Add tags to WAF WebACL, Rule & Rule Group Resources

[DrFaust92]

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Relates to #9289

Release note for CHANGELOG:

- resource/resource_aws_waf_rule: Add `tags` argument.
- resource/resource_aws_waf_web_acl: Add `tags` argument.
- resource/resource_aws_waf_rule_group: Add `tags` argument.

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccAWSWaFWebAcl_'

=== RUN   TestAccAWSWafWebAcl_basic
=== PAUSE TestAccAWSWafWebAcl_basic
=== CONT  TestAccAWSWafWebAcl_basic
--- PASS: TestAccAWSWafWebAcl_basic (54.26s)
=== RUN   TestAccAWSWafWebAcl_changeNameForceNew
=== PAUSE TestAccAWSWafWebAcl_changeNameForceNew
=== CONT  TestAccAWSWafWebAcl_changeNameForceNew
--- PASS: TestAccAWSWafWebAcl_changeNameForceNew (76.04s)
=== RUN   TestAccAWSWafWebAcl_DefaultAction
=== PAUSE TestAccAWSWafWebAcl_DefaultAction
=== CONT  TestAccAWSWafWebAcl_DefaultAction
--- PASS: TestAccAWSWafWebAcl_DefaultAction (95.53s)
=== RUN   TestAccAWSWafWebAcl_Rules
=== PAUSE TestAccAWSWafWebAcl_Rules
=== CONT  TestAccAWSWafWebAcl_Rules
--- FAIL: TestAccAWSWafWebAcl_Rules (145.75s)
    testing.go:569: Step 2 error: errors during apply:
        
        Error: Error deleting WAF Rule: WAFReferencedItemException: This entity is still referenced by other entities.
        	status code: 400, request id: 04e760a2-ec28-11e9-92e8-8baa677d2d68
        
        
=== RUN   TestAccAWSWafWebAcl_LoggingConfiguration
=== PAUSE TestAccAWSWafWebAcl_LoggingConfiguration
=== CONT  TestAccAWSWafWebAcl_LoggingConfiguration
--- PASS: TestAccAWSWafWebAcl_LoggingConfiguration (197.73s)
=== RUN   TestAccAWSWafWebAcl_disappears
=== PAUSE TestAccAWSWafWebAcl_disappears
=== CONT  TestAccAWSWafWebAcl_disappears
--- PASS: TestAccAWSWafWebAcl_disappears (40.43s)
=== RUN   TestAccAWSWafWebAcl_Tags
=== PAUSE TestAccAWSWafWebAcl_Tags
=== CONT  TestAccAWSWafWebAcl_Tags
--- PASS: TestAccAWSWafWebAcl_Tags (105.80s)
...

$ make testacc TESTARGS='-run=TestAccAWSWaFRuleGroup_'

=== RUN   TestAccAWSWafRuleGroup_basic
=== PAUSE TestAccAWSWafRuleGroup_basic
=== CONT  TestAccAWSWafRuleGroup_basic
--- PASS: TestAccAWSWafRuleGroup_basic (67.32s)
=== RUN   TestAccAWSWafRuleGroup_changeNameForceNew
=== PAUSE TestAccAWSWafRuleGroup_changeNameForceNew
=== CONT  TestAccAWSWafRuleGroup_changeNameForceNew
--- PASS: TestAccAWSWafRuleGroup_changeNameForceNew (89.21s)
=== RUN   TestAccAWSWafRuleGroup_disappears
=== PAUSE TestAccAWSWafRuleGroup_disappears
=== CONT  TestAccAWSWafRuleGroup_disappears
--- PASS: TestAccAWSWafRuleGroup_disappears (55.54s)
=== RUN   TestAccAWSWafRuleGroup_changeActivatedRules
=== PAUSE TestAccAWSWafRuleGroup_changeActivatedRules
=== CONT  TestAccAWSWafRuleGroup_changeActivatedRules
--- PASS: TestAccAWSWafRuleGroup_changeActivatedRules (96.20s)
=== RUN   TestAccAWSWafRuleGroup_Tags
=== PAUSE TestAccAWSWafRuleGroup_Tags
=== CONT  TestAccAWSWafRuleGroup_Tags
--- PASS: TestAccAWSWafRuleGroup_Tags (96.91s)
=== RUN   TestAccAWSWafRuleGroup_noActivatedRules
=== PAUSE TestAccAWSWafRuleGroup_noActivatedRules
=== CONT  TestAccAWSWafRuleGroup_noActivatedRules
--- PASS: TestAccAWSWafRuleGroup_noActivatedRules (38.98s)

$ make testacc TESTARGS='-run=TestAccAWSWaFRule_'

=== RUN   TestAccAWSWafRule_basic
=== PAUSE TestAccAWSWafRule_basic
=== CONT  TestAccAWSWafRule_basic
=== RUN   TestAccAWSWafRule_changeNameForceNew
=== PAUSE TestAccAWSWafRule_changeNameForceNew
=== RUN   TestAccAWSWafRule_disappears
=== PAUSE TestAccAWSWafRule_disappears
=== CONT  TestAccAWSWafRule_disappears
=== RUN   TestAccAWSWafRule_changePredicates
=== PAUSE TestAccAWSWafRule_changePredicates
=== RUN   TestAccAWSWafRule_geoMatchSetPredicate
=== PAUSE TestAccAWSWafRule_geoMatchSetPredicate
=== CONT  TestAccAWSWafRule_geoMatchSetPredicate
=== RUN   TestAccAWSWafRule_noPredicates
=== PAUSE TestAccAWSWafRule_noPredicates
=== CONT  TestAccAWSWafRule_noPredicates
--- PASS: TestAccAWSWafRule_noPredicates (37.86s)
=== RUN   TestAccAWSWafRule_Tags
=== PAUSE TestAccAWSWafRule_Tags
=== CONT  TestAccAWSWafRule_Tags
--- PASS: TestAccAWSWafRule_basic (65.84s)
=== CONT  TestAccAWSWafRule_changePredicates
=== CONT  TestAccAWSWafRule_changeNameForceNew
--- PASS: TestAccAWSWafRule_geoMatchSetPredicate (69.30s)
--- PASS: TestAccAWSWafRule_disappears (53.59s)
--- PASS: TestAccAWSWafRule_Tags (108.77s)
--- PASS: TestAccAWSWafRule_changePredicates (80.81s)
--- PASS: TestAccAWSWafRule_changeNameForceNew (89.17s)

[bflad]

Thanks again for submitting this, @DrFaust92 -- please reach out if you have any questions or do not have time to implement the feedback items. 😄

[DrFaust92]

hey @bflad,
im new to golang and after the proposed change i get this message:

any idea what needs to change in the project settings? (i guess that is the issue and not the package itself)

[bflad]

@DrFaust92 hmm, since the internal package is within this Go module, it shouldn't be complaining. That seems like an issue with your editor. Here's some Go documentation on internal packages for reference.

Also please note that if these tag additions are done in separate PRs per-resource, we can merge them immediately once the resource code, acceptance testing, and documentation is ready for that one resource (rather than waiting for everything to be done). 😄

[DrFaust92]

@bflad,
TestAccAWSWafWebAcl_Rules test seems to fail with the following error:

 Error: Error deleting WAF Rule: WAFReferencedItemException: This entity is still referenced by other entities.
        	status code: 400, request id: 04e760a2-ec28-11e9-92e8-8baa677d2d68
        

this is unrelated to the change im adding as it fails on master as well.

[bflad]

@DrFaust92 thanks for bringing that up. Yeah, that one is indeed flakey/failing on master. You can ignore that in your testing. 👍

[DrFaust92]

Also please note that if these tag additions are done in separate PRs per-resource, we can merge them immediately once the resource code, acceptance testing, and documentation is ready for that one resource (rather than waiting for everything to be done). 😄

@bflad, i realised my mistake too late. descoping this to only a few resources and i'll open other PRs for other resources (or related tasks)

i think this is ready now. thanks for the support on this!

[bflad]

Looks great, @DrFaust92, thanks so much for your work here! 🚀

--- PASS: TestAccAWSWafRuleGroup_noActivatedRules (15.91s)
--- PASS: TestAccAWSWafRuleGroup_Tags (39.80s)
--- PASS: TestAccAWSWafRule_Tags (70.48s)
--- PASS: TestAccAWSWafRule_changeNameForceNew (74.99s)
--- PASS: TestAccAWSWafRule_noPredicates (76.48s)
--- PASS: TestAccAWSWafWebAcl_DefaultAction (91.12s)
--- PASS: TestAccAWSWafWebAcl_Tags (93.10s)
--- PASS: TestAccAWSWafRuleGroup_basic (108.74s)
--- PASS: TestAccAWSWafWebAcl_disappears (109.73s)
--- PASS: TestAccAWSWafWebAcl_LoggingConfiguration (127.80s)
--- PASS: TestAccAWSWafWebAcl_basic (129.29s)
--- PASS: TestAccAWSWafRule_basic (141.68s)
--- PASS: TestAccAWSWafRule_geoMatchSetPredicate (142.90s)
--- PASS: TestAccAWSWafRuleGroup_changeActivatedRules (151.86s)
--- PASS: TestAccAWSWafRule_changePredicates (161.65s)
--- PASS: TestAccAWSWafWebAcl_changeNameForceNew (174.97s)
--- PASS: TestAccAWSWafRuleGroup_changeNameForceNew (181.00s)
--- PASS: TestAccAWSWafRule_disappears (192.69s)
--- PASS: TestAccAWSWafRuleGroup_disappears (205.69s)

[bflad]

Nit: For the future, it might be nice to expose the ARN as an attribute as well if folks need it for other reasons (and we can also use d.Get("arn").(string) in the Update function as well) 👍

In the resource code:

// Resource schema
"arn": {
	Type:     schema.TypeString,
	Computed: true,
}

// Read function (or Create function if needed in there first)
arn := arn.ARN{/* ... */}.String()
d.Set("arn", arn)

// Update function can access via
d.Get("arn").(string)

Acceptance testing:

// In the _basic test, one of the following
// Depending on global/regional ARN and known resource value (Check) or regex (Match)
testAccCheckResourceAttrGlobalARN(resourceName, "arn", "iam", fmt.Sprintf("policy/%s", rName)),

testAccMatchResourceAttrGlobalARN(resourceName, "arn", "organizations", regexp.MustCompile(`organization/o-.+`)),

testAccCheckResourceAttrRegionalARN(resourceName, "arn", "athena", fmt.Sprintf("workgroup/%s", rName)),

testAccMatchResourceAttrRegionalARN(resourceName, "arn", "acm", regexp.MustCompile(`certificate/.+`)),

Resource documentation (attributes section):

* `arn` - Amazon Resource Name (ARN)

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!