github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/resource_aws_waf_rule_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/hashicorp/terraform/helper/resource" 8 "github.com/hashicorp/terraform/terraform" 9 10 "github.com/aws/aws-sdk-go/aws" 11 "github.com/aws/aws-sdk-go/aws/awserr" 12 "github.com/aws/aws-sdk-go/service/waf" 13 "github.com/hashicorp/terraform/helper/acctest" 14 ) 15 16 func TestAccAWSWafRule_basic(t *testing.T) { 17 var v waf.Rule 18 wafRuleName := fmt.Sprintf("wafrule%s", acctest.RandString(5)) 19 resource.Test(t, resource.TestCase{ 20 PreCheck: func() { testAccPreCheck(t) }, 21 Providers: testAccProviders, 22 CheckDestroy: testAccCheckAWSWafRuleDestroy, 23 Steps: []resource.TestStep{ 24 resource.TestStep{ 25 Config: testAccAWSWafRuleConfig(wafRuleName), 26 Check: resource.ComposeTestCheckFunc( 27 testAccCheckAWSWafRuleExists("aws_waf_rule.wafrule", &v), 28 resource.TestCheckResourceAttr( 29 "aws_waf_rule.wafrule", "name", wafRuleName), 30 resource.TestCheckResourceAttr( 31 "aws_waf_rule.wafrule", "predicates.#", "1"), 32 resource.TestCheckResourceAttr( 33 "aws_waf_rule.wafrule", "metric_name", wafRuleName), 34 ), 35 }, 36 }, 37 }) 38 } 39 40 func TestAccAWSWafRule_changeNameForceNew(t *testing.T) { 41 var before, after waf.Rule 42 wafRuleName := fmt.Sprintf("wafrule%s", acctest.RandString(5)) 43 wafRuleNewName := fmt.Sprintf("wafrulenew%s", acctest.RandString(5)) 44 45 resource.Test(t, resource.TestCase{ 46 PreCheck: func() { testAccPreCheck(t) }, 47 Providers: testAccProviders, 48 CheckDestroy: testAccCheckAWSWafIPSetDestroy, 49 Steps: []resource.TestStep{ 50 { 51 Config: testAccAWSWafRuleConfig(wafRuleName), 52 Check: resource.ComposeTestCheckFunc( 53 testAccCheckAWSWafRuleExists("aws_waf_rule.wafrule", &before), 54 resource.TestCheckResourceAttr( 55 "aws_waf_rule.wafrule", "name", wafRuleName), 56 resource.TestCheckResourceAttr( 57 "aws_waf_rule.wafrule", "predicates.#", "1"), 58 resource.TestCheckResourceAttr( 59 "aws_waf_rule.wafrule", "metric_name", wafRuleName), 60 ), 61 }, 62 { 63 Config: testAccAWSWafRuleConfigChangeName(wafRuleNewName), 64 Check: resource.ComposeTestCheckFunc( 65 testAccCheckAWSWafRuleExists("aws_waf_rule.wafrule", &after), 66 resource.TestCheckResourceAttr( 67 "aws_waf_rule.wafrule", "name", wafRuleNewName), 68 resource.TestCheckResourceAttr( 69 "aws_waf_rule.wafrule", "predicates.#", "1"), 70 resource.TestCheckResourceAttr( 71 "aws_waf_rule.wafrule", "metric_name", wafRuleNewName), 72 ), 73 }, 74 }, 75 }) 76 } 77 78 func TestAccAWSWafRule_disappears(t *testing.T) { 79 var v waf.Rule 80 wafRuleName := fmt.Sprintf("wafrule%s", acctest.RandString(5)) 81 resource.Test(t, resource.TestCase{ 82 PreCheck: func() { testAccPreCheck(t) }, 83 Providers: testAccProviders, 84 CheckDestroy: testAccCheckAWSWafRuleDestroy, 85 Steps: []resource.TestStep{ 86 { 87 Config: testAccAWSWafRuleConfig(wafRuleName), 88 Check: resource.ComposeTestCheckFunc( 89 testAccCheckAWSWafRuleExists("aws_waf_rule.wafrule", &v), 90 testAccCheckAWSWafRuleDisappears(&v), 91 ), 92 ExpectNonEmptyPlan: true, 93 }, 94 }, 95 }) 96 } 97 98 func testAccCheckAWSWafRuleDisappears(v *waf.Rule) resource.TestCheckFunc { 99 return func(s *terraform.State) error { 100 conn := testAccProvider.Meta().(*AWSClient).wafconn 101 102 // ChangeToken 103 var ct *waf.GetChangeTokenInput 104 105 resp, err := conn.GetChangeToken(ct) 106 if err != nil { 107 return fmt.Errorf("Error getting change token: %s", err) 108 } 109 110 req := &waf.UpdateRuleInput{ 111 ChangeToken: resp.ChangeToken, 112 RuleId: v.RuleId, 113 } 114 115 for _, Predicate := range v.Predicates { 116 Predicate := &waf.RuleUpdate{ 117 Action: aws.String("DELETE"), 118 Predicate: &waf.Predicate{ 119 Negated: Predicate.Negated, 120 Type: Predicate.Type, 121 DataId: Predicate.DataId, 122 }, 123 } 124 req.Updates = append(req.Updates, Predicate) 125 } 126 127 _, err = conn.UpdateRule(req) 128 if err != nil { 129 return fmt.Errorf("Error Updating WAF Rule: %s", err) 130 } 131 132 resp, err = conn.GetChangeToken(ct) 133 if err != nil { 134 return fmt.Errorf("Error getting change token for waf Rule: %s", err) 135 } 136 137 opts := &waf.DeleteRuleInput{ 138 ChangeToken: resp.ChangeToken, 139 RuleId: v.RuleId, 140 } 141 if _, err := conn.DeleteRule(opts); err != nil { 142 return err 143 } 144 return nil 145 } 146 } 147 148 func testAccCheckAWSWafRuleDestroy(s *terraform.State) error { 149 for _, rs := range s.RootModule().Resources { 150 if rs.Type != "aws_waf_rule" { 151 continue 152 } 153 154 conn := testAccProvider.Meta().(*AWSClient).wafconn 155 resp, err := conn.GetRule( 156 &waf.GetRuleInput{ 157 RuleId: aws.String(rs.Primary.ID), 158 }) 159 160 if err == nil { 161 if *resp.Rule.RuleId == rs.Primary.ID { 162 return fmt.Errorf("WAF Rule %s still exists", rs.Primary.ID) 163 } 164 } 165 166 // Return nil if the Rule is already destroyed 167 if awsErr, ok := err.(awserr.Error); ok { 168 if awsErr.Code() == "WAFNonexistentItemException" { 169 return nil 170 } 171 } 172 173 return err 174 } 175 176 return nil 177 } 178 179 func testAccCheckAWSWafRuleExists(n string, v *waf.Rule) resource.TestCheckFunc { 180 return func(s *terraform.State) error { 181 rs, ok := s.RootModule().Resources[n] 182 if !ok { 183 return fmt.Errorf("Not found: %s", n) 184 } 185 186 if rs.Primary.ID == "" { 187 return fmt.Errorf("No WAF Rule ID is set") 188 } 189 190 conn := testAccProvider.Meta().(*AWSClient).wafconn 191 resp, err := conn.GetRule(&waf.GetRuleInput{ 192 RuleId: aws.String(rs.Primary.ID), 193 }) 194 195 if err != nil { 196 return err 197 } 198 199 if *resp.Rule.RuleId == rs.Primary.ID { 200 *v = *resp.Rule 201 return nil 202 } 203 204 return fmt.Errorf("WAF Rule (%s) not found", rs.Primary.ID) 205 } 206 } 207 208 func testAccAWSWafRuleConfig(name string) string { 209 return fmt.Sprintf(` 210 resource "aws_waf_ipset" "ipset" { 211 name = "%s" 212 ip_set_descriptors { 213 type = "IPV4" 214 value = "192.0.7.0/24" 215 } 216 } 217 218 resource "aws_waf_rule" "wafrule" { 219 depends_on = ["aws_waf_ipset.ipset"] 220 name = "%s" 221 metric_name = "%s" 222 predicates { 223 data_id = "${aws_waf_ipset.ipset.id}" 224 negated = false 225 type = "IPMatch" 226 } 227 }`, name, name, name) 228 } 229 230 func testAccAWSWafRuleConfigChangeName(name string) string { 231 return fmt.Sprintf(` 232 resource "aws_waf_ipset" "ipset" { 233 name = "%s" 234 ip_set_descriptors { 235 type = "IPV4" 236 value = "192.0.7.0/24" 237 } 238 } 239 240 resource "aws_waf_rule" "wafrule" { 241 depends_on = ["aws_waf_ipset.ipset"] 242 name = "%s" 243 metric_name = "%s" 244 predicates { 245 data_id = "${aws_waf_ipset.ipset.id}" 246 negated = false 247 type = "IPMatch" 248 } 249 }`, name, name, name) 250 }