Merge pull request #3 from terraform-providers/master

merge changes

CHANGELOG.md

@@ -6,6 +6,13 @@ FEATURES:
 * **New Data Source:** `aws_wafregional_rate_based_rule` [GH-10125]
 * **New Resource:** `aws_quicksight_user` [GH-10401]
 
+ENHANCEMENTS:
+
+* resource/aws_waf_rate_based_rule: Support resource import [GH-10475]
+* resource/aws_waf_rule: Add `tags` argument [GH-10408]
+* resource/aws_waf_rule_group: Add `tags` argument [GH-10408]
+* resource/aws_waf_web_acl: Add `tags` argument [GH-10408]
+
 BUG FIXES:
 
 * resource/aws_gamelift_fleet: Increase default deletion timeout to 20 minutes to match service timing [GH-10443]

aws/resource_aws_waf_rate_based_rule.go

@@ -17,6 +17,9 @@ func resourceAwsWafRateBasedRule() *schema.Resource {
 		Read:   resourceAwsWafRateBasedRuleRead,
 		Update: resourceAwsWafRateBasedRuleUpdate,
 		Delete: resourceAwsWafRateBasedRuleDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
 
 		Schema: map[string]*schema.Schema{
 			"name": {

aws/resource_aws_waf_rate_based_rule_test.go

@@ -17,6 +17,8 @@ import (
 func TestAccAWSWafRateBasedRule_basic(t *testing.T) {
 	var v waf.RateBasedRule
 	wafRuleName := fmt.Sprintf("wafrule%s", acctest.RandString(5))
+	resourceName := "aws_waf_rate_based_rule.wafrule"
+
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t); testAccPreCheckAWSWaf(t) },
 		Providers:    testAccProviders,
@@ -25,15 +27,17 @@ func TestAccAWSWafRateBasedRule_basic(t *testing.T) {
 			{
 				Config: testAccAWSWafRateBasedRuleConfig(wafRuleName),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSWafRateBasedRuleExists("aws_waf_rate_based_rule.wafrule", &v),
-					resource.TestCheckResourceAttr(
-						"aws_waf_rate_based_rule.wafrule", "name", wafRuleName),
-					resource.TestCheckResourceAttr(
-						"aws_waf_rate_based_rule.wafrule", "predicates.#", "1"),
-					resource.TestCheckResourceAttr(
-						"aws_waf_rate_based_rule.wafrule", "metric_name", wafRuleName),
+					testAccCheckAWSWafRateBasedRuleExists(resourceName, &v),
+					resource.TestCheckResourceAttr(resourceName, "name", wafRuleName),
+					resource.TestCheckResourceAttr(resourceName, "predicates.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "metric_name", wafRuleName),
 				),
 			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -42,6 +46,7 @@ func TestAccAWSWafRateBasedRule_changeNameForceNew(t *testing.T) {
 	var before, after waf.RateBasedRule
 	wafRuleName := fmt.Sprintf("wafrule%s", acctest.RandString(5))
 	wafRuleNewName := fmt.Sprintf("wafrulenew%s", acctest.RandString(5))
+	resourceName := "aws_waf_rate_based_rule.wafrule"
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t); testAccPreCheckAWSWaf(t) },
@@ -51,34 +56,35 @@ func TestAccAWSWafRateBasedRule_changeNameForceNew(t *testing.T) {
 			{
 				Config: testAccAWSWafRateBasedRuleConfig(wafRuleName),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSWafRateBasedRuleExists("aws_waf_rate_based_rule.wafrule", &before),
-					resource.TestCheckResourceAttr(
-						"aws_waf_rate_based_rule.wafrule", "name", wafRuleName),
-					resource.TestCheckResourceAttr(
-						"aws_waf_rate_based_rule.wafrule", "predicates.#", "1"),
-					resource.TestCheckResourceAttr(
-						"aws_waf_rate_based_rule.wafrule", "metric_name", wafRuleName),
+					testAccCheckAWSWafRateBasedRuleExists(resourceName, &before),
+					resource.TestCheckResourceAttr(resourceName, "name", wafRuleName),
+					resource.TestCheckResourceAttr(resourceName, "predicates.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "metric_name", wafRuleName),
 				),
 			},
 			{
 				Config: testAccAWSWafRateBasedRuleConfigChangeName(wafRuleNewName),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSWafRateBasedRuleExists("aws_waf_rate_based_rule.wafrule", &after),
-					resource.TestCheckResourceAttr(
-						"aws_waf_rate_based_rule.wafrule", "name", wafRuleNewName),
-					resource.TestCheckResourceAttr(
-						"aws_waf_rate_based_rule.wafrule", "predicates.#", "1"),
-					resource.TestCheckResourceAttr(
-						"aws_waf_rate_based_rule.wafrule", "metric_name", wafRuleNewName),
+					testAccCheckAWSWafRateBasedRuleExists(resourceName, &after),
+					resource.TestCheckResourceAttr(resourceName, "name", wafRuleNewName),
+					resource.TestCheckResourceAttr(resourceName, "predicates.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "metric_name", wafRuleNewName),
 				),
 			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
 
 func TestAccAWSWafRateBasedRule_disappears(t *testing.T) {
 	var v waf.RateBasedRule
 	wafRuleName := fmt.Sprintf("wafrule%s", acctest.RandString(5))
+	resourceName := "aws_waf_rate_based_rule.wafrule"
+
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t); testAccPreCheckAWSWaf(t) },
 		Providers:    testAccProviders,
@@ -87,7 +93,7 @@ func TestAccAWSWafRateBasedRule_disappears(t *testing.T) {
 			{
 				Config: testAccAWSWafRateBasedRuleConfig(wafRuleName),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSWafRateBasedRuleExists("aws_waf_rate_based_rule.wafrule", &v),
+					testAccCheckAWSWafRateBasedRuleExists(resourceName, &v),
 					testAccCheckAWSWafRateBasedRuleDisappears(&v),
 				),
 				ExpectNonEmptyPlan: true,
@@ -103,6 +109,7 @@ func TestAccAWSWafRateBasedRule_changePredicates(t *testing.T) {
 	var before, after waf.RateBasedRule
 	var idx int
 	ruleName := fmt.Sprintf("wafrule%s", acctest.RandString(5))
+	resourceName := "aws_waf_rate_based_rule.wafrule"
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t); testAccPreCheckAWSWaf(t) },
@@ -113,26 +120,31 @@ func TestAccAWSWafRateBasedRule_changePredicates(t *testing.T) {
 				Config: testAccAWSWafRateBasedRuleConfig(ruleName),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckAWSWafIPSetExists("aws_waf_ipset.ipset", &ipset),
-					testAccCheckAWSWafRateBasedRuleExists("aws_waf_rate_based_rule.wafrule", &before),
-					resource.TestCheckResourceAttr("aws_waf_rate_based_rule.wafrule", "name", ruleName),
-					resource.TestCheckResourceAttr("aws_waf_rate_based_rule.wafrule", "predicates.#", "1"),
+					testAccCheckAWSWafRateBasedRuleExists(resourceName, &before),
+					resource.TestCheckResourceAttr(resourceName, "name", ruleName),
+					resource.TestCheckResourceAttr(resourceName, "predicates.#", "1"),
 					computeWafRateBasedRulePredicateWithIpSet(&ipset, false, "IPMatch", &idx),
-					testCheckResourceAttrWithIndexesAddr("aws_waf_rate_based_rule.wafrule", "predicates.%d.negated", &idx, "false"),
-					testCheckResourceAttrWithIndexesAddr("aws_waf_rate_based_rule.wafrule", "predicates.%d.type", &idx, "IPMatch"),
+					testCheckResourceAttrWithIndexesAddr(resourceName, "predicates.%d.negated", &idx, "false"),
+					testCheckResourceAttrWithIndexesAddr(resourceName, "predicates.%d.type", &idx, "IPMatch"),
 				),
 			},
 			{
 				Config: testAccAWSWafRateBasedRuleConfig_changePredicates(ruleName),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckAWSWafByteMatchSetExists("aws_waf_byte_match_set.set", &byteMatchSet),
-					testAccCheckAWSWafRateBasedRuleExists("aws_waf_rate_based_rule.wafrule", &after),
-					resource.TestCheckResourceAttr("aws_waf_rate_based_rule.wafrule", "name", ruleName),
-					resource.TestCheckResourceAttr("aws_waf_rate_based_rule.wafrule", "predicates.#", "1"),
+					testAccCheckAWSWafRateBasedRuleExists(resourceName, &after),
+					resource.TestCheckResourceAttr(resourceName, "name", ruleName),
+					resource.TestCheckResourceAttr(resourceName, "predicates.#", "1"),
 					computeWafRateBasedRulePredicateWithByteMatchSet(&byteMatchSet, true, "ByteMatch", &idx),
-					testCheckResourceAttrWithIndexesAddr("aws_waf_rate_based_rule.wafrule", "predicates.%d.negated", &idx, "true"),
-					testCheckResourceAttrWithIndexesAddr("aws_waf_rate_based_rule.wafrule", "predicates.%d.type", &idx, "ByteMatch"),
+					testCheckResourceAttrWithIndexesAddr(resourceName, "predicates.%d.negated", &idx, "true"),
+					testCheckResourceAttrWithIndexesAddr(resourceName, "predicates.%d.type", &idx, "ByteMatch"),
 				),
 			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -178,6 +190,7 @@ func computeWafRateBasedRulePredicateWithByteMatchSet(set *waf.ByteMatchSet, neg
 func TestAccAWSWafRateBasedRule_noPredicates(t *testing.T) {
 	var rule waf.RateBasedRule
 	ruleName := fmt.Sprintf("wafrule%s", acctest.RandString(5))
+	resourceName := "aws_waf_rate_based_rule.wafrule"
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t); testAccPreCheckAWSWaf(t) },
@@ -187,13 +200,16 @@ func TestAccAWSWafRateBasedRule_noPredicates(t *testing.T) {
 			{
 				Config: testAccAWSWafRateBasedRuleConfig_noPredicates(ruleName),
 				Check: resource.ComposeAggregateTestCheckFunc(
-					testAccCheckAWSWafRateBasedRuleExists("aws_waf_rate_based_rule.wafrule", &rule),
-					resource.TestCheckResourceAttr(
-						"aws_waf_rate_based_rule.wafrule", "name", ruleName),
-					resource.TestCheckResourceAttr(
-						"aws_waf_rate_based_rule.wafrule", "predicates.#", "0"),
+					testAccCheckAWSWafRateBasedRuleExists(resourceName, &rule),
+					resource.TestCheckResourceAttr(resourceName, "name", ruleName),
+					resource.TestCheckResourceAttr(resourceName, "predicates.#", "0"),
 				),
 			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }

aws/resource_aws_waf_rule.go

@@ -5,10 +5,12 @@ import (
 	"log"
 
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/service/waf"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
 )
 
 func resourceAwsWafRule() *schema.Resource {
@@ -55,12 +57,14 @@ func resourceAwsWafRule() *schema.Resource {
 					},
 				},
 			},
+			"tags": tagsSchema(),
 		},
 	}
 }
 
 func resourceAwsWafRuleCreate(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).wafconn
+	tags := keyvaluetags.New(d.Get("tags").(map[string]interface{})).IgnoreAws().WafTags()
 
 	wr := newWafRetryer(conn)
 	out, err := wr.RetryWithToken(func(token *string) (interface{}, error) {
@@ -70,6 +74,10 @@ func resourceAwsWafRuleCreate(d *schema.ResourceData, meta interface{}) error {
 			Name:        aws.String(d.Get("name").(string)),
 		}
 
+		if len(tags) > 0 {
+			params.Tags = tags
+		}
+
 		return conn.CreateRule(params)
 	})
 	if err != nil {
@@ -109,6 +117,23 @@ func resourceAwsWafRuleRead(d *schema.ResourceData, meta interface{}) error {
 		predicates = append(predicates, predicate)
 	}
 
+	arn := arn.ARN{
+		Partition: meta.(*AWSClient).partition,
+		Service:   "waf",
+		AccountID: meta.(*AWSClient).accountid,
+		Resource:  fmt.Sprintf("rule/%s", d.Id()),
+	}.String()
+
+	tagList, err := conn.ListTagsForResource(&waf.ListTagsForResourceInput{
+		ResourceARN: aws.String(arn),
+	})
+	if err != nil {
+		return fmt.Errorf("Failed to get WAF Rule parameter tags for %s: %s", d.Get("name"), err)
+	}
+	if err := d.Set("tags", keyvaluetags.WafKeyValueTags(tagList.TagInfoForResource.TagList).IgnoreAws().Map()); err != nil {
+		return fmt.Errorf("error setting tags: %s", err)
+	}
+
 	d.Set("predicates", predicates)
 	d.Set("name", resp.Rule.Name)
 	d.Set("metric_name", resp.Rule.MetricName)
@@ -129,6 +154,21 @@ func resourceAwsWafRuleUpdate(d *schema.ResourceData, meta interface{}) error {
 		}
 	}
 
+	if d.HasChange("tags") {
+		o, n := d.GetChange("tags")
+
+		arn := arn.ARN{
+			Partition: meta.(*AWSClient).partition,
+			Service:   "waf",
+			AccountID: meta.(*AWSClient).accountid,
+			Resource:  fmt.Sprintf("rule/%s", d.Id()),
+		}.String()
+
+		if err := keyvaluetags.WafUpdateTags(conn, arn, o, n); err != nil {
+			return fmt.Errorf("error updating tags: %s", err)
+		}
+	}
+
 	return resourceAwsWafRuleRead(d, meta)
 }
 

aws/resource_aws_waf_rule_group.go

@@ -5,8 +5,10 @@ import (
 	"log"
 
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/aws/aws-sdk-go/service/waf"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
 )
 
 func resourceAwsWafRuleGroup() *schema.Resource {
@@ -65,12 +67,14 @@ func resourceAwsWafRuleGroup() *schema.Resource {
 					},
 				},
 			},
+			"tags": tagsSchema(),
 		},
 	}
 }
 
 func resourceAwsWafRuleGroupCreate(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).wafconn
+	tags := keyvaluetags.New(d.Get("tags").(map[string]interface{})).IgnoreAws().WafTags()
 
 	wr := newWafRetryer(conn)
 	out, err := wr.RetryWithToken(func(token *string) (interface{}, error) {
@@ -80,6 +84,10 @@ func resourceAwsWafRuleGroupCreate(d *schema.ResourceData, meta interface{}) err
 			Name:        aws.String(d.Get("name").(string)),
 		}
 
+		if len(tags) > 0 {
+			params.Tags = tags
+		}
+
 		return conn.CreateRuleGroup(params)
 	})
 	if err != nil {
@@ -115,6 +123,23 @@ func resourceAwsWafRuleGroupRead(d *schema.ResourceData, meta interface{}) error
 		return fmt.Errorf("error listing activated rules in WAF Rule Group (%s): %s", d.Id(), err)
 	}
 
+	arn := arn.ARN{
+		Partition: meta.(*AWSClient).partition,
+		Service:   "waf",
+		AccountID: meta.(*AWSClient).accountid,
+		Resource:  fmt.Sprintf("rulegroup/%s", d.Id()),
+	}.String()
+
+	tagList, err := conn.ListTagsForResource(&waf.ListTagsForResourceInput{
+		ResourceARN: aws.String(arn),
+	})
+	if err != nil {
+		return fmt.Errorf("Failed to get WAF Rule Group parameter tags for %s: %s", d.Get("name"), err)
+	}
+	if err := d.Set("tags", keyvaluetags.WafKeyValueTags(tagList.TagInfoForResource.TagList).IgnoreAws().Map()); err != nil {
+		return fmt.Errorf("error setting tags: %s", err)
+	}
+
 	d.Set("activated_rule", flattenWafActivatedRules(rResp.ActivatedRules))
 	d.Set("name", resp.RuleGroup.Name)
 	d.Set("metric_name", resp.RuleGroup.MetricName)
@@ -135,6 +160,21 @@ func resourceAwsWafRuleGroupUpdate(d *schema.ResourceData, meta interface{}) err
 		}
 	}
 
+	if d.HasChange("tags") {
+		o, n := d.GetChange("tags")
+
+		arn := arn.ARN{
+			Partition: meta.(*AWSClient).partition,
+			Service:   "waf",
+			AccountID: meta.(*AWSClient).accountid,
+			Resource:  fmt.Sprintf("rulegroup/%s", d.Id()),
+		}.String()
+
+		if err := keyvaluetags.WafUpdateTags(conn, arn, o, n); err != nil {
+			return fmt.Errorf("error updating tags: %s", err)
+		}
+	}
+
 	return resourceAwsWafRuleGroupRead(d, meta)
 }