Merge branch 'rebuy-de-fix-waf'

aws/resource_aws_wafregional_web_acl.go

@@ -8,6 +8,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/waf"
 	"github.com/aws/aws-sdk-go/service/wafregional"
 	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/helper/validation"
 )
 
 func resourceAwsWafRegionalWebAcl() *schema.Resource {
@@ -63,6 +64,15 @@ func resourceAwsWafRegionalWebAcl() *schema.Resource {
 							Type:     schema.TypeInt,
 							Required: true,
 						},
+						"type": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+							Default:  waf.WafRuleTypeRegular,
+							ValidateFunc: validation.StringInSlice([]string{
+								waf.WafRuleTypeRegular,
+								waf.WafRuleTypeRateBased,
+							}, false),
+						},
 						"rule_id": &schema.Schema{
 							Type:     schema.TypeString,
 							Required: true,
@@ -224,17 +234,20 @@ func flattenWafWebAclRules(ts []*waf.ActivatedRule) []interface{} {
 		m["action"] = []interface{}{actionMap}
 		m["priority"] = *r.Priority
 		m["rule_id"] = *r.RuleId
+		m["type"] = *r.Type
 		out[i] = m
 	}
 	return out
 }
 
 func expandWafWebAclUpdate(updateAction string, aclRule map[string]interface{}) *waf.WebACLUpdate {
 	ruleAction := aclRule["action"].([]interface{})[0].(map[string]interface{})
+
 	rule := &waf.ActivatedRule{
 		Action:   &waf.WafAction{Type: aws.String(ruleAction["type"].(string))},
 		Priority: aws.Int64(int64(aclRule["priority"].(int))),
 		RuleId:   aws.String(aclRule["rule_id"].(string)),
+		Type:     aws.String(aclRule["type"].(string)),
 	}
 
 	update := &waf.WebACLUpdate{

aws/resource_aws_wafregional_web_acl_test.go

@@ -43,6 +43,35 @@ func TestAccAWSWafRegionalWebAcl_basic(t *testing.T) {
 	})
 }
 
+func TestAccAWSWafRegionalWebAcl_createRateBased(t *testing.T) {
+	var v waf.WebACL
+	wafAclName := fmt.Sprintf("wafacl%s", acctest.RandString(5))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSWafRegionalWebAclDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSWafRegionalWebAclConfigRateBased(wafAclName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSWafRegionalWebAclExists("aws_wafregional_web_acl.waf_acl", &v),
+					resource.TestCheckResourceAttr(
+						"aws_wafregional_web_acl.waf_acl", "default_action.#", "1"),
+					resource.TestCheckResourceAttr(
+						"aws_wafregional_web_acl.waf_acl", "default_action.0.type", "ALLOW"),
+					resource.TestCheckResourceAttr(
+						"aws_wafregional_web_acl.waf_acl", "name", wafAclName),
+					resource.TestCheckResourceAttr(
+						"aws_wafregional_web_acl.waf_acl", "rule.#", "1"),
+					resource.TestCheckResourceAttr(
+						"aws_wafregional_web_acl.waf_acl", "metric_name", wafAclName),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAWSWafRegionalWebAcl_changeNameForceNew(t *testing.T) {
 	var before, after waf.WebACL
 	wafAclName := fmt.Sprintf("wafacl%s", acctest.RandString(5))
@@ -207,7 +236,7 @@ func TestAccAWSWafRegionalWebAcl_changeRules(t *testing.T) {
 						"aws_wafregional_web_acl.waf_acl", "name", wafAclName),
 					resource.TestCheckResourceAttr(
 						"aws_wafregional_web_acl.waf_acl", "rule.#", "1"),
-					computeWafRegionalWebAclRuleIndex(&r.RuleId, 1, "BLOCK", &idx),
+					computeWafRegionalWebAclRuleIndex(&r.RuleId, 1, "REGULAR", "BLOCK", &idx),
 					testCheckResourceAttrWithIndexesAddr("aws_wafregional_web_acl.waf_acl", "rule.%d.priority", &idx, "1"),
 				),
 			},
@@ -230,14 +259,15 @@ func TestAccAWSWafRegionalWebAcl_changeRules(t *testing.T) {
 }
 
 // Calculates the index which isn't static because ruleId is generated as part of the test
-func computeWafRegionalWebAclRuleIndex(ruleId **string, priority int, actionType string, idx *int) resource.TestCheckFunc {
+func computeWafRegionalWebAclRuleIndex(ruleId **string, priority int, ruleType string, actionType string, idx *int) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		ruleResource := resourceAwsWafRegionalWebAcl().Schema["rule"].Elem.(*schema.Resource)
 		actionMap := map[string]interface{}{
 			"type": actionType,
 		}
 		m := map[string]interface{}{
 			"rule_id":  **ruleId,
+			"type":     ruleType,
 			"priority": priority,
 			"action":   []interface{}{actionMap},
 		}
@@ -374,6 +404,34 @@ resource "aws_wafregional_web_acl" "waf_acl" {
 }`, name, name, name, name)
 }
 
+func testAccAWSWafRegionalWebAclConfigRateBased(name string) string {
+	return fmt.Sprintf(`
+
+resource "aws_wafregional_rate_based_rule" "wafrule" {
+  name = "%s"
+  metric_name = "%s"
+
+  rate_key   = "IP"
+  rate_limit = 2000
+}
+
+resource "aws_wafregional_web_acl" "waf_acl" {
+  name = "%s"
+  metric_name = "%s"
+  default_action {
+    type = "ALLOW"
+  }
+  rule {
+    action {
+       type = "BLOCK"
+    }
+    priority = 1
+    type = "RATE_BASED"
+    rule_id = "${aws_wafregional_rate_based_rule.wafrule.id}"
+  }
+}`, name, name, name, name)
+}
+
 func testAccAWSWafRegionalWebAclConfig_changeName(name string) string {
 	return fmt.Sprintf(`
 resource "aws_wafregional_rule" "wafrule" {

website/docs/r/wafregional_web_acl.html.markdown

@@ -48,6 +48,7 @@ resource "aws_wafregional_web_acl" "wafacl" {
     
     priority = 1
     rule_id  = "${aws_wafregional_rule.wafrule.id}"
+    type     = "REGULAR"
   }
 }
 ```
@@ -73,6 +74,7 @@ See [docs](https://docs.aws.amazon.com/waf/latest/APIReference/API_regional_Acti
 * `priority` - (Required) Specifies the order in which the rules in a WebACL are evaluated.
   Rules with a lower value are evaluated before rules with a higher value.
 * `rule_id` - (Required) ID of the associated [rule](/docs/providers/aws/r/wafregional_rule.html)
+* `type` - (Optional) The rule type, either `REGULAR`, as defined by [Rule](http://docs.aws.amazon.com/waf/latest/APIReference/API_Rule.html), or `RATE_BASED`, as defined by [RateBasedRule](http://docs.aws.amazon.com/waf/latest/APIReference/API_RateBasedRule.html). The default is REGULAR. If you add a RATE_BASED rule, you need to set `type` as `RATE_BASED`.
 
 ### `default_action` / `action`