatchSet with a Field of HEADER but no value +// for Data. +// +// * Your request references an ARN that is malformed, or corresponds to +// a resource with which a web ACL cannot be associated. +// +// * WAFLimitsExceededException +// The operation exceeds a resource limit, for example, the maximum number of +// WebACL objects that you can create for an AWS account. For more information, +// see Limits (http://docs.aws.amazon.com/waf/latest/developerguide/limits.html) +// in the AWS WAF Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/CreateIPSet +func (c *WAFRegional) CreateIPSet(input *waf.CreateIPSetInput) (*waf.CreateIPSetOutput, error) { + req, out := c.CreateIPSetRequest(input) + err := req.Send() + return out, err +} + +const opCreateRule = "CreateRule" + +// CreateRuleRequest generates a "aws/request.Request" representing the +// client's request for the CreateRule operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See CreateRule for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the CreateRule method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the CreateRuleRequest method. +// req, resp := client.CreateRuleRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/CreateRule +func (c *WAFRegional) CreateRuleRequest(input *waf.CreateRuleInput) (req *request.Request, output *waf.CreateRuleOutput) { + op := &request.Operation{ + Name: opCreateRule, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.CreateRuleInput{} + } + + output = &waf.CreateRuleOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateRule API operation for AWS WAF Regional. +// +// Creates a Rule, which contains the IPSet objects, ByteMatchSet objects, and +// other predicates that identify the requests that you want to block. If you +// add more than one predicate to a Rule, a request must match all of the specifications +// to be allowed or blocked. For example, suppose you add the following to a +// Rule: +// +// * An IPSet that matches the IP address 192.0.2.44/32 +// +// * A ByteMatchSet that matches BadBot in the User-Agent header +// +// You then add the Rule to a WebACL and specify that you want to blocks requests +// that satisfy the Rule. For a request to be blocked, it must come from the +// IP address 192.0.2.44 and the User-Agent header in the request must contain +// the value BadBot. +// +// To create and configure a Rule, perform the following steps: +// +// Create and update the predicates that you want to include in the Rule. For +// more information, see CreateByteMatchSet, CreateIPSet, and CreateSqlInjectionMatchSet. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of a CreateRule request. +// +// Submit a CreateRule request. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of an UpdateRule request. +// +// Submit an UpdateRule request to specify the predicates that you want to include +// in the Rule. +// +// Create and update a WebACL that contains the Rule. For more information, +// see CreateWebACL. +// +// For more information about how to use the AWS WAF API to allow or block HTTP +// requests, see the AWS WAF Developer Guide (http://docs.aws.amazon.com/waf/latest/developerguide/). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation CreateRule for usage and error information. +// +// Returned Error Codes: +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFDisallowedNameException +// The name specified is invalid. +// +// * WAFInvalidParameterException +// The operation failed because AWS WAF didn't recognize a parameter in the +// request. For example: +// +// * You specified an invalid parameter name. +// +// * You specified an invalid value. +// +// * You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) +// using an action other than INSERT or DELETE. +// +// * You tried to create a WebACL with a DefaultActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a WebACL with a WafActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a ByteMatchSet with a FieldToMatchType other than +// HEADER, QUERY_STRING, or URI. +// +// * You tried to update a ByteMatchSet with a Field of HEADER but no value +// for Data. +// +// * Your request references an ARN that is malformed, or corresponds to +// a resource with which a web ACL cannot be associated. +// +// * WAFLimitsExceededException +// The operation exceeds a resource limit, for example, the maximum number of +// WebACL objects that you can create for an AWS account. For more information, +// see Limits (http://docs.aws.amazon.com/waf/latest/developerguide/limits.html) +// in the AWS WAF Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/CreateRule +func (c *WAFRegional) CreateRule(input *waf.CreateRuleInput) (*waf.CreateRuleOutput, error) { + req, out := c.CreateRuleRequest(input) + err := req.Send() + return out, err +} + +const opCreateSizeConstraintSet = "CreateSizeConstraintSet" + +// CreateSizeConstraintSetRequest generates a "aws/request.Request" representing the +// client's request for the CreateSizeConstraintSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See CreateSizeConstraintSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the CreateSizeConstraintSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the CreateSizeConstraintSetRequest method. +// req, resp := client.CreateSizeConstraintSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/CreateSizeConstraintSet +func (c *WAFRegional) CreateSizeConstraintSetRequest(input *waf.CreateSizeConstraintSetInput) (req *request.Request, output *waf.CreateSizeConstraintSetOutput) { + op := &request.Operation{ + Name: opCreateSizeConstraintSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.CreateSizeConstraintSetInput{} + } + + output = &waf.CreateSizeConstraintSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateSizeConstraintSet API operation for AWS WAF Regional. +// +// Creates a SizeConstraintSet. You then use UpdateSizeConstraintSet to identify +// the part of a web request that you want AWS WAF to check for length, such +// as the length of the User-Agent header or the length of the query string. +// For example, you can create a SizeConstraintSet that matches any requests +// that have a query string that is longer than 100 bytes. You can then configure +// AWS WAF to reject those requests. +// +// To create and configure a SizeConstraintSet, perform the following steps: +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of a CreateSizeConstraintSet request. +// +// Submit a CreateSizeConstraintSet request. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of an UpdateSizeConstraintSet request. +// +// Submit an UpdateSizeConstraintSet request to specify the part of the request +// that you want AWS WAF to inspect (for example, the header or the URI) and +// the value that you want AWS WAF to watch for. +// +// For more information about how to use the AWS WAF API to allow or block HTTP +// requests, see the AWS WAF Developer Guide (http://docs.aws.amazon.com/waf/latest/developerguide/). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation CreateSizeConstraintSet for usage and error information. +// +// Returned Error Codes: +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFDisallowedNameException +// The name specified is invalid. +// +// * WAFInvalidParameterException +// The operation failed because AWS WAF didn't recognize a parameter in the +// request. For example: +// +// * You specified an invalid parameter name. +// +// * You specified an invalid value. +// +// * You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) +// using an action other than INSERT or DELETE. +// +// * You tried to create a WebACL with a DefaultActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a WebACL with a WafActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a ByteMatchSet with a FieldToMatchType other than +// HEADER, QUERY_STRING, or URI. +// +// * You tried to update a ByteMatchSet with a Field of HEADER but no value +// for Data. +// +// * Your request references an ARN that is malformed, or corresponds to +// a resource with which a web ACL cannot be associated. +// +// * WAFLimitsExceededException +// The operation exceeds a resource limit, for example, the maximum number of +// WebACL objects that you can create for an AWS account. For more information, +// see Limits (http://docs.aws.amazon.com/waf/latest/developerguide/limits.html) +// in the AWS WAF Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/CreateSizeConstraintSet +func (c *WAFRegional) CreateSizeConstraintSet(input *waf.CreateSizeConstraintSetInput) (*waf.CreateSizeConstraintSetOutput, error) { + req, out := c.CreateSizeConstraintSetRequest(input) + err := req.Send() + return out, err +} + +const opCreateSqlInjectionMatchSet = "CreateSqlInjectionMatchSet" + +// CreateSqlInjectionMatchSetRequest generates a "aws/request.Request" representing the +// client's request for the CreateSqlInjectionMatchSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See CreateSqlInjectionMatchSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the CreateSqlInjectionMatchSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the CreateSqlInjectionMatchSetRequest method. +// req, resp := client.CreateSqlInjectionMatchSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/CreateSqlInjectionMatchSet +func (c *WAFRegional) CreateSqlInjectionMatchSetRequest(input *waf.CreateSqlInjectionMatchSetInput) (req *request.Request, output *waf.CreateSqlInjectionMatchSetOutput) { + op := &request.Operation{ + Name: opCreateSqlInjectionMatchSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.CreateSqlInjectionMatchSetInput{} + } + + output = &waf.CreateSqlInjectionMatchSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateSqlInjectionMatchSet API operation for AWS WAF Regional. +// +// Creates a SqlInjectionMatchSet, which you use to allow, block, or count requests +// that contain snippets of SQL code in a specified part of web requests. AWS +// WAF searches for character sequences that are likely to be malicious strings. +// +// To create and configure a SqlInjectionMatchSet, perform the following steps: +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of a CreateSqlInjectionMatchSet request. +// +// Submit a CreateSqlInjectionMatchSet request. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of an UpdateSqlInjectionMatchSet request. +// +// Submit an UpdateSqlInjectionMatchSet request to specify the parts of web +// requests in which you want to allow, block, or count malicious SQL code. +// +// For more information about how to use the AWS WAF API to allow or block HTTP +// requests, see the AWS WAF Developer Guide (http://docs.aws.amazon.com/waf/latest/developerguide/). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation CreateSqlInjectionMatchSet for usage and error information. +// +// Returned Error Codes: +// * WAFDisallowedNameException +// The name specified is invalid. +// +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFInvalidParameterException +// The operation failed because AWS WAF didn't recognize a parameter in the +// request. For example: +// +// * You specified an invalid parameter name. +// +// * You specified an invalid value. +// +// * You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) +// using an action other than INSERT or DELETE. +// +// * You tried to create a WebACL with a DefaultActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a WebACL with a WafActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a ByteMatchSet with a FieldToMatchType other than +// HEADER, QUERY_STRING, or URI. +// +// * You tried to update a ByteMatchSet with a Field of HEADER but no value +// for Data. +// +// * Your request references an ARN that is malformed, or corresponds to +// a resource with which a web ACL cannot be associated. +// +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFLimitsExceededException +// The operation exceeds a resource limit, for example, the maximum number of +// WebACL objects that you can create for an AWS account. For more information, +// see Limits (http://docs.aws.amazon.com/waf/latest/developerguide/limits.html) +// in the AWS WAF Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/CreateSqlInjectionMatchSet +func (c *WAFRegional) CreateSqlInjectionMatchSet(input *waf.CreateSqlInjectionMatchSetInput) (*waf.CreateSqlInjectionMatchSetOutput, error) { + req, out := c.CreateSqlInjectionMatchSetRequest(input) + err := req.Send() + return out, err +} + +const opCreateWebACL = "CreateWebACL" + +// CreateWebACLRequest generates a "aws/request.Request" representing the +// client's request for the CreateWebACL operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See CreateWebACL for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the CreateWebACL method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the CreateWebACLRequest method. +// req, resp := client.CreateWebACLRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/CreateWebACL +func (c *WAFRegional) CreateWebACLRequest(input *waf.CreateWebACLInput) (req *request.Request, output *waf.CreateWebACLOutput) { + op := &request.Operation{ + Name: opCreateWebACL, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.CreateWebACLInput{} + } + + output = &waf.CreateWebACLOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateWebACL API operation for AWS WAF Regional. +// +// Creates a WebACL, which contains the Rules that identify the CloudFront web +// requests that you want to allow, block, or count. AWS WAF evaluates Rules +// in order based on the value of Priority for each Rule. +// +// You also specify a default action, either ALLOW or BLOCK. If a web request +// doesn't match any of the Rules in a WebACL, AWS WAF responds to the request +// with the default action. +// +// To create and configure a WebACL, perform the following steps: +// +// Create and update the ByteMatchSet objects and other predicates that you +// want to include in Rules. For more information, see CreateByteMatchSet, UpdateByteMatchSet, +// CreateIPSet, UpdateIPSet, CreateSqlInjectionMatchSet, and UpdateSqlInjectionMatchSet. +// +// Create and update the Rules that you want to include in the WebACL. For more +// information, see CreateRule and UpdateRule. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of a CreateWebACL request. +// +// Submit a CreateWebACL request. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of an UpdateWebACL request. +// +// Submit an UpdateWebACL request to specify the Rules that you want to include +// in the WebACL, to specify the default action, and to associate the WebACL +// with a CloudFront distribution. +// +// For more information about how to use the AWS WAF API, see the AWS WAF Developer +// Guide (http://docs.aws.amazon.com/waf/latest/developerguide/). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation CreateWebACL for usage and error information. +// +// Returned Error Codes: +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFDisallowedNameException +// The name specified is invalid. +// +// * WAFInvalidParameterException +// The operation failed because AWS WAF didn't recognize a parameter in the +// request. For example: +// +// * You specified an invalid parameter name. +// +// * You specified an invalid value. +// +// * You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) +// using an action other than INSERT or DELETE. +// +// * You tried to create a WebACL with a DefaultActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a WebACL with a WafActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a ByteMatchSet with a FieldToMatchType other than +// HEADER, QUERY_STRING, or URI. +// +// * You tried to update a ByteMatchSet with a Field of HEADER but no value +// for Data. +// +// * Your request references an ARN that is malformed, or corresponds to +// a resource with which a web ACL cannot be associated. +// +// * WAFLimitsExceededException +// The operation exceeds a resource limit, for example, the maximum number of +// WebACL objects that you can create for an AWS account. For more information, +// see Limits (http://docs.aws.amazon.com/waf/latest/developerguide/limits.html) +// in the AWS WAF Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/CreateWebACL +func (c *WAFRegional) CreateWebACL(input *waf.CreateWebACLInput) (*waf.CreateWebACLOutput, error) { + req, out := c.CreateWebACLRequest(input) + err := req.Send() + return out, err +} + +const opCreateXssMatchSet = "CreateXssMatchSet" + +// CreateXssMatchSetRequest generates a "aws/request.Request" representing the +// client's request for the CreateXssMatchSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See CreateXssMatchSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the CreateXssMatchSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the CreateXssMatchSetRequest method. +// req, resp := client.CreateXssMatchSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/CreateXssMatchSet +func (c *WAFRegional) CreateXssMatchSetRequest(input *waf.CreateXssMatchSetInput) (req *request.Request, output *waf.CreateXssMatchSetOutput) { + op := &request.Operation{ + Name: opCreateXssMatchSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.CreateXssMatchSetInput{} + } + + output = &waf.CreateXssMatchSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateXssMatchSet API operation for AWS WAF Regional. +// +// Creates an XssMatchSet, which you use to allow, block, or count requests +// that contain cross-site scripting attacks in the specified part of web requests. +// AWS WAF searches for character sequences that are likely to be malicious +// strings. +// +// To create and configure an XssMatchSet, perform the following steps: +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of a CreateXssMatchSet request. +// +// Submit a CreateXssMatchSet request. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of an UpdateXssMatchSet request. +// +// Submit an UpdateXssMatchSet request to specify the parts of web requests +// in which you want to allow, block, or count cross-site scripting attacks. +// +// For more information about how to use the AWS WAF API to allow or block HTTP +// requests, see the AWS WAF Developer Guide (http://docs.aws.amazon.com/waf/latest/developerguide/). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation CreateXssMatchSet for usage and error information. +// +// Returned Error Codes: +// * WAFDisallowedNameException +// The name specified is invalid. +// +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFInvalidParameterException +// The operation failed because AWS WAF didn't recognize a parameter in the +// request. For example: +// +// * You specified an invalid parameter name. +// +// * You specified an invalid value. +// +// * You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) +// using an action other than INSERT or DELETE. +// +// * You tried to create a WebACL with a DefaultActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a WebACL with a WafActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a ByteMatchSet with a FieldToMatchType other than +// HEADER, QUERY_STRING, or URI. +// +// * You tried to update a ByteMatchSet with a Field of HEADER but no value +// for Data. +// +// * Your request references an ARN that is malformed, or corresponds to +// a resource with which a web ACL cannot be associated. +// +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFLimitsExceededException +// The operation exceeds a resource limit, for example, the maximum number of +// WebACL objects that you can create for an AWS account. For more information, +// see Limits (http://docs.aws.amazon.com/waf/latest/developerguide/limits.html) +// in the AWS WAF Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/CreateXssMatchSet +func (c *WAFRegional) CreateXssMatchSet(input *waf.CreateXssMatchSetInput) (*waf.CreateXssMatchSetOutput, error) { + req, out := c.CreateXssMatchSetRequest(input) + err := req.Send() + return out, err +} + +const opDeleteByteMatchSet = "DeleteByteMatchSet" + +// DeleteByteMatchSetRequest generates a "aws/request.Request" representing the +// client's request for the DeleteByteMatchSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DeleteByteMatchSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DeleteByteMatchSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DeleteByteMatchSetRequest method. +// req, resp := client.DeleteByteMatchSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DeleteByteMatchSet +func (c *WAFRegional) DeleteByteMatchSetRequest(input *waf.DeleteByteMatchSetInput) (req *request.Request, output *waf.DeleteByteMatchSetOutput) { + op := &request.Operation{ + Name: opDeleteByteMatchSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.DeleteByteMatchSetInput{} + } + + output = &waf.DeleteByteMatchSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteByteMatchSet API operation for AWS WAF Regional. +// +// Permanently deletes a ByteMatchSet. You can't delete a ByteMatchSet if it's +// still used in any Rules or if it still includes any ByteMatchTuple objects +// (any filters). +// +// If you just want to remove a ByteMatchSet from a Rule, use UpdateRule. +// +// To permanently delete a ByteMatchSet, perform the following steps: +// +// Update the ByteMatchSet to remove filters, if any. For more information, +// see UpdateByteMatchSet. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of a DeleteByteMatchSet request. +// +// Submit a DeleteByteMatchSet request. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation DeleteByteMatchSet for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFReferencedItemException +// The operation failed because you tried to delete an object that is still +// in use. For example: +// +// * You tried to delete a ByteMatchSet that is still referenced by a Rule. +// +// * You tried to delete a Rule that is still referenced by a WebACL. +// +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFNonEmptyEntityException +// The operation failed because you tried to delete an object that isn't empty. +// For example: +// +// * You tried to delete a WebACL that still contains one or more Rule objects. +// +// * You tried to delete a Rule that still contains one or more ByteMatchSet +// objects or other predicates. +// +// * You tried to delete a ByteMatchSet that contains one or more ByteMatchTuple +// objects. +// +// * You tried to delete an IPSet that references one or more IP addresses. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DeleteByteMatchSet +func (c *WAFRegional) DeleteByteMatchSet(input *waf.DeleteByteMatchSetInput) (*waf.DeleteByteMatchSetOutput, error) { + req, out := c.DeleteByteMatchSetRequest(input) + err := req.Send() + return out, err +} + +const opDeleteIPSet = "DeleteIPSet" + +// DeleteIPSetRequest generates a "aws/request.Request" representing the +// client's request for the DeleteIPSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DeleteIPSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DeleteIPSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DeleteIPSetRequest method. +// req, resp := client.DeleteIPSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DeleteIPSet +func (c *WAFRegional) DeleteIPSetRequest(input *waf.DeleteIPSetInput) (req *request.Request, output *waf.DeleteIPSetOutput) { + op := &request.Operation{ + Name: opDeleteIPSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.DeleteIPSetInput{} + } + + output = &waf.DeleteIPSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteIPSet API operation for AWS WAF Regional. +// +// Permanently deletes an IPSet. You can't delete an IPSet if it's still used +// in any Rules or if it still includes any IP addresses. +// +// If you just want to remove an IPSet from a Rule, use UpdateRule. +// +// To permanently delete an IPSet from AWS WAF, perform the following steps: +// +// Update the IPSet to remove IP address ranges, if any. For more information, +// see UpdateIPSet. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of a DeleteIPSet request. +// +// Submit a DeleteIPSet request. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation DeleteIPSet for usage and error information. +// +// Returned Error Codes: +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFReferencedItemException +// The operation failed because you tried to delete an object that is still +// in use. For example: +// +// * You tried to delete a ByteMatchSet that is still referenced by a Rule. +// +// * You tried to delete a Rule that is still referenced by a WebACL. +// +// * WAFNonEmptyEntityException +// The operation failed because you tried to delete an object that isn't empty. +// For example: +// +// * You tried to delete a WebACL that still contains one or more Rule objects. +// +// * You tried to delete a Rule that still contains one or more ByteMatchSet +// objects or other predicates. +// +// * You tried to delete a ByteMatchSet that contains one or more ByteMatchTuple +// objects. +// +// * You tried to delete an IPSet that references one or more IP addresses. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DeleteIPSet +func (c *WAFRegional) DeleteIPSet(input *waf.DeleteIPSetInput) (*waf.DeleteIPSetOutput, error) { + req, out := c.DeleteIPSetRequest(input) + err := req.Send() + return out, err +} + +const opDeleteRule = "DeleteRule" + +// DeleteRuleRequest generates a "aws/request.Request" representing the +// client's request for the DeleteRule operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DeleteRule for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DeleteRule method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DeleteRuleRequest method. +// req, resp := client.DeleteRuleRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DeleteRule +func (c *WAFRegional) DeleteRuleRequest(input *waf.DeleteRuleInput) (req *request.Request, output *waf.DeleteRuleOutput) { + op := &request.Operation{ + Name: opDeleteRule, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.DeleteRuleInput{} + } + + output = &waf.DeleteRuleOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteRule API operation for AWS WAF Regional. +// +// Permanently deletes a Rule. You can't delete a Rule if it's still used in +// any WebACL objects or if it still includes any predicates, such as ByteMatchSet +// objects. +// +// If you just want to remove a Rule from a WebACL, use UpdateWebACL. +// +// To permanently delete a Rule from AWS WAF, perform the following steps: +// +// Update the Rule to remove predicates, if any. For more information, see UpdateRule. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of a DeleteRule request. +// +// Submit a DeleteRule request. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation DeleteRule for usage and error information. +// +// Returned Error Codes: +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFReferencedItemException +// The operation failed because you tried to delete an object that is still +// in use. For example: +// +// * You tried to delete a ByteMatchSet that is still referenced by a Rule. +// +// * You tried to delete a Rule that is still referenced by a WebACL. +// +// * WAFNonEmptyEntityException +// The operation failed because you tried to delete an object that isn't empty. +// For example: +// +// * You tried to delete a WebACL that still contains one or more Rule objects. +// +// * You tried to delete a Rule that still contains one or more ByteMatchSet +// objects or other predicates. +// +// * You tried to delete a ByteMatchSet that contains one or more ByteMatchTuple +// objects. +// +// * You tried to delete an IPSet that references one or more IP addresses. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DeleteRule +func (c *WAFRegional) DeleteRule(input *waf.DeleteRuleInput) (*waf.DeleteRuleOutput, error) { + req, out := c.DeleteRuleRequest(input) + err := req.Send() + return out, err +} + +const opDeleteSizeConstraintSet = "DeleteSizeConstraintSet" + +// DeleteSizeConstraintSetRequest generates a "aws/request.Request" representing the +// client's request for the DeleteSizeConstraintSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DeleteSizeConstraintSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DeleteSizeConstraintSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DeleteSizeConstraintSetRequest method. +// req, resp := client.DeleteSizeConstraintSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DeleteSizeConstraintSet +func (c *WAFRegional) DeleteSizeConstraintSetRequest(input *waf.DeleteSizeConstraintSetInput) (req *request.Request, output *waf.DeleteSizeConstraintSetOutput) { + op := &request.Operation{ + Name: opDeleteSizeConstraintSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.DeleteSizeConstraintSetInput{} + } + + output = &waf.DeleteSizeConstraintSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteSizeConstraintSet API operation for AWS WAF Regional. +// +// Permanently deletes a SizeConstraintSet. You can't delete a SizeConstraintSet +// if it's still used in any Rules or if it still includes any SizeConstraint +// objects (any filters). +// +// If you just want to remove a SizeConstraintSet from a Rule, use UpdateRule. +// +// To permanently delete a SizeConstraintSet, perform the following steps: +// +// Update the SizeConstraintSet to remove filters, if any. For more information, +// see UpdateSizeConstraintSet. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of a DeleteSizeConstraintSet request. +// +// Submit a DeleteSizeConstraintSet request. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation DeleteSizeConstraintSet for usage and error information. +// +// Returned Error Codes: +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFReferencedItemException +// The operation failed because you tried to delete an object that is still +// in use. For example: +// +// * You tried to delete a ByteMatchSet that is still referenced by a Rule. +// +// * You tried to delete a Rule that is still referenced by a WebACL. +// +// * WAFNonEmptyEntityException +// The operation failed because you tried to delete an object that isn't empty. +// For example: +// +// * You tried to delete a WebACL that still contains one or more Rule objects. +// +// * You tried to delete a Rule that still contains one or more ByteMatchSet +// objects or other predicates. +// +// * You tried to delete a ByteMatchSet that contains one or more ByteMatchTuple +// objects. +// +// * You tried to delete an IPSet that references one or more IP addresses. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DeleteSizeConstraintSet +func (c *WAFRegional) DeleteSizeConstraintSet(input *waf.DeleteSizeConstraintSetInput) (*waf.DeleteSizeConstraintSetOutput, error) { + req, out := c.DeleteSizeConstraintSetRequest(input) + err := req.Send() + return out, err +} + +const opDeleteSqlInjectionMatchSet = "DeleteSqlInjectionMatchSet" + +// DeleteSqlInjectionMatchSetRequest generates a "aws/request.Request" representing the +// client's request for the DeleteSqlInjectionMatchSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DeleteSqlInjectionMatchSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DeleteSqlInjectionMatchSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DeleteSqlInjectionMatchSetRequest method. +// req, resp := client.DeleteSqlInjectionMatchSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DeleteSqlInjectionMatchSet +func (c *WAFRegional) DeleteSqlInjectionMatchSetRequest(input *waf.DeleteSqlInjectionMatchSetInput) (req *request.Request, output *waf.DeleteSqlInjectionMatchSetOutput) { + op := &request.Operation{ + Name: opDeleteSqlInjectionMatchSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.DeleteSqlInjectionMatchSetInput{} + } + + output = &waf.DeleteSqlInjectionMatchSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteSqlInjectionMatchSet API operation for AWS WAF Regional. +// +// Permanently deletes a SqlInjectionMatchSet. You can't delete a SqlInjectionMatchSet +// if it's still used in any Rules or if it still contains any SqlInjectionMatchTuple +// objects. +// +// If you just want to remove a SqlInjectionMatchSet from a Rule, use UpdateRule. +// +// To permanently delete a SqlInjectionMatchSet from AWS WAF, perform the following +// steps: +// +// Update the SqlInjectionMatchSet to remove filters, if any. For more information, +// see UpdateSqlInjectionMatchSet. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of a DeleteSqlInjectionMatchSet request. +// +// Submit a DeleteSqlInjectionMatchSet request. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation DeleteSqlInjectionMatchSet for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFReferencedItemException +// The operation failed because you tried to delete an object that is still +// in use. For example: +// +// * You tried to delete a ByteMatchSet that is still referenced by a Rule. +// +// * You tried to delete a Rule that is still referenced by a WebACL. +// +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFNonEmptyEntityException +// The operation failed because you tried to delete an object that isn't empty. +// For example: +// +// * You tried to delete a WebACL that still contains one or more Rule objects. +// +// * You tried to delete a Rule that still contains one or more ByteMatchSet +// objects or other predicates. +// +// * You tried to delete a ByteMatchSet that contains one or more ByteMatchTuple +// objects. +// +// * You tried to delete an IPSet that references one or more IP addresses. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DeleteSqlInjectionMatchSet +func (c *WAFRegional) DeleteSqlInjectionMatchSet(input *waf.DeleteSqlInjectionMatchSetInput) (*waf.DeleteSqlInjectionMatchSetOutput, error) { + req, out := c.DeleteSqlInjectionMatchSetRequest(input) + err := req.Send() + return out, err +} + +const opDeleteWebACL = "DeleteWebACL" + +// DeleteWebACLRequest generates a "aws/request.Request" representing the +// client's request for the DeleteWebACL operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DeleteWebACL for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DeleteWebACL method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DeleteWebACLRequest method. +// req, resp := client.DeleteWebACLRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DeleteWebACL +func (c *WAFRegional) DeleteWebACLRequest(input *waf.DeleteWebACLInput) (req *request.Request, output *waf.DeleteWebACLOutput) { + op := &request.Operation{ + Name: opDeleteWebACL, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.DeleteWebACLInput{} + } + + output = &waf.DeleteWebACLOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteWebACL API operation for AWS WAF Regional. +// +// Permanently deletes a WebACL. You can't delete a WebACL if it still contains +// any Rules. +// +// To delete a WebACL, perform the following steps: +// +// Update the WebACL to remove Rules, if any. For more information, see UpdateWebACL. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of a DeleteWebACL request. +// +// Submit a DeleteWebACL request. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation DeleteWebACL for usage and error information. +// +// Returned Error Codes: +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFReferencedItemException +// The operation failed because you tried to delete an object that is still +// in use. For example: +// +// * You tried to delete a ByteMatchSet that is still referenced by a Rule. +// +// * You tried to delete a Rule that is still referenced by a WebACL. +// +// * WAFNonEmptyEntityException +// The operation failed because you tried to delete an object that isn't empty. +// For example: +// +// * You tried to delete a WebACL that still contains one or more Rule objects. +// +// * You tried to delete a Rule that still contains one or more ByteMatchSet +// objects or other predicates. +// +// * You tried to delete a ByteMatchSet that contains one or more ByteMatchTuple +// objects. +// +// * You tried to delete an IPSet that references one or more IP addresses. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DeleteWebACL +func (c *WAFRegional) DeleteWebACL(input *waf.DeleteWebACLInput) (*waf.DeleteWebACLOutput, error) { + req, out := c.DeleteWebACLRequest(input) + err := req.Send() + return out, err +} + +const opDeleteXssMatchSet = "DeleteXssMatchSet" + +// DeleteXssMatchSetRequest generates a "aws/request.Request" representing the +// client's request for the DeleteXssMatchSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DeleteXssMatchSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DeleteXssMatchSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DeleteXssMatchSetRequest method. +// req, resp := client.DeleteXssMatchSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DeleteXssMatchSet +func (c *WAFRegional) DeleteXssMatchSetRequest(input *waf.DeleteXssMatchSetInput) (req *request.Request, output *waf.DeleteXssMatchSetOutput) { + op := &request.Operation{ + Name: opDeleteXssMatchSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.DeleteXssMatchSetInput{} + } + + output = &waf.DeleteXssMatchSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteXssMatchSet API operation for AWS WAF Regional. +// +// Permanently deletes an XssMatchSet. You can't delete an XssMatchSet if it's +// still used in any Rules or if it still contains any XssMatchTuple objects. +// +// If you just want to remove an XssMatchSet from a Rule, use UpdateRule. +// +// To permanently delete an XssMatchSet from AWS WAF, perform the following +// steps: +// +// Update the XssMatchSet to remove filters, if any. For more information, see +// UpdateXssMatchSet. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of a DeleteXssMatchSet request. +// +// Submit a DeleteXssMatchSet request. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation DeleteXssMatchSet for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFReferencedItemException +// The operation failed because you tried to delete an object that is still +// in use. For example: +// +// * You tried to delete a ByteMatchSet that is still referenced by a Rule. +// +// * You tried to delete a Rule that is still referenced by a WebACL. +// +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFNonEmptyEntityException +// The operation failed because you tried to delete an object that isn't empty. +// For example: +// +// * You tried to delete a WebACL that still contains one or more Rule objects. +// +// * You tried to delete a Rule that still contains one or more ByteMatchSet +// objects or other predicates. +// +// * You tried to delete a ByteMatchSet that contains one or more ByteMatchTuple +// objects. +// +// * You tried to delete an IPSet that references one or more IP addresses. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DeleteXssMatchSet +func (c *WAFRegional) DeleteXssMatchSet(input *waf.DeleteXssMatchSetInput) (*waf.DeleteXssMatchSetOutput, error) { + req, out := c.DeleteXssMatchSetRequest(input) + err := req.Send() + return out, err +} + +const opDisassociateWebACL = "DisassociateWebACL" + +// DisassociateWebACLRequest generates a "aws/request.Request" representing the +// client's request for the DisassociateWebACL operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DisassociateWebACL for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DisassociateWebACL method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DisassociateWebACLRequest method. +// req, resp := client.DisassociateWebACLRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DisassociateWebACL +func (c *WAFRegional) DisassociateWebACLRequest(input *DisassociateWebACLInput) (req *request.Request, output *DisassociateWebACLOutput) { + op := &request.Operation{ + Name: opDisassociateWebACL, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisassociateWebACLInput{} + } + + output = &DisassociateWebACLOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisassociateWebACL API operation for AWS WAF Regional. +// +// Removes a web ACL from the specified resource. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation DisassociateWebACL for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFInvalidParameterException +// The operation failed because AWS WAF didn't recognize a parameter in the +// request. For example: +// +// * You specified an invalid parameter name. +// +// * You specified an invalid value. +// +// * You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) +// using an action other than INSERT or DELETE. +// +// * You tried to create a WebACL with a DefaultActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a WebACL with a WafActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a ByteMatchSet with a FieldToMatchType other than +// HEADER, QUERY_STRING, or URI. +// +// * You tried to update a ByteMatchSet with a Field of HEADER but no value +// for Data. +// +// * Your request references an ARN that is malformed, or corresponds to +// a resource with which a web ACL cannot be associated. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DisassociateWebACL +func (c *WAFRegional) DisassociateWebACL(input *DisassociateWebACLInput) (*DisassociateWebACLOutput, error) { + req, out := c.DisassociateWebACLRequest(input) + err := req.Send() + return out, err +} + +const opGetByteMatchSet = "GetByteMatchSet" + +// GetByteMatchSetRequest generates a "aws/request.Request" representing the +// client's request for the GetByteMatchSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See GetByteMatchSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the GetByteMatchSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the GetByteMatchSetRequest method. +// req, resp := client.GetByteMatchSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetByteMatchSet +func (c *WAFRegional) GetByteMatchSetRequest(input *waf.GetByteMatchSetInput) (req *request.Request, output *waf.GetByteMatchSetOutput) { + op := &request.Operation{ + Name: opGetByteMatchSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.GetByteMatchSetInput{} + } + + output = &waf.GetByteMatchSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetByteMatchSet API operation for AWS WAF Regional. +// +// Returns the ByteMatchSet specified by ByteMatchSetId. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation GetByteMatchSet for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetByteMatchSet +func (c *WAFRegional) GetByteMatchSet(input *waf.GetByteMatchSetInput) (*waf.GetByteMatchSetOutput, error) { + req, out := c.GetByteMatchSetRequest(input) + err := req.Send() + return out, err +} + +const opGetChangeToken = "GetChangeToken" + +// GetChangeTokenRequest generates a "aws/request.Request" representing the +// client's request for the GetChangeToken operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See GetChangeToken for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the GetChangeToken method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the GetChangeTokenRequest method. +// req, resp := client.GetChangeTokenRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetChangeToken +func (c *WAFRegional) GetChangeTokenRequest(input *waf.GetChangeTokenInput) (req *request.Request, output *waf.GetChangeTokenOutput) { + op := &request.Operation{ + Name: opGetChangeToken, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.GetChangeTokenInput{} + } + + output = &waf.GetChangeTokenOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetChangeToken API operation for AWS WAF Regional. +// +// When you want to create, update, or delete AWS WAF objects, get a change +// token and include the change token in the create, update, or delete request. +// Change tokens ensure that your application doesn't submit conflicting requests +// to AWS WAF. +// +// Each create, update, or delete request must use a unique change token. If +// your application submits a GetChangeToken request and then submits a second +// GetChangeToken request before submitting a create, update, or delete request, +// the second GetChangeToken request returns the same value as the first GetChangeToken +// request. +// +// When you use a change token in a create, update, or delete request, the status +// of the change token changes to PENDING, which indicates that AWS WAF is propagating +// the change to all AWS WAF servers. Use GetChangeTokenStatus to determine +// the status of your change token. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation GetChangeToken for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetChangeToken +func (c *WAFRegional) GetChangeToken(input *waf.GetChangeTokenInput) (*waf.GetChangeTokenOutput, error) { + req, out := c.GetChangeTokenRequest(input) + err := req.Send() + return out, err +} + +const opGetChangeTokenStatus = "GetChangeTokenStatus" + +// GetChangeTokenStatusRequest generates a "aws/request.Request" representing the +// client's request for the GetChangeTokenStatus operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See GetChangeTokenStatus for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the GetChangeTokenStatus method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the GetChangeTokenStatusRequest method. +// req, resp := client.GetChangeTokenStatusRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetChangeTokenStatus +func (c *WAFRegional) GetChangeTokenStatusRequest(input *waf.GetChangeTokenStatusInput) (req *request.Request, output *waf.GetChangeTokenStatusOutput) { + op := &request.Operation{ + Name: opGetChangeTokenStatus, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.GetChangeTokenStatusInput{} + } + + output = &waf.GetChangeTokenStatusOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetChangeTokenStatus API operation for AWS WAF Regional. +// +// Returns the status of a ChangeToken that you got by calling GetChangeToken. +// ChangeTokenStatus is one of the following values: +// +// * PROVISIONED: You requested the change token by calling GetChangeToken, +// but you haven't used it yet in a call to create, update, or delete an +// AWS WAF object. +// +// * PENDING: AWS WAF is propagating the create, update, or delete request +// to all AWS WAF servers. +// +// * IN_SYNC: Propagation is complete. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation GetChangeTokenStatus for usage and error information. +// +// Returned Error Codes: +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetChangeTokenStatus +func (c *WAFRegional) GetChangeTokenStatus(input *waf.GetChangeTokenStatusInput) (*waf.GetChangeTokenStatusOutput, error) { + req, out := c.GetChangeTokenStatusRequest(input) + err := req.Send() + return out, err +} + +const opGetIPSet = "GetIPSet" + +// GetIPSetRequest generates a "aws/request.Request" representing the +// client's request for the GetIPSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See GetIPSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the GetIPSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the GetIPSetRequest method. +// req, resp := client.GetIPSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetIPSet +func (c *WAFRegional) GetIPSetRequest(input *waf.GetIPSetInput) (req *request.Request, output *waf.GetIPSetOutput) { + op := &request.Operation{ + Name: opGetIPSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.GetIPSetInput{} + } + + output = &waf.GetIPSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetIPSet API operation for AWS WAF Regional. +// +// Returns the IPSet that is specified by IPSetId. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation GetIPSet for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetIPSet +func (c *WAFRegional) GetIPSet(input *waf.GetIPSetInput) (*waf.GetIPSetOutput, error) { + req, out := c.GetIPSetRequest(input) + err := req.Send() + return out, err +} + +const opGetRule = "GetRule" + +// GetRuleRequest generates a "aws/request.Request" representing the +// client's request for the GetRule operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See GetRule for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the GetRule method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the GetRuleRequest method. +// req, resp := client.GetRuleRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetRule +func (c *WAFRegional) GetRuleRequest(input *waf.GetRuleInput) (req *request.Request, output *waf.GetRuleOutput) { + op := &request.Operation{ + Name: opGetRule, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.GetRuleInput{} + } + + output = &waf.GetRuleOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetRule API operation for AWS WAF Regional. +// +// Returns the Rule that is specified by the RuleId that you included in the +// GetRule request. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation GetRule for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetRule +func (c *WAFRegional) GetRule(input *waf.GetRuleInput) (*waf.GetRuleOutput, error) { + req, out := c.GetRuleRequest(input) + err := req.Send() + return out, err +} + +const opGetSampledRequests = "GetSampledRequests" + +// GetSampledRequestsRequest generates a "aws/request.Request" representing the +// client's request for the GetSampledRequests operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See GetSampledRequests for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the GetSampledRequests method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the GetSampledRequestsRequest method. +// req, resp := client.GetSampledRequestsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetSampledRequests +func (c *WAFRegional) GetSampledRequestsRequest(input *waf.GetSampledRequestsInput) (req *request.Request, output *waf.GetSampledRequestsOutput) { + op := &request.Operation{ + Name: opGetSampledRequests, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.GetSampledRequestsInput{} + } + + output = &waf.GetSampledRequestsOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetSampledRequests API operation for AWS WAF Regional. +// +// Gets detailed information about a specified number of requests--a sample--that +// AWS WAF randomly selects from among the first 5,000 requests that your AWS +// resource received during a time range that you choose. You can specify a +// sample size of up to 100 requests, and you can specify any time range in +// the previous three hours. +// +// GetSampledRequests returns a time range, which is usually the time range +// that you specified. However, if your resource (such as a CloudFront distribution) +// received 5,000 requests before the specified time range elapsed, GetSampledRequests +// returns an updated time range. This new time range indicates the actual period +// during which AWS WAF selected the requests in the sample. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation GetSampledRequests for usage and error information. +// +// Returned Error Codes: +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetSampledRequests +func (c *WAFRegional) GetSampledRequests(input *waf.GetSampledRequestsInput) (*waf.GetSampledRequestsOutput, error) { + req, out := c.GetSampledRequestsRequest(input) + err := req.Send() + return out, err +} + +const opGetSizeConstraintSet = "GetSizeConstraintSet" + +// GetSizeConstraintSetRequest generates a "aws/request.Request" representing the +// client's request for the GetSizeConstraintSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See GetSizeConstraintSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the GetSizeConstraintSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the GetSizeConstraintSetRequest method. +// req, resp := client.GetSizeConstraintSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetSizeConstraintSet +func (c *WAFRegional) GetSizeConstraintSetRequest(input *waf.GetSizeConstraintSetInput) (req *request.Request, output *waf.GetSizeConstraintSetOutput) { + op := &request.Operation{ + Name: opGetSizeConstraintSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.GetSizeConstraintSetInput{} + } + + output = &waf.GetSizeConstraintSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetSizeConstraintSet API operation for AWS WAF Regional. +// +// Returns the SizeConstraintSet specified by SizeConstraintSetId. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation GetSizeConstraintSet for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetSizeConstraintSet +func (c *WAFRegional) GetSizeConstraintSet(input *waf.GetSizeConstraintSetInput) (*waf.GetSizeConstraintSetOutput, error) { + req, out := c.GetSizeConstraintSetRequest(input) + err := req.Send() + return out, err +} + +const opGetSqlInjectionMatchSet = "GetSqlInjectionMatchSet" + +// GetSqlInjectionMatchSetRequest generates a "aws/request.Request" representing the +// client's request for the GetSqlInjectionMatchSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See GetSqlInjectionMatchSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the GetSqlInjectionMatchSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the GetSqlInjectionMatchSetRequest method. +// req, resp := client.GetSqlInjectionMatchSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetSqlInjectionMatchSet +func (c *WAFRegional) GetSqlInjectionMatchSetRequest(input *waf.GetSqlInjectionMatchSetInput) (req *request.Request, output *waf.GetSqlInjectionMatchSetOutput) { + op := &request.Operation{ + Name: opGetSqlInjectionMatchSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.GetSqlInjectionMatchSetInput{} + } + + output = &waf.GetSqlInjectionMatchSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetSqlInjectionMatchSet API operation for AWS WAF Regional. +// +// Returns the SqlInjectionMatchSet that is specified by SqlInjectionMatchSetId. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation GetSqlInjectionMatchSet for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetSqlInjectionMatchSet +func (c *WAFRegional) GetSqlInjectionMatchSet(input *waf.GetSqlInjectionMatchSetInput) (*waf.GetSqlInjectionMatchSetOutput, error) { + req, out := c.GetSqlInjectionMatchSetRequest(input) + err := req.Send() + return out, err +} + +const opGetWebACL = "GetWebACL" + +// GetWebACLRequest generates a "aws/request.Request" representing the +// client's request for the GetWebACL operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See GetWebACL for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the GetWebACL method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the GetWebACLRequest method. +// req, resp := client.GetWebACLRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetWebACL +func (c *WAFRegional) GetWebACLRequest(input *waf.GetWebACLInput) (req *request.Request, output *waf.GetWebACLOutput) { + op := &request.Operation{ + Name: opGetWebACL, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.GetWebACLInput{} + } + + output = &waf.GetWebACLOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetWebACL API operation for AWS WAF Regional. +// +// Returns the WebACL that is specified by WebACLId. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation GetWebACL for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetWebACL +func (c *WAFRegional) GetWebACL(input *waf.GetWebACLInput) (*waf.GetWebACLOutput, error) { + req, out := c.GetWebACLRequest(input) + err := req.Send() + return out, err +} + +const opGetWebACLForResource = "GetWebACLForResource" + +// GetWebACLForResourceRequest generates a "aws/request.Request" representing the +// client's request for the GetWebACLForResource operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See GetWebACLForResource for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the GetWebACLForResource method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the GetWebACLForResourceRequest method. +// req, resp := client.GetWebACLForResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetWebACLForResource +func (c *WAFRegional) GetWebACLForResourceRequest(input *GetWebACLForResourceInput) (req *request.Request, output *GetWebACLForResourceOutput) { + op := &request.Operation{ + Name: opGetWebACLForResource, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetWebACLForResourceInput{} + } + + output = &GetWebACLForResourceOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetWebACLForResource API operation for AWS WAF Regional. +// +// Returns the web ACL for the specified resource. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation GetWebACLForResource for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFInvalidParameterException +// The operation failed because AWS WAF didn't recognize a parameter in the +// request. For example: +// +// * You specified an invalid parameter name. +// +// * You specified an invalid value. +// +// * You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) +// using an action other than INSERT or DELETE. +// +// * You tried to create a WebACL with a DefaultActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a WebACL with a WafActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a ByteMatchSet with a FieldToMatchType other than +// HEADER, QUERY_STRING, or URI. +// +// * You tried to update a ByteMatchSet with a Field of HEADER but no value +// for Data. +// +// * Your request references an ARN that is malformed, or corresponds to +// a resource with which a web ACL cannot be associated. +// +// * WAFUnavailableEntityException +// The operation failed because the entity referenced is temporarily unavailable. +// Retry your request. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetWebACLForResource +func (c *WAFRegional) GetWebACLForResource(input *GetWebACLForResourceInput) (*GetWebACLForResourceOutput, error) { + req, out := c.GetWebACLForResourceRequest(input) + err := req.Send() + return out, err +} + +const opGetXssMatchSet = "GetXssMatchSet" + +// GetXssMatchSetRequest generates a "aws/request.Request" representing the +// client's request for the GetXssMatchSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See GetXssMatchSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the GetXssMatchSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the GetXssMatchSetRequest method. +// req, resp := client.GetXssMatchSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetXssMatchSet +func (c *WAFRegional) GetXssMatchSetRequest(input *waf.GetXssMatchSetInput) (req *request.Request, output *waf.GetXssMatchSetOutput) { + op := &request.Operation{ + Name: opGetXssMatchSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.GetXssMatchSetInput{} + } + + output = &waf.GetXssMatchSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetXssMatchSet API operation for AWS WAF Regional. +// +// Returns the XssMatchSet that is specified by XssMatchSetId. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation GetXssMatchSet for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetXssMatchSet +func (c *WAFRegional) GetXssMatchSet(input *waf.GetXssMatchSetInput) (*waf.GetXssMatchSetOutput, error) { + req, out := c.GetXssMatchSetRequest(input) + err := req.Send() + return out, err +} + +const opListByteMatchSets = "ListByteMatchSets" + +// ListByteMatchSetsRequest generates a "aws/request.Request" representing the +// client's request for the ListByteMatchSets operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListByteMatchSets for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListByteMatchSets method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListByteMatchSetsRequest method. +// req, resp := client.ListByteMatchSetsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListByteMatchSets +func (c *WAFRegional) ListByteMatchSetsRequest(input *waf.ListByteMatchSetsInput) (req *request.Request, output *waf.ListByteMatchSetsOutput) { + op := &request.Operation{ + Name: opListByteMatchSets, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.ListByteMatchSetsInput{} + } + + output = &waf.ListByteMatchSetsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListByteMatchSets API operation for AWS WAF Regional. +// +// Returns an array of ByteMatchSetSummary objects. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation ListByteMatchSets for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListByteMatchSets +func (c *WAFRegional) ListByteMatchSets(input *waf.ListByteMatchSetsInput) (*waf.ListByteMatchSetsOutput, error) { + req, out := c.ListByteMatchSetsRequest(input) + err := req.Send() + return out, err +} + +const opListIPSets = "ListIPSets" + +// ListIPSetsRequest generates a "aws/request.Request" representing the +// client's request for the ListIPSets operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListIPSets for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListIPSets method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListIPSetsRequest method. +// req, resp := client.ListIPSetsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListIPSets +func (c *WAFRegional) ListIPSetsRequest(input *waf.ListIPSetsInput) (req *request.Request, output *waf.ListIPSetsOutput) { + op := &request.Operation{ + Name: opListIPSets, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.ListIPSetsInput{} + } + + output = &waf.ListIPSetsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListIPSets API operation for AWS WAF Regional. +// +// Returns an array of IPSetSummary objects in the response. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation ListIPSets for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListIPSets +func (c *WAFRegional) ListIPSets(input *waf.ListIPSetsInput) (*waf.ListIPSetsOutput, error) { + req, out := c.ListIPSetsRequest(input) + err := req.Send() + return out, err +} + +const opListResourcesForWebACL = "ListResourcesForWebACL" + +// ListResourcesForWebACLRequest generates a "aws/request.Request" representing the +// client's request for the ListResourcesForWebACL operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListResourcesForWebACL for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListResourcesForWebACL method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListResourcesForWebACLRequest method. +// req, resp := client.ListResourcesForWebACLRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListResourcesForWebACL +func (c *WAFRegional) ListResourcesForWebACLRequest(input *ListResourcesForWebACLInput) (req *request.Request, output *ListResourcesForWebACLOutput) { + op := &request.Operation{ + Name: opListResourcesForWebACL, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ListResourcesForWebACLInput{} + } + + output = &ListResourcesForWebACLOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListResourcesForWebACL API operation for AWS WAF Regional. +// +// Returns an array of resources associated with the specified web ACL. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation ListResourcesForWebACL for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListResourcesForWebACL +func (c *WAFRegional) ListResourcesForWebACL(input *ListResourcesForWebACLInput) (*ListResourcesForWebACLOutput, error) { + req, out := c.ListResourcesForWebACLRequest(input) + err := req.Send() + return out, err +} + +const opListRules = "ListRules" + +// ListRulesRequest generates a "aws/request.Request" representing the +// client's request for the ListRules operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListRules for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListRules method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListRulesRequest method. +// req, resp := client.ListRulesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListRules +func (c *WAFRegional) ListRulesRequest(input *waf.ListRulesInput) (req *request.Request, output *waf.ListRulesOutput) { + op := &request.Operation{ + Name: opListRules, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.ListRulesInput{} + } + + output = &waf.ListRulesOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListRules API operation for AWS WAF Regional. +// +// Returns an array of RuleSummary objects. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation ListRules for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListRules +func (c *WAFRegional) ListRules(input *waf.ListRulesInput) (*waf.ListRulesOutput, error) { + req, out := c.ListRulesRequest(input) + err := req.Send() + return out, err +} + +const opListSizeConstraintSets = "ListSizeConstraintSets" + +// ListSizeConstraintSetsRequest generates a "aws/request.Request" representing the +// client's request for the ListSizeConstraintSets operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListSizeConstraintSets for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListSizeConstraintSets method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListSizeConstraintSetsRequest method. +// req, resp := client.ListSizeConstraintSetsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListSizeConstraintSets +func (c *WAFRegional) ListSizeConstraintSetsRequest(input *waf.ListSizeConstraintSetsInput) (req *request.Request, output *waf.ListSizeConstraintSetsOutput) { + op := &request.Operation{ + Name: opListSizeConstraintSets, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.ListSizeConstraintSetsInput{} + } + + output = &waf.ListSizeConstraintSetsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListSizeConstraintSets API operation for AWS WAF Regional. +// +// Returns an array of SizeConstraintSetSummary objects. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation ListSizeConstraintSets for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListSizeConstraintSets +func (c *WAFRegional) ListSizeConstraintSets(input *waf.ListSizeConstraintSetsInput) (*waf.ListSizeConstraintSetsOutput, error) { + req, out := c.ListSizeConstraintSetsRequest(input) + err := req.Send() + return out, err +} + +const opListSqlInjectionMatchSets = "ListSqlInjectionMatchSets" + +// ListSqlInjectionMatchSetsRequest generates a "aws/request.Request" representing the +// client's request for the ListSqlInjectionMatchSets operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListSqlInjectionMatchSets for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListSqlInjectionMatchSets method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListSqlInjectionMatchSetsRequest method. +// req, resp := client.ListSqlInjectionMatchSetsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListSqlInjectionMatchSets +func (c *WAFRegional) ListSqlInjectionMatchSetsRequest(input *waf.ListSqlInjectionMatchSetsInput) (req *request.Request, output *waf.ListSqlInjectionMatchSetsOutput) { + op := &request.Operation{ + Name: opListSqlInjectionMatchSets, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.ListSqlInjectionMatchSetsInput{} + } + + output = &waf.ListSqlInjectionMatchSetsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListSqlInjectionMatchSets API operation for AWS WAF Regional. +// +// Returns an array of SqlInjectionMatchSet objects. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation ListSqlInjectionMatchSets for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListSqlInjectionMatchSets +func (c *WAFRegional) ListSqlInjectionMatchSets(input *waf.ListSqlInjectionMatchSetsInput) (*waf.ListSqlInjectionMatchSetsOutput, error) { + req, out := c.ListSqlInjectionMatchSetsRequest(input) + err := req.Send() + return out, err +} + +const opListWebACLs = "ListWebACLs" + +// ListWebACLsRequest generates a "aws/request.Request" representing the +// client's request for the ListWebACLs operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListWebACLs for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListWebACLs method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListWebACLsRequest method. +// req, resp := client.ListWebACLsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListWebACLs +func (c *WAFRegional) ListWebACLsRequest(input *waf.ListWebACLsInput) (req *request.Request, output *waf.ListWebACLsOutput) { + op := &request.Operation{ + Name: opListWebACLs, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.ListWebACLsInput{} + } + + output = &waf.ListWebACLsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListWebACLs API operation for AWS WAF Regional. +// +// Returns an array of WebACLSummary objects in the response. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation ListWebACLs for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListWebACLs +func (c *WAFRegional) ListWebACLs(input *waf.ListWebACLsInput) (*waf.ListWebACLsOutput, error) { + req, out := c.ListWebACLsRequest(input) + err := req.Send() + return out, err +} + +const opListXssMatchSets = "ListXssMatchSets" + +// ListXssMatchSetsRequest generates a "aws/request.Request" representing the +// client's request for the ListXssMatchSets operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListXssMatchSets for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListXssMatchSets method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListXssMatchSetsRequest method. +// req, resp := client.ListXssMatchSetsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListXssMatchSets +func (c *WAFRegional) ListXssMatchSetsRequest(input *waf.ListXssMatchSetsInput) (req *request.Request, output *waf.ListXssMatchSetsOutput) { + op := &request.Operation{ + Name: opListXssMatchSets, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.ListXssMatchSetsInput{} + } + + output = &waf.ListXssMatchSetsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListXssMatchSets API operation for AWS WAF Regional. +// +// Returns an array of XssMatchSet objects. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation ListXssMatchSets for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListXssMatchSets +func (c *WAFRegional) ListXssMatchSets(input *waf.ListXssMatchSetsInput) (*waf.ListXssMatchSetsOutput, error) { + req, out := c.ListXssMatchSetsRequest(input) + err := req.Send() + return out, err +} + +const opUpdateByteMatchSet = "UpdateByteMatchSet" + +// UpdateByteMatchSetRequest generates a "aws/request.Request" representing the +// client's request for the UpdateByteMatchSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See UpdateByteMatchSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the UpdateByteMatchSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the UpdateByteMatchSetRequest method. +// req, resp := client.UpdateByteMatchSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/UpdateByteMatchSet +func (c *WAFRegional) UpdateByteMatchSetRequest(input *waf.UpdateByteMatchSetInput) (req *request.Request, output *waf.UpdateByteMatchSetOutput) { + op := &request.Operation{ + Name: opUpdateByteMatchSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.UpdateByteMatchSetInput{} + } + + output = &waf.UpdateByteMatchSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateByteMatchSet API operation for AWS WAF Regional. +// +// Inserts or deletes ByteMatchTuple objects (filters) in a ByteMatchSet. For +// each ByteMatchTuple object, you specify the following values: +// +// * Whether to insert or delete the object from the array. If you want to +// change a ByteMatchSetUpdate object, you delete the existing object and +// add a new one. +// +// * The part of a web request that you want AWS WAF to inspect, such as +// a query string or the value of the User-Agent header. +// +// * The bytes (typically a string that corresponds with ASCII characters) +// that you want AWS WAF to look for. For more information, including how +// you specify the values for the AWS WAF API and the AWS CLI or SDKs, see +// TargetString in the ByteMatchTuple data type. +// +// * Where to look, such as at the beginning or the end of a query string. +// +// * Whether to perform any conversions on the request, such as converting +// it to lowercase, before inspecting it for the specified string. +// +// For example, you can add a ByteMatchSetUpdate object that matches web requests +// in which User-Agent headers contain the string BadBot. You can then configure +// AWS WAF to block those requests. +// +// To create and configure a ByteMatchSet, perform the following steps: +// +// Create a ByteMatchSet. For more information, see CreateByteMatchSet. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of an UpdateByteMatchSet request. +// +// Submit an UpdateByteMatchSet request to specify the part of the request that +// you want AWS WAF to inspect (for example, the header or the URI) and the +// value that you want AWS WAF to watch for. +// +// For more information about how to use the AWS WAF API to allow or block HTTP +// requests, see the AWS WAF Developer Guide (http://docs.aws.amazon.com/waf/latest/developerguide/). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation UpdateByteMatchSet for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFInvalidOperationException +// The operation failed because there was nothing to do. For example: +// +// * You tried to remove a Rule from a WebACL, but the Rule isn't in the +// specified WebACL. +// +// * You tried to remove an IP address from an IPSet, but the IP address +// isn't in the specified IPSet. +// +// * You tried to remove a ByteMatchTuple from a ByteMatchSet, but the ByteMatchTuple +// isn't in the specified WebACL. +// +// * You tried to add a Rule to a WebACL, but the Rule already exists in +// the specified WebACL. +// +// * You tried to add an IP address to an IPSet, but the IP address already +// exists in the specified IPSet. +// +// * You tried to add a ByteMatchTuple to a ByteMatchSet, but the ByteMatchTuple +// already exists in the specified WebACL. +// +// * WAFInvalidParameterException +// The operation failed because AWS WAF didn't recognize a parameter in the +// request. For example: +// +// * You specified an invalid parameter name. +// +// * You specified an invalid value. +// +// * You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) +// using an action other than INSERT or DELETE. +// +// * You tried to create a WebACL with a DefaultActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a WebACL with a WafActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a ByteMatchSet with a FieldToMatchType other than +// HEADER, QUERY_STRING, or URI. +// +// * You tried to update a ByteMatchSet with a Field of HEADER but no value +// for Data. +// +// * Your request references an ARN that is malformed, or corresponds to +// a resource with which a web ACL cannot be associated. +// +// * WAFNonexistentContainerException +// The operation failed because you tried to add an object to or delete an object +// from another object that doesn't exist. For example: +// +// * You tried to add a Rule to or delete a Rule from a WebACL that doesn't +// exist. +// +// * You tried to add a ByteMatchSet to or delete a ByteMatchSet from a Rule +// that doesn't exist. +// +// * You tried to add an IP address to or delete an IP address from an IPSet +// that doesn't exist. +// +// * You tried to add a ByteMatchTuple to or delete a ByteMatchTuple from +// a ByteMatchSet that doesn't exist. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFLimitsExceededException +// The operation exceeds a resource limit, for example, the maximum number of +// WebACL objects that you can create for an AWS account. For more information, +// see Limits (http://docs.aws.amazon.com/waf/latest/developerguide/limits.html) +// in the AWS WAF Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/UpdateByteMatchSet +func (c *WAFRegional) UpdateByteMatchSet(input *waf.UpdateByteMatchSetInput) (*waf.UpdateByteMatchSetOutput, error) { + req, out := c.UpdateByteMatchSetRequest(input) + err := req.Send() + return out, err +} + +const opUpdateIPSet = "UpdateIPSet" + +// UpdateIPSetRequest generates a "aws/request.Request" representing the +// client's request for the UpdateIPSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See UpdateIPSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the UpdateIPSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the UpdateIPSetRequest method. +// req, resp := client.UpdateIPSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/UpdateIPSet +func (c *WAFRegional) UpdateIPSetRequest(input *waf.UpdateIPSetInput) (req *request.Request, output *waf.UpdateIPSetOutput) { + op := &request.Operation{ + Name: opUpdateIPSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.UpdateIPSetInput{} + } + + output = &waf.UpdateIPSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateIPSet API operation for AWS WAF Regional. +// +// Inserts or deletes IPSetDescriptor objects in an IPSet. For each IPSetDescriptor +// object, you specify the following values: +// +// * Whether to insert or delete the object from the array. If you want to +// change an IPSetDescriptor object, you delete the existing object and add +// a new one. +// +// * The IP address version, IPv4 or IPv6. +// +// * The IP address in CIDR notation, for example, 192.0.2.0/24 (for the +// range of IP addresses from 192.0.2.0 to 192.0.2.255) or 192.0.2.44/32 +// (for the individual IP address 192.0.2.44). +// +// AWS WAF supports /8, /16, /24, and /32 IP address ranges for IPv4, and /24, +// /32, /48, /56, /64 and /128 for IPv6. For more information about CIDR notation, +// see the Wikipedia entry Classless Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). +// +// IPv6 addresses can be represented using any of the following formats: +// +// * 1111:0000:0000:0000:0000:0000:0000:0111/128 +// +// * 1111:0:0:0:0:0:0:0111/128 +// +// * 1111::0111/128 +// +// * 1111::111/128 +// +// You use an IPSet to specify which web requests you want to allow or block +// based on the IP addresses that the requests originated from. For example, +// if you're receiving a lot of requests from one or a small number of IP addresses +// and you want to block the requests, you can create an IPSet that specifies +// those IP addresses, and then configure AWS WAF to block the requests. +// +// To create and configure an IPSet, perform the following steps: +// +// Submit a CreateIPSet request. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of an UpdateIPSet request. +// +// Submit an UpdateIPSet request to specify the IP addresses that you want AWS +// WAF to watch for. +// +// When you update an IPSet, you specify the IP addresses that you want to add +// and/or the IP addresses that you want to delete. If you want to change an +// IP address, you delete the existing IP address and add the new one. +// +// For more information about how to use the AWS WAF API to allow or block HTTP +// requests, see the AWS WAF Developer Guide (http://docs.aws.amazon.com/waf/latest/developerguide/). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation UpdateIPSet for usage and error information. +// +// Returned Error Codes: +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFInvalidOperationException +// The operation failed because there was nothing to do. For example: +// +// * You tried to remove a Rule from a WebACL, but the Rule isn't in the +// specified WebACL. +// +// * You tried to remove an IP address from an IPSet, but the IP address +// isn't in the specified IPSet. +// +// * You tried to remove a ByteMatchTuple from a ByteMatchSet, but the ByteMatchTuple +// isn't in the specified WebACL. +// +// * You tried to add a Rule to a WebACL, but the Rule already exists in +// the specified WebACL. +// +// * You tried to add an IP address to an IPSet, but the IP address already +// exists in the specified IPSet. +// +// * You tried to add a ByteMatchTuple to a ByteMatchSet, but the ByteMatchTuple +// already exists in the specified WebACL. +// +// * WAFInvalidParameterException +// The operation failed because AWS WAF didn't recognize a parameter in the +// request. For example: +// +// * You specified an invalid parameter name. +// +// * You specified an invalid value. +// +// * You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) +// using an action other than INSERT or DELETE. +// +// * You tried to create a WebACL with a DefaultActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a WebACL with a WafActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a ByteMatchSet with a FieldToMatchType other than +// HEADER, QUERY_STRING, or URI. +// +// * You tried to update a ByteMatchSet with a Field of HEADER but no value +// for Data. +// +// * Your request references an ARN that is malformed, or corresponds to +// a resource with which a web ACL cannot be associated. +// +// * WAFNonexistentContainerException +// The operation failed because you tried to add an object to or delete an object +// from another object that doesn't exist. For example: +// +// * You tried to add a Rule to or delete a Rule from a WebACL that doesn't +// exist. +// +// * You tried to add a ByteMatchSet to or delete a ByteMatchSet from a Rule +// that doesn't exist. +// +// * You tried to add an IP address to or delete an IP address from an IPSet +// that doesn't exist. +// +// * You tried to add a ByteMatchTuple to or delete a ByteMatchTuple from +// a ByteMatchSet that doesn't exist. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFReferencedItemException +// The operation failed because you tried to delete an object that is still +// in use. For example: +// +// * You tried to delete a ByteMatchSet that is still referenced by a Rule. +// +// * You tried to delete a Rule that is still referenced by a WebACL. +// +// * WAFLimitsExceededException +// The operation exceeds a resource limit, for example, the maximum number of +// WebACL objects that you can create for an AWS account. For more information, +// see Limits (http://docs.aws.amazon.com/waf/latest/developerguide/limits.html) +// in the AWS WAF Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/UpdateIPSet +func (c *WAFRegional) UpdateIPSet(input *waf.UpdateIPSetInput) (*waf.UpdateIPSetOutput, error) { + req, out := c.UpdateIPSetRequest(input) + err := req.Send() + return out, err +} + +const opUpdateRule = "UpdateRule" + +// UpdateRuleRequest generates a "aws/request.Request" representing the +// client's request for the UpdateRule operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See UpdateRule for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the UpdateRule method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the UpdateRuleRequest method. +// req, resp := client.UpdateRuleRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/UpdateRule +func (c *WAFRegional) UpdateRuleRequest(input *waf.UpdateRuleInput) (req *request.Request, output *waf.UpdateRuleOutput) { + op := &request.Operation{ + Name: opUpdateRule, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.UpdateRuleInput{} + } + + output = &waf.UpdateRuleOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateRule API operation for AWS WAF Regional. +// +// Inserts or deletes Predicate objects in a Rule. Each Predicate object identifies +// a predicate, such as a ByteMatchSet or an IPSet, that specifies the web requests +// that you want to allow, block, or count. If you add more than one predicate +// to a Rule, a request must match all of the specifications to be allowed, +// blocked, or counted. For example, suppose you add the following to a Rule: +// +// * A ByteMatchSet that matches the value BadBot in the User-Agent header +// +// * An IPSet that matches the IP address 192.0.2.44 +// +// You then add the Rule to a WebACL and specify that you want to block requests +// that satisfy the Rule. For a request to be blocked, the User-Agent header +// in the request must contain the value BadBotand the request must originate +// from the IP address 192.0.2.44. +// +// To create and configure a Rule, perform the following steps: +// +// Create and update the predicates that you want to include in the Rule. +// +// Create the Rule. See CreateRule. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of an UpdateRule request. +// +// Submit an UpdateRule request to add predicates to the Rule. +// +// Create and update a WebACL that contains the Rule. See CreateWebACL. +// +// If you want to replace one ByteMatchSet or IPSet with another, you delete +// the existing one and add the new one. +// +// For more information about how to use the AWS WAF API to allow or block HTTP +// requests, see the AWS WAF Developer Guide (http://docs.aws.amazon.com/waf/latest/developerguide/). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation UpdateRule for usage and error information. +// +// Returned Error Codes: +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFInvalidOperationException +// The operation failed because there was nothing to do. For example: +// +// * You tried to remove a Rule from a WebACL, but the Rule isn't in the +// specified WebACL. +// +// * You tried to remove an IP address from an IPSet, but the IP address +// isn't in the specified IPSet. +// +// * You tried to remove a ByteMatchTuple from a ByteMatchSet, but the ByteMatchTuple +// isn't in the specified WebACL. +// +// * You tried to add a Rule to a WebACL, but the Rule already exists in +// the specified WebACL. +// +// * You tried to add an IP address to an IPSet, but the IP address already +// exists in the specified IPSet. +// +// * You tried to add a ByteMatchTuple to a ByteMatchSet, but the ByteMatchTuple +// already exists in the specified WebACL. +// +// * WAFInvalidParameterException +// The operation failed because AWS WAF didn't recognize a parameter in the +// request. For example: +// +// * You specified an invalid parameter name. +// +// * You specified an invalid value. +// +// * You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) +// using an action other than INSERT or DELETE. +// +// * You tried to create a WebACL with a DefaultActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a WebACL with a WafActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a ByteMatchSet with a FieldToMatchType other than +// HEADER, QUERY_STRING, or URI. +// +// * You tried to update a ByteMatchSet with a Field of HEADER but no value +// for Data. +// +// * Your request references an ARN that is malformed, or corresponds to +// a resource with which a web ACL cannot be associated. +// +// * WAFNonexistentContainerException +// The operation failed because you tried to add an object to or delete an object +// from another object that doesn't exist. For example: +// +// * You tried to add a Rule to or delete a Rule from a WebACL that doesn't +// exist. +// +// * You tried to add a ByteMatchSet to or delete a ByteMatchSet from a Rule +// that doesn't exist. +// +// * You tried to add an IP address to or delete an IP address from an IPSet +// that doesn't exist. +// +// * You tried to add a ByteMatchTuple to or delete a ByteMatchTuple from +// a ByteMatchSet that doesn't exist. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFReferencedItemException +// The operation failed because you tried to delete an object that is still +// in use. For example: +// +// * You tried to delete a ByteMatchSet that is still referenced by a Rule. +// +// * You tried to delete a Rule that is still referenced by a WebACL. +// +// * WAFLimitsExceededException +// The operation exceeds a resource limit, for example, the maximum number of +// WebACL objects that you can create for an AWS account. For more information, +// see Limits (http://docs.aws.amazon.com/waf/latest/developerguide/limits.html) +// in the AWS WAF Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/UpdateRule +func (c *WAFRegional) UpdateRule(input *waf.UpdateRuleInput) (*waf.UpdateRuleOutput, error) { + req, out := c.UpdateRuleRequest(input) + err := req.Send() + return out, err +} + +const opUpdateSizeConstraintSet = "UpdateSizeConstraintSet" + +// UpdateSizeConstraintSetRequest generates a "aws/request.Request" representing the +// client's request for the UpdateSizeConstraintSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See UpdateSizeConstraintSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the UpdateSizeConstraintSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the UpdateSizeConstraintSetRequest method. +// req, resp := client.UpdateSizeConstraintSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/UpdateSizeConstraintSet +func (c *WAFRegional) UpdateSizeConstraintSetRequest(input *waf.UpdateSizeConstraintSetInput) (req *request.Request, output *waf.UpdateSizeConstraintSetOutput) { + op := &request.Operation{ + Name: opUpdateSizeConstraintSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.UpdateSizeConstraintSetInput{} + } + + output = &waf.UpdateSizeConstraintSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateSizeConstraintSet API operation for AWS WAF Regional. +// +// Inserts or deletes SizeConstraint objects (filters) in a SizeConstraintSet. +// For each SizeConstraint object, you specify the following values: +// +// * Whether to insert or delete the object from the array. If you want to +// change a SizeConstraintSetUpdate object, you delete the existing object +// and add a new one. +// +// * The part of a web request that you want AWS WAF to evaluate, such as +// the length of a query string or the length of the User-Agent header. +// +// * Whether to perform any transformations on the request, such as converting +// it to lowercase, before checking its length. Note that transformations +// of the request body are not supported because the AWS resource forwards +// only the first 8192 bytes of your request to AWS WAF. +// +// * A ComparisonOperator used for evaluating the selected part of the request +// against the specified Size, such as equals, greater than, less than, and +// so on. +// +// * The length, in bytes, that you want AWS WAF to watch for in selected +// part of the request. The length is computed after applying the transformation. +// +// For example, you can add a SizeConstraintSetUpdate object that matches web +// requests in which the length of the User-Agent header is greater than 100 +// bytes. You can then configure AWS WAF to block those requests. +// +// To create and configure a SizeConstraintSet, perform the following steps: +// +// Create a SizeConstraintSet. For more information, see CreateSizeConstraintSet. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of an UpdateSizeConstraintSet request. +// +// Submit an UpdateSizeConstraintSet request to specify the part of the request +// that you want AWS WAF to inspect (for example, the header or the URI) and +// the value that you want AWS WAF to watch for. +// +// For more information about how to use the AWS WAF API to allow or block HTTP +// requests, see the AWS WAF Developer Guide (http://docs.aws.amazon.com/waf/latest/developerguide/). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation UpdateSizeConstraintSet for usage and error information. +// +// Returned Error Codes: +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFInvalidOperationException +// The operation failed because there was nothing to do. For example: +// +// * You tried to remove a Rule from a WebACL, but the Rule isn't in the +// specified WebACL. +// +// * You tried to remove an IP address from an IPSet, but the IP address +// isn't in the specified IPSet. +// +// * You tried to remove a ByteMatchTuple from a ByteMatchSet, but the ByteMatchTuple +// isn't in the specified WebACL. +// +// * You tried to add a Rule to a WebACL, but the Rule already exists in +// the specified WebACL. +// +// * You tried to add an IP address to an IPSet, but the IP address already +// exists in the specified IPSet. +// +// * You tried to add a ByteMatchTuple to a ByteMatchSet, but the ByteMatchTuple +// already exists in the specified WebACL. +// +// * WAFInvalidParameterException +// The operation failed because AWS WAF didn't recognize a parameter in the +// request. For example: +// +// * You specified an invalid parameter name. +// +// * You specified an invalid value. +// +// * You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) +// using an action other than INSERT or DELETE. +// +// * You tried to create a WebACL with a DefaultActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a WebACL with a WafActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a ByteMatchSet with a FieldToMatchType other than +// HEADER, QUERY_STRING, or URI. +// +// * You tried to update a ByteMatchSet with a Field of HEADER but no value +// for Data. +// +// * Your request references an ARN that is malformed, or corresponds to +// a resource with which a web ACL cannot be associated. +// +// * WAFNonexistentContainerException +// The operation failed because you tried to add an object to or delete an object +// from another object that doesn't exist. For example: +// +// * You tried to add a Rule to or delete a Rule from a WebACL that doesn't +// exist. +// +// * You tried to add a ByteMatchSet to or delete a ByteMatchSet from a Rule +// that doesn't exist. +// +// * You tried to add an IP address to or delete an IP address from an IPSet +// that doesn't exist. +// +// * You tried to add a ByteMatchTuple to or delete a ByteMatchTuple from +// a ByteMatchSet that doesn't exist. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFReferencedItemException +// The operation failed because you tried to delete an object that is still +// in use. For example: +// +// * You tried to delete a ByteMatchSet that is still referenced by a Rule. +// +// * You tried to delete a Rule that is still referenced by a WebACL. +// +// * WAFLimitsExceededException +// The operation exceeds a resource limit, for example, the maximum number of +// WebACL objects that you can create for an AWS account. For more information, +// see Limits (http://docs.aws.amazon.com/waf/latest/developerguide/limits.html) +// in the AWS WAF Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/UpdateSizeConstraintSet +func (c *WAFRegional) UpdateSizeConstraintSet(input *waf.UpdateSizeConstraintSetInput) (*waf.UpdateSizeConstraintSetOutput, error) { + req, out := c.UpdateSizeConstraintSetRequest(input) + err := req.Send() + return out, err +} + +const opUpdateSqlInjectionMatchSet = "UpdateSqlInjectionMatchSet" + +// UpdateSqlInjectionMatchSetRequest generates a "aws/request.Request" representing the +// client's request for the UpdateSqlInjectionMatchSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See UpdateSqlInjectionMatchSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the UpdateSqlInjectionMatchSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the UpdateSqlInjectionMatchSetRequest method. +// req, resp := client.UpdateSqlInjectionMatchSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/UpdateSqlInjectionMatchSet +func (c *WAFRegional) UpdateSqlInjectionMatchSetRequest(input *waf.UpdateSqlInjectionMatchSetInput) (req *request.Request, output *waf.UpdateSqlInjectionMatchSetOutput) { + op := &request.Operation{ + Name: opUpdateSqlInjectionMatchSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.UpdateSqlInjectionMatchSetInput{} + } + + output = &waf.UpdateSqlInjectionMatchSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateSqlInjectionMatchSet API operation for AWS WAF Regional. +// +// Inserts or deletes SqlInjectionMatchTuple objects (filters) in a SqlInjectionMatchSet. +// For each SqlInjectionMatchTuple object, you specify the following values: +// +// * Action: Whether to insert the object into or delete the object from +// the array. To change a SqlInjectionMatchTuple, you delete the existing +// object and add a new one. +// +// * FieldToMatch: The part of web requests that you want AWS WAF to inspect +// and, if you want AWS WAF to inspect a header, the name of the header. +// +// * TextTransformation: Which text transformation, if any, to perform on +// the web request before inspecting the request for snippets of malicious +// SQL code. +// +// You use SqlInjectionMatchSet objects to specify which CloudFront requests +// you want to allow, block, or count. For example, if you're receiving requests +// that contain snippets of SQL code in the query string and you want to block +// the requests, you can create a SqlInjectionMatchSet with the applicable settings, +// and then configure AWS WAF to block the requests. +// +// To create and configure a SqlInjectionMatchSet, perform the following steps: +// +// Submit a CreateSqlInjectionMatchSet request. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of an UpdateIPSet request. +// +// Submit an UpdateSqlInjectionMatchSet request to specify the parts of web +// requests that you want AWS WAF to inspect for snippets of SQL code. +// +// For more information about how to use the AWS WAF API to allow or block HTTP +// requests, see the AWS WAF Developer Guide (http://docs.aws.amazon.com/waf/latest/developerguide/). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation UpdateSqlInjectionMatchSet for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFInvalidOperationException +// The operation failed because there was nothing to do. For example: +// +// * You tried to remove a Rule from a WebACL, but the Rule isn't in the +// specified WebACL. +// +// * You tried to remove an IP address from an IPSet, but the IP address +// isn't in the specified IPSet. +// +// * You tried to remove a ByteMatchTuple from a ByteMatchSet, but the ByteMatchTuple +// isn't in the specified WebACL. +// +// * You tried to add a Rule to a WebACL, but the Rule already exists in +// the specified WebACL. +// +// * You tried to add an IP address to an IPSet, but the IP address already +// exists in the specified IPSet. +// +// * You tried to add a ByteMatchTuple to a ByteMatchSet, but the ByteMatchTuple +// already exists in the specified WebACL. +// +// * WAFInvalidParameterException +// The operation failed because AWS WAF didn't recognize a parameter in the +// request. For example: +// +// * You specified an invalid parameter name. +// +// * You specified an invalid value. +// +// * You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) +// using an action other than INSERT or DELETE. +// +// * You tried to create a WebACL with a DefaultActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a WebACL with a WafActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a ByteMatchSet with a FieldToMatchType other than +// HEADER, QUERY_STRING, or URI. +// +// * You tried to update a ByteMatchSet with a Field of HEADER but no value +// for Data. +// +// * Your request references an ARN that is malformed, or corresponds to +// a resource with which a web ACL cannot be associated. +// +// * WAFNonexistentContainerException +// The operation failed because you tried to add an object to or delete an object +// from another object that doesn't exist. For example: +// +// * You tried to add a Rule to or delete a Rule from a WebACL that doesn't +// exist. +// +// * You tried to add a ByteMatchSet to or delete a ByteMatchSet from a Rule +// that doesn't exist. +// +// * You tried to add an IP address to or delete an IP address from an IPSet +// that doesn't exist. +// +// * You tried to add a ByteMatchTuple to or delete a ByteMatchTuple from +// a ByteMatchSet that doesn't exist. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFLimitsExceededException +// The operation exceeds a resource limit, for example, the maximum number of +// WebACL objects that you can create for an AWS account. For more information, +// see Limits (http://docs.aws.amazon.com/waf/latest/developerguide/limits.html) +// in the AWS WAF Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/UpdateSqlInjectionMatchSet +func (c *WAFRegional) UpdateSqlInjectionMatchSet(input *waf.UpdateSqlInjectionMatchSetInput) (*waf.UpdateSqlInjectionMatchSetOutput, error) { + req, out := c.UpdateSqlInjectionMatchSetRequest(input) + err := req.Send() + return out, err +} + +const opUpdateWebACL = "UpdateWebACL" + +// UpdateWebACLRequest generates a "aws/request.Request" representing the +// client's request for the UpdateWebACL operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See UpdateWebACL for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the UpdateWebACL method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the UpdateWebACLRequest method. +// req, resp := client.UpdateWebACLRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/UpdateWebACL +func (c *WAFRegional) UpdateWebACLRequest(input *waf.UpdateWebACLInput) (req *request.Request, output *waf.UpdateWebACLOutput) { + op := &request.Operation{ + Name: opUpdateWebACL, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.UpdateWebACLInput{} + } + + output = &waf.UpdateWebACLOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateWebACL API operation for AWS WAF Regional. +// +// Inserts or deletes ActivatedRule objects in a WebACL. Each Rule identifies +// web requests that you want to allow, block, or count. When you update a WebACL, +// you specify the following values: +// +// * A default action for the WebACL, either ALLOW or BLOCK. AWS WAF performs +// the default action if a request doesn't match the criteria in any of the +// Rules in a WebACL. +// +// * The Rules that you want to add and/or delete. If you want to replace +// one Rule with another, you delete the existing Rule and add the new one. +// +// * For each Rule, whether you want AWS WAF to allow requests, block requests, +// or count requests that match the conditions in the Rule. +// +// * The order in which you want AWS WAF to evaluate the Rules in a WebACL. +// If you add more than one Rule to a WebACL, AWS WAF evaluates each request +// against the Rules in order based on the value of Priority. (The Rule that +// has the lowest value for Priority is evaluated first.) When a web request +// matches all of the predicates (such as ByteMatchSets and IPSets) in a +// Rule, AWS WAF immediately takes the corresponding action, allow or block, +// and doesn't evaluate the request against the remaining Rules in the WebACL, +// if any. +// +// * The CloudFront distribution that you want to associate with the WebACL. +// +// To create and configure a WebACL, perform the following steps: +// +// Create and update the predicates that you want to include in Rules. For more +// information, see CreateByteMatchSet, UpdateByteMatchSet, CreateIPSet, UpdateIPSet, +// CreateSqlInjectionMatchSet, and UpdateSqlInjectionMatchSet. +// +// Create and update the Rules that you want to include in the WebACL. For more +// information, see CreateRule and UpdateRule. +// +// Create a WebACL. See CreateWebACL. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of an UpdateWebACL request. +// +// Submit an UpdateWebACL request to specify the Rules that you want to include +// in the WebACL, to specify the default action, and to associate the WebACL +// with a CloudFront distribution. +// +// For more information about how to use the AWS WAF API to allow or block HTTP +// requests, see the AWS WAF Developer Guide (http://docs.aws.amazon.com/waf/latest/developerguide/). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation UpdateWebACL for usage and error information. +// +// Returned Error Codes: +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFInvalidOperationException +// The operation failed because there was nothing to do. For example: +// +// * You tried to remove a Rule from a WebACL, but the Rule isn't in the +// specified WebACL. +// +// * You tried to remove an IP address from an IPSet, but the IP address +// isn't in the specified IPSet. +// +// * You tried to remove a ByteMatchTuple from a ByteMatchSet, but the ByteMatchTuple +// isn't in the specified WebACL. +// +// * You tried to add a Rule to a WebACL, but the Rule already exists in +// the specified WebACL. +// +// * You tried to add an IP address to an IPSet, but the IP address already +// exists in the specified IPSet. +// +// * You tried to add a ByteMatchTuple to a ByteMatchSet, but the ByteMatchTuple +// already exists in the specified WebACL. +// +// * WAFInvalidParameterException +// The operation failed because AWS WAF didn't recognize a parameter in the +// request. For example: +// +// * You specified an invalid parameter name. +// +// * You specified an invalid value. +// +// * You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) +// using an action other than INSERT or DELETE. +// +// * You tried to create a WebACL with a DefaultActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a WebACL with a WafActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a ByteMatchSet with a FieldToMatchType other than +// HEADER, QUERY_STRING, or URI. +// +// * You tried to update a ByteMatchSet with a Field of HEADER but no value +// for Data. +// +// * Your request references an ARN that is malformed, or corresponds to +// a resource with which a web ACL cannot be associated. +// +// * WAFNonexistentContainerException +// The operation failed because you tried to add an object to or delete an object +// from another object that doesn't exist. For example: +// +// * You tried to add a Rule to or delete a Rule from a WebACL that doesn't +// exist. +// +// * You tried to add a ByteMatchSet to or delete a ByteMatchSet from a Rule +// that doesn't exist. +// +// * You tried to add an IP address to or delete an IP address from an IPSet +// that doesn't exist. +// +// * You tried to add a ByteMatchTuple to or delete a ByteMatchTuple from +// a ByteMatchSet that doesn't exist. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFReferencedItemException +// The operation failed because you tried to delete an object that is still +// in use. For example: +// +// * You tried to delete a ByteMatchSet that is still referenced by a Rule. +// +// * You tried to delete a Rule that is still referenced by a WebACL. +// +// * WAFLimitsExceededException +// The operation exceeds a resource limit, for example, the maximum number of +// WebACL objects that you can create for an AWS account. For more information, +// see Limits (http://docs.aws.amazon.com/waf/latest/developerguide/limits.html) +// in the AWS WAF Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/UpdateWebACL +func (c *WAFRegional) UpdateWebACL(input *waf.UpdateWebACLInput) (*waf.UpdateWebACLOutput, error) { + req, out := c.UpdateWebACLRequest(input) + err := req.Send() + return out, err +} + +const opUpdateXssMatchSet = "UpdateXssMatchSet" + +// UpdateXssMatchSetRequest generates a "aws/request.Request" representing the +// client's request for the UpdateXssMatchSet operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See UpdateXssMatchSet for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the UpdateXssMatchSet method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the UpdateXssMatchSetRequest method. +// req, resp := client.UpdateXssMatchSetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/UpdateXssMatchSet +func (c *WAFRegional) UpdateXssMatchSetRequest(input *waf.UpdateXssMatchSetInput) (req *request.Request, output *waf.UpdateXssMatchSetOutput) { + op := &request.Operation{ + Name: opUpdateXssMatchSet, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &waf.UpdateXssMatchSetInput{} + } + + output = &waf.UpdateXssMatchSetOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateXssMatchSet API operation for AWS WAF Regional. +// +// Inserts or deletes XssMatchTuple objects (filters) in an XssMatchSet. For +// each XssMatchTuple object, you specify the following values: +// +// * Action: Whether to insert the object into or delete the object from +// the array. To change a XssMatchTuple, you delete the existing object and +// add a new one. +// +// * FieldToMatch: The part of web requests that you want AWS WAF to inspect +// and, if you want AWS WAF to inspect a header, the name of the header. +// +// * TextTransformation: Which text transformation, if any, to perform on +// the web request before inspecting the request for cross-site scripting +// attacks. +// +// You use XssMatchSet objects to specify which CloudFront requests you want +// to allow, block, or count. For example, if you're receiving requests that +// contain cross-site scripting attacks in the request body and you want to +// block the requests, you can create an XssMatchSet with the applicable settings, +// and then configure AWS WAF to block the requests. +// +// To create and configure an XssMatchSet, perform the following steps: +// +// Submit a CreateXssMatchSet request. +// +// Use GetChangeToken to get the change token that you provide in the ChangeToken +// parameter of an UpdateIPSet request. +// +// Submit an UpdateXssMatchSet request to specify the parts of web requests +// that you want AWS WAF to inspect for cross-site scripting attacks. +// +// For more information about how to use the AWS WAF API to allow or block HTTP +// requests, see the AWS WAF Developer Guide (http://docs.aws.amazon.com/waf/latest/developerguide/). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS WAF Regional's +// API operation UpdateXssMatchSet for usage and error information. +// +// Returned Error Codes: +// * WAFInternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// * WAFInvalidAccountException +// The operation failed because you tried to create, update, or delete an object +// by using an invalid account identifier. +// +// * WAFInvalidOperationException +// The operation failed because there was nothing to do. For example: +// +// * You tried to remove a Rule from a WebACL, but the Rule isn't in the +// specified WebACL. +// +// * You tried to remove an IP address from an IPSet, but the IP address +// isn't in the specified IPSet. +// +// * You tried to remove a ByteMatchTuple from a ByteMatchSet, but the ByteMatchTuple +// isn't in the specified WebACL. +// +// * You tried to add a Rule to a WebACL, but the Rule already exists in +// the specified WebACL. +// +// * You tried to add an IP address to an IPSet, but the IP address already +// exists in the specified IPSet. +// +// * You tried to add a ByteMatchTuple to a ByteMatchSet, but the ByteMatchTuple +// already exists in the specified WebACL. +// +// * WAFInvalidParameterException +// The operation failed because AWS WAF didn't recognize a parameter in the +// request. For example: +// +// * You specified an invalid parameter name. +// +// * You specified an invalid value. +// +// * You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) +// using an action other than INSERT or DELETE. +// +// * You tried to create a WebACL with a DefaultActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a WebACL with a WafActionType other than ALLOW, +// BLOCK, or COUNT. +// +// * You tried to update a ByteMatchSet with a FieldToMatchType other than +// HEADER, QUERY_STRING, or URI. +// +// * You tried to update a ByteMatchSet with a Field of HEADER but no value +// for Data. +// +// * Your request references an ARN that is malformed, or corresponds to +// a resource with which a web ACL cannot be associated. +// +// * WAFNonexistentContainerException +// The operation failed because you tried to add an object to or delete an object +// from another object that doesn't exist. For example: +// +// * You tried to add a Rule to or delete a Rule from a WebACL that doesn't +// exist. +// +// * You tried to add a ByteMatchSet to or delete a ByteMatchSet from a Rule +// that doesn't exist. +// +// * You tried to add an IP address to or delete an IP address from an IPSet +// that doesn't exist. +// +// * You tried to add a ByteMatchTuple to or delete a ByteMatchTuple from +// a ByteMatchSet that doesn't exist. +// +// * WAFNonexistentItemException +// The operation failed because the referenced object doesn't exist. +// +// * WAFStaleDataException +// The operation failed because you tried to create, update, or delete an object +// by using a change token that has already been used. +// +// * WAFLimitsExceededException +// The operation exceeds a resource limit, for example, the maximum number of +// WebACL objects that you can create for an AWS account. For more information, +// see Limits (http://docs.aws.amazon.com/waf/latest/developerguide/limits.html) +// in the AWS WAF Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/UpdateXssMatchSet +func (c *WAFRegional) UpdateXssMatchSet(input *waf.UpdateXssMatchSetInput) (*waf.UpdateXssMatchSetOutput, error) { + req, out := c.UpdateXssMatchSetRequest(input) + err := req.Send() + return out, err +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/AssociateWebACLRequest +type AssociateWebACLInput struct { + _ struct{} `type:"structure"` + + // The ARN (Amazon Resource Name) of the resource to be protected. + // + // ResourceArn is a required field + ResourceArn *string `min:"1" type:"string" required:"true"` + + // A unique identifier (ID) for the web ACL. + // + // WebACLId is a required field + WebACLId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s AssociateWebACLInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AssociateWebACLInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AssociateWebACLInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AssociateWebACLInput"} + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + if s.ResourceArn != nil && len(*s.ResourceArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1)) + } + if s.WebACLId == nil { + invalidParams.Add(request.NewErrParamRequired("WebACLId")) + } + if s.WebACLId != nil && len(*s.WebACLId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("WebACLId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *AssociateWebACLInput) SetResourceArn(v string) *AssociateWebACLInput { + s.ResourceArn = &v + return s +} + +// SetWebACLId sets the WebACLId field's value. +func (s *AssociateWebACLInput) SetWebACLId(v string) *AssociateWebACLInput { + s.WebACLId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/AssociateWebACLResponse +type AssociateWebACLOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s AssociateWebACLOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AssociateWebACLOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DisassociateWebACLRequest +type DisassociateWebACLInput struct { + _ struct{} `type:"structure"` + + // The ARN (Amazon Resource Name) of the resource from which the web ACL is + // being removed. + // + // ResourceArn is a required field + ResourceArn *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s DisassociateWebACLInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisassociateWebACLInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisassociateWebACLInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisassociateWebACLInput"} + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + if s.ResourceArn != nil && len(*s.ResourceArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *DisassociateWebACLInput) SetResourceArn(v string) *DisassociateWebACLInput { + s.ResourceArn = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/DisassociateWebACLResponse +type DisassociateWebACLOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DisassociateWebACLOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisassociateWebACLOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetWebACLForResourceRequest +type GetWebACLForResourceInput struct { + _ struct{} `type:"structure"` + + // The ARN (Amazon Resource Name) of the resource for which to get the web ACL. + // + // ResourceArn is a required field + ResourceArn *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetWebACLForResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetWebACLForResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetWebACLForResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetWebACLForResourceInput"} + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + if s.ResourceArn != nil && len(*s.ResourceArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *GetWebACLForResourceInput) SetResourceArn(v string) *GetWebACLForResourceInput { + s.ResourceArn = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetWebACLForResourceResponse +type GetWebACLForResourceOutput struct { + _ struct{} `type:"structure"` + + // Information about the web ACL that you specified in the GetWebACLForResource + // request. If there is no associated resource, a null WebACLSummary is returned. + WebACLSummary *waf.WebACLSummary `type:"structure"` +} + +// String returns the string representation +func (s GetWebACLForResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetWebACLForResourceOutput) GoString() string { + return s.String() +} + +// SetWebACLSummary sets the WebACLSummary field's value. +func (s *GetWebACLForResourceOutput) SetWebACLSummary(v *waf.WebACLSummary) *GetWebACLForResourceOutput { + s.WebACLSummary = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListResourcesForWebACLRequest +type ListResourcesForWebACLInput struct { + _ struct{} `type:"structure"` + + // The unique identifier (ID) of the web ACL for which to list the associated + // resources. + // + // WebACLId is a required field + WebACLId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s ListResourcesForWebACLInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListResourcesForWebACLInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListResourcesForWebACLInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListResourcesForWebACLInput"} + if s.WebACLId == nil { + invalidParams.Add(request.NewErrParamRequired("WebACLId")) + } + if s.WebACLId != nil && len(*s.WebACLId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("WebACLId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetWebACLId sets the WebACLId field's value. +func (s *ListResourcesForWebACLInput) SetWebACLId(v string) *ListResourcesForWebACLInput { + s.WebACLId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/ListResourcesForWebACLResponse +type ListResourcesForWebACLOutput struct { + _ struct{} `type:"structure"` + + // An array of ARNs (Amazon Resource Names) of the resources associated with + // the specified web ACL. An array with zero elements is returned if there are + // no resources associated with the web ACL. + ResourceArns []*string `type:"list"` +} + +// String returns the string representation +func (s ListResourcesForWebACLOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListResourcesForWebACLOutput) GoString() string { + return s.String() +} + +// SetResourceArns sets the ResourceArns field's value. +func (s *ListResourcesForWebACLOutput) SetResourceArns(v []*string) *ListResourcesForWebACLOutput { + s.ResourceArns = v + return s +} + +const ( + // ChangeActionInsert is a ChangeAction enum value + ChangeActionInsert = "INSERT" + + // ChangeActionDelete is a ChangeAction enum value + ChangeActionDelete = "DELETE" +) + +const ( + // ChangeTokenStatusProvisioned is a ChangeTokenStatus enum value + ChangeTokenStatusProvisioned = "PROVISIONED" + + // ChangeTokenStatusPending is a ChangeTokenStatus enum value + ChangeTokenStatusPending = "PENDING" + + // ChangeTokenStatusInsync is a ChangeTokenStatus enum value + ChangeTokenStatusInsync = "INSYNC" +) + +const ( + // ComparisonOperatorEq is a ComparisonOperator enum value + ComparisonOperatorEq = "EQ" + + // ComparisonOperatorNe is a ComparisonOperator enum value + ComparisonOperatorNe = "NE" + + // ComparisonOperatorLe is a ComparisonOperator enum value + ComparisonOperatorLe = "LE" + + // ComparisonOperatorLt is a ComparisonOperator enum value + ComparisonOperatorLt = "LT" + + // ComparisonOperatorGe is a ComparisonOperator enum value + ComparisonOperatorGe = "GE" + + // ComparisonOperatorGt is a ComparisonOperator enum value + ComparisonOperatorGt = "GT" +) + +const ( + // IPSetDescriptorTypeIpv4 is a IPSetDescriptorType enum value + IPSetDescriptorTypeIpv4 = "IPV4" + + // IPSetDescriptorTypeIpv6 is a IPSetDescriptorType enum value + IPSetDescriptorTypeIpv6 = "IPV6" +) + +const ( + // MatchFieldTypeUri is a MatchFieldType enum value + MatchFieldTypeUri = "URI" + + // MatchFieldTypeQueryString is a MatchFieldType enum value + MatchFieldTypeQueryString = "QUERY_STRING" + + // MatchFieldTypeHeader is a MatchFieldType enum value + MatchFieldTypeHeader = "HEADER" + + // MatchFieldTypeMethod is a MatchFieldType enum value + MatchFieldTypeMethod = "METHOD" + + // MatchFieldTypeBody is a MatchFieldType enum value + MatchFieldTypeBody = "BODY" +) + +const ( + // ParameterExceptionFieldChangeAction is a ParameterExceptionField enum value + ParameterExceptionFieldChangeAction = "CHANGE_ACTION" + + // ParameterExceptionFieldWafAction is a ParameterExceptionField enum value + ParameterExceptionFieldWafAction = "WAF_ACTION" + + // ParameterExceptionFieldPredicateType is a ParameterExceptionField enum value + ParameterExceptionFieldPredicateType = "PREDICATE_TYPE" + + // ParameterExceptionFieldIpsetType is a ParameterExceptionField enum value + ParameterExceptionFieldIpsetType = "IPSET_TYPE" + + // ParameterExceptionFieldByteMatchFieldType is a ParameterExceptionField enum value + ParameterExceptionFieldByteMatchFieldType = "BYTE_MATCH_FIELD_TYPE" + + // ParameterExceptionFieldSqlInjectionMatchFieldType is a ParameterExceptionField enum value + ParameterExceptionFieldSqlInjectionMatchFieldType = "SQL_INJECTION_MATCH_FIELD_TYPE" + + // ParameterExceptionFieldByteMatchTextTransformation is a ParameterExceptionField enum value + ParameterExceptionFieldByteMatchTextTransformation = "BYTE_MATCH_TEXT_TRANSFORMATION" + + // ParameterExceptionFieldByteMatchPositionalConstraint is a ParameterExceptionField enum value + ParameterExceptionFieldByteMatchPositionalConstraint = "BYTE_MATCH_POSITIONAL_CONSTRAINT" + + // ParameterExceptionFieldSizeConstraintComparisonOperator is a ParameterExceptionField enum value + ParameterExceptionFieldSizeConstraintComparisonOperator = "SIZE_CONSTRAINT_COMPARISON_OPERATOR" +) + +const ( + // ParameterExceptionReasonInvalidOption is a ParameterExceptionReason enum value + ParameterExceptionReasonInvalidOption = "INVALID_OPTION" + + // ParameterExceptionReasonIllegalCombination is a ParameterExceptionReason enum value + ParameterExceptionReasonIllegalCombination = "ILLEGAL_COMBINATION" +) + +const ( + // PositionalConstraintExactly is a PositionalConstraint enum value + PositionalConstraintExactly = "EXACTLY" + + // PositionalConstraintStartsWith is a PositionalConstraint enum value + PositionalConstraintStartsWith = "STARTS_WITH" + + // PositionalConstraintEndsWith is a PositionalConstraint enum value + PositionalConstraintEndsWith = "ENDS_WITH" + + // PositionalConstraintContains is a PositionalConstraint enum value + PositionalConstraintContains = "CONTAINS" + + // PositionalConstraintContainsWord is a PositionalConstraint enum value + PositionalConstraintContainsWord = "CONTAINS_WORD" +) + +const ( + // PredicateTypeIpmatch is a PredicateType enum value + PredicateTypeIpmatch = "IPMatch" + + // PredicateTypeByteMatch is a PredicateType enum value + PredicateTypeByteMatch = "ByteMatch" + + // PredicateTypeSqlInjectionMatch is a PredicateType enum value + PredicateTypeSqlInjectionMatch = "SqlInjectionMatch" + + // PredicateTypeSizeConstraint is a PredicateType enum value + PredicateTypeSizeConstraint = "SizeConstraint" + + // PredicateTypeXssMatch is a PredicateType enum value + PredicateTypeXssMatch = "XssMatch" +) + +const ( + // TextTransformationNone is a TextTransformation enum value + TextTransformationNone = "NONE" + + // TextTransformationCompressWhiteSpace is a TextTransformation enum value + TextTransformationCompressWhiteSpace = "COMPRESS_WHITE_SPACE" + + // TextTransformationHtmlEntityDecode is a TextTransformation enum value + TextTransformationHtmlEntityDecode = "HTML_ENTITY_DECODE" + + // TextTransformationLowercase is a TextTransformation enum value + TextTransformationLowercase = "LOWERCASE" + + // TextTransformationCmdLine is a TextTransformation enum value + TextTransformationCmdLine = "CMD_LINE" + + // TextTransformationUrlDecode is a TextTransformation enum value + TextTransformationUrlDecode = "URL_DECODE" +) + +const ( + // WafActionTypeBlock is a WafActionType enum value + WafActionTypeBlock = "BLOCK" + + // WafActionTypeAllow is a WafActionType enum value + WafActionTypeAllow = "ALLOW" + + // WafActionTypeCount is a WafActionType enum value + WafActionTypeCount = "COUNT" +) diff --git a/vendor/github.com/aws/aws-sdk-go/service/wafregional/service.go b/vendor/github.com/aws/aws-sdk-go/service/wafregional/service.go new file mode 100644 index 000000000000..d2093f89bd73 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/wafregional/service.go @@ -0,0 +1,101 @@ +// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. + +package wafregional + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/client/metadata" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/aws/signer/v4" + "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" +) + +// This is the AWS WAF Regional API Reference for using AWS WAF with Elastic +// Load Balancing (ELB) Application Load Balancers. The AWS WAF actions and +// data types listed in the reference are available for protecting Application +// Load Balancers. You can use these actions and data types by means of the +// endpoints listed in AWS Regions and Endpoints (http://docs.aws.amazon.com/general/latest/gr/rande.html#waf_region). +// This guide is for developers who need detailed information about the AWS +// WAF API actions, data types, and errors. For detailed information about AWS +// WAF features and an overview of how to use the AWS WAF API, see the AWS WAF +// Developer Guide (http://docs.aws.amazon.com/waf/latest/developerguide/). +// The service client's operations are safe to be used concurrently. +// It is not safe to mutate any of the client's properties though. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28 +type WAFRegional struct { + *client.Client +} + +// Used for custom client initialization logic +var initClient func(*client.Client) + +// Used for custom request initialization logic +var initRequest func(*request.Request) + +// Service information constants +const ( + ServiceName = "waf-regional" // Service endpoint prefix API calls made to. + EndpointsID = ServiceName // Service ID for Regions and Endpoints metadata. +) + +// New creates a new instance of the WAFRegional client with a session. +// If additional configuration is needed for the client instance use the optional +// aws.Config parameter to add your extra config. +// +// Example: +// // Create a WAFRegional client from just a session. +// svc := wafregional.New(mySession) +// +// // Create a WAFRegional client with additional configuration +// svc := wafregional.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +func New(p client.ConfigProvider, cfgs ...*aws.Config) *WAFRegional { + c := p.ClientConfig(EndpointsID, cfgs...) + return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName) +} + +// newClient creates, initializes and returns a new service client instance. +func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *WAFRegional { + svc := &WAFRegional{ + Client: client.New( + cfg, + metadata.ClientInfo{ + ServiceName: ServiceName, + SigningName: signingName, + SigningRegion: signingRegion, + Endpoint: endpoint, + APIVersion: "2016-11-28", + JSONVersion: "1.1", + TargetPrefix: "AWSWAF_Regional_20161128", + }, + handlers, + ), + } + + // Handlers + svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler) + svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler) + svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler) + svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler) + svc.Handlers.UnmarshalError.PushBackNamed(jsonrpc.UnmarshalErrorHandler) + + // Run custom client initialization if present + if initClient != nil { + initClient(svc.Client) + } + + return svc +} + +// newRequest creates a new request for a WAFRegional operation and runs any +// custom request initialization. +func (c *WAFRegional) newRequest(op *request.Operation, params, data interface{}) *request.Request { + req := c.NewRequest(op, params, data) + + // Run custom request initialization if present + if initRequest != nil { + initRequest(req) + } + + return req +} diff --git a/vendor/vendor.json b/vendor/vendor.json index b7e96ab257f0..0da6a07ee725 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -1117,6 +1117,12 @@ "version": "v1.8.10", "versionExact": "v1.8.10" }, + { + "checksumSHA1": "lRDDbi6XtUqJZMTZaT3EU4/djGI=", + "path": "github.com/aws/aws-sdk-go/service/wafregional", + "revision": "5e1afe1c0a077fb2da9b5f74232b790d99397ce8", + "revisionTime": "2017-01-12T17:52:23Z" + }, { "checksumSHA1": "nqw2Qn5xUklssHTubS5HDvEL9L4=", "path": "github.com/bgentry/go-netrc/netrc", diff --git a/website/source/docs/providers/aws/r/wafregional_byte_match_set.html.markdown b/website/source/docs/providers/aws/r/wafregional_byte_match_set.html.markdown new file mode 100644 index 000000000000..7607bca3945b --- /dev/null +++ b/website/source/docs/providers/aws/r/wafregional_byte_match_set.html.markdown @@ -0,0 +1,43 @@ +--- +layout: "aws" +page_title: "AWS: wafregional_byte_match_set" +sidebar_current: "docs-aws-resource-wafregional-bytematchset" +description: |- + Provides a AWS WAF Regional ByteMatchSet resource for use with ALB. +--- + +# aws\_wafregional\_byte\_match\_set + +Provides a WAF Regional Byte Match Set Resource for use with Application Load Balancer. + +## Example Usage + +``` +resource "aws_wafregional_byte_match_set" "byte_set" { + name = "tf_waf_byte_match_set" + byte_match_tuples { + text_transformation = "NONE" + target_string = "badrefer1" + positional_constraint = "CONTAINS" + field_to_match { + type = "HEADER" + data = "referer" + } + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) The name or description of the ByteMatchSet. +* `byte_match_tuples` - Settings for the ByteMatchSet, such as the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests. + +## Remarks + +## Attributes Reference + +The following attributes are exported: + +* `id` - The ID of the WAF ByteMatchSet. diff --git a/website/source/docs/providers/aws/r/wafregional_ipset.html.markdown b/website/source/docs/providers/aws/r/wafregional_ipset.html.markdown new file mode 100644 index 000000000000..7dc7f8f35704 --- /dev/null +++ b/website/source/docs/providers/aws/r/wafregional_ipset.html.markdown @@ -0,0 +1,38 @@ +--- +layout: "aws" +page_title: "AWS: wafregional_ipset" +sidebar_current: "docs-aws-resource-wafregional-ipset" +description: |- + Provides a AWS WAF Regional IPSet resource for use with ALB. +--- + +# aws\_wafregional\_ipset + +Provides a WAF Regional IPSet Resource for use with Application Load Balancer. + +## Example Usage + +``` +resource "aws_wafregional_ipset" "ipset" { + name = "tfIPSet" + ip_set_descriptors { + type = "IPV4" + value = "192.0.7.0/24" + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) The name or description of the IPSet. +* `ip_set_descriptors` - (Required) The IP address type and IP address range (in CIDR notation) from which web requests originate. + +## Remarks + +## Attributes Reference + +The following attributes are exported: + +* `id` - The ID of the WAF IPSet. diff --git a/website/source/docs/providers/aws/r/wafregional_rule.html.markdown b/website/source/docs/providers/aws/r/wafregional_rule.html.markdown new file mode 100644 index 000000000000..97f8325ef258 --- /dev/null +++ b/website/source/docs/providers/aws/r/wafregional_rule.html.markdown @@ -0,0 +1,50 @@ +--- +layout: "aws" +page_title: "AWS: wafregional_rule" +sidebar_current: "docs-aws-resource-wafregional-rule" +description: |- + Provides a AWS WAF Regional rule resource for use with ALB. +--- + +# aws\_wafregional\_rule + +Provides a WAF Regional Rule Resource for use with Application Load Balancer. + +## Example Usage + +``` +resource "aws_wafregional_ipset" "ipset" { + name = "tfIPSet" + ip_set_descriptors { + type = "IPV4" + value = "192.0.7.0/24" + } +} + +resource "aws_wafregional_rule" "wafrule" { + depends_on = ["aws_wafregional_ipset.ipset"] + name = "tfWAFRule" + metric_name = "tfWAFRule" + predicates { + data_id = "${aws_wafregional_ipset.ipset.id}" + negated = false + type = "IPMatch" + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `metric_name` - (Required) The name or description for the Amazon CloudWatch metric of this rule. +* `name` - (Required) The name or description of the rule. +* `predicates` - (Optional) The ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects to include in a rule. + +## Remarks + +## Attributes Reference + +The following attributes are exported: + +* `id` - The ID of the WAF rule. diff --git a/website/source/docs/providers/aws/r/wafregional_size_constraint_set.html.markdown b/website/source/docs/providers/aws/r/wafregional_size_constraint_set.html.markdown new file mode 100644 index 000000000000..c58febca31ec --- /dev/null +++ b/website/source/docs/providers/aws/r/wafregional_size_constraint_set.html.markdown @@ -0,0 +1,42 @@ +--- +layout: "aws" +page_title: "AWS: wafregional_size_constraint_set" +sidebar_current: "docs-aws-resource-wafregional-size-constraint-set" +description: |- + Provides a AWS WAF Regional SizeConstraintSet resource for use with ALB. +--- + +# aws\_wafregional\_size\_constraint\_set + +Provides a WAF Regional Size Constraint Set Resource for use with Application Load Balancer. + +## Example Usage + +``` +resource "aws_wafregional_size_constraint_set" "size_constraint_set" { + name = "tfsize_constraints" + size_constraints { + text_transformation = "NONE" + comparison_operator = "EQ" + size = "4096" + field_to_match { + type = "BODY" + } + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) The name or description of the SizeConstraintSet. +* `size_constraints` - (Required) The size constraint and the part of the web request to check. + +## Remarks + +## Attributes Reference + +The following attributes are exported: + +* `id` - The ID of the WAF SizeConstraintSet. diff --git a/website/source/docs/providers/aws/r/wafregional_sql_injection_match_set.html.markdown b/website/source/docs/providers/aws/r/wafregional_sql_injection_match_set.html.markdown new file mode 100644 index 000000000000..18eb04365f00 --- /dev/null +++ b/website/source/docs/providers/aws/r/wafregional_sql_injection_match_set.html.markdown @@ -0,0 +1,40 @@ +--- +layout: "aws" +page_title: "AWS: wafregional_sql_injection_match_set" +sidebar_current: "docs-aws-resource-wafregional-sql-injection-match-set" +description: |- + Provides a AWS WAF Regional SqlInjectionMatchSet resource for use with ALB. +--- + +# aws\_wafregional\_sql\_injection\_match\_set + +Provides a WAF Regional SQL Injection Match Set Resource for use with Application Load Balancer. + +## Example Usage + +``` +resource "aws_wafregional_sql_injection_match_set" "sql_injection_match_set" { + name = "tf-sql_injection_match_set" + sql_injection_match_tuples { + text_transformation = "URL_DECODE" + field_to_match { + type = "QUERY_STRING" + } + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) The name or description of the SizeConstraintSet. +* `sql_injection_match_tuples` - The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. + +## Remarks + +## Attributes Reference + +The following attributes are exported: + +* `id` - The ID of the WAF SqlInjectionMatchSet. diff --git a/website/source/docs/providers/aws/r/wafregional_web_acl.html.markdown b/website/source/docs/providers/aws/r/wafregional_web_acl.html.markdown new file mode 100644 index 000000000000..96b896fe207d --- /dev/null +++ b/website/source/docs/providers/aws/r/wafregional_web_acl.html.markdown @@ -0,0 +1,66 @@ +--- +layout: "aws" +page_title: "AWS: aws_wafregional_web_acl" +sidebar_current: "docs-aws-resource-wafregional-web-acl" +description: |- + Provides a AWS WAF Regional web access control group (ACL) resource for use with ALB. +--- + +# aws\_wafregional\_web\_acl + +Provides a WAF Regional Web ACL Resource for use with Application Load Balancer. + +## Example Usage + +``` +resource "aws_wafregional_ipset" "ipset" { + name = "tfIPSet" + ip_set_descriptors { + type = "IPV4" + value = "192.0.7.0/24" + } +} + +resource "aws_wafregional_rule" "wafrule" { + depends_on = ["aws_wafregional_ipset.ipset"] + name = "tfWAFRule" + metric_name = "tfWAFRule" + predicates { + data_id = "${aws_wafregional_ipset.ipset.id}" + negated = false + type = "IPMatch" + } +} + +resource "aws_wafregional_web_acl" "wafacl" { + depends_on = ["aws_wafregional_ipset.ipset", "aws_wafregional_rule.wafrule"] + name = "tfWebACL" + metric_name = "tfWebACL" + default_action { + type = "ALLOW" + } + rules { + action { + type = "BLOCK" + } + priority = 1 + rule_id = "${aws_wafregional_rule.wafrule.id}" + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `default_action` - (Required) The action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. +* `metric_name` - (Required) The name or description for the Amazon CloudWatch metric of this web ACL. +* `name` - (Required) The name or description of the web ACL. +* `rules` - (Required) The rules to associate with the web ACL and the settings for each rule. + + +## Attributes Reference + +The following attributes are exported: + +* `id` - The ID of the WAF WebACL. diff --git a/website/source/docs/providers/aws/r/wafregional_web_acl_association.html.markdown b/website/source/docs/providers/aws/r/wafregional_web_acl_association.html.markdown new file mode 100644 index 000000000000..8bdfec19b32f --- /dev/null +++ b/website/source/docs/providers/aws/r/wafregional_web_acl_association.html.markdown @@ -0,0 +1,89 @@ +--- +layout: "aws" +page_title: "AWS: aws_wafregional_web_acl_association" +sidebar_current: "docs-aws-resource-wafregional-web-acl-association" +description: |- + Provides a resource to create an association between a WAF Regional WebACL and Application Load Balancer. +--- + +# aws\_wafregional\_web\_acl\_association + +Provides a resource to create an association between a WAF Regional WebACL and Application Load Balancer. + +-> **Note:** An Application Load Balancer can only be associated with one WAF Regional WebACL. + +## Example Usage + +``` +resource "aws_wafregional_ipset" "ipset" { + name = "tfIPSet" + ip_set_descriptors { + type = "IPV4" + value = "192.0.7.0/24" + } +} + +resource "aws_wafregional_rule" "wafrule" { + depends_on = ["aws_wafregional_ipset.ipset"] + name = "tfWAFRule" + metric_name = "tfWAFRule" + predicates { + data_id = "${aws_wafregional_ipset.ipset.id}" + negated = false + type = "IPMatch" + } +} + +resource "aws_wafregional_web_acl" "wafacl" { + depends_on = ["aws_wafregional_ipset.ipset", "aws_wafregional_rule.wafrule"] + name = "tfWebACL" + metric_name = "tfWebACL" + default_action { + type = "ALLOW" + } + rules { + action { + type = "BLOCK" + } + priority = 1 + rule_id = "${aws_wafregional_rule.wafrule.id}" + } +} + +resource "aws_vpc" "main" { + cidr_block = "10.1.0.0/16" +} + +resource "aws_subnet" "foo" { + vpc_id = "${aws_vpc.main.id}" + cidr_block = "10.1.1.0/24" +} + +resource "aws_subnet" "bar" { + vpc_id = "${aws_vpc.main.id}" + cidr_block = "10.1.2.0/24" +} + +resource "aws_alb" "alb" { + subnets = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"] +} + +resource "aws_wafregional_web_acl_association" "wafassociation" { + depends_on = ["aws_alb.alb", "aws_wafregional_web_acl.wafacl"] + web_acl_id = "${aws_wafregional_web_acl.wafacl.id}" + resource_arn = "${aws_alb.alb.arn}" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `web_acl_id` - (Required) The ID of the WAF Regional WebACL to create an association. +* `resource_arn` - (Required) Application Load Balancer ARN to associate with. + +## Attributes Reference + +The following attributes are exported: + +* `id` - The ID of the association diff --git a/website/source/docs/providers/aws/r/wafregional_xss_match_set.html.markdown b/website/source/docs/providers/aws/r/wafregional_xss_match_set.html.markdown new file mode 100644 index 000000000000..2692ca3be5d4 --- /dev/null +++ b/website/source/docs/providers/aws/r/wafregional_xss_match_set.html.markdown @@ -0,0 +1,47 @@ +--- +layout: "aws" +page_title: "AWS: wafregional_xss_match_set" +sidebar_current: "docs-aws-resource-wafregional-xss-match-set" +description: |- + Provides a AWS WAF Regional XssMatchSet resource for use with ALB. +--- + +# aws\_wafregional\_xss\_match\_set + +Provides a WAF Regional XSS Match Set Resource for use with Application Load Balancer. + +## Example Usage + +``` +resource "aws_wafregional_xss_match_set" "xss_match_set" { + name = "xss_match_set" + xss_match_tuples { + text_transformation = "NONE" + field_to_match { + type = "URI" + } + } + + xss_match_tuples { + text_transformation = "NONE" + field_to_match { + type = "QUERY_STRING" + } + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) The name or description of the SizeConstraintSet. +* `xss_match_tuples` - The parts of web requests that you want to inspect for cross-site scripting attacks. + +## Remarks + +## Attributes Reference + +The following attributes are exported: + +* `id` - The ID of the WAF XssMatchSet. diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb index 43d0787bdb37..9759fd728adf 100644 --- a/website/source/layouts/aws.erb +++ b/website/source/layouts/aws.erb @@ -1080,6 +1080,45 @@ + > + WAF Regional Resources + + + > Route53 Resources