github.com/bradfeehan/terraform@v0.7.0-rc3.0.20170529055808-34b45c5ad841/builtin/providers/aws/resource_aws_waf_xss_match_set_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/hashicorp/terraform/helper/resource" 8 "github.com/hashicorp/terraform/terraform" 9 10 "github.com/aws/aws-sdk-go/aws" 11 "github.com/aws/aws-sdk-go/aws/awserr" 12 "github.com/aws/aws-sdk-go/service/waf" 13 "github.com/hashicorp/errwrap" 14 "github.com/hashicorp/terraform/helper/acctest" 15 ) 16 17 func TestAccAWSWafXssMatchSet_basic(t *testing.T) { 18 var v waf.XssMatchSet 19 xssMatchSet := fmt.Sprintf("xssMatchSet-%s", acctest.RandString(5)) 20 21 resource.Test(t, resource.TestCase{ 22 PreCheck: func() { testAccPreCheck(t) }, 23 Providers: testAccProviders, 24 CheckDestroy: testAccCheckAWSWafXssMatchSetDestroy, 25 Steps: []resource.TestStep{ 26 resource.TestStep{ 27 Config: testAccAWSWafXssMatchSetConfig(xssMatchSet), 28 Check: resource.ComposeTestCheckFunc( 29 testAccCheckAWSWafXssMatchSetExists("aws_waf_xss_match_set.xss_match_set", &v), 30 resource.TestCheckResourceAttr( 31 "aws_waf_xss_match_set.xss_match_set", "name", xssMatchSet), 32 resource.TestCheckResourceAttr( 33 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.#", "2"), 34 resource.TestCheckResourceAttr( 35 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2018581549.field_to_match.#", "1"), 36 resource.TestCheckResourceAttr( 37 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2018581549.field_to_match.2316364334.data", ""), 38 resource.TestCheckResourceAttr( 39 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2018581549.field_to_match.2316364334.type", "QUERY_STRING"), 40 resource.TestCheckResourceAttr( 41 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2018581549.text_transformation", "NONE"), 42 resource.TestCheckResourceAttr( 43 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2786024938.field_to_match.#", "1"), 44 resource.TestCheckResourceAttr( 45 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2786024938.field_to_match.3756326843.data", ""), 46 resource.TestCheckResourceAttr( 47 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2786024938.field_to_match.3756326843.type", "URI"), 48 resource.TestCheckResourceAttr( 49 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2786024938.text_transformation", "NONE"), 50 ), 51 }, 52 }, 53 }) 54 } 55 56 func TestAccAWSWafXssMatchSet_changeNameForceNew(t *testing.T) { 57 var before, after waf.XssMatchSet 58 xssMatchSet := fmt.Sprintf("xssMatchSet-%s", acctest.RandString(5)) 59 xssMatchSetNewName := fmt.Sprintf("xssMatchSetNewName-%s", acctest.RandString(5)) 60 61 resource.Test(t, resource.TestCase{ 62 PreCheck: func() { testAccPreCheck(t) }, 63 Providers: testAccProviders, 64 CheckDestroy: testAccCheckAWSWafXssMatchSetDestroy, 65 Steps: []resource.TestStep{ 66 { 67 Config: testAccAWSWafXssMatchSetConfig(xssMatchSet), 68 Check: resource.ComposeTestCheckFunc( 69 testAccCheckAWSWafXssMatchSetExists("aws_waf_xss_match_set.xss_match_set", &before), 70 resource.TestCheckResourceAttr( 71 "aws_waf_xss_match_set.xss_match_set", "name", xssMatchSet), 72 resource.TestCheckResourceAttr( 73 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.#", "2"), 74 ), 75 }, 76 { 77 Config: testAccAWSWafXssMatchSetConfigChangeName(xssMatchSetNewName), 78 Check: resource.ComposeTestCheckFunc( 79 testAccCheckAWSWafXssMatchSetExists("aws_waf_xss_match_set.xss_match_set", &after), 80 resource.TestCheckResourceAttr( 81 "aws_waf_xss_match_set.xss_match_set", "name", xssMatchSetNewName), 82 resource.TestCheckResourceAttr( 83 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.#", "2"), 84 ), 85 }, 86 }, 87 }) 88 } 89 90 func TestAccAWSWafXssMatchSet_disappears(t *testing.T) { 91 var v waf.XssMatchSet 92 xssMatchSet := fmt.Sprintf("xssMatchSet-%s", acctest.RandString(5)) 93 94 resource.Test(t, resource.TestCase{ 95 PreCheck: func() { testAccPreCheck(t) }, 96 Providers: testAccProviders, 97 CheckDestroy: testAccCheckAWSWafXssMatchSetDestroy, 98 Steps: []resource.TestStep{ 99 { 100 Config: testAccAWSWafXssMatchSetConfig(xssMatchSet), 101 Check: resource.ComposeTestCheckFunc( 102 testAccCheckAWSWafXssMatchSetExists("aws_waf_xss_match_set.xss_match_set", &v), 103 testAccCheckAWSWafXssMatchSetDisappears(&v), 104 ), 105 ExpectNonEmptyPlan: true, 106 }, 107 }, 108 }) 109 } 110 111 func TestAccAWSWafXssMatchSet_changeTuples(t *testing.T) { 112 var before, after waf.XssMatchSet 113 setName := fmt.Sprintf("xssMatchSet-%s", acctest.RandString(5)) 114 115 resource.Test(t, resource.TestCase{ 116 PreCheck: func() { testAccPreCheck(t) }, 117 Providers: testAccProviders, 118 CheckDestroy: testAccCheckAWSWafXssMatchSetDestroy, 119 Steps: []resource.TestStep{ 120 { 121 Config: testAccAWSWafXssMatchSetConfig(setName), 122 Check: resource.ComposeAggregateTestCheckFunc( 123 testAccCheckAWSWafXssMatchSetExists("aws_waf_xss_match_set.xss_match_set", &before), 124 resource.TestCheckResourceAttr( 125 "aws_waf_xss_match_set.xss_match_set", "name", setName), 126 resource.TestCheckResourceAttr( 127 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.#", "2"), 128 resource.TestCheckResourceAttr( 129 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2018581549.field_to_match.#", "1"), 130 resource.TestCheckResourceAttr( 131 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2018581549.field_to_match.2316364334.data", ""), 132 resource.TestCheckResourceAttr( 133 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2018581549.field_to_match.2316364334.type", "QUERY_STRING"), 134 resource.TestCheckResourceAttr( 135 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2018581549.text_transformation", "NONE"), 136 resource.TestCheckResourceAttr( 137 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2786024938.field_to_match.#", "1"), 138 resource.TestCheckResourceAttr( 139 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2786024938.field_to_match.3756326843.data", ""), 140 resource.TestCheckResourceAttr( 141 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2786024938.field_to_match.3756326843.type", "URI"), 142 resource.TestCheckResourceAttr( 143 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2786024938.text_transformation", "NONE"), 144 ), 145 }, 146 { 147 Config: testAccAWSWafXssMatchSetConfig_changeTuples(setName), 148 Check: resource.ComposeAggregateTestCheckFunc( 149 testAccCheckAWSWafXssMatchSetExists("aws_waf_xss_match_set.xss_match_set", &after), 150 resource.TestCheckResourceAttr( 151 "aws_waf_xss_match_set.xss_match_set", "name", setName), 152 resource.TestCheckResourceAttr( 153 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.#", "2"), 154 resource.TestCheckResourceAttr( 155 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2893682529.field_to_match.#", "1"), 156 resource.TestCheckResourceAttr( 157 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2893682529.field_to_match.4253810390.data", "GET"), 158 resource.TestCheckResourceAttr( 159 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2893682529.field_to_match.4253810390.type", "METHOD"), 160 resource.TestCheckResourceAttr( 161 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2893682529.text_transformation", "HTML_ENTITY_DECODE"), 162 resource.TestCheckResourceAttr( 163 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.4270311415.field_to_match.#", "1"), 164 resource.TestCheckResourceAttr( 165 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.4270311415.field_to_match.281401076.data", ""), 166 resource.TestCheckResourceAttr( 167 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.4270311415.field_to_match.281401076.type", "BODY"), 168 resource.TestCheckResourceAttr( 169 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.4270311415.text_transformation", "CMD_LINE"), 170 ), 171 }, 172 }, 173 }) 174 } 175 176 func TestAccAWSWafXssMatchSet_noTuples(t *testing.T) { 177 var ipset waf.XssMatchSet 178 setName := fmt.Sprintf("xssMatchSet-%s", acctest.RandString(5)) 179 180 resource.Test(t, resource.TestCase{ 181 PreCheck: func() { testAccPreCheck(t) }, 182 Providers: testAccProviders, 183 CheckDestroy: testAccCheckAWSWafXssMatchSetDestroy, 184 Steps: []resource.TestStep{ 185 { 186 Config: testAccAWSWafXssMatchSetConfig_noTuples(setName), 187 Check: resource.ComposeAggregateTestCheckFunc( 188 testAccCheckAWSWafXssMatchSetExists("aws_waf_xss_match_set.xss_match_set", &ipset), 189 resource.TestCheckResourceAttr( 190 "aws_waf_xss_match_set.xss_match_set", "name", setName), 191 resource.TestCheckResourceAttr( 192 "aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.#", "0"), 193 ), 194 }, 195 }, 196 }) 197 } 198 199 func testAccCheckAWSWafXssMatchSetDisappears(v *waf.XssMatchSet) resource.TestCheckFunc { 200 return func(s *terraform.State) error { 201 conn := testAccProvider.Meta().(*AWSClient).wafconn 202 203 wr := newWafRetryer(conn, "global") 204 _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { 205 req := &waf.UpdateXssMatchSetInput{ 206 ChangeToken: token, 207 XssMatchSetId: v.XssMatchSetId, 208 } 209 210 for _, xssMatchTuple := range v.XssMatchTuples { 211 xssMatchTupleUpdate := &waf.XssMatchSetUpdate{ 212 Action: aws.String("DELETE"), 213 XssMatchTuple: &waf.XssMatchTuple{ 214 FieldToMatch: xssMatchTuple.FieldToMatch, 215 TextTransformation: xssMatchTuple.TextTransformation, 216 }, 217 } 218 req.Updates = append(req.Updates, xssMatchTupleUpdate) 219 } 220 return conn.UpdateXssMatchSet(req) 221 }) 222 if err != nil { 223 return errwrap.Wrapf("[ERROR] Error updating XssMatchSet: {{err}}", err) 224 } 225 226 _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { 227 opts := &waf.DeleteXssMatchSetInput{ 228 ChangeToken: token, 229 XssMatchSetId: v.XssMatchSetId, 230 } 231 return conn.DeleteXssMatchSet(opts) 232 }) 233 if err != nil { 234 return errwrap.Wrapf("[ERROR] Error deleting XssMatchSet: {{err}}", err) 235 } 236 return nil 237 } 238 } 239 240 func testAccCheckAWSWafXssMatchSetExists(n string, v *waf.XssMatchSet) resource.TestCheckFunc { 241 return func(s *terraform.State) error { 242 rs, ok := s.RootModule().Resources[n] 243 if !ok { 244 return fmt.Errorf("Not found: %s", n) 245 } 246 247 if rs.Primary.ID == "" { 248 return fmt.Errorf("No WAF XssMatchSet ID is set") 249 } 250 251 conn := testAccProvider.Meta().(*AWSClient).wafconn 252 resp, err := conn.GetXssMatchSet(&waf.GetXssMatchSetInput{ 253 XssMatchSetId: aws.String(rs.Primary.ID), 254 }) 255 256 if err != nil { 257 return err 258 } 259 260 if *resp.XssMatchSet.XssMatchSetId == rs.Primary.ID { 261 *v = *resp.XssMatchSet 262 return nil 263 } 264 265 return fmt.Errorf("WAF XssMatchSet (%s) not found", rs.Primary.ID) 266 } 267 } 268 269 func testAccCheckAWSWafXssMatchSetDestroy(s *terraform.State) error { 270 for _, rs := range s.RootModule().Resources { 271 if rs.Type != "aws_waf_byte_match_set" { 272 continue 273 } 274 275 conn := testAccProvider.Meta().(*AWSClient).wafconn 276 resp, err := conn.GetXssMatchSet( 277 &waf.GetXssMatchSetInput{ 278 XssMatchSetId: aws.String(rs.Primary.ID), 279 }) 280 281 if err == nil { 282 if *resp.XssMatchSet.XssMatchSetId == rs.Primary.ID { 283 return fmt.Errorf("WAF XssMatchSet %s still exists", rs.Primary.ID) 284 } 285 } 286 287 // Return nil if the XssMatchSet is already destroyed 288 if awsErr, ok := err.(awserr.Error); ok { 289 if awsErr.Code() == "WAFNonexistentItemException" { 290 return nil 291 } 292 } 293 294 return err 295 } 296 297 return nil 298 } 299 300 func testAccAWSWafXssMatchSetConfig(name string) string { 301 return fmt.Sprintf(` 302 resource "aws_waf_xss_match_set" "xss_match_set" { 303 name = "%s" 304 xss_match_tuples { 305 text_transformation = "NONE" 306 field_to_match { 307 type = "URI" 308 } 309 } 310 311 xss_match_tuples { 312 text_transformation = "NONE" 313 field_to_match { 314 type = "QUERY_STRING" 315 } 316 } 317 }`, name) 318 } 319 320 func testAccAWSWafXssMatchSetConfigChangeName(name string) string { 321 return fmt.Sprintf(` 322 resource "aws_waf_xss_match_set" "xss_match_set" { 323 name = "%s" 324 xss_match_tuples { 325 text_transformation = "NONE" 326 field_to_match { 327 type = "URI" 328 } 329 } 330 331 xss_match_tuples { 332 text_transformation = "NONE" 333 field_to_match { 334 type = "QUERY_STRING" 335 } 336 } 337 }`, name) 338 } 339 340 func testAccAWSWafXssMatchSetConfig_changeTuples(name string) string { 341 return fmt.Sprintf(` 342 resource "aws_waf_xss_match_set" "xss_match_set" { 343 name = "%s" 344 xss_match_tuples { 345 text_transformation = "CMD_LINE" 346 field_to_match { 347 type = "BODY" 348 } 349 } 350 351 xss_match_tuples { 352 text_transformation = "HTML_ENTITY_DECODE" 353 field_to_match { 354 type = "METHOD" 355 data = "GET" 356 } 357 } 358 }`, name) 359 } 360 361 func testAccAWSWafXssMatchSetConfig_noTuples(name string) string { 362 return fmt.Sprintf(` 363 resource "aws_waf_xss_match_set" "xss_match_set" { 364 name = "%s" 365 }`, name) 366 }