Implementing WAF configuration resource deletion (#18)

waf configuration resource deletion implementation
fastly · Aug 7, 2020 · e723304 · e723304
1 parent 5bfb858
commit e723304
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 22 deletions.
diff --git a/fastly/resource_fastly_service_waf_configuration_v1.go b/fastly/resource_fastly_service_waf_configuration_v1.go
@@ -3,12 +3,13 @@ package fastly
 import (
 	"errors"
 	"fmt"
-	gofastly "github.com/fastly/go-fastly/fastly"
-	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
-	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	"log"
 	"reflect"
 	"sort"
+
+	gofastly "github.com/fastly/go-fastly/fastly"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 )
 
 func resourceServiceWAFConfigurationV1() *schema.Resource {
@@ -249,32 +250,21 @@ func resourceServiceWAFConfigurationV1Read(d *schema.ResourceData, meta interfac
 func resourceServiceWAFConfigurationV1Delete(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*FastlyClient).conn
 
-	latestVersion, err := getLatestVersion(d, meta)
+	wafID := d.Get("waf_id").(string)
+	emptyVersion, err := conn.CreateEmptyWAFVersion(&gofastly.CreateEmptyWAFVersionInput{
+		WAFID: wafID,
+	})
 	if err != nil {
 		return err
 	}
 
-	wafID := d.Get("waf_id").(string)
-	if latestVersion.Locked {
-		latestVersion, err = conn.CloneWAFVersion(&gofastly.CloneWAFVersionInput{
-			WAFID:            wafID,
-			WAFVersionNumber: latestVersion.Number,
-		})
-		if err != nil {
-			return err
-		}
-	}
-
-	// TODO: Remove all rules from WAF version
-
 	err = conn.DeployWAFVersion(&gofastly.DeployWAFVersionInput{
 		WAFID:            wafID,
-		WAFVersionNumber: latestVersion.Number,
+		WAFVersionNumber: emptyVersion.Number,
 	})
 	if err != nil {
 		return err
 	}
-
 	return nil
 }
 

diff --git a/fastly/resource_fastly_service_waf_configuration_v1_test.go b/fastly/resource_fastly_service_waf_configuration_v1_test.go
@@ -2,12 +2,13 @@ package fastly
 
 import (
 	"fmt"
+	"reflect"
+	"testing"
+
 	gofastly "github.com/fastly/go-fastly/fastly"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/terraform"
-	"reflect"
-	"testing"
 )
 
 func TestAccFastlyServiceWAFVersionV1DetermineVersion(t *testing.T) {
@@ -167,7 +168,7 @@ func TestAccFastlyServiceWAFVersionV1Delete(t *testing.T) {
 				Config: testAccFastlyServiceWAFVersionV1(name, ""),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckServiceV1Exists(serviceRef, &service),
-					testAccCheckFastlyServiceWAFVersionV1CheckAttributes(&service, wafVerInput, 2),
+					testAccCheckFastlyServiceWAFVersionV1CheckEmpty(&service, 2),
 				),
 			},
 		},
@@ -215,6 +216,56 @@ func testAccCheckFastlyServiceWAFVersionV1CheckAttributes(service *gofastly.Serv
 	}
 }
 
+func testAccCheckFastlyServiceWAFVersionV1CheckEmpty(service *gofastly.ServiceDetail, latestVersion int) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+
+		conn := testAccProvider.Meta().(*FastlyClient).conn
+		wafResp, err := conn.ListWAFs(&gofastly.ListWAFsInput{
+			FilterService: service.ID,
+			FilterVersion: service.ActiveVersion.Number,
+		})
+		if err != nil {
+			return fmt.Errorf("[ERR] Error looking up WAF records for (%s), version (%v): %s", service.Name, service.ActiveVersion.Number, err)
+		}
+
+		if len(wafResp.Items) != 1 {
+			return fmt.Errorf("[ERR] Expected waf result size (%d), got (%d)", 1, len(wafResp.Items))
+		}
+
+		waf := wafResp.Items[0]
+		verResp, err := conn.ListWAFVersions(&gofastly.ListWAFVersionsInput{
+			WAFID: waf.ID,
+		})
+		if err != nil {
+			return fmt.Errorf("[ERR] Error looking up WAF version records for (%s), version (%v): %s", service.Name, service.ActiveVersion.Number, err)
+		}
+
+		if len(verResp.Items) < 1 {
+			return fmt.Errorf("[ERR] Expected result size (%d), got (%d)", 1, len(verResp.Items))
+		}
+
+		emptyVersion, err := testAccFastlyServiceWAFVersionV1GetVersionNumber(verResp.Items, latestVersion)
+		if err != nil {
+			return err
+		}
+
+		if !emptyVersion.Locked {
+			return fmt.Errorf("[ERR] Expected Locked = (%v),  got (%v)", true, emptyVersion.Locked)
+		}
+		if emptyVersion.DeployedAt == nil {
+			return fmt.Errorf("[ERR] Expected DeployedAt not nil,  got (%v)", emptyVersion.DeployedAt)
+		}
+
+		totalRules := emptyVersion.ActiveRulesFastlyBlockCount + emptyVersion.ActiveRulesFastlyLogCount + emptyVersion.ActiveRulesOWASPBlockCount +
+			emptyVersion.ActiveRulesOWASPLogCount + emptyVersion.ActiveRulesOWASPScoreCount + emptyVersion.ActiveRulesTrustwaveBlockCount + emptyVersion.ActiveRulesTrustwaveLogCount
+
+		if totalRules != 0 {
+			return fmt.Errorf("expected no active rules rules: got %d", totalRules)
+		}
+		return nil
+	}
+}
+
 func testAccFastlyServiceWAFVersionV1GetVersionNumber(versions []*gofastly.WAFVersion, number int) (gofastly.WAFVersion, error) {
 	for _, v := range versions {
 		if v.Number == number {