-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Resource: aws_wafregional_rule #3756
Conversation
aws/resource_aws_wafregional_rule.go
Outdated
Required: true, | ||
ForceNew: true, | ||
}, | ||
"predicates": &schema.Schema{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Due to the way this may (and likely is going to be) expressed in HCL:
predicates {
negated = true
data_id = "..."
}
predicates {
data_id = "..."
}
we tend to prefer singular names for TypeSet/TypeList fields with non-primitive nested types. i.e. predicate
in this case. Do you mind changing it here in the schema and in the CRUD & docs?
aws/resource_aws_wafregional_rule.go
Outdated
"%q must be one of IPMatch | ByteMatch | SqlInjectionMatch | SizeConstraint | XssMatch", k)) | ||
} | ||
return | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: We have a handy validation helper for this:
ValidateFunc: validation.StringInSlice([]string{
"IPMatch",
"ByteMatch",
"SqlInjectionMatch",
"SizeConstraint",
"XssMatch",
}, false),
aws/resource_aws_wafregional_rule.go
Outdated
} | ||
return | ||
}, | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nipick: We have a validation helper for this:
ValidateFunc: validation.StringLenBetween(1, 128),
aws/resource_aws_wafregional_rule.go
Outdated
|
||
resp, err := conn.GetRule(params) | ||
if err != nil { | ||
if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "WAFNonexistentItemException" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you mind using a helper to simplify the code here?
if isAWSErr(err, wafregional.ErrCodeWAFNonexistentItemException, "") {
aws/resource_aws_wafregional_rule.go
Outdated
predicates = append(predicates, predicate) | ||
} | ||
|
||
d.Set("predicates", predicates) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: We tend to decouple logic like this (anything converting SDK structures to schema-friendly structures and vice-versa) to functions which are usually called expanders (schema -> SDK) or flatteners (SDK -> schema).
This may then simplify the code above to
d.Set("predicates", flattenWafPredicates(resp.Rule.Predicates))
}, | ||
"metric_name": &schema.Schema{ | ||
Type: schema.TypeString, | ||
Required: true, |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
Schema: map[string]*schema.Schema{ | ||
"name": &schema.Schema{ | ||
Type: schema.TypeString, | ||
Required: true, |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
aws/resource_aws_wafregional_rule.go
Outdated
}, | ||
"predicates": &schema.Schema{ | ||
Type: schema.TypeSet, | ||
Optional: true, |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
aws/resource_aws_wafregional_rule.go
Outdated
}, | ||
"data_id": &schema.Schema{ | ||
Type: schema.TypeString, | ||
Optional: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems this field is actually required per docs:
https://docs.aws.amazon.com/waf/latest/APIReference/API_regional_Rule.html 🤔
Do you mind double checking it and eventually reflecting it here and in the CRUD?
} | ||
|
||
resource "aws_wafregional_rule" "wafrule" { | ||
depends_on = ["aws_wafregional_ipset.ipset"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This line is redundant as the relationship is already defined by the reference below (${aws_wafregional_ipset.ipset.id}
). Do you mind removing it?
@pvanbuijtene let me know if you need any help finishing this. I'd like to get it into 1.12.0 (tentatively scheduled for the end of next week) and this particular resource has been PR'd a couple of times, so I'm willing to take it to the finish line myself, if necessary 😉 |
899f7b3
to
61478f2
Compare
@radeksimko I will finish this one first since the tests of #3754 depend on it. So most work for this PR, #3754 and #3755 I can probably do in the weekend, but finishing it depends on when this PR can be merged which will be Monday or later guess? |
@pvanbuijtene The plan makes sense to me. I'll do my best to review any WAF PR that you tell me is ready for review. 😉 Just feel free to ping me the same way you just did. |
@radeksimko this one is ready :) ... hope I didn't forget anything. Some questions arose while being busy with this: |
Thanks @pvanbuijtene
We run acceptance tests nightly on our side, but anyone can run them locally e.g.
We don't have any particular rules, but WAF resources in particular could use some refactoring in that sense. We can address that in a separate PR, eventually. |
This has been released in version 1.12.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Trying to help a bit to finish the WAF Regional PRs, this is the result of the split up of #3199
Related PRs: #1045 hashicorp/terraform#13710
Thanks to the contributors: @yusukegoto @DennyLoko @BSick7