From ea3a1bdd00398506652841197ed9acfc5f7a05e2 Mon Sep 17 00:00:00 2001 From: Anthony Wat Date: Sun, 19 May 2024 16:56:10 -0400 Subject: [PATCH 1/6] feat: Add support for large req body inspection for regional resources for aws_wafv2_web_acl --- .changelog/37588.txt | 3 + internal/service/wafv2/flex.go | 32 +++++--- internal/service/wafv2/schemas.go | 52 ++++++++++++ internal/service/wafv2/web_acl_test.go | 94 +++++++++++++++++++++- website/docs/r/wafv2_web_acl.html.markdown | 68 +++++++++++++++- 5 files changed, 233 insertions(+), 16 deletions(-) create mode 100644 .changelog/37588.txt diff --git a/.changelog/37588.txt b/.changelog/37588.txt new file mode 100644 index 000000000000..d0be4a4cc20c --- /dev/null +++ b/.changelog/37588.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_wafv2_web_acl: Add `api_gateway`, `app_runner_service`, `cognito_user_pool`, and `verified_access_instance` configuration blocks to the `association_config.request_body` argument +``` \ No newline at end of file diff --git a/internal/service/wafv2/flex.go b/internal/service/wafv2/flex.go index 3c51a665c0db..b2f4e848ab1f 100644 --- a/internal/service/wafv2/flex.go +++ b/internal/service/wafv2/flex.go @@ -4,6 +4,8 @@ package wafv2 import ( + "strings" + "github.com/aws/aws-sdk-go-v2/aws" awstypes "github.com/aws/aws-sdk-go-v2/service/wafv2/types" "github.com/aws/aws-sdk-go/service/wafv2" @@ -115,11 +117,14 @@ func expandAssociationConfig(l []interface{}) *awstypes.AssociationConfig { m = inner[0].(map[string]interface{}) if len(m) > 0 { configuration.RequestBody = make(map[string]awstypes.RequestBodyAssociatedResourceTypeConfig) - } - - if v, ok := m["cloudfront"]; ok { - inner = v.([]interface{}) - configuration.RequestBody[wafv2.AssociatedResourceTypeCloudfront] = expandRequestBodyConfigItem(inner) + for _, resourceType := range wafv2.AssociatedResourceType_Values() { + if v, ok := m[strings.ToLower(resourceType)]; ok { + m := v.([]interface{}) + if len(m) > 0 { + configuration.RequestBody[resourceType] = expandRequestBodyConfigItem(m) + } + } + } } } @@ -1765,13 +1770,18 @@ func flattenAssociationConfig(config *awstypes.AssociationConfig) interface{} { return associationConfig } - cloudfrontRequestBodyConfig := config.RequestBody[wafv2.AssociatedResourceTypeCloudfront] + requestBodyConfig := map[string]interface{}{} + for _, resourceType := range wafv2.AssociatedResourceType_Values() { + if requestBodyAssociatedResourceTypeConfig, ok := config.RequestBody[resourceType]; ok { + requestBodyConfig[strings.ToLower(resourceType)] = []map[string]interface{}{{ + "default_size_inspection_limit": string(requestBodyAssociatedResourceTypeConfig.DefaultSizeInspectionLimit), + }} + } + } associationConfig = append(associationConfig, map[string]interface{}{ - "request_body": []map[string]interface{}{{ - "cloudfront": []map[string]interface{}{{ - "default_size_inspection_limit": string(cloudfrontRequestBodyConfig.DefaultSizeInspectionLimit), - }}, - }}, + "request_body": []map[string]interface{}{ + requestBodyConfig, + }, }) return associationConfig diff --git a/internal/service/wafv2/schemas.go b/internal/service/wafv2/schemas.go index d7bc4a6e5145..66f0f2f0f60b 100644 --- a/internal/service/wafv2/schemas.go +++ b/internal/service/wafv2/schemas.go @@ -539,6 +539,32 @@ func requestBodySchema() *schema.Schema { Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ + "api_gateway": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "default_size_inspection_limit": { + Type: schema.TypeString, + Required: true, + ValidateDiagFunc: enum.Validate[awstypes.SizeInspectionLimit](), + }, + }, + }, + }, + "app_runner_service": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "default_size_inspection_limit": { + Type: schema.TypeString, + Required: true, + ValidateDiagFunc: enum.Validate[awstypes.SizeInspectionLimit](), + }, + }, + }, + }, "cloudfront": { Type: schema.TypeList, Optional: true, @@ -552,6 +578,32 @@ func requestBodySchema() *schema.Schema { }, }, }, + "cognito_user_pool": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "default_size_inspection_limit": { + Type: schema.TypeString, + Required: true, + ValidateDiagFunc: enum.Validate[awstypes.SizeInspectionLimit](), + }, + }, + }, + }, + "verified_access_instance": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "default_size_inspection_limit": { + Type: schema.TypeString, + Required: true, + ValidateDiagFunc: enum.Validate[awstypes.SizeInspectionLimit](), + }, + }, + }, + }, }, }, } diff --git a/internal/service/wafv2/web_acl_test.go b/internal/service/wafv2/web_acl_test.go index 02b2e11b407f..f0d58c69edad 100644 --- a/internal/service/wafv2/web_acl_test.go +++ b/internal/service/wafv2/web_acl_test.go @@ -2867,7 +2867,7 @@ func TestAccWAFV2WebACL_tokenDomains(t *testing.T) { }) } -func TestAccWAFV2WebACL_associationConfig(t *testing.T) { +func TestAccWAFV2WebACL_associationConfigCloudFront(t *testing.T) { ctx := acctest.Context(t) var v awstypes.WebACL webACLName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -2883,7 +2883,7 @@ func TestAccWAFV2WebACL_associationConfig(t *testing.T) { CheckDestroy: testAccCheckWebACLDestroy(ctx), Steps: []resource.TestStep{ { - Config: testAccWebACLConfig_associationConfig(webACLName), + Config: testAccWebACLConfig_associationConfigCloudFront(webACLName), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckWebACLExists(ctx, resourceName, &v), acctest.MatchResourceAttrRegionalARN(resourceName, names.AttrARN, "wafv2", regexache.MustCompile(`global/webacl/.+$`)), @@ -2913,6 +2913,57 @@ func TestAccWAFV2WebACL_associationConfig(t *testing.T) { }) } +func TestAccWAFV2WebACL_associationConfigRegional(t *testing.T) { + ctx := acctest.Context(t) + var v awstypes.WebACL + webACLName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_wafv2_web_acl.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + acctest.PreCheck(ctx, t) + }, + ErrorCheck: acctest.ErrorCheck(t, names.WAFV2ServiceID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckWebACLDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccWebACLConfig_associationConfigRegional(webACLName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckWebACLExists(ctx, resourceName, &v), + acctest.MatchResourceAttrRegionalARN(resourceName, names.AttrARN, "wafv2", regexache.MustCompile(`regional/webacl/.+$`)), + resource.TestCheckResourceAttr(resourceName, "association_config.#", acctest.Ct1), + resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.#", acctest.Ct1), + resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.api_gateway.#", acctest.Ct1), + resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.api_gateway.0.default_size_inspection_limit", "KB_16"), + resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.cognito_user_pool.#", acctest.Ct1), + resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.cognito_user_pool.0.default_size_inspection_limit", "KB_32"), + resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.app_runner_service.#", acctest.Ct1), + resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.app_runner_service.0.default_size_inspection_limit", "KB_48"), + resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.verified_access_instance.#", acctest.Ct1), + resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.verified_access_instance.0.default_size_inspection_limit", "KB_64"), + resource.TestCheckResourceAttr(resourceName, "default_action.#", acctest.Ct1), + resource.TestCheckResourceAttr(resourceName, "default_action.0.allow.#", acctest.Ct1), + resource.TestCheckResourceAttr(resourceName, "default_action.0.block.#", acctest.Ct0), + resource.TestCheckResourceAttr(resourceName, names.AttrDescription, webACLName), + resource.TestCheckResourceAttr(resourceName, names.AttrName, webACLName), + resource.TestCheckResourceAttr(resourceName, names.AttrScope, string(awstypes.ScopeRegional)), + resource.TestCheckResourceAttr(resourceName, "visibility_config.#", acctest.Ct1), + resource.TestCheckResourceAttr(resourceName, "visibility_config.0.cloudwatch_metrics_enabled", "false"), + resource.TestCheckResourceAttr(resourceName, "visibility_config.0.metric_name", "friendly-metric-name"), + resource.TestCheckResourceAttr(resourceName, "visibility_config.0.sampled_requests_enabled", "false"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateIdFunc: testAccWebACLImportStateIdFunc(resourceName), + }, + }, + }) +} + func TestAccWAFV2WebACL_CloudFrontScope(t *testing.T) { ctx := acctest.Context(t) var v awstypes.WebACL @@ -5938,7 +5989,7 @@ resource "aws_wafv2_web_acl" "test" { `, rName) } -func testAccWebACLConfig_associationConfig(rName string) string { +func testAccWebACLConfig_associationConfigCloudFront(rName string) string { return fmt.Sprintf(` resource "aws_wafv2_web_acl" "test" { name = %[1]q @@ -5965,3 +6016,40 @@ resource "aws_wafv2_web_acl" "test" { } `, rName) } + +func testAccWebACLConfig_associationConfigRegional(rName string) string { + return fmt.Sprintf(` +resource "aws_wafv2_web_acl" "test" { + name = %[1]q + description = %[1]q + scope = "REGIONAL" + + default_action { + allow {} + } + + association_config { + request_body { + api_gateway { + default_size_inspection_limit = "KB_16" + } + cognito_user_pool { + default_size_inspection_limit = "KB_32" + } + app_runner_service { + default_size_inspection_limit = "KB_48" + } + verified_access_instance { + default_size_inspection_limit = "KB_64" + } + } + } + + visibility_config { + cloudwatch_metrics_enabled = false + metric_name = "friendly-metric-name" + sampled_requests_enabled = false + } +} +`, rName) +} diff --git a/website/docs/r/wafv2_web_acl.html.markdown b/website/docs/r/wafv2_web_acl.html.markdown index 4e62bc2a076a..8b55c375afca 100644 --- a/website/docs/r/wafv2_web_acl.html.markdown +++ b/website/docs/r/wafv2_web_acl.html.markdown @@ -417,6 +417,42 @@ resource "aws_wafv2_web_acl" "test" { } ``` +### Large Request Body Inspections for Regional Resources + +```terraform +resource "aws_wafv2_web_acl" "example" { + name = "large-request-body-example" + scope = "REGIONAL" + + default_action { + allow {} + } + + association_config { + request_body { + api_gateway { + default_size_inspection_limit = "KB_64" + } + app_runner_service { + default_size_inspection_limit = "KB_64" + } + cognito_user_pool { + default_size_inspection_limit = "KB_64" + } + verified_access_instance { + default_size_inspection_limit = "KB_64" + } + } + } + + visibility_config { + cloudwatch_metrics_enabled = false + metric_name = "friendly-metric-name" + sampled_requests_enabled = false + } +} +``` + ## Argument Reference This resource supports the following arguments: @@ -973,13 +1009,41 @@ The `immunity_time_property` block supports the following arguments: The `request_body` block supports the following arguments: -* `cloudfront` - (Optional) Customizes the request body that your protected CloudFront distributions forward to AWS WAF for inspection. See [`cloudfront`](#cloudfront-block) below for details. +* `api_gateway` - (Optional) Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when `scope` is set to `CLOUDFRONT`. See [`api_gateway`](#api_gateway-block) below for details. +* `app_runner_service` - (Optional) Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`app_runner_service`](#app_runner_service-block) below for details. +* `cloudfront` - (Optional) Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`cloudfront`](#cloudfront-block) below for details. +* `cognito_user_pool` - (Optional) Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`cognito_user_pool`](#cognito_user_pool-block) below for details. +* `verified_access_instance` - (Optional) Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`verified_access_instance`](#verified_access_instance-block) below for details. + +### `api_gateway` Block + +The `api_gateway` block supports the following arguments: + +* `default_size_inspection_limit` - (Required) Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. + +### `app_runner_service` Block + +The `app_runner_service` block supports the following arguments: + +* `default_size_inspection_limit` - (Required) Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. ### `cloudfront` Block The `cloudfront` block supports the following arguments: -* `default_size_inspection_limit` - (Required) Specifies the maximum size of the web request body component that an associated CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. +* `default_size_inspection_limit` - (Required) Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. + +### `cognito_user_pool` Block + +The `cognito_user_pool` block supports the following arguments: + +* `default_size_inspection_limit` - (Required) Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. + +### `verified_access_instance` Block + +The `verified_access_instance` block supports the following arguments: + +* `default_size_inspection_limit` - (Required) Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. ### `custom_key` Block From 802e4df6304b1ab91d4df7b8c4ee89027a442254 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 20 May 2024 10:59:21 -0400 Subject: [PATCH 2/6] r/aws_wafv2_web_acl: 'app_runner_service' -> 'apprunner_service'. --- .changelog/37588.txt | 2 +- internal/service/wafv2/schemas.go | 2 +- internal/service/wafv2/web_acl_test.go | 6 +++--- website/docs/r/wafv2_web_acl.html.markdown | 8 ++++---- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.changelog/37588.txt b/.changelog/37588.txt index d0be4a4cc20c..f8c07057e7a2 100644 --- a/.changelog/37588.txt +++ b/.changelog/37588.txt @@ -1,3 +1,3 @@ ```release-note:enhancement -resource/aws_wafv2_web_acl: Add `api_gateway`, `app_runner_service`, `cognito_user_pool`, and `verified_access_instance` configuration blocks to the `association_config.request_body` argument +resource/aws_wafv2_web_acl: Add `api_gateway`, `apprunner_service`, `cognito_user_pool`, and `verified_access_instance` configuration blocks to `association_config.request_body` ``` \ No newline at end of file diff --git a/internal/service/wafv2/schemas.go b/internal/service/wafv2/schemas.go index 66f0f2f0f60b..f0382e10fefe 100644 --- a/internal/service/wafv2/schemas.go +++ b/internal/service/wafv2/schemas.go @@ -552,7 +552,7 @@ func requestBodySchema() *schema.Schema { }, }, }, - "app_runner_service": { + "apprunner_service": { Type: schema.TypeList, Optional: true, Elem: &schema.Resource{ diff --git a/internal/service/wafv2/web_acl_test.go b/internal/service/wafv2/web_acl_test.go index f0d58c69edad..255eac66f5b5 100644 --- a/internal/service/wafv2/web_acl_test.go +++ b/internal/service/wafv2/web_acl_test.go @@ -2938,8 +2938,8 @@ func TestAccWAFV2WebACL_associationConfigRegional(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.api_gateway.0.default_size_inspection_limit", "KB_16"), resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.cognito_user_pool.#", acctest.Ct1), resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.cognito_user_pool.0.default_size_inspection_limit", "KB_32"), - resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.app_runner_service.#", acctest.Ct1), - resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.app_runner_service.0.default_size_inspection_limit", "KB_48"), + resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.apprunner_service.#", acctest.Ct1), + resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.apprunner_service.0.default_size_inspection_limit", "KB_48"), resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.verified_access_instance.#", acctest.Ct1), resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.verified_access_instance.0.default_size_inspection_limit", "KB_64"), resource.TestCheckResourceAttr(resourceName, "default_action.#", acctest.Ct1), @@ -6036,7 +6036,7 @@ resource "aws_wafv2_web_acl" "test" { cognito_user_pool { default_size_inspection_limit = "KB_32" } - app_runner_service { + apprunner_service { default_size_inspection_limit = "KB_48" } verified_access_instance { diff --git a/website/docs/r/wafv2_web_acl.html.markdown b/website/docs/r/wafv2_web_acl.html.markdown index 8b55c375afca..4cc715f10cc4 100644 --- a/website/docs/r/wafv2_web_acl.html.markdown +++ b/website/docs/r/wafv2_web_acl.html.markdown @@ -433,7 +433,7 @@ resource "aws_wafv2_web_acl" "example" { api_gateway { default_size_inspection_limit = "KB_64" } - app_runner_service { + apprunner_service { default_size_inspection_limit = "KB_64" } cognito_user_pool { @@ -1010,7 +1010,7 @@ The `immunity_time_property` block supports the following arguments: The `request_body` block supports the following arguments: * `api_gateway` - (Optional) Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when `scope` is set to `CLOUDFRONT`. See [`api_gateway`](#api_gateway-block) below for details. -* `app_runner_service` - (Optional) Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`app_runner_service`](#app_runner_service-block) below for details. +* `apprunner_service` - (Optional) Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`apprunner_service`](#apprunner_service-block) below for details. * `cloudfront` - (Optional) Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`cloudfront`](#cloudfront-block) below for details. * `cognito_user_pool` - (Optional) Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`cognito_user_pool`](#cognito_user_pool-block) below for details. * `verified_access_instance` - (Optional) Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`verified_access_instance`](#verified_access_instance-block) below for details. @@ -1021,9 +1021,9 @@ The `api_gateway` block supports the following arguments: * `default_size_inspection_limit` - (Required) Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. -### `app_runner_service` Block +### `apprunner_service` Block -The `app_runner_service` block supports the following arguments: +The `apprunner_service` block supports the following arguments: * `default_size_inspection_limit` - (Required) Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. From ff8d9ffffb572844b4ada1bec4410a1601262722 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 20 May 2024 11:01:12 -0400 Subject: [PATCH 3/6] r/aws_wafv2_web_acl: 'verified_access_instance' -> 'verifiedaccess_instance'. --- .changelog/37588.txt | 4 ++-- internal/service/wafv2/schemas.go | 2 +- internal/service/wafv2/web_acl_test.go | 6 +++--- website/docs/r/wafv2_web_acl.html.markdown | 8 ++++---- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.changelog/37588.txt b/.changelog/37588.txt index f8c07057e7a2..68d5f932ff0c 100644 --- a/.changelog/37588.txt +++ b/.changelog/37588.txt @@ -1,3 +1,3 @@ -```release-note:enhancement -resource/aws_wafv2_web_acl: Add `api_gateway`, `apprunner_service`, `cognito_user_pool`, and `verified_access_instance` configuration blocks to `association_config.request_body` +```release-note:enhancement +resource/aws_wafv2_web_acl: Add `api_gateway`, `apprunner_service`, `cognito_user_pool`, and `verifiedaccess_instance` configuration blocks to `association_config.request_body` ``` \ No newline at end of file diff --git a/internal/service/wafv2/schemas.go b/internal/service/wafv2/schemas.go index f0382e10fefe..6772248e3991 100644 --- a/internal/service/wafv2/schemas.go +++ b/internal/service/wafv2/schemas.go @@ -591,7 +591,7 @@ func requestBodySchema() *schema.Schema { }, }, }, - "verified_access_instance": { + "verifiedaccess_instance": { Type: schema.TypeList, Optional: true, Elem: &schema.Resource{ diff --git a/internal/service/wafv2/web_acl_test.go b/internal/service/wafv2/web_acl_test.go index 255eac66f5b5..0909079d86fc 100644 --- a/internal/service/wafv2/web_acl_test.go +++ b/internal/service/wafv2/web_acl_test.go @@ -2940,8 +2940,8 @@ func TestAccWAFV2WebACL_associationConfigRegional(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.cognito_user_pool.0.default_size_inspection_limit", "KB_32"), resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.apprunner_service.#", acctest.Ct1), resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.apprunner_service.0.default_size_inspection_limit", "KB_48"), - resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.verified_access_instance.#", acctest.Ct1), - resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.verified_access_instance.0.default_size_inspection_limit", "KB_64"), + resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.verifiedaccess_instance.#", acctest.Ct1), + resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.verifiedaccess_instance.0.default_size_inspection_limit", "KB_64"), resource.TestCheckResourceAttr(resourceName, "default_action.#", acctest.Ct1), resource.TestCheckResourceAttr(resourceName, "default_action.0.allow.#", acctest.Ct1), resource.TestCheckResourceAttr(resourceName, "default_action.0.block.#", acctest.Ct0), @@ -6039,7 +6039,7 @@ resource "aws_wafv2_web_acl" "test" { apprunner_service { default_size_inspection_limit = "KB_48" } - verified_access_instance { + verifiedaccess_instance { default_size_inspection_limit = "KB_64" } } diff --git a/website/docs/r/wafv2_web_acl.html.markdown b/website/docs/r/wafv2_web_acl.html.markdown index 4cc715f10cc4..6369cf2c1f37 100644 --- a/website/docs/r/wafv2_web_acl.html.markdown +++ b/website/docs/r/wafv2_web_acl.html.markdown @@ -439,7 +439,7 @@ resource "aws_wafv2_web_acl" "example" { cognito_user_pool { default_size_inspection_limit = "KB_64" } - verified_access_instance { + verifiedaccess_instance { default_size_inspection_limit = "KB_64" } } @@ -1013,7 +1013,7 @@ The `request_body` block supports the following arguments: * `apprunner_service` - (Optional) Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`apprunner_service`](#apprunner_service-block) below for details. * `cloudfront` - (Optional) Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`cloudfront`](#cloudfront-block) below for details. * `cognito_user_pool` - (Optional) Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`cognito_user_pool`](#cognito_user_pool-block) below for details. -* `verified_access_instance` - (Optional) Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`verified_access_instance`](#verified_access_instance-block) below for details. +* `verifiedaccess_instance` - (Optional) Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`verifiedaccess_instance`](#verifiedaccess_instance-block) below for details. ### `api_gateway` Block @@ -1039,9 +1039,9 @@ The `cognito_user_pool` block supports the following arguments: * `default_size_inspection_limit` - (Required) Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. -### `verified_access_instance` Block +### `verifiedaccess_instance` Block -The `verified_access_instance` block supports the following arguments: +The `verifiedaccess_instance` block supports the following arguments: * `default_size_inspection_limit` - (Required) Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. From 7f7e239b8f03b822aa316f09772995af903f28a6 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 20 May 2024 11:10:20 -0400 Subject: [PATCH 4/6] Revert "r/aws_wafv2_web_acl: 'verified_access_instance' -> 'verifiedaccess_instance'." This reverts commit ff8d9ffffb572844b4ada1bec4410a1601262722. --- .changelog/37588.txt | 4 ++-- internal/service/wafv2/schemas.go | 2 +- internal/service/wafv2/web_acl_test.go | 6 +++--- website/docs/r/wafv2_web_acl.html.markdown | 8 ++++---- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.changelog/37588.txt b/.changelog/37588.txt index 68d5f932ff0c..f8c07057e7a2 100644 --- a/.changelog/37588.txt +++ b/.changelog/37588.txt @@ -1,3 +1,3 @@ -```release-note:enhancement -resource/aws_wafv2_web_acl: Add `api_gateway`, `apprunner_service`, `cognito_user_pool`, and `verifiedaccess_instance` configuration blocks to `association_config.request_body` +```release-note:enhancement +resource/aws_wafv2_web_acl: Add `api_gateway`, `apprunner_service`, `cognito_user_pool`, and `verified_access_instance` configuration blocks to `association_config.request_body` ``` \ No newline at end of file diff --git a/internal/service/wafv2/schemas.go b/internal/service/wafv2/schemas.go index 6772248e3991..f0382e10fefe 100644 --- a/internal/service/wafv2/schemas.go +++ b/internal/service/wafv2/schemas.go @@ -591,7 +591,7 @@ func requestBodySchema() *schema.Schema { }, }, }, - "verifiedaccess_instance": { + "verified_access_instance": { Type: schema.TypeList, Optional: true, Elem: &schema.Resource{ diff --git a/internal/service/wafv2/web_acl_test.go b/internal/service/wafv2/web_acl_test.go index 0909079d86fc..255eac66f5b5 100644 --- a/internal/service/wafv2/web_acl_test.go +++ b/internal/service/wafv2/web_acl_test.go @@ -2940,8 +2940,8 @@ func TestAccWAFV2WebACL_associationConfigRegional(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.cognito_user_pool.0.default_size_inspection_limit", "KB_32"), resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.apprunner_service.#", acctest.Ct1), resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.apprunner_service.0.default_size_inspection_limit", "KB_48"), - resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.verifiedaccess_instance.#", acctest.Ct1), - resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.verifiedaccess_instance.0.default_size_inspection_limit", "KB_64"), + resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.verified_access_instance.#", acctest.Ct1), + resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.verified_access_instance.0.default_size_inspection_limit", "KB_64"), resource.TestCheckResourceAttr(resourceName, "default_action.#", acctest.Ct1), resource.TestCheckResourceAttr(resourceName, "default_action.0.allow.#", acctest.Ct1), resource.TestCheckResourceAttr(resourceName, "default_action.0.block.#", acctest.Ct0), @@ -6039,7 +6039,7 @@ resource "aws_wafv2_web_acl" "test" { apprunner_service { default_size_inspection_limit = "KB_48" } - verifiedaccess_instance { + verified_access_instance { default_size_inspection_limit = "KB_64" } } diff --git a/website/docs/r/wafv2_web_acl.html.markdown b/website/docs/r/wafv2_web_acl.html.markdown index 6369cf2c1f37..4cc715f10cc4 100644 --- a/website/docs/r/wafv2_web_acl.html.markdown +++ b/website/docs/r/wafv2_web_acl.html.markdown @@ -439,7 +439,7 @@ resource "aws_wafv2_web_acl" "example" { cognito_user_pool { default_size_inspection_limit = "KB_64" } - verifiedaccess_instance { + verified_access_instance { default_size_inspection_limit = "KB_64" } } @@ -1013,7 +1013,7 @@ The `request_body` block supports the following arguments: * `apprunner_service` - (Optional) Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`apprunner_service`](#apprunner_service-block) below for details. * `cloudfront` - (Optional) Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`cloudfront`](#cloudfront-block) below for details. * `cognito_user_pool` - (Optional) Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`cognito_user_pool`](#cognito_user_pool-block) below for details. -* `verifiedaccess_instance` - (Optional) Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`verifiedaccess_instance`](#verifiedaccess_instance-block) below for details. +* `verified_access_instance` - (Optional) Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`verified_access_instance`](#verified_access_instance-block) below for details. ### `api_gateway` Block @@ -1039,9 +1039,9 @@ The `cognito_user_pool` block supports the following arguments: * `default_size_inspection_limit` - (Required) Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. -### `verifiedaccess_instance` Block +### `verified_access_instance` Block -The `verifiedaccess_instance` block supports the following arguments: +The `verified_access_instance` block supports the following arguments: * `default_size_inspection_limit` - (Required) Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. From 437fce505ef21dd4e4ee9fc52ee5188349c10af8 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 20 May 2024 11:10:24 -0400 Subject: [PATCH 5/6] Revert "r/aws_wafv2_web_acl: 'app_runner_service' -> 'apprunner_service'." This reverts commit 802e4df6304b1ab91d4df7b8c4ee89027a442254. --- .changelog/37588.txt | 2 +- internal/service/wafv2/schemas.go | 2 +- internal/service/wafv2/web_acl_test.go | 6 +++--- website/docs/r/wafv2_web_acl.html.markdown | 8 ++++---- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.changelog/37588.txt b/.changelog/37588.txt index f8c07057e7a2..d0be4a4cc20c 100644 --- a/.changelog/37588.txt +++ b/.changelog/37588.txt @@ -1,3 +1,3 @@ ```release-note:enhancement -resource/aws_wafv2_web_acl: Add `api_gateway`, `apprunner_service`, `cognito_user_pool`, and `verified_access_instance` configuration blocks to `association_config.request_body` +resource/aws_wafv2_web_acl: Add `api_gateway`, `app_runner_service`, `cognito_user_pool`, and `verified_access_instance` configuration blocks to the `association_config.request_body` argument ``` \ No newline at end of file diff --git a/internal/service/wafv2/schemas.go b/internal/service/wafv2/schemas.go index f0382e10fefe..66f0f2f0f60b 100644 --- a/internal/service/wafv2/schemas.go +++ b/internal/service/wafv2/schemas.go @@ -552,7 +552,7 @@ func requestBodySchema() *schema.Schema { }, }, }, - "apprunner_service": { + "app_runner_service": { Type: schema.TypeList, Optional: true, Elem: &schema.Resource{ diff --git a/internal/service/wafv2/web_acl_test.go b/internal/service/wafv2/web_acl_test.go index 255eac66f5b5..f0d58c69edad 100644 --- a/internal/service/wafv2/web_acl_test.go +++ b/internal/service/wafv2/web_acl_test.go @@ -2938,8 +2938,8 @@ func TestAccWAFV2WebACL_associationConfigRegional(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.api_gateway.0.default_size_inspection_limit", "KB_16"), resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.cognito_user_pool.#", acctest.Ct1), resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.cognito_user_pool.0.default_size_inspection_limit", "KB_32"), - resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.apprunner_service.#", acctest.Ct1), - resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.apprunner_service.0.default_size_inspection_limit", "KB_48"), + resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.app_runner_service.#", acctest.Ct1), + resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.app_runner_service.0.default_size_inspection_limit", "KB_48"), resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.verified_access_instance.#", acctest.Ct1), resource.TestCheckResourceAttr(resourceName, "association_config.0.request_body.0.verified_access_instance.0.default_size_inspection_limit", "KB_64"), resource.TestCheckResourceAttr(resourceName, "default_action.#", acctest.Ct1), @@ -6036,7 +6036,7 @@ resource "aws_wafv2_web_acl" "test" { cognito_user_pool { default_size_inspection_limit = "KB_32" } - apprunner_service { + app_runner_service { default_size_inspection_limit = "KB_48" } verified_access_instance { diff --git a/website/docs/r/wafv2_web_acl.html.markdown b/website/docs/r/wafv2_web_acl.html.markdown index 4cc715f10cc4..8b55c375afca 100644 --- a/website/docs/r/wafv2_web_acl.html.markdown +++ b/website/docs/r/wafv2_web_acl.html.markdown @@ -433,7 +433,7 @@ resource "aws_wafv2_web_acl" "example" { api_gateway { default_size_inspection_limit = "KB_64" } - apprunner_service { + app_runner_service { default_size_inspection_limit = "KB_64" } cognito_user_pool { @@ -1010,7 +1010,7 @@ The `immunity_time_property` block supports the following arguments: The `request_body` block supports the following arguments: * `api_gateway` - (Optional) Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when `scope` is set to `CLOUDFRONT`. See [`api_gateway`](#api_gateway-block) below for details. -* `apprunner_service` - (Optional) Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`apprunner_service`](#apprunner_service-block) below for details. +* `app_runner_service` - (Optional) Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`app_runner_service`](#app_runner_service-block) below for details. * `cloudfront` - (Optional) Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`cloudfront`](#cloudfront-block) below for details. * `cognito_user_pool` - (Optional) Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`cognito_user_pool`](#cognito_user_pool-block) below for details. * `verified_access_instance` - (Optional) Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See [`verified_access_instance`](#verified_access_instance-block) below for details. @@ -1021,9 +1021,9 @@ The `api_gateway` block supports the following arguments: * `default_size_inspection_limit` - (Required) Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. -### `apprunner_service` Block +### `app_runner_service` Block -The `apprunner_service` block supports the following arguments: +The `app_runner_service` block supports the following arguments: * `default_size_inspection_limit` - (Required) Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. From a85be90ce4bb29a6c0034cc3c0194a8e30ed418b Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 20 May 2024 11:11:07 -0400 Subject: [PATCH 6/6] Tweak CHANGELOG entry. --- .changelog/37588.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changelog/37588.txt b/.changelog/37588.txt index d0be4a4cc20c..dd87cc2424fa 100644 --- a/.changelog/37588.txt +++ b/.changelog/37588.txt @@ -1,3 +1,3 @@ ```release-note:enhancement -resource/aws_wafv2_web_acl: Add `api_gateway`, `app_runner_service`, `cognito_user_pool`, and `verified_access_instance` configuration blocks to the `association_config.request_body` argument +resource/aws_wafv2_web_acl: Add `api_gateway`, `app_runner_service`, `cognito_user_pool`, and `verified_access_instance` configuration blocks to `association_config.request_body` ``` \ No newline at end of file