New resource r/aws_wafv2_rule_group

[pvanbuijtene]

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #11175
Relates #11046

This PR can not be merged before #12119 #12284 are merged because of copied code for testing purpose.

Release note for CHANGELOG:

* **New Resource**: `aws_wafv2_rule_group` (#12677)

Output from acceptance testing:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAwsWafv2RuleGroup'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsWafv2RuleGroup -timeout 120m
...
--- PASS: TestAccAwsWafv2RuleGroup_Disappears (117.19s)
--- PASS: TestAccAwsWafv2RuleGroup_Minimal (168.75s)
--- PASS: TestAccAwsWafv2RuleGroup_RegexPatternSetReferenceStatement (185.19s)
--- PASS: TestAccAwsWafv2RuleGroup_IpSetReferenceStatement (192.05s)
--- PASS: TestAccAwsWafv2RuleGroup_ChangeCapacityForceNew (279.87s)
--- PASS: TestAccAwsWafv2RuleGroup_ChangeNameForceNew (280.85s)
--- PASS: TestAccAwsWafv2RuleGroup_ChangeMetricNameForceNew (283.66s)
--- PASS: TestAccAwsWafv2RuleGroup_GeoMatchStatement (306.63s)
--- PASS: TestAccAwsWafv2RuleGroup_SizeConstraintStatement (307.42s)
--- PASS: TestAccAwsWafv2RuleGroup_SqliMatchStatement (309.75s)
--- PASS: TestAccAwsWafv2RuleGroup_ByteMatchStatement (310.09s)
--- PASS: TestAccAwsWafv2RuleGroup_XssMatchStatement (311.26s)
--- PASS: TestAccAwsWafv2RuleGroup_Basic (313.17s)
--- PASS: TestAccAwsWafv2RuleGroup_Tags (334.43s)
--- PASS: TestAccAwsWafv2RuleGroup_RuleAction (352.86s)
--- PASS: TestAccAwsWafv2RuleGroup_LogicalRuleStatements (355.66s)
--- PASS: TestAccAwsWafv2RuleGroup_ByteMatchStatement_FieldToMatch (475.34s)
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       443.877s
...

There's a lot of code required for testing IpSetRefStatement and RegexPatternSetRefStatement, this was the only way I could make it work, maybe/hope there's an other way to simplify it.

The code for aws_wafv2_ip_set and aws_wafv2_regex_pattern_set is included for the tests, this should be removed after their PRs are merged.

The field statement is recursive this is implemented with a maximum of 3 levels, more levels had a serious performance impact resulting in long test runs. I don't know if this impact is only during testing or if it also impacts run time.

[anGie44]

hi @pvanbuijtene 👋 -- dropping a note here to rebase and isolate the resource changes when you get a chance :)

[pvanbuijtene]

@anGie44 it's rebased.
With "isolate the resource changes" you mean to remove the duplicated code for testing purposes?

[anGie44]

if the validation is needed here (validateWafv2StringIsLowerCase) for case, we should use the validation package's StringMatch (see #11872 for related tech-debt efforts to stray from custom fns)
e.g.

validation.StringMatch(regexp.MustCompile(`^[a-z]+$`), "must contain only lowercase alpha characters"),

[anGie44]

let's keep this validatonfunc but slightly adjust the message to include "lowercase"

[anGie44]

@pvanbuijtene last note ^^ to adjust the error message that will appear in the output

[anGie44]

same comment as above

[anGie44]

@pvanbuijtene last note ^^ to adjust the error message that will appear in the output

[anGie44]

@pvanbuijtene thanks again for this PR! please find some additional comments above :)

[anGie44]

Just some minor comments re: validation messages, otherwise LGTM @pvanbuijtene!

Output of acceptance tests:

--- PASS: TestAccAwsWafv2RuleGroup_Disappears (155.13s)
--- PASS: TestAccAwsWafv2RuleGroup_Minimal (203.12s)
--- PASS: TestAccAwsWafv2RuleGroup_IpSetReferenceStatement (227.23s)
--- PASS: TestAccAwsWafv2RuleGroup_RegexPatternSetReferenceStatement (227.50s)
--- PASS: TestAccAwsWafv2RuleGroup_ChangeNameForceNew (358.05s)
--- PASS: TestAccAwsWafv2RuleGroup_ChangeCapacityForceNew (360.83s)
--- PASS: TestAccAwsWafv2RuleGroup_ChangeMetricNameForceNew (361.10s)
--- PASS: TestAccAwsWafv2RuleGroup_XssMatchStatement (393.38s)
--- PASS: TestAccAwsWafv2RuleGroup_ByteMatchStatement (396.52s)
--- PASS: TestAccAwsWafv2RuleGroup_SizeConstraintStatement (398.77s)
--- PASS: TestAccAwsWafv2RuleGroup_GeoMatchStatement (407.44s)
--- PASS: TestAccAwsWafv2RuleGroup_Basic (408.00s)
--- PASS: TestAccAwsWafv2RuleGroup_SqliMatchStatement (410.37s)
--- PASS: TestAccAwsWafv2RuleGroup_Tags (427.96s)
--- PASS: TestAccAwsWafv2RuleGroup_RuleAction (453.51s)
--- PASS: TestAccAwsWafv2RuleGroup_LogicalRuleStatements (454.33s)
--- PASS: TestAccAwsWafv2RuleGroup_ByteMatchStatement_FieldToMatch (580.12s)

[pvanbuijtene]

Just some minor comments re: validation messages

@anGie44 missed those, thanks for the reminder

[anGie44]

hi @pvanbuijtene, i think the messaging is almost there 😅 just that we still need reference to the number and hyphen characters as you had it previously: must contain only lowercase alphanumeric characters, underscores, and hyphens

[pvanbuijtene]

@anGie44 went a bit too fast there, it's corrected.

[anGie44]

no worries @pvanbuijtene, thank you for the update!

[bflad]

Excellent work, @pvanbuijtene and @anGie44 🚀 (We don't typically want dynamic schema generation as a pattern that may propagate to other resources, but in this case it is practically unavoidable without full on code generation. 😄 )

Output from acceptance testing:

--- PASS: TestAccAwsWafv2RuleGroup_Disappears (139.67s)
--- PASS: TestAccAwsWafv2RuleGroup_Minimal (197.18s)
--- PASS: TestAccAwsWafv2RuleGroup_RegexPatternSetReferenceStatement (227.26s)
--- PASS: TestAccAwsWafv2RuleGroup_IpSetReferenceStatement (232.16s)
--- PASS: TestAccAwsWafv2RuleGroup_ChangeNameForceNew (352.74s)
--- PASS: TestAccAwsWafv2RuleGroup_ChangeMetricNameForceNew (358.60s)
--- PASS: TestAccAwsWafv2RuleGroup_ChangeCapacityForceNew (361.48s)
--- PASS: TestAccAwsWafv2RuleGroup_XssMatchStatement (394.44s)
--- PASS: TestAccAwsWafv2RuleGroup_ByteMatchStatement (399.69s)
--- PASS: TestAccAwsWafv2RuleGroup_SizeConstraintStatement (400.45s)
--- PASS: TestAccAwsWafv2RuleGroup_SqliMatchStatement (401.30s)
--- PASS: TestAccAwsWafv2RuleGroup_GeoMatchStatement (402.20s)
--- PASS: TestAccAwsWafv2RuleGroup_Basic (408.86s)
--- PASS: TestAccAwsWafv2RuleGroup_Tags (426.98s)
--- PASS: TestAccAwsWafv2RuleGroup_RuleAction (449.06s)
--- PASS: TestAccAwsWafv2RuleGroup_LogicalRuleStatements (451.42s)
--- PASS: TestAccAwsWafv2RuleGroup_ByteMatchStatement_FieldToMatch (577.91s)

[ghost]

This has been released in version 2.66.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!