Skip to content

Commit

Permalink
add rate_limit to list of possible update changes
Browse files Browse the repository at this point in the history
  • Loading branch information
anGie44 committed Sep 1, 2020
1 parent 5224dd9 commit eb4aebd
Show file tree
Hide file tree
Showing 2 changed files with 80 additions and 1 deletion.
2 changes: 1 addition & 1 deletion aws/resource_aws_waf_rate_based_rule.go
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ func resourceAwsWafRateBasedRuleRead(d *schema.ResourceData, meta interface{}) e
func resourceAwsWafRateBasedRuleUpdate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).wafconn

if d.HasChange("predicates") {
if d.HasChanges("predicates", "rate_limit") {
o, n := d.GetChange("predicates")
oldP, newP := o.(*schema.Set).List(), n.(*schema.Set).List()
rateLimit := d.Get("rate_limit")
Expand Down
79 changes: 79 additions & 0 deletions aws/resource_aws_waf_rate_based_rule_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,58 @@ func TestAccAWSWafRateBasedRule_changePredicates(t *testing.T) {
})
}

// Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/9659
func TestAccAWSWafRateBasedRule_changeRateLimit(t *testing.T) {
var ipset waf.IPSet
var before, after waf.RateBasedRule
var idx int
ruleName := fmt.Sprintf("wafrule%s", acctest.RandString(5))
resourceName := "aws_waf_rate_based_rule.wafrule"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSWaf(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSWafRuleDestroy,
Steps: []resource.TestStep{
{
Config: testAccAWSWafRateBasedRuleConfig_changeRateLimit(ruleName, 4000),
Check: resource.ComposeAggregateTestCheckFunc(
testAccCheckAWSWafIPSetExists("aws_waf_ipset.ipset", &ipset),
testAccCheckAWSWafRateBasedRuleExists(resourceName, &before),
resource.TestCheckResourceAttr(resourceName, "name", ruleName),
resource.TestCheckResourceAttr(resourceName, "rate_limit", "4000"),
resource.TestCheckResourceAttr(resourceName, "predicates.#", "1"),
computeWafRateBasedRulePredicateWithIpSet(&ipset, false, "IPMatch", &idx),
tfawsresource.TestCheckTypeSetElemNestedAttrs(resourceName, "predicates.*", map[string]string{
"negated": "false",
"type": "IPMatch",
}),
),
},
{
Config: testAccAWSWafRateBasedRuleConfig_changeRateLimit(ruleName, 3000),
Check: resource.ComposeAggregateTestCheckFunc(
testAccCheckAWSWafIPSetExists("aws_waf_ipset.ipset", &ipset),
testAccCheckAWSWafRateBasedRuleExists(resourceName, &after),
resource.TestCheckResourceAttr(resourceName, "name", ruleName),
resource.TestCheckResourceAttr(resourceName, "rate_limit", "3000"),
resource.TestCheckResourceAttr(resourceName, "predicates.#", "1"),
computeWafRateBasedRulePredicateWithIpSet(&ipset, false, "IPMatch", &idx),
tfawsresource.TestCheckTypeSetElemNestedAttrs(resourceName, "predicates.*", map[string]string{
"negated": "false",
"type": "IPMatch",
}),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

// computeWafRateBasedRulePredicateWithIpSet calculates index
// which isn't static because dataId is generated as part of the test
func computeWafRateBasedRulePredicateWithIpSet(ipSet *waf.IPSet, negated bool, pType string, idx *int) resource.TestCheckFunc {
Expand Down Expand Up @@ -400,6 +452,33 @@ resource "aws_waf_rate_based_rule" "wafrule" {
`, name, name, name)
}

func testAccAWSWafRateBasedRuleConfig_changeRateLimit(name string, rateLimit int) string {
return fmt.Sprintf(`
resource "aws_waf_ipset" "ipset" {
name = "%s"
ip_set_descriptors {
type = "IPV4"
value = "192.0.7.0/24"
}
}
resource "aws_waf_rate_based_rule" "wafrule" {
depends_on = [aws_waf_ipset.ipset]
name = "%[1]s"
metric_name = "%[1]s"
rate_key = "IP"
rate_limit = %[2]d
predicates {
data_id = aws_waf_ipset.ipset.id
negated = false
type = "IPMatch"
}
}
`, name, rateLimit)
}

func testAccAWSWafRateBasedRuleConfigChangeName(name string) string {
return fmt.Sprintf(`
resource "aws_waf_ipset" "ipset" {
Expand Down

0 comments on commit eb4aebd

Please sign in to comment.