Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

r/waf_rule: catch referenced item exception when removing WAF rule; additional linting #17876

Merged
merged 2 commits into from
Mar 16, 2021

Conversation

anGie44
Copy link
Contributor

@anGie44 anGie44 commented Mar 2, 2021

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #14957
Relates #14601
Relates #15945

Output from acceptance testing:

--- PASS: TestAccAWSWafWebAcl_disappears (14.62s)
--- PASS: TestAccAWSWafWebAcl_basic (32.22s)
--- PASS: TestAccAWSWafWebAcl_DefaultAction (38.11s)
--- PASS: TestAccAWSWafWebAcl_changeNameForceNew (42.26s)
--- PASS: TestAccAWSWafWebAcl_Rules (58.64s)
--- PASS: TestAccAWSWafWebAcl_Tags (66.27s)
--- PASS: TestAccAWSWafWebAcl_LoggingConfiguration (97.69s)

--- PASS: TestAccAWSWafRule_noPredicates (22.30s)
--- PASS: TestAccAWSWafRule_geoMatchSetPredicate (39.42s)
--- PASS: TestAccAWSWafRule_basic (45.11s)
--- PASS: TestAccAWSWafRule_disappears (45.55s)
--- PASS: TestAccAWSWafRule_webACL (57.04s)
--- PASS: TestAccAWSWafRule_Tags (58.97s)
--- PASS: TestAccAWSWafRule_changeNameForceNew (60.97s)
--- PASS: TestAccAWSWafRule_changePredicates (68.42s)

Sanity checking after test runs:

$ aws waf list-rules

{
    "Rules": []
}
$ aws waf list-web-acls

{
    "WebACLs": []
}

@anGie44 anGie44 added the technical-debt Addresses areas of the codebase that need refactoring or redesign. label Mar 2, 2021
@anGie44 anGie44 requested a review from a team as a code owner March 2, 2021 06:54
@ghost ghost added size/XL Managed by automation to categorize the size of a PR. service/waf Issues and PRs that pertain to the waf service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Mar 2, 2021
@anGie44 anGie44 force-pushed the td-waf-rules-acctest branch from 8cb9dcf to 1291515 Compare March 2, 2021 06:58
@bflad bflad self-assigned this Mar 2, 2021
Copy link
Contributor

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should probably have a bug fix changelog entry, but otherwise looking good aside from the comment. 👍

Comment on lines 215 to 220
// Deleting a WAF Rule after being removed from a WAF WebACL
// can return a WAFReferencedItemException when attempted in quick succession;
// thus, we catch the error here and re-attempt
if tfawserr.ErrCodeEquals(err, waf.ErrCodeReferencedItemException) {
return output, nil
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you explain how this error is being retried? The RetryWithToken helper currently only handles the waf.ErrCodeStaleDataException error and this logic is swallowing waf.ErrCodeReferencedItemException. I'm guessing this might be passing TestAccAWSWafWebAcl_Rules because that test uses CheckDestroy: testAccCheckAWSWafWebAclDestroy and does not verify rule deletion.

This logic would need another layer of resource.Retry() to retry successfully on waf.ErrCodeReferencedItemException and it might be worth creating a covering TestAccAWSWafRule_ test for this behavior so it can use CheckDestroy: testAccCheckAWSWafRuleDestroy,. 👍

Copy link
Contributor Author

@anGie44 anGie44 Mar 5, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ahh cannot be explained ..totally in the wrong place there! but I forgot i've wrestled with the TestAccAWSWafWebACL_Rules test quite some time ago and from what i've tried it's a case where if the test config steps were applied outside of the test env (i've most recently used the latest version of the provider w/terraform 0.14), the resource modifications occur without any error. And with the suggestion you've provided, I'm still seeing the same error :/ should i close this PR and revisit?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Personally, I'd love to get the rest of these PR changes in just so those refactorings are out of the way for the future. Up to you if you'd like to revert this small little bit so we can get those in or if you would prefer working on this section some more here. Feel free to grab me directly to chat more!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yep let me keep the refactorings in and remove the attempted test fix 👍

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

...or may be not 😅 ..i think 62adf9a should correctly use the retry and the TestAccWafRule_webACL added for additional checking

@anGie44 anGie44 force-pushed the td-waf-rules-acctest branch from 8c1ad3d to b1eae86 Compare March 16, 2021 04:57
@anGie44 anGie44 force-pushed the td-waf-rules-acctest branch from b1eae86 to 62adf9a Compare March 16, 2021 05:05
@anGie44 anGie44 requested a review from bflad March 16, 2021 05:19
Copy link
Contributor

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great! 🚀

Output from acceptance testing in AWS Commercial:

--- PASS: TestAccAWSWafRule_basic (64.07s)
--- PASS: TestAccAWSWafRule_changeNameForceNew (90.51s)
--- PASS: TestAccAWSWafRule_changePredicates (79.43s)
--- PASS: TestAccAWSWafRule_disappears (65.97s)
--- PASS: TestAccAWSWafRule_geoMatchSetPredicate (63.47s)
--- PASS: TestAccAWSWafRule_noPredicates (28.63s)
--- PASS: TestAccAWSWafRule_Tags (90.98s)
--- PASS: TestAccAWSWafRule_webACL (89.73s)

--- PASS: TestAccAWSWafWebAcl_basic (33.99s)
--- PASS: TestAccAWSWafWebAcl_changeNameForceNew (51.18s)
--- PASS: TestAccAWSWafWebAcl_DefaultAction (49.82s)
--- PASS: TestAccAWSWafWebAcl_disappears (31.14s)
--- PASS: TestAccAWSWafWebAcl_LoggingConfiguration (141.12s)
--- PASS: TestAccAWSWafWebAcl_Rules (102.95s)
--- PASS: TestAccAWSWafWebAcl_Tags (48.51s)

Output from acceptance testing in AWS GovCloud (US):

--- SKIP: TestAccAWSWafRule_basic (28.71s)
--- SKIP: TestAccAWSWafRule_changeNameForceNew (23.36s)
--- SKIP: TestAccAWSWafRule_changePredicates (29.21s)
--- SKIP: TestAccAWSWafRule_disappears (29.19s)
--- SKIP: TestAccAWSWafRule_geoMatchSetPredicate (25.63s)
--- SKIP: TestAccAWSWafRule_noPredicates (24.83s)
--- SKIP: TestAccAWSWafRule_Tags (28.34s)
--- SKIP: TestAccAWSWafRule_webACL (26.39s)

--- SKIP: TestAccAWSWafWebAcl_basic (24.49s)
--- SKIP: TestAccAWSWafWebAcl_changeNameForceNew (21.41s)
--- SKIP: TestAccAWSWafWebAcl_DefaultAction (28.34s)
--- SKIP: TestAccAWSWafWebAcl_disappears (25.40s)
--- SKIP: TestAccAWSWafWebAcl_LoggingConfiguration (29.54s)
--- SKIP: TestAccAWSWafWebAcl_Rules (26.16s)
--- SKIP: TestAccAWSWafWebAcl_Tags (27.66s)

@anGie44 anGie44 added this to the v3.33.0 milestone Mar 16, 2021
@anGie44 anGie44 merged commit 60212e2 into main Mar 16, 2021
@anGie44 anGie44 deleted the td-waf-rules-acctest branch March 16, 2021 14:37
github-actions bot pushed a commit that referenced this pull request Mar 16, 2021
@ghost
Copy link

ghost commented Mar 18, 2021

This has been released in version 3.33.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@ghost
Copy link

ghost commented Apr 15, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Apr 15, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
service/waf Issues and PRs that pertain to the waf service. size/XL Managed by automation to categorize the size of a PR. technical-debt Addresses areas of the codebase that need refactoring or redesign. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Technical Debt Theme: Resolve Acceptance Test Failures (Waf)
2 participants