New Resource: aws_wafregional_rule

[pvanbuijtene]

Trying to help a bit to finish the WAF Regional PRs, this is the result of the split up of #3199

Related PRs: #1045 hashicorp/terraform#13710

Thanks to the contributors: @yusukegoto @DennyLoko @BSick7

[radeksimko]

Due to the way this may (and likely is going to be) expressed in HCL:

predicates {
  negated = true
  data_id = "..."
}
predicates {
  data_id = "..."
}

we tend to prefer singular names for TypeSet/TypeList fields with non-primitive nested types. i.e. predicate in this case. Do you mind changing it here in the schema and in the CRUD & docs?

[radeksimko]

Nitpick: We have a handy validation helper for this:

ValidateFunc: validation.StringInSlice([]string{
	"IPMatch",
	"ByteMatch",
	"SqlInjectionMatch",
	"SizeConstraint",
	"XssMatch",
}, false),

[radeksimko]

Nipick: We have a validation helper for this:

ValidateFunc: validation.StringLenBetween(1, 128),

[radeksimko]

Do you mind using a helper to simplify the code here?

if isAWSErr(err, wafregional.ErrCodeWAFNonexistentItemException, "") {

[radeksimko]

Nitpick: We tend to decouple logic like this (anything converting SDK structures to schema-friendly structures and vice-versa) to functions which are usually called expanders (schema -> SDK) or flatteners (SDK -> schema).
This may then simplify the code above to

d.Set("predicates", flattenWafPredicates(resp.Rule.Predicates))

[radeksimko]

It seems this field is actually required per docs:
https://docs.aws.amazon.com/waf/latest/APIReference/API_regional_Rule.html 🤔
Do you mind double checking it and eventually reflecting it here and in the CRUD?

[radeksimko]

This line is redundant as the relationship is already defined by the reference below (${aws_wafregional_ipset.ipset.id}). Do you mind removing it?

[radeksimko]

@pvanbuijtene let me know if you need any help finishing this. I'd like to get it into 1.12.0 (tentatively scheduled for the end of next week) and this particular resource has been PR'd a couple of times, so I'm willing to take it to the finish line myself, if necessary 😉

[pvanbuijtene]

@radeksimko I will finish this one first since the tests of #3754 depend on it.

So most work for this PR, #3754 and #3755 I can probably do in the weekend, but finishing it depends on when this PR can be merged which will be Monday or later guess?

[radeksimko]

@pvanbuijtene The plan makes sense to me. I'll do my best to review any WAF PR that you tell me is ready for review. 😉 Just feel free to ping me the same way you just did.

[pvanbuijtene]

@radeksimko this one is ready :) ... hope I didn't forget anything.

Some questions arose while being busy with this:
I guess there is an internal build which runs the acceptance tests?
What are the rules/guidelines regarding the usage of funcs from different resources?

[radeksimko]

Thanks @pvanbuijtene
I just reformatted imports in one file and removed a few lines of redundant code related to error checks. I hope these changes make sense. Let me know if you need any further explanation.

I guess there is an internal build which runs the acceptance tests?

We run acceptance tests nightly on our side, but anyone can run them locally e.g.

AWS_PROFILE=... make testacc TEST=./aws TESTARGS='-run=TestAccAWSWafRegionalRule_'

What are the rules/guidelines regarding the usage of funcs from different resources?

We don't have any particular rules, but WAF resources in particular could use some refactoring in that sense. We can address that in a separate PR, eventually.

[bflad]

This has been released in version 1.12.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!