New Resource: aws_wafregional_sql_injection_match_set

[DennyLoko]

This PR implements the aws_wafregional_sql_injection_match_set resource.

resource "aws_wafregional_sql_injection_match_set" "sql_injection_match_set" {
  name = "tf-sql_injection_match_set"
  sql_injection_match_tuples {
    text_transformation = "URL_DECODE"
    field_to_match {
      type = "QUERY_STRING"
    }
  }
}

[radeksimko]

Thanks for the PR, I left you some comments there. Let me know if you have any questions.

[radeksimko]

As we discussed in the other resource do you mind renaming this field to singular? i.e. sql_injection_match_tuple?

[radeksimko]

I think we're missing some fields here, specifically sql_injection_match_tuples and all nested fields under it. The expectation from the Terraform user is that for any resource Terraform will detect drifts from the configuration. In order to do that we need to set all the available data from the API via d.Set() here in Read func.

[radeksimko]

Because there has been a bug in the past affecting all WAF resources I'd like to see 2 more tests here, specifically with no tuples and another one changing tuples, see https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/resource_aws_waf_sql_injection_match_set_test.go#L103-L173 for inspiration and eacece2 for context (bugfix).

[radeksimko]

I think this isn't right, because during update we may be both inserting and deleting tuples, not just inserting. See eacece2 for more context.

[radeksimko]

Do you mind documenting the nested fields here, too?

[radeksimko]

I think this is typo 👀

[DennyLoko]

Hello, please for review my PR. I'll make the changes during this week.

[radeksimko]

Hi @DennyLoko
let me know if there's anything I can help you with.

Eventually if you don't have time to invest into these WAF PRs do let me know too. I'm happy to finish it (while keeping your authorship in existing commits).

[radeksimko]

FYI - As this PR has been stale for a couple of months I will take it over in coming week(s) unless you tell me not to.

[BSick7]

@radeksimko I am trying to finalize this PR @ #3199

Implemented feedback

[radeksimko]

I believe I addressed all things I saw myself as blockers, I think it's worth one more review from someone with a fresh eye though.

==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAWSWafRegionalSqlInjectionMatchSet_ -timeout 120m
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_basic
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_basic (46.09s)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_changeNameForceNew
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_changeNameForceNew (78.77s)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_disappears
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_disappears (38.74s)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_changeTuples
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_changeTuples (75.93s)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_noTuples
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_noTuples (38.09s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	277.655s

[bflad]

Overall in pretty awesome shape as usual! Few nitpicks then its good to ship!

5 tests passed (all tests)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_disappears
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_disappears (10.55s)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_noTuples
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_noTuples (19.74s)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_changeTuples
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_changeTuples (22.75s)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_changeNameForceNew
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_changeNameForceNew (23.86s)
=== RUN   TestAccAWSWafRegionalSqlInjectionMatchSet_basic
--- PASS: TestAccAWSWafRegionalSqlInjectionMatchSet_basic (25.59s)

[bflad]

Minor nitpick: Extraneous &schema.Schema

[bflad]

Something up for discussion: should we automatically be adding ValidateFunc: validation.NoZeroValues, for Required: true and Type: schema.TypeString where it makes sense?

[radeksimko]

Hm, I'm not sure - it sounds like something that should be solved at higher (schema) level. I mean if from provider-dev perspective I say "it's required" I'd just assume that's enough to say there are no empty strings allowed.

Maybe there are edge cases when we do not want that though? 🤷‍♂️

[bflad]

I agree that it likely should be fixed upstream 😄 The only weird edge cases I can think of are module usage somehow, but even that sounds pretty far fetched.

[bflad]

Minor nitpick: Extraneous backslashes

[bflad]

Nitpick: Extraneous header

[bflad]

Nitpick: Should define syntax as hcl

[bflad]

Nitpick: this function looks like it duplicates the above one

[bflad]

Minor nitpick: errwrap.Wrapf() usage instead of fmt.Errorf() (same with below)

[bflad]

This has been released in version 1.12.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!