New Resource: aws_wafregional_xss_match_set #1014
Conversation
DennyLoko
force-pushed
the
aws_wafregional_xss_match_set
branch
from
5bbeb20
to
f25ea30
Compare
There was a problem hiding this comment.
Thanks for the PR, I left you some comments there in a very similar fashion to #1013
I will leave your other WAF regional PRs for now until these two are fixed, but I reckon the same issues will need addressing there too, once we get there.
Let me know if you have any questions.
| Required: true, | ||
| ForceNew: true, | ||
| }, | ||
| "xss_match_tuples": &schema.Schema{ |
There was a problem hiding this comment.
As we discussed in the other resource do you mind renaming this field to singular? i.e. xss_match_tuple?
| resp, err := conn.GetXssMatchSet(params) | ||
| if err != nil { | ||
| if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "WAFNonexistentItemException" { | ||
| log.Printf("[WARN] WAF IPSet (%s) not found, error code (404)", d.Id()) |
There was a problem hiding this comment.
Typo here - this is XSS Match Set, not IPSet.
| } | ||
|
|
||
| d.Set("name", resp.XssMatchSet.Name) | ||
|
|
There was a problem hiding this comment.
I think we're missing some fields here, specifically xss_match_tuples and all nested fields under it. The expectation from the Terraform user is that for any resource Terraform will detect drifts from the configuration. In order to do that we need to set all the available data from the API via d.Set() here in Read func.
|
|
||
| func resourceAwsWafRegionalXssMatchSetUpdate(d *schema.ResourceData, meta interface{}) error { | ||
| log.Printf("[INFO] Updating XssMatchSet: %s", d.Get("name").(string)) | ||
| err := updateXssMatchSetResourceWR(d, meta, waf.ChangeActionInsert) |
There was a problem hiding this comment.
I think this isn't right, because during update we may be both inserting and deleting tuples, not just inserting. See 99e75ad for more context.
| }, | ||
| }) | ||
| } | ||
|
|
There was a problem hiding this comment.
Because there has been a bug in the past affecting all WAF resources I'd like to see 2 more tests here, specifically with no tuples and another one changing tuples, see https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/resource_aws_waf_xss_match_set_test.go#L111-L197 for inspiration and 99e75ad for context (bugfix).
|
|
||
| func testAccCheckAWSWafRegionalXssMatchSetDestroy(s *terraform.State) error { | ||
| for _, rs := range s.RootModule().Resources { | ||
| if rs.Type != "aws_wafregional_byte_match_set" { |
| The following arguments are supported: | ||
|
|
||
| * `name` - (Required) The name or description of the SizeConstraintSet. | ||
| * `xss_match_tuples` - The parts of web requests that you want to inspect for cross-site scripting attacks. |
There was a problem hiding this comment.
Do you mind documenting all the nested fields here, too?
radeksimko
added
the
waiting-response
|
Hi @DennyLoko Do you think you would have time to finish this PR? Thanks! |
|
FYI - As this PR has been stale for a couple of months I will take it over in coming week(s) unless you tell me not to. |
radeksimko
added
the
size/L
radeksimko
changed the title
radeksimko
force-pushed
the
aws_wafregional_xss_match_set
branch
from
f25ea30
to
60f3ff6
Compare
ghost
added
size/XL
radeksimko
removed
the
waiting-response
radeksimko
force-pushed
the
aws_wafregional_xss_match_set
branch
from
60f3ff6
to
402d66d
Compare
radeksimko
force-pushed
the
aws_wafregional_xss_match_set
branch
from
402d66d
to
4e0cc78
Compare
|
I believe I addressed all things I saw myself as blockers, I think it's worth one more review from someone with a fresh eye though. |
There was a problem hiding this comment.
A few minor nits, but it looks good!
5 tests passed (all tests)
=== RUN TestAccAWSWafRegionalXssMatchSet_noTuples
--- PASS: TestAccAWSWafRegionalXssMatchSet_noTuples (11.10s)
=== RUN TestAccAWSWafRegionalXssMatchSet_disappears
--- PASS: TestAccAWSWafRegionalXssMatchSet_disappears (13.78s)
=== RUN TestAccAWSWafRegionalXssMatchSet_changeTuples
--- PASS: TestAccAWSWafRegionalXssMatchSet_changeTuples (18.37s)
=== RUN TestAccAWSWafRegionalXssMatchSet_basic
--- PASS: TestAccAWSWafRegionalXssMatchSet_basic (25.62s)
=== RUN TestAccAWSWafRegionalXssMatchSet_changeNameForceNew
--- PASS: TestAccAWSWafRegionalXssMatchSet_changeNameForceNew (28.88s)
| }) | ||
| } | ||
|
|
||
| func TestAccAWSWafRegionalXssMatchSet_noTuples(t *testing.T) { |
There was a problem hiding this comment.
Minor nitpick: Given the tuples attribute is optional, seems like we should swap this test's contents for the _basic one then name that one appropriately
There was a problem hiding this comment.
Yeah, I agree, but I'd prefer to do the cleanup across all WAF resources afterwards as the issue is not unique to this resource or PR 😉
| #### `xss_match_tuple` | ||
|
|
||
| * `field_to_match` - (Required) Specifies where in a web request to look for cross-site scripting attacks. | ||
| * `text_transformation` - (Required) Which text transformation, if any, to perform on the web request before inspecting the request for cross-site scripting attacks. |
There was a problem hiding this comment.
Minor nitpick: we should probably point to the (rather complex) documentation here.
There was a problem hiding this comment.
Agreed, but I'd prefer to do the cleanup across all WAF resources afterwards as the issue is not unique to this resource or PR 😉
|
|
||
| The following arguments are supported: | ||
|
|
||
| * `name` - (Required) The name or description of the SizeConstraintSet. |
There was a problem hiding this comment.
Copypasta 🍝 : SizeConstraintSet
radeksimko
force-pushed
the
aws_wafregional_xss_match_set
branch
from
4e0cc78
to
c8c384d
Compare
|
This has been released in version 1.12.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
This PR is a port of the originally opened by @yusukegoto at hashicorp/terraform#13709.