github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_waf_rule_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/hashicorp/terraform/helper/resource" 8 "github.com/hashicorp/terraform/terraform" 9 10 "github.com/aws/aws-sdk-go/aws" 11 "github.com/aws/aws-sdk-go/aws/awserr" 12 "github.com/aws/aws-sdk-go/service/waf" 13 "github.com/hashicorp/terraform/helper/acctest" 14 ) 15 16 func TestAccAWSWafRule_basic(t *testing.T) { 17 var v waf.Rule 18 wafRuleName := fmt.Sprintf("wafrule%s", acctest.RandString(5)) 19 resource.Test(t, resource.TestCase{ 20 PreCheck: func() { testAccPreCheck(t) }, 21 Providers: testAccProviders, 22 CheckDestroy: testAccCheckAWSWafRuleDestroy, 23 Steps: []resource.TestStep{ 24 resource.TestStep{ 25 Config: testAccAWSWafRuleConfig(wafRuleName), 26 Check: resource.ComposeTestCheckFunc( 27 testAccCheckAWSWafRuleExists("aws_waf_rule.wafrule", &v), 28 resource.TestCheckResourceAttr( 29 "aws_waf_rule.wafrule", "name", wafRuleName), 30 resource.TestCheckResourceAttr( 31 "aws_waf_rule.wafrule", "predicates.#", "1"), 32 resource.TestCheckResourceAttr( 33 "aws_waf_rule.wafrule", "metric_name", wafRuleName), 34 ), 35 }, 36 }, 37 }) 38 } 39 40 func TestAccAWSWafRule_changeNameForceNew(t *testing.T) { 41 var before, after waf.Rule 42 wafRuleName := fmt.Sprintf("wafrule%s", acctest.RandString(5)) 43 wafRuleNewName := fmt.Sprintf("wafrulenew%s", acctest.RandString(5)) 44 45 resource.Test(t, resource.TestCase{ 46 PreCheck: func() { testAccPreCheck(t) }, 47 Providers: testAccProviders, 48 CheckDestroy: testAccCheckAWSWafIPSetDestroy, 49 Steps: []resource.TestStep{ 50 { 51 Config: testAccAWSWafRuleConfig(wafRuleName), 52 Check: resource.ComposeTestCheckFunc( 53 testAccCheckAWSWafRuleExists("aws_waf_rule.wafrule", &before), 54 resource.TestCheckResourceAttr( 55 "aws_waf_rule.wafrule", "name", wafRuleName), 56 resource.TestCheckResourceAttr( 57 "aws_waf_rule.wafrule", "predicates.#", "1"), 58 resource.TestCheckResourceAttr( 59 "aws_waf_rule.wafrule", "metric_name", wafRuleName), 60 ), 61 }, 62 { 63 Config: testAccAWSWafRuleConfigChangeName(wafRuleNewName), 64 Check: resource.ComposeTestCheckFunc( 65 testAccCheckAWSWafRuleExists("aws_waf_rule.wafrule", &after), 66 resource.TestCheckResourceAttr( 67 "aws_waf_rule.wafrule", "name", wafRuleNewName), 68 resource.TestCheckResourceAttr( 69 "aws_waf_rule.wafrule", "predicates.#", "1"), 70 resource.TestCheckResourceAttr( 71 "aws_waf_rule.wafrule", "metric_name", wafRuleNewName), 72 ), 73 }, 74 }, 75 }) 76 } 77 78 func TestAccAWSWafRule_disappears(t *testing.T) { 79 var v waf.Rule 80 wafRuleName := fmt.Sprintf("wafrule%s", acctest.RandString(5)) 81 resource.Test(t, resource.TestCase{ 82 PreCheck: func() { testAccPreCheck(t) }, 83 Providers: testAccProviders, 84 CheckDestroy: testAccCheckAWSWafRuleDestroy, 85 Steps: []resource.TestStep{ 86 { 87 Config: testAccAWSWafRuleConfig(wafRuleName), 88 Check: resource.ComposeTestCheckFunc( 89 testAccCheckAWSWafRuleExists("aws_waf_rule.wafrule", &v), 90 testAccCheckAWSWafRuleDisappears(&v), 91 ), 92 ExpectNonEmptyPlan: true, 93 }, 94 }, 95 }) 96 } 97 98 func testAccCheckAWSWafRuleDisappears(v *waf.Rule) resource.TestCheckFunc { 99 return func(s *terraform.State) error { 100 conn := testAccProvider.Meta().(*AWSClient).wafconn 101 102 wr := newWafRetryer(conn, "global") 103 _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { 104 req := &waf.UpdateRuleInput{ 105 ChangeToken: token, 106 RuleId: v.RuleId, 107 } 108 109 for _, Predicate := range v.Predicates { 110 Predicate := &waf.RuleUpdate{ 111 Action: aws.String("DELETE"), 112 Predicate: &waf.Predicate{ 113 Negated: Predicate.Negated, 114 Type: Predicate.Type, 115 DataId: Predicate.DataId, 116 }, 117 } 118 req.Updates = append(req.Updates, Predicate) 119 } 120 121 return conn.UpdateRule(req) 122 }) 123 if err != nil { 124 return fmt.Errorf("Error Updating WAF Rule: %s", err) 125 } 126 127 _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { 128 opts := &waf.DeleteRuleInput{ 129 ChangeToken: token, 130 RuleId: v.RuleId, 131 } 132 return conn.DeleteRule(opts) 133 }) 134 if err != nil { 135 return fmt.Errorf("Error Deleting WAF Rule: %s", err) 136 } 137 return nil 138 } 139 } 140 141 func testAccCheckAWSWafRuleDestroy(s *terraform.State) error { 142 for _, rs := range s.RootModule().Resources { 143 if rs.Type != "aws_waf_rule" { 144 continue 145 } 146 147 conn := testAccProvider.Meta().(*AWSClient).wafconn 148 resp, err := conn.GetRule( 149 &waf.GetRuleInput{ 150 RuleId: aws.String(rs.Primary.ID), 151 }) 152 153 if err == nil { 154 if *resp.Rule.RuleId == rs.Primary.ID { 155 return fmt.Errorf("WAF Rule %s still exists", rs.Primary.ID) 156 } 157 } 158 159 // Return nil if the Rule is already destroyed 160 if awsErr, ok := err.(awserr.Error); ok { 161 if awsErr.Code() == "WAFNonexistentItemException" { 162 return nil 163 } 164 } 165 166 return err 167 } 168 169 return nil 170 } 171 172 func testAccCheckAWSWafRuleExists(n string, v *waf.Rule) resource.TestCheckFunc { 173 return func(s *terraform.State) error { 174 rs, ok := s.RootModule().Resources[n] 175 if !ok { 176 return fmt.Errorf("Not found: %s", n) 177 } 178 179 if rs.Primary.ID == "" { 180 return fmt.Errorf("No WAF Rule ID is set") 181 } 182 183 conn := testAccProvider.Meta().(*AWSClient).wafconn 184 resp, err := conn.GetRule(&waf.GetRuleInput{ 185 RuleId: aws.String(rs.Primary.ID), 186 }) 187 188 if err != nil { 189 return err 190 } 191 192 if *resp.Rule.RuleId == rs.Primary.ID { 193 *v = *resp.Rule 194 return nil 195 } 196 197 return fmt.Errorf("WAF Rule (%s) not found", rs.Primary.ID) 198 } 199 } 200 201 func testAccAWSWafRuleConfig(name string) string { 202 return fmt.Sprintf(` 203 resource "aws_waf_ipset" "ipset" { 204 name = "%s" 205 ip_set_descriptors { 206 type = "IPV4" 207 value = "192.0.7.0/24" 208 } 209 } 210 211 resource "aws_waf_rule" "wafrule" { 212 depends_on = ["aws_waf_ipset.ipset"] 213 name = "%s" 214 metric_name = "%s" 215 predicates { 216 data_id = "${aws_waf_ipset.ipset.id}" 217 negated = false 218 type = "IPMatch" 219 } 220 }`, name, name, name) 221 } 222 223 func testAccAWSWafRuleConfigChangeName(name string) string { 224 return fmt.Sprintf(` 225 resource "aws_waf_ipset" "ipset" { 226 name = "%s" 227 ip_set_descriptors { 228 type = "IPV4" 229 value = "192.0.7.0/24" 230 } 231 } 232 233 resource "aws_waf_rule" "wafrule" { 234 depends_on = ["aws_waf_ipset.ipset"] 235 name = "%s" 236 metric_name = "%s" 237 predicates { 238 data_id = "${aws_waf_ipset.ipset.id}" 239 negated = false 240 type = "IPMatch" 241 } 242 }`, name, name, name) 243 }