terraform-provider-aws
terraform-provider-aws copied to clipboard
Published
20 hours ago •
hashicorp
hashicorp
f/added oversize handling to waf v2 body and headers
Community Note
- Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request
Closes #25545. Closes #25832.
Summary:
- Added a new schema object for the existing
field_to_match.bodyschema that will require you to set theoversize_handlingattribute. - Added support for
headersunder thefield_to_matchschema.
Output from acceptance testing:
$ make testacc TESTS=TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch PKG=wafv2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/wafv2/... -v -count 1 -parallel 20 -run='TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch' -timeout 180m
=== RUN TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
=== PAUSE TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
=== CONT TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
--- PASS: TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch (232.24s)
PASS
ok github.com/hashicorp/terraform-provider-aws/internal/service/wafv2 232.402s
...
Hi @scottwestover, thanks for taking the time to raise this PR.
Please note that as per the docs here, Oversize Handling applies to more places in the WAFv2 Webl ACL; Body, JsonBody, Headers and Cookies.
@bschaatsbergen Yes, it does apply to the other FieldToMatch types, however most of those types do not appear to be supported currently in the provider: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl#field-to-match.
My intention for the PR was to add support for the existing fields in the provider today.
@bschaatsbergen Yes, it does apply to the other
FieldToMatchtypes, however most of those types do not appear to be supported currently in the provider: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl#field-to-match.My intention for the PR was to add support for the existing fields in the provider today.
That's fine, just pointing it out - I believe it's to be added with the same urgency as the OversizeHandling for the body prop. I'll see if I can review this by Tuesday, iirc the team will pick up OversizeHandling with some urgency.
@bschaatsbergen I went ahead and tried to implement the functionality for the additional properties as well, using the existing schemas for reference and the AWS docs. Once you, or another team member get a chance to review, any feedback would be appreciated.
Hi @scottwestover, great work. I've addressed it with one of the core team members and they will take a look at this.
@scottwestover Thanks for the contribution :tada: :clap:.
We don't want to make a breaking change (requiring oversize_handling in the body block) without introducing a new provider major version so I changed that particular attribute to optional.
In testing I seem to have hit https://github.com/hashicorp/terraform-plugin-sdk/issues/652:
% ACCTEST_TIMEOUT=360m make testacc TESTARGS='-run=TestAccWAFV2RuleGroup_\|TestAccWAFV2WebACL_' PKG=wafv2 ACCTEST_PARALLELISM=3
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/wafv2/... -v -count 1 -parallel 3 -run=TestAccWAFV2RuleGroup_\|TestAccWAFV2WebACL_ -timeout 360m
=== RUN TestAccWAFV2RuleGroup_basic
=== PAUSE TestAccWAFV2RuleGroup_basic
=== RUN TestAccWAFV2RuleGroup_updateRule
=== PAUSE TestAccWAFV2RuleGroup_updateRule
=== RUN TestAccWAFV2RuleGroup_updateRuleProperties
=== PAUSE TestAccWAFV2RuleGroup_updateRuleProperties
=== RUN TestAccWAFV2RuleGroup_byteMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_byteMatchStatement
=== RUN TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
=== PAUSE TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
=== RUN TestAccWAFV2RuleGroup_changeNameForceNew
=== PAUSE TestAccWAFV2RuleGroup_changeNameForceNew
=== RUN TestAccWAFV2RuleGroup_changeCapacityForceNew
=== PAUSE TestAccWAFV2RuleGroup_changeCapacityForceNew
=== RUN TestAccWAFV2RuleGroup_changeMetricNameForceNew
=== PAUSE TestAccWAFV2RuleGroup_changeMetricNameForceNew
=== RUN TestAccWAFV2RuleGroup_disappears
=== PAUSE TestAccWAFV2RuleGroup_disappears
=== RUN TestAccWAFV2RuleGroup_RuleLabels
=== PAUSE TestAccWAFV2RuleGroup_RuleLabels
=== RUN TestAccWAFV2RuleGroup_geoMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_geoMatchStatement
=== RUN TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP
=== PAUSE TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP
=== RUN TestAccWAFV2RuleGroup_LabelMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_LabelMatchStatement
=== RUN TestAccWAFV2RuleGroup_ipSetReferenceStatement
=== PAUSE TestAccWAFV2RuleGroup_ipSetReferenceStatement
=== RUN TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP
=== PAUSE TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP
=== RUN TestAccWAFV2RuleGroup_logicalRuleStatements
=== PAUSE TestAccWAFV2RuleGroup_logicalRuleStatements
=== RUN TestAccWAFV2RuleGroup_minimal
=== PAUSE TestAccWAFV2RuleGroup_minimal
=== RUN TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement
=== PAUSE TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement
=== RUN TestAccWAFV2RuleGroup_ruleAction
=== PAUSE TestAccWAFV2RuleGroup_ruleAction
=== RUN TestAccWAFV2RuleGroup_RuleAction_customRequestHandling
=== PAUSE TestAccWAFV2RuleGroup_RuleAction_customRequestHandling
=== RUN TestAccWAFV2RuleGroup_RuleAction_customResponse
=== PAUSE TestAccWAFV2RuleGroup_RuleAction_customResponse
=== RUN TestAccWAFV2RuleGroup_sizeConstraintStatement
=== PAUSE TestAccWAFV2RuleGroup_sizeConstraintStatement
=== RUN TestAccWAFV2RuleGroup_sqliMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_sqliMatchStatement
=== RUN TestAccWAFV2RuleGroup_tags
=== PAUSE TestAccWAFV2RuleGroup_tags
=== RUN TestAccWAFV2RuleGroup_xssMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_xssMatchStatement
=== RUN TestAccWAFV2WebACL_basic
=== PAUSE TestAccWAFV2WebACL_basic
=== RUN TestAccWAFV2WebACL_Update_rule
=== PAUSE TestAccWAFV2WebACL_Update_rule
=== RUN TestAccWAFV2WebACL_Update_ruleProperties
=== PAUSE TestAccWAFV2WebACL_Update_ruleProperties
=== RUN TestAccWAFV2WebACL_Update_nameForceNew
=== PAUSE TestAccWAFV2WebACL_Update_nameForceNew
=== RUN TestAccWAFV2WebACL_disappears
=== PAUSE TestAccWAFV2WebACL_disappears
=== RUN TestAccWAFV2WebACL_ManagedRuleGroup_basic
=== PAUSE TestAccWAFV2WebACL_ManagedRuleGroup_basic
=== RUN TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
=== PAUSE TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
=== RUN TestAccWAFV2WebACL_minimal
=== PAUSE TestAccWAFV2WebACL_minimal
=== RUN TestAccWAFV2WebACL_RateBased_basic
=== PAUSE TestAccWAFV2WebACL_RateBased_basic
=== RUN TestAccWAFV2WebACL_ByteMatchStatement_basic
=== PAUSE TestAccWAFV2WebACL_ByteMatchStatement_basic
=== RUN TestAccWAFV2WebACL_ByteMatchStatement_jsonBody
=== PAUSE TestAccWAFV2WebACL_ByteMatchStatement_jsonBody
=== RUN TestAccWAFV2WebACL_GeoMatch_basic
=== PAUSE TestAccWAFV2WebACL_GeoMatch_basic
=== RUN TestAccWAFV2WebACL_GeoMatch_forwardedIP
=== PAUSE TestAccWAFV2WebACL_GeoMatch_forwardedIP
=== RUN TestAccWAFV2WebACL_LabelMatchStatement
=== PAUSE TestAccWAFV2WebACL_LabelMatchStatement
=== RUN TestAccWAFV2WebACL_RuleLabels
=== PAUSE TestAccWAFV2WebACL_RuleLabels
=== RUN TestAccWAFV2WebACL_IPSetReference_basic
=== PAUSE TestAccWAFV2WebACL_IPSetReference_basic
=== RUN TestAccWAFV2WebACL_IPSetReference_forwardedIP
=== PAUSE TestAccWAFV2WebACL_IPSetReference_forwardedIP
=== RUN TestAccWAFV2WebACL_RateBased_forwardedIP
=== PAUSE TestAccWAFV2WebACL_RateBased_forwardedIP
=== RUN TestAccWAFV2WebACL_RuleGroupReference_basic
=== PAUSE TestAccWAFV2WebACL_RuleGroupReference_basic
=== RUN TestAccWAFV2WebACL_Custom_requestHandling
=== PAUSE TestAccWAFV2WebACL_Custom_requestHandling
=== RUN TestAccWAFV2WebACL_Custom_response
=== PAUSE TestAccWAFV2WebACL_Custom_response
=== RUN TestAccWAFV2WebACL_tags
=== PAUSE TestAccWAFV2WebACL_tags
=== RUN TestAccWAFV2WebACL_RateBased_maxNested
=== PAUSE TestAccWAFV2WebACL_RateBased_maxNested
=== RUN TestAccWAFV2WebACL_Operators_maxNested
=== PAUSE TestAccWAFV2WebACL_Operators_maxNested
=== CONT TestAccWAFV2RuleGroup_basic
=== CONT TestAccWAFV2WebACL_basic
=== CONT TestAccWAFV2WebACL_GeoMatch_forwardedIP
--- PASS: TestAccWAFV2RuleGroup_basic (23.50s)
=== CONT TestAccWAFV2WebACL_Operators_maxNested
--- PASS: TestAccWAFV2WebACL_basic (28.94s)
=== CONT TestAccWAFV2WebACL_RateBased_maxNested
--- PASS: TestAccWAFV2WebACL_GeoMatch_forwardedIP (53.92s)
=== CONT TestAccWAFV2WebACL_tags
--- PASS: TestAccWAFV2WebACL_Operators_maxNested (30.91s)
=== CONT TestAccWAFV2WebACL_Custom_response
--- PASS: TestAccWAFV2WebACL_RateBased_maxNested (30.48s)
=== CONT TestAccWAFV2WebACL_Custom_requestHandling
--- PASS: TestAccWAFV2WebACL_tags (70.13s)
=== CONT TestAccWAFV2WebACL_RuleGroupReference_basic
=== CONT TestAccWAFV2WebACL_RateBased_forwardedIP
--- PASS: TestAccWAFV2WebACL_Custom_response (74.10s)
--- PASS: TestAccWAFV2WebACL_Custom_requestHandling (75.14s)
=== CONT TestAccWAFV2WebACL_IPSetReference_forwardedIP
--- PASS: TestAccWAFV2WebACL_RateBased_forwardedIP (52.11s)
=== CONT TestAccWAFV2WebACL_IPSetReference_basic
--- PASS: TestAccWAFV2WebACL_RuleGroupReference_basic (58.40s)
=== CONT TestAccWAFV2WebACL_LabelMatchStatement
--- PASS: TestAccWAFV2WebACL_IPSetReference_basic (29.77s)
=== CONT TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
=== CONT TestAccWAFV2WebACL_IPSetReference_forwardedIP
web_acl_test.go:1166: Step 4/5 error: Check failed: Check 1/6 error: RequestError: send request failed
caused by: Post "https://wafv2.us-west-2.amazonaws.com/": read tcp 192.168.1.81:56162->52.119.167.51:443: read: connection reset by peer
--- FAIL: TestAccWAFV2WebACL_IPSetReference_forwardedIP (87.40s)
=== CONT TestAccWAFV2WebACL_GeoMatch_basic
--- PASS: TestAccWAFV2WebACL_LabelMatchStatement (66.67s)
=== CONT TestAccWAFV2WebACL_ByteMatchStatement_jsonBody
=== CONT TestAccWAFV2WebACL_GeoMatch_basic
web_acl_test.go:867: Step 2/3 error: Error running apply: exit status 1
Error: RequestError: send request failed
caused by: Post "https://wafv2.us-west-2.amazonaws.com/": read tcp 192.168.1.81:56528->52.119.169.70:443: read: connection reset by peer
with aws_wafv2_web_acl.test,
on terraform_plugin_test.tf line 2, in resource "aws_wafv2_web_acl" "test":
2: resource "aws_wafv2_web_acl" "test" {
testing_new.go:84: Error running post-test destroy, there may be dangling resources: exit status 1
Error: Error deleting WAFv2 WebACL: WAFOptimisticLockException: AWS WAF couldn’t save your changes because someone changed the resource after you started to edit it. Reapply your changes.
--- FAIL: TestAccWAFV2WebACL_GeoMatch_basic (46.53s)
=== CONT TestAccWAFV2WebACL_ByteMatchStatement_basic
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion (62.49s)
=== CONT TestAccWAFV2WebACL_RateBased_basic
--- PASS: TestAccWAFV2WebACL_ByteMatchStatement_jsonBody (56.25s)
=== CONT TestAccWAFV2WebACL_minimal
--- PASS: TestAccWAFV2WebACL_ByteMatchStatement_basic (55.43s)
=== CONT TestAccWAFV2WebACL_Update_nameForceNew
--- PASS: TestAccWAFV2WebACL_RateBased_basic (52.81s)
=== CONT TestAccWAFV2WebACL_ManagedRuleGroup_basic
--- PASS: TestAccWAFV2WebACL_minimal (24.27s)
=== CONT TestAccWAFV2WebACL_RuleLabels
--- PASS: TestAccWAFV2WebACL_Update_nameForceNew (49.76s)
=== CONT TestAccWAFV2WebACL_Update_ruleProperties
--- PASS: TestAccWAFV2WebACL_RuleLabels (53.28s)
=== CONT TestAccWAFV2WebACL_disappears
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_basic (75.84s)
=== CONT TestAccWAFV2RuleGroup_ipSetReferenceStatement
--- PASS: TestAccWAFV2WebACL_disappears (20.56s)
=== CONT TestAccWAFV2RuleGroup_RuleAction_customRequestHandling
--- PASS: TestAccWAFV2RuleGroup_ipSetReferenceStatement (24.04s)
=== CONT TestAccWAFV2RuleGroup_xssMatchStatement
rule_group_test.go:1804: Step 1/3 error: After applying this test step and performing a `terraform refresh`, the plan was not empty.
stdout
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_wafv2_rule_group.test will be updated in-place
~ resource "aws_wafv2_rule_group" "test" {
id = "cde7d315-1212-4684-841c-9a5cbd6099c4"
name = "tf-acc-test-4761437067977850017"
tags = {}
# (5 unchanged attributes hidden)
+ rule {
+ name = "rule-1"
+ priority = 1
+ action {
+ block {
}
}
+ statement {
+ xss_match_statement {
+ field_to_match {
+ body {}
}
+ text_transformation {
+ priority = 2
+ type = "NONE"
}
}
}
+ visibility_config {
+ cloudwatch_metrics_enabled = false
+ metric_name = "friendly-rule-metric-name"
+ sampled_requests_enabled = false
}
}
- rule {
- name = "rule-1" -> null
- priority = 1 -> null
- action {
- block {
}
}
- statement {
- xss_match_statement {
- field_to_match {
- body {}
}
- text_transformation {
- priority = 2 -> null
- type = "NONE" -> null
}
}
}
- visibility_config {
- cloudwatch_metrics_enabled = false -> null
- metric_name = "friendly-rule-metric-name" -> null
- sampled_requests_enabled = false -> null
}
}
+ rule {
}
# (1 unchanged block hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
--- PASS: TestAccWAFV2RuleGroup_RuleAction_customRequestHandling (38.24s)
=== CONT TestAccWAFV2RuleGroup_tags
--- FAIL: TestAccWAFV2RuleGroup_xssMatchStatement (18.15s)
=== CONT TestAccWAFV2RuleGroup_ruleAction
--- PASS: TestAccWAFV2WebACL_Update_ruleProperties (81.51s)
=== CONT TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement
rule_group_test.go:1327: Step 1/2 error: After applying this test step and performing a `terraform refresh`, the plan was not empty.
stdout
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_wafv2_rule_group.test will be updated in-place
~ resource "aws_wafv2_rule_group" "test" {
id = "59a6a7f3-21ec-4c62-aa51-164a0b4983ab"
name = "tf-acc-test-4972246374567074568"
tags = {}
# (5 unchanged attributes hidden)
+ rule {
+ name = "rule-1"
+ priority = 1
+ action {
+ allow {
}
}
+ statement {
+ regex_pattern_set_reference_statement {
+ arn = "arn:aws:wafv2:us-west-2:187416307283:regional/regexpatternset/regex-pattern-set-tf-acc-test-4972246374567074568/991ce35a-6985-4833-a326-2a322e13e3d5"
+ field_to_match {
+ body {}
}
+ text_transformation {
+ priority = 2
+ type = "NONE"
}
}
}
+ visibility_config {
+ cloudwatch_metrics_enabled = false
+ metric_name = "friendly-rule-metric-name"
+ sampled_requests_enabled = false
}
}
- rule {
- name = "rule-1" -> null
- priority = 1 -> null
- action {
- allow {
}
}
- statement {
- regex_pattern_set_reference_statement {
- arn = "arn:aws:wafv2:us-west-2:187416307283:regional/regexpatternset/regex-pattern-set-tf-acc-test-4972246374567074568/991ce35a-6985-4833-a326-2a322e13e3d5" -> null
- field_to_match {
- body {}
}
- text_transformation {
- priority = 2 -> null
- type = "NONE" -> null
}
}
}
- visibility_config {
- cloudwatch_metrics_enabled = false -> null
- metric_name = "friendly-rule-metric-name" -> null
- sampled_requests_enabled = false -> null
}
}
+ rule {
}
# (1 unchanged block hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
--- FAIL: TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement (20.83s)
=== CONT TestAccWAFV2RuleGroup_minimal
--- PASS: TestAccWAFV2RuleGroup_tags (50.71s)
=== CONT TestAccWAFV2RuleGroup_logicalRuleStatements
--- PASS: TestAccWAFV2RuleGroup_minimal (16.95s)
=== CONT TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP
--- PASS: TestAccWAFV2RuleGroup_ruleAction (50.81s)
=== CONT TestAccWAFV2RuleGroup_geoMatchStatement
--- PASS: TestAccWAFV2RuleGroup_geoMatchStatement (39.70s)
=== CONT TestAccWAFV2RuleGroup_LabelMatchStatement
--- PASS: TestAccWAFV2RuleGroup_logicalRuleStatements (54.30s)
=== CONT TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP
--- PASS: TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP (70.89s)
=== CONT TestAccWAFV2RuleGroup_changeMetricNameForceNew
--- PASS: TestAccWAFV2RuleGroup_LabelMatchStatement (35.10s)
=== CONT TestAccWAFV2RuleGroup_RuleLabels
--- PASS: TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP (35.35s)
=== CONT TestAccWAFV2RuleGroup_disappears
--- PASS: TestAccWAFV2RuleGroup_changeMetricNameForceNew (33.14s)
=== CONT TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
--- PASS: TestAccWAFV2RuleGroup_disappears (17.79s)
=== CONT TestAccWAFV2RuleGroup_sizeConstraintStatement
--- PASS: TestAccWAFV2RuleGroup_RuleLabels (38.26s)
=== CONT TestAccWAFV2RuleGroup_changeCapacityForceNew
=== CONT TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
rule_group_test.go:364: Step 2/15 error: After applying this test step and performing a `terraform refresh`, the plan was not empty.
stdout
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_wafv2_rule_group.test will be updated in-place
~ resource "aws_wafv2_rule_group" "test" {
id = "997fa513-33eb-4d9d-96b2-47f1ac1b5331"
name = "tf-acc-test-3935865714632591008"
tags = {}
# (5 unchanged attributes hidden)
+ rule {
+ name = "rule-1"
+ priority = 1
+ action {
+ allow {
}
}
+ statement {
+ byte_match_statement {
+ positional_constraint = "CONTAINS"
+ search_string = "word"
+ field_to_match {
+ body {}
}
+ text_transformation {
+ priority = 1
+ type = "NONE"
}
}
}
+ visibility_config {
+ cloudwatch_metrics_enabled = false
+ metric_name = "friendly-rule-metric-name"
+ sampled_requests_enabled = false
}
}
- rule {
- name = "rule-1" -> null
- priority = 1 -> null
- action {
- allow {
}
}
- statement {
- byte_match_statement {
- positional_constraint = "CONTAINS" -> null
- search_string = "word" -> null
- field_to_match {
- body {}
}
- text_transformation {
- priority = 1 -> null
- type = "NONE" -> null
}
}
}
- visibility_config {
- cloudwatch_metrics_enabled = false -> null
- metric_name = "friendly-rule-metric-name" -> null
- sampled_requests_enabled = false -> null
}
}
+ rule {
}
# (1 unchanged block hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
--- FAIL: TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch (36.52s)
=== CONT TestAccWAFV2WebACL_Update_rule
--- PASS: TestAccWAFV2RuleGroup_sizeConstraintStatement (35.07s)
=== CONT TestAccWAFV2RuleGroup_changeNameForceNew
--- PASS: TestAccWAFV2RuleGroup_changeCapacityForceNew (35.69s)
=== CONT TestAccWAFV2RuleGroup_updateRuleProperties
--- PASS: TestAccWAFV2RuleGroup_changeNameForceNew (35.54s)
=== CONT TestAccWAFV2RuleGroup_byteMatchStatement
--- PASS: TestAccWAFV2WebACL_Update_rule (53.94s)
=== CONT TestAccWAFV2RuleGroup_RuleAction_customResponse
=== CONT TestAccWAFV2RuleGroup_updateRule
--- PASS: TestAccWAFV2RuleGroup_updateRuleProperties (54.07s)
--- PASS: TestAccWAFV2RuleGroup_byteMatchStatement (37.33s)
=== CONT TestAccWAFV2RuleGroup_sqliMatchStatement
--- PASS: TestAccWAFV2RuleGroup_updateRule (37.33s)
=== CONT TestAccWAFV2RuleGroup_sqliMatchStatement
rule_group_test.go:1684: Step 2/3 error: After applying this test step and performing a `terraform refresh`, the plan was not empty.
stdout
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_wafv2_rule_group.test will be updated in-place
~ resource "aws_wafv2_rule_group" "test" {
id = "72a2bf0f-2476-421b-87c3-b2a65e383f78"
name = "tf-acc-test-2680439438990083403"
tags = {}
# (5 unchanged attributes hidden)
+ rule {
+ name = "rule-1"
+ priority = 1
+ action {
+ allow {
}
}
+ statement {
+ sqli_match_statement {
+ field_to_match {
+ body {}
}
+ text_transformation {
+ priority = 3
+ type = "COMPRESS_WHITE_SPACE"
}
+ text_transformation {
+ priority = 4
+ type = "HTML_ENTITY_DECODE"
}
+ text_transformation {
+ priority = 5
+ type = "URL_DECODE"
}
}
}
+ visibility_config {
+ cloudwatch_metrics_enabled = false
+ metric_name = "friendly-rule-metric-name"
+ sampled_requests_enabled = false
}
}
- rule {
- name = "rule-1" -> null
- priority = 1 -> null
- action {
- allow {
}
}
- statement {
- sqli_match_statement {
- field_to_match {
- body {}
}
- text_transformation {
- priority = 3 -> null
- type = "COMPRESS_WHITE_SPACE" -> null
}
- text_transformation {
- priority = 4 -> null
- type = "HTML_ENTITY_DECODE" -> null
}
- text_transformation {
- priority = 5 -> null
- type = "URL_DECODE" -> null
}
}
}
- visibility_config {
- cloudwatch_metrics_enabled = false -> null
- metric_name = "friendly-rule-metric-name" -> null
- sampled_requests_enabled = false -> null
}
}
+ rule {
}
# (1 unchanged block hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
--- PASS: TestAccWAFV2RuleGroup_RuleAction_customResponse (60.82s)
--- FAIL: TestAccWAFV2RuleGroup_sqliMatchStatement (43.05s)
FAIL
FAIL github.com/hashicorp/terraform-provider-aws/internal/service/wafv2 754.847s
FAIL
make: *** [testacc] Error 1
I will look for workarounds.
@ewbankkit Thanks for the feedback! I will keep that in mind for future PRs, and thank you for looking into the other issue.
@ewbankkit Any updates on the above issues? Do we anticipate the this fix making it to the provider in time for the October 1 deadline from AWS? Quote from AWS below:
Although defining oversize handling behavior is optional today, on October 1, 2022, we will make specifying the handling behavior for oversized requests required when there is no size constraint on the Body or JSON body rule. After October 1, 2022, if you have not updated your web ACL to either add a size constraint statement on Body or JSON body rules in your web ACL, or define the oversize handling behavior for these rules, updates to your WAF rules using the API will fail.
If we make field_to_match.body.oversize_handling Required, which will be a breaking change as all existing configurations containing
field_to_match {
body {}
}
must be changed to
field_to_match {
body {
oversize_handling = "CONTINUE"
}
}
then all (modified) acceptance tests pass:
% ACCTEST_TIMEOUT=360m make testacc TESTARGS='-run=TestAccWAFV2RuleGroup_\|TestAccWAFV2WebACL_\|TestAccWAFV2IPSet_\|TestAccWAFV2RegexPatternSet_\|TestAccWAFV2WebACLAssociation_' PKG=wafv2 ACCTEST_PARALLELISM=3
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/wafv2/... -v -count 1 -parallel 3 -run=TestAccWAFV2RuleGroup_\|TestAccWAFV2WebACL_\|TestAccWAFV2IPSet_\|TestAccWAFV2RegexPatternSet_\|TestAccWAFV2WebACLAssociation_ -timeout 360m
=== RUN TestAccWAFV2IPSet_basic
=== PAUSE TestAccWAFV2IPSet_basic
=== RUN TestAccWAFV2IPSet_disappears
=== PAUSE TestAccWAFV2IPSet_disappears
=== RUN TestAccWAFV2IPSet_ipv6
=== PAUSE TestAccWAFV2IPSet_ipv6
=== RUN TestAccWAFV2IPSet_minimal
=== PAUSE TestAccWAFV2IPSet_minimal
=== RUN TestAccWAFV2IPSet_changeNameForceNew
=== PAUSE TestAccWAFV2IPSet_changeNameForceNew
=== RUN TestAccWAFV2IPSet_tags
=== PAUSE TestAccWAFV2IPSet_tags
=== RUN TestAccWAFV2IPSet_large
=== PAUSE TestAccWAFV2IPSet_large
=== RUN TestAccWAFV2RegexPatternSet_basic
=== PAUSE TestAccWAFV2RegexPatternSet_basic
=== RUN TestAccWAFV2RegexPatternSet_disappears
=== PAUSE TestAccWAFV2RegexPatternSet_disappears
=== RUN TestAccWAFV2RegexPatternSet_minimal
=== PAUSE TestAccWAFV2RegexPatternSet_minimal
=== RUN TestAccWAFV2RegexPatternSet_changeNameForceNew
=== PAUSE TestAccWAFV2RegexPatternSet_changeNameForceNew
=== RUN TestAccWAFV2RegexPatternSet_tags
=== PAUSE TestAccWAFV2RegexPatternSet_tags
=== RUN TestAccWAFV2RuleGroup_basic
=== PAUSE TestAccWAFV2RuleGroup_basic
=== RUN TestAccWAFV2RuleGroup_updateRule
=== PAUSE TestAccWAFV2RuleGroup_updateRule
=== RUN TestAccWAFV2RuleGroup_updateRuleProperties
=== PAUSE TestAccWAFV2RuleGroup_updateRuleProperties
=== RUN TestAccWAFV2RuleGroup_byteMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_byteMatchStatement
=== RUN TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
=== PAUSE TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
=== RUN TestAccWAFV2RuleGroup_changeNameForceNew
=== PAUSE TestAccWAFV2RuleGroup_changeNameForceNew
=== RUN TestAccWAFV2RuleGroup_changeCapacityForceNew
=== PAUSE TestAccWAFV2RuleGroup_changeCapacityForceNew
=== RUN TestAccWAFV2RuleGroup_changeMetricNameForceNew
=== PAUSE TestAccWAFV2RuleGroup_changeMetricNameForceNew
=== RUN TestAccWAFV2RuleGroup_disappears
=== PAUSE TestAccWAFV2RuleGroup_disappears
=== RUN TestAccWAFV2RuleGroup_RuleLabels
=== PAUSE TestAccWAFV2RuleGroup_RuleLabels
=== RUN TestAccWAFV2RuleGroup_geoMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_geoMatchStatement
=== RUN TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP
=== PAUSE TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP
=== RUN TestAccWAFV2RuleGroup_LabelMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_LabelMatchStatement
=== RUN TestAccWAFV2RuleGroup_ipSetReferenceStatement
=== PAUSE TestAccWAFV2RuleGroup_ipSetReferenceStatement
=== RUN TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP
=== PAUSE TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP
=== RUN TestAccWAFV2RuleGroup_logicalRuleStatements
=== PAUSE TestAccWAFV2RuleGroup_logicalRuleStatements
=== RUN TestAccWAFV2RuleGroup_minimal
=== PAUSE TestAccWAFV2RuleGroup_minimal
=== RUN TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement
=== PAUSE TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement
=== RUN TestAccWAFV2RuleGroup_ruleAction
=== PAUSE TestAccWAFV2RuleGroup_ruleAction
=== RUN TestAccWAFV2RuleGroup_RuleAction_customRequestHandling
=== PAUSE TestAccWAFV2RuleGroup_RuleAction_customRequestHandling
=== RUN TestAccWAFV2RuleGroup_RuleAction_customResponse
=== PAUSE TestAccWAFV2RuleGroup_RuleAction_customResponse
=== RUN TestAccWAFV2RuleGroup_sizeConstraintStatement
=== PAUSE TestAccWAFV2RuleGroup_sizeConstraintStatement
=== RUN TestAccWAFV2RuleGroup_sqliMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_sqliMatchStatement
=== RUN TestAccWAFV2RuleGroup_tags
=== PAUSE TestAccWAFV2RuleGroup_tags
=== RUN TestAccWAFV2RuleGroup_xssMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_xssMatchStatement
=== RUN TestAccWAFV2WebACLAssociation_basic
=== PAUSE TestAccWAFV2WebACLAssociation_basic
=== RUN TestAccWAFV2WebACLAssociation_disappears
=== PAUSE TestAccWAFV2WebACLAssociation_disappears
=== RUN TestAccWAFV2WebACL_basic
=== PAUSE TestAccWAFV2WebACL_basic
=== RUN TestAccWAFV2WebACL_Update_rule
=== PAUSE TestAccWAFV2WebACL_Update_rule
=== RUN TestAccWAFV2WebACL_Update_ruleProperties
=== PAUSE TestAccWAFV2WebACL_Update_ruleProperties
=== RUN TestAccWAFV2WebACL_Update_nameForceNew
=== PAUSE TestAccWAFV2WebACL_Update_nameForceNew
=== RUN TestAccWAFV2WebACL_disappears
=== PAUSE TestAccWAFV2WebACL_disappears
=== RUN TestAccWAFV2WebACL_ManagedRuleGroup_basic
=== PAUSE TestAccWAFV2WebACL_ManagedRuleGroup_basic
=== RUN TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
=== PAUSE TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
=== RUN TestAccWAFV2WebACL_minimal
=== PAUSE TestAccWAFV2WebACL_minimal
=== RUN TestAccWAFV2WebACL_RateBased_basic
=== PAUSE TestAccWAFV2WebACL_RateBased_basic
=== RUN TestAccWAFV2WebACL_ByteMatchStatement_basic
=== PAUSE TestAccWAFV2WebACL_ByteMatchStatement_basic
=== RUN TestAccWAFV2WebACL_ByteMatchStatement_jsonBody
=== PAUSE TestAccWAFV2WebACL_ByteMatchStatement_jsonBody
=== RUN TestAccWAFV2WebACL_GeoMatch_basic
=== PAUSE TestAccWAFV2WebACL_GeoMatch_basic
=== RUN TestAccWAFV2WebACL_GeoMatch_forwardedIP
=== PAUSE TestAccWAFV2WebACL_GeoMatch_forwardedIP
=== RUN TestAccWAFV2WebACL_LabelMatchStatement
=== PAUSE TestAccWAFV2WebACL_LabelMatchStatement
=== RUN TestAccWAFV2WebACL_RuleLabels
=== PAUSE TestAccWAFV2WebACL_RuleLabels
=== RUN TestAccWAFV2WebACL_IPSetReference_basic
=== PAUSE TestAccWAFV2WebACL_IPSetReference_basic
=== RUN TestAccWAFV2WebACL_IPSetReference_forwardedIP
=== PAUSE TestAccWAFV2WebACL_IPSetReference_forwardedIP
=== RUN TestAccWAFV2WebACL_RateBased_forwardedIP
=== PAUSE TestAccWAFV2WebACL_RateBased_forwardedIP
=== RUN TestAccWAFV2WebACL_RuleGroupReference_basic
=== PAUSE TestAccWAFV2WebACL_RuleGroupReference_basic
=== RUN TestAccWAFV2WebACL_Custom_requestHandling
=== PAUSE TestAccWAFV2WebACL_Custom_requestHandling
=== RUN TestAccWAFV2WebACL_Custom_response
=== PAUSE TestAccWAFV2WebACL_Custom_response
=== RUN TestAccWAFV2WebACL_tags
=== PAUSE TestAccWAFV2WebACL_tags
=== RUN TestAccWAFV2WebACL_RateBased_maxNested
=== PAUSE TestAccWAFV2WebACL_RateBased_maxNested
=== RUN TestAccWAFV2WebACL_Operators_maxNested
=== PAUSE TestAccWAFV2WebACL_Operators_maxNested
=== CONT TestAccWAFV2IPSet_basic
=== CONT TestAccWAFV2RuleGroup_RuleAction_customResponse
=== CONT TestAccWAFV2WebACL_ByteMatchStatement_basic
--- PASS: TestAccWAFV2IPSet_basic (40.34s)
=== CONT TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
--- PASS: TestAccWAFV2RuleGroup_RuleAction_customResponse (59.18s)
=== CONT TestAccWAFV2WebACL_Operators_maxNested
--- PASS: TestAccWAFV2WebACL_ByteMatchStatement_basic (59.87s)
=== CONT TestAccWAFV2WebACL_RateBased_maxNested
--- PASS: TestAccWAFV2WebACL_RateBased_maxNested (31.65s)
=== CONT TestAccWAFV2WebACL_tags
--- PASS: TestAccWAFV2WebACL_Operators_maxNested (32.34s)
=== CONT TestAccWAFV2WebACL_Custom_response
--- PASS: TestAccWAFV2WebACL_tags (70.52s)
=== CONT TestAccWAFV2WebACL_Custom_requestHandling
--- PASS: TestAccWAFV2WebACL_Custom_response (80.81s)
=== CONT TestAccWAFV2WebACL_RuleGroupReference_basic
--- PASS: TestAccWAFV2WebACL_RuleGroupReference_basic (58.75s)
=== CONT TestAccWAFV2WebACL_RateBased_forwardedIP
--- PASS: TestAccWAFV2WebACL_Custom_requestHandling (73.14s)
=== CONT TestAccWAFV2WebACL_IPSetReference_forwardedIP
--- PASS: TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch (218.62s)
=== CONT TestAccWAFV2WebACL_IPSetReference_basic
--- PASS: TestAccWAFV2WebACL_RateBased_forwardedIP (49.77s)
=== CONT TestAccWAFV2WebACL_RuleLabels
--- PASS: TestAccWAFV2WebACL_IPSetReference_basic (30.46s)
=== CONT TestAccWAFV2WebACL_LabelMatchStatement
--- PASS: TestAccWAFV2WebACL_IPSetReference_forwardedIP (95.36s)
=== CONT TestAccWAFV2WebACL_GeoMatch_forwardedIP
--- PASS: TestAccWAFV2WebACL_RuleLabels (50.59s)
=== CONT TestAccWAFV2WebACL_GeoMatch_basic
--- PASS: TestAccWAFV2WebACL_LabelMatchStatement (51.11s)
=== CONT TestAccWAFV2WebACL_ByteMatchStatement_jsonBody
--- PASS: TestAccWAFV2WebACL_GeoMatch_basic (50.89s)
=== CONT TestAccWAFV2IPSet_changeNameForceNew
--- PASS: TestAccWAFV2WebACL_GeoMatch_forwardedIP (52.81s)
=== CONT TestAccWAFV2RuleGroup_RuleAction_customRequestHandling
--- PASS: TestAccWAFV2WebACL_ByteMatchStatement_jsonBody (51.01s)
=== CONT TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP
--- PASS: TestAccWAFV2IPSet_changeNameForceNew (30.32s)
=== CONT TestAccWAFV2RuleGroup_LabelMatchStatement
--- PASS: TestAccWAFV2RuleGroup_RuleAction_customRequestHandling (37.24s)
=== CONT TestAccWAFV2RuleGroup_ruleAction
--- PASS: TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP (37.14s)
=== CONT TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement
--- PASS: TestAccWAFV2RuleGroup_LabelMatchStatement (35.36s)
=== CONT TestAccWAFV2RuleGroup_geoMatchStatement
--- PASS: TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement (21.13s)
=== CONT TestAccWAFV2RuleGroup_RuleLabels
--- PASS: TestAccWAFV2RuleGroup_ruleAction (51.75s)
=== CONT TestAccWAFV2RuleGroup_disappears
--- PASS: TestAccWAFV2RuleGroup_geoMatchStatement (37.03s)
=== CONT TestAccWAFV2IPSet_ipv6
--- PASS: TestAccWAFV2RuleGroup_RuleLabels (35.95s)
=== CONT TestAccWAFV2IPSet_minimal
--- PASS: TestAccWAFV2RuleGroup_disappears (15.18s)
=== CONT TestAccWAFV2WebACL_Update_rule
--- PASS: TestAccWAFV2IPSet_ipv6 (19.45s)
=== CONT TestAccWAFV2WebACL_RateBased_basic
--- PASS: TestAccWAFV2IPSet_minimal (20.57s)
=== CONT TestAccWAFV2WebACL_minimal
--- PASS: TestAccWAFV2WebACL_minimal (24.36s)
=== CONT TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
--- PASS: TestAccWAFV2WebACL_Update_rule (51.74s)
=== CONT TestAccWAFV2WebACL_ManagedRuleGroup_basic
--- PASS: TestAccWAFV2WebACL_RateBased_basic (50.41s)
=== CONT TestAccWAFV2RegexPatternSet_disappears
--- PASS: TestAccWAFV2RegexPatternSet_disappears (14.82s)
=== CONT TestAccWAFV2RuleGroup_byteMatchStatement
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion (50.79s)
=== CONT TestAccWAFV2RuleGroup_changeMetricNameForceNew
--- PASS: TestAccWAFV2RuleGroup_byteMatchStatement (38.03s)
=== CONT TestAccWAFV2WebACL_disappears
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_basic (72.96s)
=== CONT TestAccWAFV2RuleGroup_changeCapacityForceNew
--- PASS: TestAccWAFV2RuleGroup_changeMetricNameForceNew (32.31s)
=== CONT TestAccWAFV2RuleGroup_changeNameForceNew
--- PASS: TestAccWAFV2WebACL_disappears (21.10s)
=== CONT TestAccWAFV2RuleGroup_updateRuleProperties
--- PASS: TestAccWAFV2RuleGroup_changeCapacityForceNew (34.66s)
=== CONT TestAccWAFV2WebACL_Update_nameForceNew
--- PASS: TestAccWAFV2RuleGroup_changeNameForceNew (34.59s)
=== CONT TestAccWAFV2RegexPatternSet_tags
--- PASS: TestAccWAFV2RuleGroup_updateRuleProperties (56.79s)
=== CONT TestAccWAFV2WebACL_Update_ruleProperties
--- PASS: TestAccWAFV2WebACL_Update_nameForceNew (50.30s)
=== CONT TestAccWAFV2RuleGroup_basic
--- PASS: TestAccWAFV2RegexPatternSet_tags (48.94s)
=== CONT TestAccWAFV2IPSet_disappears
--- PASS: TestAccWAFV2IPSet_disappears (15.01s)
=== CONT TestAccWAFV2RuleGroup_updateRule
--- PASS: TestAccWAFV2RuleGroup_basic (21.94s)
=== CONT TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP
--- PASS: TestAccWAFV2RuleGroup_updateRule (40.06s)
=== CONT TestAccWAFV2RegexPatternSet_changeNameForceNew
--- PASS: TestAccWAFV2RegexPatternSet_changeNameForceNew (37.35s)
=== CONT TestAccWAFV2RegexPatternSet_minimal
--- PASS: TestAccWAFV2WebACL_Update_ruleProperties (104.89s)
=== CONT TestAccWAFV2RuleGroup_logicalRuleStatements
--- PASS: TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP (77.12s)
=== CONT TestAccWAFV2IPSet_large
--- PASS: TestAccWAFV2RegexPatternSet_minimal (17.64s)
=== CONT TestAccWAFV2RuleGroup_xssMatchStatement
--- PASS: TestAccWAFV2IPSet_large (21.65s)
=== CONT TestAccWAFV2WebACLAssociation_disappears
--- PASS: TestAccWAFV2RuleGroup_xssMatchStatement (39.88s)
=== CONT TestAccWAFV2WebACL_basic
--- PASS: TestAccWAFV2RuleGroup_logicalRuleStatements (58.53s)
=== CONT TestAccWAFV2WebACLAssociation_basic
--- PASS: TestAccWAFV2WebACL_basic (29.49s)
=== CONT TestAccWAFV2IPSet_tags
--- PASS: TestAccWAFV2WebACLAssociation_disappears (84.73s)
=== CONT TestAccWAFV2RuleGroup_sqliMatchStatement
--- PASS: TestAccWAFV2IPSet_tags (48.46s)
=== CONT TestAccWAFV2RegexPatternSet_basic
--- PASS: TestAccWAFV2WebACLAssociation_basic (91.72s)
=== CONT TestAccWAFV2RuleGroup_sizeConstraintStatement
--- PASS: TestAccWAFV2RuleGroup_sqliMatchStatement (38.48s)
=== CONT TestAccWAFV2RuleGroup_ipSetReferenceStatement
--- PASS: TestAccWAFV2RegexPatternSet_basic (36.60s)
=== CONT TestAccWAFV2RuleGroup_tags
--- PASS: TestAccWAFV2RuleGroup_ipSetReferenceStatement (24.81s)
=== CONT TestAccWAFV2RuleGroup_minimal
--- PASS: TestAccWAFV2RuleGroup_sizeConstraintStatement (41.04s)
--- PASS: TestAccWAFV2RuleGroup_minimal (21.26s)
--- PASS: TestAccWAFV2RuleGroup_tags (55.06s)
PASS
ok github.com/hashicorp/terraform-provider-aws/internal/service/wafv2 1021.197s
Waiting until oversize handling change release date is clarified by AWS...
Any updates in regards to this PR? Based on the email messaging from AWS, this is going to be a problem come tomorrow...
Although defining oversize handling behavior is optional today, on October 1, 2022, we will make specifying the handling behavior for oversized requests required when there is no size constraint on the Body or JSON body rule. After October 1, 2022, if you have not updated your web ACL to either add a size constraint statement on Body or JSON body rules in your web ACL, or define the oversize handling behavior for these rules, updates to your WAF rules using the API will fail.
@ch0ppy35
Any updates in regards to this PR? Based on the email messaging from AWS, this is going to be a problem come tomorrow...
Although defining oversize handling behavior is optional today, on October 1, 2022, we will make specifying the handling behavior for oversized requests required when there is no size constraint on the Body or JSON body rule. After October 1, 2022, if you have not updated your web ACL to either add a size constraint statement on Body or JSON body rules in your web ACL, or define the oversize handling behavior for these rules, updates to your WAF rules using the API will fail.
I opened a ticket with AWS and verified they are deferring the date of enforcement - they told me it would be sometime in February and are working on a formal notice communication.
As AWS have now pushed back the change to WAFv2 oversize handling behaviour until February 2023, I have modified this PR to remove the breaking changes (which were adding a required oversize_handling attribute to the body block and changing json_body.oversize_handling from optional to required), leaving the addition of a headersblock tofields_to_match`.
The oversize handling changes will be done in a future PR (please keep upvoting the GitHub Issues linked in this PR's initial description). If those future changes do require a breaking change they will be done as part of a Terraform AWS Provider major version.
% ACCTEST_TIMEOUT=360m make testacc TESTARGS='-run=TestAccWAFV2RuleGroup_\|TestAccWAFV2WebACL_\|TestAccWAFV2IPSet_\|TestAccWAFV2RegexPatternSet_\|TestAccWAFV2WebACLAssociation_' PKG=wafv2 ACCTEST_PARALLELISM=3
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/wafv2/... -v -count 1 -parallel 3 -run=TestAccWAFV2RuleGroup_\|TestAccWAFV2WebACL_\|TestAccWAFV2IPSet_\|TestAccWAFV2RegexPatternSet_\|TestAccWAFV2WebACLAssociation_ -timeout 360m
=== RUN TestAccWAFV2IPSet_basic
=== PAUSE TestAccWAFV2IPSet_basic
=== RUN TestAccWAFV2IPSet_disappears
=== PAUSE TestAccWAFV2IPSet_disappears
=== RUN TestAccWAFV2IPSet_ipv6
=== PAUSE TestAccWAFV2IPSet_ipv6
=== RUN TestAccWAFV2IPSet_minimal
=== PAUSE TestAccWAFV2IPSet_minimal
=== RUN TestAccWAFV2IPSet_changeNameForceNew
=== PAUSE TestAccWAFV2IPSet_changeNameForceNew
=== RUN TestAccWAFV2IPSet_tags
=== PAUSE TestAccWAFV2IPSet_tags
=== RUN TestAccWAFV2IPSet_large
=== PAUSE TestAccWAFV2IPSet_large
=== RUN TestAccWAFV2RegexPatternSet_basic
=== PAUSE TestAccWAFV2RegexPatternSet_basic
=== RUN TestAccWAFV2RegexPatternSet_disappears
=== PAUSE TestAccWAFV2RegexPatternSet_disappears
=== RUN TestAccWAFV2RegexPatternSet_minimal
=== PAUSE TestAccWAFV2RegexPatternSet_minimal
=== RUN TestAccWAFV2RegexPatternSet_changeNameForceNew
=== PAUSE TestAccWAFV2RegexPatternSet_changeNameForceNew
=== RUN TestAccWAFV2RegexPatternSet_tags
=== PAUSE TestAccWAFV2RegexPatternSet_tags
=== RUN TestAccWAFV2RuleGroup_basic
=== PAUSE TestAccWAFV2RuleGroup_basic
=== RUN TestAccWAFV2RuleGroup_updateRule
=== PAUSE TestAccWAFV2RuleGroup_updateRule
=== RUN TestAccWAFV2RuleGroup_updateRuleProperties
=== PAUSE TestAccWAFV2RuleGroup_updateRuleProperties
=== RUN TestAccWAFV2RuleGroup_byteMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_byteMatchStatement
=== RUN TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
=== PAUSE TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
=== RUN TestAccWAFV2RuleGroup_changeNameForceNew
=== PAUSE TestAccWAFV2RuleGroup_changeNameForceNew
=== RUN TestAccWAFV2RuleGroup_changeCapacityForceNew
=== PAUSE TestAccWAFV2RuleGroup_changeCapacityForceNew
=== RUN TestAccWAFV2RuleGroup_changeMetricNameForceNew
=== PAUSE TestAccWAFV2RuleGroup_changeMetricNameForceNew
=== RUN TestAccWAFV2RuleGroup_disappears
=== PAUSE TestAccWAFV2RuleGroup_disappears
=== RUN TestAccWAFV2RuleGroup_RuleLabels
=== PAUSE TestAccWAFV2RuleGroup_RuleLabels
=== RUN TestAccWAFV2RuleGroup_geoMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_geoMatchStatement
=== RUN TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP
=== PAUSE TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP
=== RUN TestAccWAFV2RuleGroup_LabelMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_LabelMatchStatement
=== RUN TestAccWAFV2RuleGroup_ipSetReferenceStatement
=== PAUSE TestAccWAFV2RuleGroup_ipSetReferenceStatement
=== RUN TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP
=== PAUSE TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP
=== RUN TestAccWAFV2RuleGroup_logicalRuleStatements
=== PAUSE TestAccWAFV2RuleGroup_logicalRuleStatements
=== RUN TestAccWAFV2RuleGroup_minimal
=== PAUSE TestAccWAFV2RuleGroup_minimal
=== RUN TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement
=== PAUSE TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement
=== RUN TestAccWAFV2RuleGroup_ruleAction
=== PAUSE TestAccWAFV2RuleGroup_ruleAction
=== RUN TestAccWAFV2RuleGroup_RuleAction_customRequestHandling
=== PAUSE TestAccWAFV2RuleGroup_RuleAction_customRequestHandling
=== RUN TestAccWAFV2RuleGroup_RuleAction_customResponse
=== PAUSE TestAccWAFV2RuleGroup_RuleAction_customResponse
=== RUN TestAccWAFV2RuleGroup_sizeConstraintStatement
=== PAUSE TestAccWAFV2RuleGroup_sizeConstraintStatement
=== RUN TestAccWAFV2RuleGroup_sqliMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_sqliMatchStatement
=== RUN TestAccWAFV2RuleGroup_tags
=== PAUSE TestAccWAFV2RuleGroup_tags
=== RUN TestAccWAFV2RuleGroup_xssMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_xssMatchStatement
=== RUN TestAccWAFV2WebACLAssociation_basic
=== PAUSE TestAccWAFV2WebACLAssociation_basic
=== RUN TestAccWAFV2WebACLAssociation_disappears
=== PAUSE TestAccWAFV2WebACLAssociation_disappears
=== RUN TestAccWAFV2WebACL_basic
=== PAUSE TestAccWAFV2WebACL_basic
=== RUN TestAccWAFV2WebACL_Update_rule
=== PAUSE TestAccWAFV2WebACL_Update_rule
=== RUN TestAccWAFV2WebACL_Update_ruleProperties
=== PAUSE TestAccWAFV2WebACL_Update_ruleProperties
=== RUN TestAccWAFV2WebACL_Update_nameForceNew
=== PAUSE TestAccWAFV2WebACL_Update_nameForceNew
=== RUN TestAccWAFV2WebACL_disappears
=== PAUSE TestAccWAFV2WebACL_disappears
=== RUN TestAccWAFV2WebACL_ManagedRuleGroup_basic
=== PAUSE TestAccWAFV2WebACL_ManagedRuleGroup_basic
=== RUN TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
=== PAUSE TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
=== RUN TestAccWAFV2WebACL_minimal
=== PAUSE TestAccWAFV2WebACL_minimal
=== RUN TestAccWAFV2WebACL_RateBased_basic
=== PAUSE TestAccWAFV2WebACL_RateBased_basic
=== RUN TestAccWAFV2WebACL_ByteMatchStatement_basic
=== PAUSE TestAccWAFV2WebACL_ByteMatchStatement_basic
=== RUN TestAccWAFV2WebACL_ByteMatchStatement_jsonBody
=== PAUSE TestAccWAFV2WebACL_ByteMatchStatement_jsonBody
=== RUN TestAccWAFV2WebACL_GeoMatch_basic
=== PAUSE TestAccWAFV2WebACL_GeoMatch_basic
=== RUN TestAccWAFV2WebACL_GeoMatch_forwardedIP
=== PAUSE TestAccWAFV2WebACL_GeoMatch_forwardedIP
=== RUN TestAccWAFV2WebACL_LabelMatchStatement
=== PAUSE TestAccWAFV2WebACL_LabelMatchStatement
=== RUN TestAccWAFV2WebACL_RuleLabels
=== PAUSE TestAccWAFV2WebACL_RuleLabels
=== RUN TestAccWAFV2WebACL_IPSetReference_basic
=== PAUSE TestAccWAFV2WebACL_IPSetReference_basic
=== RUN TestAccWAFV2WebACL_IPSetReference_forwardedIP
=== PAUSE TestAccWAFV2WebACL_IPSetReference_forwardedIP
=== RUN TestAccWAFV2WebACL_RateBased_forwardedIP
=== PAUSE TestAccWAFV2WebACL_RateBased_forwardedIP
=== RUN TestAccWAFV2WebACL_RuleGroupReference_basic
=== PAUSE TestAccWAFV2WebACL_RuleGroupReference_basic
=== RUN TestAccWAFV2WebACL_Custom_requestHandling
=== PAUSE TestAccWAFV2WebACL_Custom_requestHandling
=== RUN TestAccWAFV2WebACL_Custom_response
=== PAUSE TestAccWAFV2WebACL_Custom_response
=== RUN TestAccWAFV2WebACL_tags
=== PAUSE TestAccWAFV2WebACL_tags
=== RUN TestAccWAFV2WebACL_RateBased_maxNested
=== PAUSE TestAccWAFV2WebACL_RateBased_maxNested
=== RUN TestAccWAFV2WebACL_Operators_maxNested
=== PAUSE TestAccWAFV2WebACL_Operators_maxNested
=== CONT TestAccWAFV2IPSet_basic
=== CONT TestAccWAFV2RuleGroup_sizeConstraintStatement
=== CONT TestAccWAFV2WebACL_ByteMatchStatement_basic
--- PASS: TestAccWAFV2IPSet_basic (42.17s)
=== CONT TestAccWAFV2WebACL_RateBased_forwardedIP
--- PASS: TestAccWAFV2RuleGroup_sizeConstraintStatement (47.09s)
=== CONT TestAccWAFV2WebACL_Operators_maxNested
--- PASS: TestAccWAFV2WebACL_ByteMatchStatement_basic (66.60s)
=== CONT TestAccWAFV2WebACL_RateBased_maxNested
--- PASS: TestAccWAFV2WebACL_Operators_maxNested (34.50s)
=== CONT TestAccWAFV2WebACL_IPSetReference_forwardedIP
--- PASS: TestAccWAFV2WebACL_RateBased_forwardedIP (57.89s)
=== CONT TestAccWAFV2WebACL_tags
--- PASS: TestAccWAFV2WebACL_RateBased_maxNested (33.86s)
=== CONT TestAccWAFV2WebACL_IPSetReference_basic
--- PASS: TestAccWAFV2WebACL_IPSetReference_basic (28.59s)
=== CONT TestAccWAFV2WebACL_Custom_response
--- PASS: TestAccWAFV2WebACL_tags (68.45s)
=== CONT TestAccWAFV2WebACL_RuleLabels
--- PASS: TestAccWAFV2WebACL_IPSetReference_forwardedIP (99.41s)
=== CONT TestAccWAFV2WebACL_Custom_requestHandling
--- PASS: TestAccWAFV2WebACL_Custom_response (72.45s)
=== CONT TestAccWAFV2WebACL_LabelMatchStatement
--- PASS: TestAccWAFV2WebACL_RuleLabels (50.91s)
=== CONT TestAccWAFV2WebACL_RuleGroupReference_basic
--- PASS: TestAccWAFV2WebACL_LabelMatchStatement (52.35s)
=== CONT TestAccWAFV2WebACL_GeoMatch_forwardedIP
--- PASS: TestAccWAFV2WebACL_Custom_requestHandling (74.47s)
=== CONT TestAccWAFV2WebACL_GeoMatch_basic
--- PASS: TestAccWAFV2WebACL_RuleGroupReference_basic (57.82s)
=== CONT TestAccWAFV2WebACL_ByteMatchStatement_jsonBody
--- PASS: TestAccWAFV2WebACL_GeoMatch_forwardedIP (51.58s)
=== CONT TestAccWAFV2WebACL_Update_ruleProperties
--- PASS: TestAccWAFV2WebACL_GeoMatch_basic (50.79s)
=== CONT TestAccWAFV2WebACL_RateBased_basic
--- PASS: TestAccWAFV2WebACL_ByteMatchStatement_jsonBody (51.74s)
=== CONT TestAccWAFV2WebACLAssociation_basic
--- PASS: TestAccWAFV2WebACL_RateBased_basic (52.29s)
=== CONT TestAccWAFV2RuleGroup_xssMatchStatement
--- PASS: TestAccWAFV2WebACL_Update_ruleProperties (82.51s)
=== CONT TestAccWAFV2WebACL_Update_rule
--- PASS: TestAccWAFV2RuleGroup_xssMatchStatement (39.12s)
=== CONT TestAccWAFV2WebACL_basic
--- PASS: TestAccWAFV2WebACL_basic (28.56s)
=== CONT TestAccWAFV2WebACLAssociation_disappears
--- PASS: TestAccWAFV2WebACLAssociation_basic (98.60s)
=== CONT TestAccWAFV2RuleGroup_changeNameForceNew
--- PASS: TestAccWAFV2WebACL_Update_rule (56.26s)
=== CONT TestAccWAFV2RuleGroup_RuleAction_customResponse
--- PASS: TestAccWAFV2RuleGroup_changeNameForceNew (36.80s)
=== CONT TestAccWAFV2RuleGroup_RuleAction_customRequestHandling
--- PASS: TestAccWAFV2RuleGroup_RuleAction_customResponse (51.75s)
=== CONT TestAccWAFV2RuleGroup_ruleAction
--- PASS: TestAccWAFV2RuleGroup_RuleAction_customRequestHandling (35.78s)
=== CONT TestAccWAFV2WebACL_Update_nameForceNew
--- PASS: TestAccWAFV2WebACLAssociation_disappears (81.52s)
=== CONT TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement
--- PASS: TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement (21.56s)
=== CONT TestAccWAFV2WebACL_minimal
--- PASS: TestAccWAFV2WebACL_Update_nameForceNew (46.28s)
=== CONT TestAccWAFV2RuleGroup_minimal
--- PASS: TestAccWAFV2RuleGroup_ruleAction (51.17s)
=== CONT TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
--- PASS: TestAccWAFV2WebACL_minimal (25.27s)
=== CONT TestAccWAFV2RuleGroup_logicalRuleStatements
--- PASS: TestAccWAFV2RuleGroup_minimal (17.65s)
=== CONT TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion (49.41s)
=== CONT TestAccWAFV2RuleGroup_ipSetReferenceStatement
--- PASS: TestAccWAFV2RuleGroup_logicalRuleStatements (51.02s)
=== CONT TestAccWAFV2RuleGroup_LabelMatchStatement
--- PASS: TestAccWAFV2RuleGroup_ipSetReferenceStatement (21.88s)
=== CONT TestAccWAFV2RuleGroup_sqliMatchStatement
--- PASS: TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP (71.60s)
=== CONT TestAccWAFV2RegexPatternSet_minimal
--- PASS: TestAccWAFV2RuleGroup_LabelMatchStatement (36.08s)
=== CONT TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
--- PASS: TestAccWAFV2RegexPatternSet_minimal (16.37s)
=== CONT TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP
--- PASS: TestAccWAFV2RuleGroup_sqliMatchStatement (36.28s)
=== CONT TestAccWAFV2RuleGroup_byteMatchStatement
--- PASS: TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP (38.06s)
=== CONT TestAccWAFV2RuleGroup_geoMatchStatement
--- PASS: TestAccWAFV2RuleGroup_byteMatchStatement (38.21s)
=== CONT TestAccWAFV2RuleGroup_RuleLabels
--- PASS: TestAccWAFV2RuleGroup_geoMatchStatement (37.45s)
=== CONT TestAccWAFV2RuleGroup_updateRuleProperties
--- PASS: TestAccWAFV2RuleGroup_RuleLabels (36.60s)
=== CONT TestAccWAFV2WebACL_ManagedRuleGroup_basic
--- PASS: TestAccWAFV2RuleGroup_updateRuleProperties (54.42s)
=== CONT TestAccWAFV2RuleGroup_disappears
--- PASS: TestAccWAFV2RuleGroup_disappears (15.02s)
=== CONT TestAccWAFV2RuleGroup_changeMetricNameForceNew
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_basic (75.09s)
=== CONT TestAccWAFV2RuleGroup_changeCapacityForceNew
--- PASS: TestAccWAFV2RuleGroup_changeMetricNameForceNew (33.47s)
=== CONT TestAccWAFV2RuleGroup_updateRule
--- PASS: TestAccWAFV2RuleGroup_changeCapacityForceNew (34.26s)
=== CONT TestAccWAFV2WebACL_disappears
--- PASS: TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch (198.41s)
=== CONT TestAccWAFV2RuleGroup_tags
--- PASS: TestAccWAFV2WebACL_disappears (21.30s)
=== CONT TestAccWAFV2RegexPatternSet_tags
--- PASS: TestAccWAFV2RuleGroup_updateRule (37.09s)
=== CONT TestAccWAFV2RegexPatternSet_changeNameForceNew
--- PASS: TestAccWAFV2RuleGroup_tags (50.43s)
=== CONT TestAccWAFV2IPSet_tags
--- PASS: TestAccWAFV2RegexPatternSet_changeNameForceNew (30.68s)
=== CONT TestAccWAFV2RegexPatternSet_basic
--- PASS: TestAccWAFV2RegexPatternSet_tags (46.38s)
=== CONT TestAccWAFV2IPSet_large
--- PASS: TestAccWAFV2IPSet_large (20.20s)
=== CONT TestAccWAFV2RegexPatternSet_disappears
--- PASS: TestAccWAFV2RegexPatternSet_basic (34.21s)
=== CONT TestAccWAFV2IPSet_minimal
--- PASS: TestAccWAFV2IPSet_tags (48.33s)
=== CONT TestAccWAFV2IPSet_changeNameForceNew
--- PASS: TestAccWAFV2RegexPatternSet_disappears (14.51s)
=== CONT TestAccWAFV2RuleGroup_basic
--- PASS: TestAccWAFV2IPSet_minimal (19.90s)
=== CONT TestAccWAFV2IPSet_disappears
--- PASS: TestAccWAFV2RuleGroup_basic (21.10s)
=== CONT TestAccWAFV2IPSet_ipv6
--- PASS: TestAccWAFV2IPSet_disappears (14.89s)
--- PASS: TestAccWAFV2IPSet_changeNameForceNew (31.42s)
--- PASS: TestAccWAFV2IPSet_ipv6 (19.63s)
PASS
ok github.com/hashicorp/terraform-provider-aws/internal/service/wafv2 985.926s
This functionality has been released in v4.34.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.
For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.