github.com/koding/terraform@v0.6.4-0.20170608090606-5d7e0339779d/builtin/providers/aws/resource_aws_waf_sql_injection_match_set.go (about) 1 package aws 2 3 import ( 4 "log" 5 6 "github.com/aws/aws-sdk-go/aws" 7 "github.com/aws/aws-sdk-go/aws/awserr" 8 "github.com/aws/aws-sdk-go/service/waf" 9 "github.com/hashicorp/errwrap" 10 "github.com/hashicorp/terraform/helper/schema" 11 ) 12 13 func resourceAwsWafSqlInjectionMatchSet() *schema.Resource { 14 return &schema.Resource{ 15 Create: resourceAwsWafSqlInjectionMatchSetCreate, 16 Read: resourceAwsWafSqlInjectionMatchSetRead, 17 Update: resourceAwsWafSqlInjectionMatchSetUpdate, 18 Delete: resourceAwsWafSqlInjectionMatchSetDelete, 19 20 Schema: map[string]*schema.Schema{ 21 "name": &schema.Schema{ 22 Type: schema.TypeString, 23 Required: true, 24 ForceNew: true, 25 }, 26 "sql_injection_match_tuples": &schema.Schema{ 27 Type: schema.TypeSet, 28 Optional: true, 29 Elem: &schema.Resource{ 30 Schema: map[string]*schema.Schema{ 31 "field_to_match": { 32 Type: schema.TypeSet, 33 Required: true, 34 MaxItems: 1, 35 Elem: &schema.Resource{ 36 Schema: map[string]*schema.Schema{ 37 "data": { 38 Type: schema.TypeString, 39 Optional: true, 40 }, 41 "type": { 42 Type: schema.TypeString, 43 Required: true, 44 }, 45 }, 46 }, 47 }, 48 "text_transformation": &schema.Schema{ 49 Type: schema.TypeString, 50 Required: true, 51 }, 52 }, 53 }, 54 }, 55 }, 56 } 57 } 58 59 func resourceAwsWafSqlInjectionMatchSetCreate(d *schema.ResourceData, meta interface{}) error { 60 conn := meta.(*AWSClient).wafconn 61 62 log.Printf("[INFO] Creating SqlInjectionMatchSet: %s", d.Get("name").(string)) 63 64 wr := newWafRetryer(conn, "global") 65 out, err := wr.RetryWithToken(func(token *string) (interface{}, error) { 66 params := &waf.CreateSqlInjectionMatchSetInput{ 67 ChangeToken: token, 68 Name: aws.String(d.Get("name").(string)), 69 } 70 71 return conn.CreateSqlInjectionMatchSet(params) 72 }) 73 if err != nil { 74 return errwrap.Wrapf("[ERROR] Error creating SqlInjectionMatchSet: {{err}}", err) 75 } 76 resp := out.(*waf.CreateSqlInjectionMatchSetOutput) 77 d.SetId(*resp.SqlInjectionMatchSet.SqlInjectionMatchSetId) 78 79 return resourceAwsWafSqlInjectionMatchSetUpdate(d, meta) 80 } 81 82 func resourceAwsWafSqlInjectionMatchSetRead(d *schema.ResourceData, meta interface{}) error { 83 conn := meta.(*AWSClient).wafconn 84 log.Printf("[INFO] Reading SqlInjectionMatchSet: %s", d.Get("name").(string)) 85 params := &waf.GetSqlInjectionMatchSetInput{ 86 SqlInjectionMatchSetId: aws.String(d.Id()), 87 } 88 89 resp, err := conn.GetSqlInjectionMatchSet(params) 90 if err != nil { 91 if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "WAFNonexistentItemException" { 92 log.Printf("[WARN] WAF IPSet (%s) not found, error code (404)", d.Id()) 93 d.SetId("") 94 return nil 95 } 96 97 return err 98 } 99 100 d.Set("name", resp.SqlInjectionMatchSet.Name) 101 d.Set("sql_injection_match_tuples", resp.SqlInjectionMatchSet.SqlInjectionMatchTuples) 102 103 return nil 104 } 105 106 func resourceAwsWafSqlInjectionMatchSetUpdate(d *schema.ResourceData, meta interface{}) error { 107 conn := meta.(*AWSClient).wafconn 108 109 if d.HasChange("sql_injection_match_tuples") { 110 o, n := d.GetChange("sql_injection_match_tuples") 111 oldT, newT := o.(*schema.Set).List(), n.(*schema.Set).List() 112 113 err := updateSqlInjectionMatchSetResource(d.Id(), oldT, newT, conn) 114 if err != nil { 115 return errwrap.Wrapf("[ERROR] Error updating SqlInjectionMatchSet: {{err}}", err) 116 } 117 } 118 119 return resourceAwsWafSqlInjectionMatchSetRead(d, meta) 120 } 121 122 func resourceAwsWafSqlInjectionMatchSetDelete(d *schema.ResourceData, meta interface{}) error { 123 conn := meta.(*AWSClient).wafconn 124 125 oldTuples := d.Get("sql_injection_match_tuples").(*schema.Set).List() 126 127 if len(oldTuples) > 0 { 128 noTuples := []interface{}{} 129 err := updateSqlInjectionMatchSetResource(d.Id(), oldTuples, noTuples, conn) 130 if err != nil { 131 return errwrap.Wrapf("[ERROR] Error deleting SqlInjectionMatchSet: {{err}}", err) 132 } 133 } 134 135 wr := newWafRetryer(conn, "global") 136 _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { 137 req := &waf.DeleteSqlInjectionMatchSetInput{ 138 ChangeToken: token, 139 SqlInjectionMatchSetId: aws.String(d.Id()), 140 } 141 142 return conn.DeleteSqlInjectionMatchSet(req) 143 }) 144 if err != nil { 145 return errwrap.Wrapf("[ERROR] Error deleting SqlInjectionMatchSet: {{err}}", err) 146 } 147 148 return nil 149 } 150 151 func updateSqlInjectionMatchSetResource(id string, oldT, newT []interface{}, conn *waf.WAF) error { 152 wr := newWafRetryer(conn, "global") 153 _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { 154 req := &waf.UpdateSqlInjectionMatchSetInput{ 155 ChangeToken: token, 156 SqlInjectionMatchSetId: aws.String(id), 157 Updates: diffWafSqlInjectionMatchTuples(oldT, newT), 158 } 159 160 log.Printf("[INFO] Updating SqlInjectionMatchSet: %s", req) 161 return conn.UpdateSqlInjectionMatchSet(req) 162 }) 163 if err != nil { 164 return errwrap.Wrapf("[ERROR] Error updating SqlInjectionMatchSet: {{err}}", err) 165 } 166 167 return nil 168 } 169 170 func flattenWafSqlInjectionMatchTuples(ts []*waf.SqlInjectionMatchTuple) []interface{} { 171 out := make([]interface{}, len(ts), len(ts)) 172 for i, t := range ts { 173 m := make(map[string]interface{}) 174 m["text_transformation"] = *t.TextTransformation 175 m["field_to_match"] = flattenFieldToMatch(t.FieldToMatch) 176 out[i] = m 177 } 178 179 return out 180 } 181 182 func diffWafSqlInjectionMatchTuples(oldT, newT []interface{}) []*waf.SqlInjectionMatchSetUpdate { 183 updates := make([]*waf.SqlInjectionMatchSetUpdate, 0) 184 185 for _, od := range oldT { 186 tuple := od.(map[string]interface{}) 187 188 if idx, contains := sliceContainsMap(newT, tuple); contains { 189 newT = append(newT[:idx], newT[idx+1:]...) 190 continue 191 } 192 193 updates = append(updates, &waf.SqlInjectionMatchSetUpdate{ 194 Action: aws.String(waf.ChangeActionDelete), 195 SqlInjectionMatchTuple: &waf.SqlInjectionMatchTuple{ 196 FieldToMatch: expandFieldToMatch(tuple["field_to_match"].(*schema.Set).List()[0].(map[string]interface{})), 197 TextTransformation: aws.String(tuple["text_transformation"].(string)), 198 }, 199 }) 200 } 201 202 for _, nd := range newT { 203 tuple := nd.(map[string]interface{}) 204 205 updates = append(updates, &waf.SqlInjectionMatchSetUpdate{ 206 Action: aws.String(waf.ChangeActionInsert), 207 SqlInjectionMatchTuple: &waf.SqlInjectionMatchTuple{ 208 FieldToMatch: expandFieldToMatch(tuple["field_to_match"].(*schema.Set).List()[0].(map[string]interface{})), 209 TextTransformation: aws.String(tuple["text_transformation"].(string)), 210 }, 211 }) 212 } 213 return updates 214 }