Skip to content

Commit

Permalink
Merge pull request #14964 from terraform-providers/b-waf-rate-based-rule
Browse files Browse the repository at this point in the history
resource/waf_rate_based_rule: add rate_limit to the list of possible update changes
  • Loading branch information
anGie44 authored Sep 2, 2020
2 parents 559155c + 2c3134b commit 393eb26
Show file tree
Hide file tree
Showing 2 changed files with 77 additions and 1 deletion.
2 changes: 1 addition & 1 deletion aws/resource_aws_waf_rate_based_rule.go
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ func resourceAwsWafRateBasedRuleRead(d *schema.ResourceData, meta interface{}) e
func resourceAwsWafRateBasedRuleUpdate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).wafconn

if d.HasChange("predicates") {
if d.HasChanges("predicates", "rate_limit") {
o, n := d.GetChange("predicates")
oldP, newP := o.(*schema.Set).List(), n.(*schema.Set).List()
rateLimit := d.Get("rate_limit")
Expand Down
76 changes: 76 additions & 0 deletions aws/resource_aws_waf_rate_based_rule_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,55 @@ func TestAccAWSWafRateBasedRule_changePredicates(t *testing.T) {
})
}

// Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/9659
func TestAccAWSWafRateBasedRule_changeRateLimit(t *testing.T) {
var ipset waf.IPSet
var before, after waf.RateBasedRule
ruleName := fmt.Sprintf("wafrule%s", acctest.RandString(5))
resourceName := "aws_waf_rate_based_rule.wafrule"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSWaf(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSWafRuleDestroy,
Steps: []resource.TestStep{
{
Config: testAccAWSWafRateBasedRuleConfig_changeRateLimit(ruleName, 4000),
Check: resource.ComposeAggregateTestCheckFunc(
testAccCheckAWSWafIPSetExists("aws_waf_ipset.ipset", &ipset),
testAccCheckAWSWafRateBasedRuleExists(resourceName, &before),
resource.TestCheckResourceAttr(resourceName, "name", ruleName),
resource.TestCheckResourceAttr(resourceName, "rate_limit", "4000"),
resource.TestCheckResourceAttr(resourceName, "predicates.#", "1"),
tfawsresource.TestCheckTypeSetElemNestedAttrs(resourceName, "predicates.*", map[string]string{
"negated": "false",
"type": "IPMatch",
}),
),
},
{
Config: testAccAWSWafRateBasedRuleConfig_changeRateLimit(ruleName, 3000),
Check: resource.ComposeAggregateTestCheckFunc(
testAccCheckAWSWafIPSetExists("aws_waf_ipset.ipset", &ipset),
testAccCheckAWSWafRateBasedRuleExists(resourceName, &after),
resource.TestCheckResourceAttr(resourceName, "name", ruleName),
resource.TestCheckResourceAttr(resourceName, "rate_limit", "3000"),
resource.TestCheckResourceAttr(resourceName, "predicates.#", "1"),
tfawsresource.TestCheckTypeSetElemNestedAttrs(resourceName, "predicates.*", map[string]string{
"negated": "false",
"type": "IPMatch",
}),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccAWSWafRateBasedRule_noPredicates(t *testing.T) {
var rule waf.RateBasedRule
ruleName := fmt.Sprintf("wafrule%s", acctest.RandString(5))
Expand Down Expand Up @@ -313,6 +362,33 @@ resource "aws_waf_rate_based_rule" "wafrule" {
`, name, name, name)
}

func testAccAWSWafRateBasedRuleConfig_changeRateLimit(name string, rateLimit int) string {
return fmt.Sprintf(`
resource "aws_waf_ipset" "ipset" {
name = "%s"
ip_set_descriptors {
type = "IPV4"
value = "192.0.7.0/24"
}
}
resource "aws_waf_rate_based_rule" "wafrule" {
depends_on = [aws_waf_ipset.ipset]
name = "%[1]s"
metric_name = "%[1]s"
rate_key = "IP"
rate_limit = %[2]d
predicates {
data_id = aws_waf_ipset.ipset.id
negated = false
type = "IPMatch"
}
}
`, name, rateLimit)
}

func testAccAWSWafRateBasedRuleConfigChangeName(name string) string {
return fmt.Sprintf(`
resource "aws_waf_ipset" "ipset" {
Expand Down

0 comments on commit 393eb26

Please sign in to comment.