From 84cb117ba0b346de2192c182394a11f068bec62d Mon Sep 17 00:00:00 2001
From: Rob H <rob.houghton@cdl.co.uk>
Date: Thu, 11 Jul 2019 22:46:20 +0100
Subject: [PATCH 1/3] added data source for WAFRegional Web ACL

---
 aws/data_source_aws_waf_web_acl.go      | 64 ++++++++++++++++++++
 aws/data_source_aws_waf_web_acl_test.go | 78 +++++++++++++++++++++++++
 aws/provider.go                         |  1 +
 website/aws.erb                         |  3 +
 website/docs/d/wafregional_web_acl.html | 30 ++++++++++
 5 files changed, 176 insertions(+)
 create mode 100644 aws/data_source_aws_waf_web_acl.go
 create mode 100644 aws/data_source_aws_waf_web_acl_test.go
 create mode 100644 website/docs/d/wafregional_web_acl.html

diff --git a/aws/data_source_aws_waf_web_acl.go b/aws/data_source_aws_waf_web_acl.go
new file mode 100644
index 00000000000..552e2ea8c36
--- /dev/null
+++ b/aws/data_source_aws_waf_web_acl.go
@@ -0,0 +1,64 @@
+package aws
+
+import (
+	"fmt"
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/waf"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func dataSourceAwsWafRegionalWebAcl() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAwsWafRegionalWebAclRead,
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceAwsWafRegionalWebAclRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).wafregionalconn
+	name := d.Get("name").(string)
+
+	acls := make([]*waf.WebACLSummary, 0)
+	// ListRulesInput does not have a name parameter for filtering
+	input := &waf.ListWebACLsInput{}
+	for {
+		output, err := conn.ListWebACLs(input)
+		if err != nil {
+			return fmt.Errorf("error reading web ACLs: %s", err)
+		}
+		for _, acl := range output.WebACLs {
+			if aws.StringValue(acl.Name) == name {
+				acls = append(acls, acl)
+			}
+		}
+
+		if output.NextMarker == nil {
+			break
+		}
+		input.NextMarker = output.NextMarker
+	}
+
+	if len(acls) == 0 {
+		return fmt.Errorf("web ACLs not found for name: %s", name)
+	}
+
+	if len(acls) > 1 {
+		return fmt.Errorf("multiple web ACLs found for name: %s", name)
+	}
+
+	acl := acls[0]
+
+	d.SetId(aws.StringValue(acl.WebACLId))
+
+	return nil
+}
diff --git a/aws/data_source_aws_waf_web_acl_test.go b/aws/data_source_aws_waf_web_acl_test.go
new file mode 100644
index 00000000000..8d2e5d690ef
--- /dev/null
+++ b/aws/data_source_aws_waf_web_acl_test.go
@@ -0,0 +1,78 @@
+package aws
+
+import (
+	"fmt"
+	"regexp"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccDataSourceAwsWafRegionalWebAcl_Basic(t *testing.T) {
+	name := "tf-acc-test"
+	resourceName := "aws_wafregional_web_acl.web_acl"
+	datasourceName := "data.aws_wafregional_web_acl.web_acl"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config:      testAccDataSourceAwsWafRegionalWebAclConfig_NonExistent,
+				ExpectError: regexp.MustCompile(`web ACLs not found`),
+			},
+			{
+				Config: testAccDataSourceAwsWafRegionalWebAclConfig_Name(name),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(datasourceName, "id", resourceName, "id"),
+					resource.TestCheckResourceAttrPair(datasourceName, "name", resourceName, "name"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceAwsWafRegionalWebAclConfig_Name(name string) string {
+	return fmt.Sprintf(`
+resource "aws_wafregional_rule" "wafrule" {
+  name        = "%s"
+  metric_name = "WafruleTest"
+  predicate {
+    data_id = "${aws_wafregional_ipset.test.id}"
+    negated = false
+    type    = "IPMatch"
+  }
+}
+resource "aws_wafregional_ipset" "test" {
+  name              = "%s"
+  ip_set_descriptor {
+    type  = "IPV4"
+    value = "10.0.0.0/8"
+  }
+}
+resource "aws_wafregional_web_acl" "web_acl" {
+  name        = "%s"
+  metric_name = "tfWebACL"
+  default_action {
+    type = "ALLOW"
+  }
+  rule {
+    action {
+      type = "BLOCK"
+    }
+    priority = 1
+    rule_id  = "${aws_wafregional_rule.wafrule.id}"
+    type     = "REGULAR"
+  }
+}
+data "aws_wafregional_web_acl" "web_acl" {
+  name = "${aws_wafregional_web_acl.web_acl.name}"
+}
+`, name, name, name)
+}
+
+const testAccDataSourceAwsWafRegionalWebAclConfig_NonExistent = `
+data "aws_wafregional_web_acl" "web_acl" {
+  name = "tf-acc-test-does-not-exist"
+}
+`
diff --git a/aws/provider.go b/aws/provider.go
index 4d7c6f312ca..7f1a1a6af68 100644
--- a/aws/provider.go
+++ b/aws/provider.go
@@ -272,6 +272,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_vpc_endpoint_service":                      dataSourceAwsVpcEndpointService(),
 			"aws_vpc_peering_connection":                    dataSourceAwsVpcPeeringConnection(),
 			"aws_vpn_gateway":                               dataSourceAwsVpnGateway(),
+			"aws_wafregional_web_acl":                       dataSourceAwsWafRegionalWebAcl(),
 			"aws_workspaces_bundle":                         dataSourceAwsWorkspaceBundle(),
 
 			// Adding the Aliases for the ALB -> LB Rename
diff --git a/website/aws.erb b/website/aws.erb
index 9f9b5088f4b..282463058df 100644
--- a/website/aws.erb
+++ b/website/aws.erb
@@ -451,6 +451,9 @@
                         <li>
                             <a href="/docs/providers/aws/d/vpn_gateway.html">aws_vpn_gateway</a>
                         </li>
+                        <li>
+                          <a href="/docs/providers/aws/d/wafregional_web_acl.html">aws_wafregional_web_acl</a>
+                        </li>
                         <li>
                             <a href="/docs/providers/aws/d/workspaces_bundle.html">aws_workspaces_bundle</a>
                         </li>
diff --git a/website/docs/d/wafregional_web_acl.html b/website/docs/d/wafregional_web_acl.html
new file mode 100644
index 00000000000..d3acc634416
--- /dev/null
+++ b/website/docs/d/wafregional_web_acl.html
@@ -0,0 +1,30 @@
+---
+layout: "aws"
+page_title: "AWS: aws_wafregional_web_acl"
+sidebar_current: "docs-aws-datasource-wafregional-web-acl"
+description: |-
+Retrieves a WAF Regional Web ACL id.
+---
+
+# Data Source: aws_wafregional_web_acl
+
+`aws_wafregional_web_acl` Retrieves a WAF Regional Web ACL Resource Id.
+
+## Example Usage
+
+```hcl
+data "aws_wafregional_web_acl" "example" {
+name = "tfWAFRule"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the WAF Web ACL.
+
+## Attributes Reference
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The ID of the WAF Regional WebACL.
\ No newline at end of file

From 3f27586de4376ea08d9a3a2aa8e8f60b1677a888 Mon Sep 17 00:00:00 2001
From: Rob H <rob.houghton@cdl.co.uk>
Date: Fri, 12 Jul 2019 11:59:12 +0100
Subject: [PATCH 2/3] Updated comment

---
 aws/data_source_aws_waf_web_acl.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws/data_source_aws_waf_web_acl.go b/aws/data_source_aws_waf_web_acl.go
index 552e2ea8c36..266d376c77a 100644
--- a/aws/data_source_aws_waf_web_acl.go
+++ b/aws/data_source_aws_waf_web_acl.go
@@ -29,7 +29,7 @@ func dataSourceAwsWafRegionalWebAclRead(d *schema.ResourceData, meta interface{}
 	name := d.Get("name").(string)
 
 	acls := make([]*waf.WebACLSummary, 0)
-	// ListRulesInput does not have a name parameter for filtering
+	// ListWebACLsInput does not have a name parameter for filtering
 	input := &waf.ListWebACLsInput{}
 	for {
 		output, err := conn.ListWebACLs(input)

From aa59c67bab3e9591f55136cf52b75f5abf10810b Mon Sep 17 00:00:00 2001
From: Rob H <rob.houghton@cdl.co.uk>
Date: Wed, 17 Jul 2019 18:27:44 +0100
Subject: [PATCH 3/3] Updated after initial Review

---
 ...=> data_source_aws_wafregional_web_acl.go} |  4 ---
 ...ta_source_aws_wafregional_web_acl_test.go} | 32 +++----------------
 ...html => wafregional_web_acl.html.markdown} |  4 +--
 3 files changed, 7 insertions(+), 33 deletions(-)
 rename aws/{data_source_aws_waf_web_acl.go => data_source_aws_wafregional_web_acl.go} (94%)
 rename aws/{data_source_aws_waf_web_acl_test.go => data_source_aws_wafregional_web_acl_test.go} (70%)
 rename website/docs/d/{wafregional_web_acl.html => wafregional_web_acl.html.markdown} (90%)

diff --git a/aws/data_source_aws_waf_web_acl.go b/aws/data_source_aws_wafregional_web_acl.go
similarity index 94%
rename from aws/data_source_aws_waf_web_acl.go
rename to aws/data_source_aws_wafregional_web_acl.go
index 266d376c77a..585479a197a 100644
--- a/aws/data_source_aws_waf_web_acl.go
+++ b/aws/data_source_aws_wafregional_web_acl.go
@@ -16,10 +16,6 @@ func dataSourceAwsWafRegionalWebAcl() *schema.Resource {
 				Type:     schema.TypeString,
 				Required: true,
 			},
-			"id": {
-				Type:     schema.TypeString,
-				Computed: true,
-			},
 		},
 	}
 }
diff --git a/aws/data_source_aws_waf_web_acl_test.go b/aws/data_source_aws_wafregional_web_acl_test.go
similarity index 70%
rename from aws/data_source_aws_waf_web_acl_test.go
rename to aws/data_source_aws_wafregional_web_acl_test.go
index 8d2e5d690ef..fe969cf8454 100644
--- a/aws/data_source_aws_waf_web_acl_test.go
+++ b/aws/data_source_aws_wafregional_web_acl_test.go
@@ -2,6 +2,7 @@ package aws
 
 import (
 	"fmt"
+	"github.com/hashicorp/terraform/helper/acctest"
 	"regexp"
 	"testing"
 
@@ -9,7 +10,7 @@ import (
 )
 
 func TestAccDataSourceAwsWafRegionalWebAcl_Basic(t *testing.T) {
-	name := "tf-acc-test"
+	name := acctest.RandomWithPrefix("tf-acc-test")
 	resourceName := "aws_wafregional_web_acl.web_acl"
 	datasourceName := "data.aws_wafregional_web_acl.web_acl"
 
@@ -34,41 +35,18 @@ func TestAccDataSourceAwsWafRegionalWebAcl_Basic(t *testing.T) {
 
 func testAccDataSourceAwsWafRegionalWebAclConfig_Name(name string) string {
 	return fmt.Sprintf(`
-resource "aws_wafregional_rule" "wafrule" {
-  name        = "%s"
-  metric_name = "WafruleTest"
-  predicate {
-    data_id = "${aws_wafregional_ipset.test.id}"
-    negated = false
-    type    = "IPMatch"
-  }
-}
-resource "aws_wafregional_ipset" "test" {
-  name              = "%s"
-  ip_set_descriptor {
-    type  = "IPV4"
-    value = "10.0.0.0/8"
-  }
-}
 resource "aws_wafregional_web_acl" "web_acl" {
-  name        = "%s"
+  name        = %[1]q
   metric_name = "tfWebACL"
   default_action {
     type = "ALLOW"
   }
-  rule {
-    action {
-      type = "BLOCK"
-    }
-    priority = 1
-    rule_id  = "${aws_wafregional_rule.wafrule.id}"
-    type     = "REGULAR"
-  }
 }
+
 data "aws_wafregional_web_acl" "web_acl" {
   name = "${aws_wafregional_web_acl.web_acl.name}"
 }
-`, name, name, name)
+`, name)
 }
 
 const testAccDataSourceAwsWafRegionalWebAclConfig_NonExistent = `
diff --git a/website/docs/d/wafregional_web_acl.html b/website/docs/d/wafregional_web_acl.html.markdown
similarity index 90%
rename from website/docs/d/wafregional_web_acl.html
rename to website/docs/d/wafregional_web_acl.html.markdown
index d3acc634416..f4a6a83a78b 100644
--- a/website/docs/d/wafregional_web_acl.html
+++ b/website/docs/d/wafregional_web_acl.html.markdown
@@ -3,7 +3,7 @@
 page_title: "AWS: aws_wafregional_web_acl"
 sidebar_current: "docs-aws-datasource-wafregional-web-acl"
 description: |-
-Retrieves a WAF Regional Web ACL id.
+    Retrieves a WAF Regional Web ACL id.
 ---
 
 # Data Source: aws_wafregional_web_acl
@@ -14,7 +14,7 @@
 
 ```hcl
 data "aws_wafregional_web_acl" "example" {
-name = "tfWAFRule"
+    name = "tfWAFRule"
 }
 ```