Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

f/added oversize handling to waf v2 body and headers #26506

Merged
merged 56 commits into from
Oct 3, 2022
Merged

f/added oversize handling to waf v2 body and headers #26506

merged 56 commits into from
Oct 3, 2022

Conversation

scottwestover
Copy link
Contributor

@scottwestover scottwestover commented Aug 27, 2022
edited by ewbankkit

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Relates #25545.
Relates #25832.

Summary:

  • Added a new schema object for the existing field_to_match.body schema that will require you to set the oversize_handling attribute.
  • Added support for headers under the field_to_match schema.

Output from acceptance testing:

$ make testacc TESTS=TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch PKG=wafv2

==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/wafv2/... -v -count 1 -parallel 20 -run='TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch'  -timeout 180m
=== RUN   TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
=== PAUSE TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
=== CONT  TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
--- PASS: TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch (232.24s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/wafv2	232.402s
...

@scottwestover
added oversize handling to wafv2
4543df7 
Signed-off-by: Scott Westover <scottwestover2006@gmail.com>
@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. documentation Introduces or discusses updates to documentation. service/wafv2 Issues and PRs that pertain to the wafv2 service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. size/M Managed by automation to categorize the size of a PR. labels Aug 27, 2022
@scottwestover
[GH-25832] added: changelog for pull request
2e605f7 
Signed-off-by: Scott Westover <scottwestover2006@gmail.com>
github-actions[bot]
github-actions bot reviewed Aug 27, 2022
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Welcome @scottwestover 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTOR guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

@scottwestover scottwestover mentioned this pull request Aug 27, 2022
Closed
@bschaatsbergen
Copy link
Member

bschaatsbergen commented Aug 27, 2022
edited

Hi @scottwestover, thanks for taking the time to raise this PR.

Please note that as per the docs here, Oversize Handling applies to more places in the WAFv2 Webl ACL; Body, JsonBody, Headers and Cookies.

@scottwestover scottwestover changed the title added oversize handling to waf v2 added oversize handling to waf v2 for request body Aug 28, 2022
@scottwestover
Copy link
Contributor Author

@bschaatsbergen Yes, it does apply to the other FieldToMatch types, however most of those types do not appear to be supported currently in the provider: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl#field-to-match.

My intention for the PR was to add support for the existing fields in the provider today.

@bschaatsbergen
Copy link
Member

@bschaatsbergen Yes, it does apply to the other FieldToMatch types, however most of those types do not appear to be supported currently in the provider: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl#field-to-match.

My intention for the PR was to add support for the existing fields in the provider today.

That's fine, just pointing it out - I believe it's to be added with the same urgency as the OversizeHandling for the body prop. I'll see if I can review this by Tuesday, iirc the team will pick up OversizeHandling with some urgency.

@scottwestover
added: support for wafv2 cookie match type
c901dc2 
Signed-off-by: Scott Westover <scottwestover2006@gmail.com>
@scottwestover
added: support for cookies attribute to wafv2 web acl
b38e2ea 
Added support for the `cookies` attribute in the `field_to_match` that
is available under the wafv2 rule group and acl.

Relates #25545
Relates #25832

Signed-off-by: Scott Westover <scottwestover2006@gmail.com>
@github-actions github-actions bot added size/XL Managed by automation to categorize the size of a PR. and removed size/M Managed by automation to categorize the size of a PR. labels Aug 29, 2022
@scottwestover
added: support for headers attribute to wafv2 web acl
fd15aed 
Added support for the `headers` attribute in the `field_to_match` that
is available under the wafv2 rule group and acl.

Relates #25545
Relates #25832

Signed-off-by: Scott Westover <scottwestover2006@gmail.com>
@scottwestover scottwestover changed the title added oversize handling to waf v2 for request body added oversize handling to waf v2 Aug 29, 2022
@scottwestover
added: support for json body attribute to wafv2 web acl
a4734bc 
Added support for the `json_body` attribute in the `field_to_match` that
is available under the wafv2 rule group and acl.

Relates #25545
Relates #25832

Signed-off-by: Scott Westover <scottwestover2006@gmail.com>
@scottwestover
changed: updated wafv2 documentation to include new fields
25b43f0 
Signed-off-by: Scott Westover <scottwestover2006@gmail.com>
@scottwestover
added: additional acceptance tests for wafv2
9e77880 
Signed-off-by: Scott Westover <scottwestover2006@gmail.com>
@scottwestover
Copy link
Contributor Author

@bschaatsbergen I went ahead and tried to implement the functionality for the additional properties as well, using the existing schemas for reference and the AWS docs. Once you, or another team member get a chance to review, any feedback would be appreciated.

@scottwestover
f/wafv2_rule_group - updated changelog
ef63bd8 
Signed-off-by: Scott Westover <scottwestover2006@gmail.com>
@ewbankkit ewbankkit removed the needs-triage Waiting for first response or review from a maintainer. label Aug 29, 2022
@scottwestover
fixed: resolved conflicts with main branch
78e5054 
Signed-off-by: Scott Westover <scottwestover2006@gmail.com>
@bschaatsbergen
Copy link
Member

Hi @scottwestover, great work. I've addressed it with one of the core team members and they will take a look at this.

@ewbankkit
r/aws_wafv2_ip_set: Switch to 'WithoutTimeout' CRUD handlers (#15090).
8372d20 
Acceptance test output:

% make testacc TESTARGS='-run=TestAccWAFV2IPSet_' PKG=wafv2 ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/wafv2/... -v -count 1 -parallel 2  -run=TestAccWAFV2IPSet_ -timeout 180m
=== RUN   TestAccWAFV2IPSet_basic
=== PAUSE TestAccWAFV2IPSet_basic
=== RUN   TestAccWAFV2IPSet_disappears
=== PAUSE TestAccWAFV2IPSet_disappears
=== RUN   TestAccWAFV2IPSet_ipv6
=== PAUSE TestAccWAFV2IPSet_ipv6
=== RUN   TestAccWAFV2IPSet_minimal
=== PAUSE TestAccWAFV2IPSet_minimal
=== RUN   TestAccWAFV2IPSet_changeNameForceNew
=== PAUSE TestAccWAFV2IPSet_changeNameForceNew
=== RUN   TestAccWAFV2IPSet_tags
=== PAUSE TestAccWAFV2IPSet_tags
=== RUN   TestAccWAFV2IPSet_large
=== PAUSE TestAccWAFV2IPSet_large
=== CONT  TestAccWAFV2IPSet_basic
=== CONT  TestAccWAFV2IPSet_changeNameForceNew
--- PASS: TestAccWAFV2IPSet_changeNameForceNew (31.66s)
=== CONT  TestAccWAFV2IPSet_large
--- PASS: TestAccWAFV2IPSet_basic (37.46s)
=== CONT  TestAccWAFV2IPSet_tags
--- PASS: TestAccWAFV2IPSet_large (19.25s)
=== CONT  TestAccWAFV2IPSet_ipv6
--- PASS: TestAccWAFV2IPSet_ipv6 (18.65s)
=== CONT  TestAccWAFV2IPSet_minimal
--- PASS: TestAccWAFV2IPSet_tags (43.24s)
=== CONT  TestAccWAFV2IPSet_disappears
--- PASS: TestAccWAFV2IPSet_minimal (19.33s)
--- PASS: TestAccWAFV2IPSet_disappears (15.55s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/wafv2	100.908s
@ewbankkit
r/aws_wafv2_regex_pattern_set: Switch to 'WithoutTimeout' CRUD handle…
ef76ded 
…rs (#15090).

Acceptance test output:

% make testacc TESTARGS='-run=TestAccWAFV2RegexPatternSet_' PKG=wafv2 ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/wafv2/... -v -count 1 -parallel 2  -run=TestAccWAFV2RegexPatternSet_ -timeout 180m
=== RUN   TestAccWAFV2RegexPatternSet_basic
=== PAUSE TestAccWAFV2RegexPatternSet_basic
=== RUN   TestAccWAFV2RegexPatternSet_disappears
=== PAUSE TestAccWAFV2RegexPatternSet_disappears
=== RUN   TestAccWAFV2RegexPatternSet_minimal
=== PAUSE TestAccWAFV2RegexPatternSet_minimal
=== RUN   TestAccWAFV2RegexPatternSet_changeNameForceNew
=== PAUSE TestAccWAFV2RegexPatternSet_changeNameForceNew
=== RUN   TestAccWAFV2RegexPatternSet_tags
=== PAUSE TestAccWAFV2RegexPatternSet_tags
=== CONT  TestAccWAFV2RegexPatternSet_basic
=== CONT  TestAccWAFV2RegexPatternSet_changeNameForceNew
--- PASS: TestAccWAFV2RegexPatternSet_changeNameForceNew (31.91s)
=== CONT  TestAccWAFV2RegexPatternSet_minimal
--- PASS: TestAccWAFV2RegexPatternSet_basic (34.79s)
=== CONT  TestAccWAFV2RegexPatternSet_tags
--- PASS: TestAccWAFV2RegexPatternSet_minimal (17.47s)
=== CONT  TestAccWAFV2RegexPatternSet_disappears
--- PASS: TestAccWAFV2RegexPatternSet_disappears (14.38s)
--- PASS: TestAccWAFV2RegexPatternSet_tags (47.03s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/wafv2	86.036s
@ewbankkit
r/aws_wafv2_web_acl_association: Switch to 'WithoutTimeout' CRUD hand…
34367c9 
…lers (#15090).

Acceptance test output:

% make testacc TESTARGS='-run=TestAccWAFV2WebACLAssociation_' PKG=wafv2 ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/wafv2/... -v -count 1 -parallel 2  -run=TestAccWAFV2WebACLAssociation_ -timeout 180m
=== RUN   TestAccWAFV2WebACLAssociation_basic
=== PAUSE TestAccWAFV2WebACLAssociation_basic
=== RUN   TestAccWAFV2WebACLAssociation_disappears
=== PAUSE TestAccWAFV2WebACLAssociation_disappears
=== CONT  TestAccWAFV2WebACLAssociation_basic
=== CONT  TestAccWAFV2WebACLAssociation_disappears
--- PASS: TestAccWAFV2WebACLAssociation_basic (63.08s)
--- PASS: TestAccWAFV2WebACLAssociation_disappears (107.36s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/wafv2	111.576s
@ewbankkit
Fix semgrep 'dgryski.semgrep-go.errnilcheck.err-nil-check'.
9af7760
@ewbankkit
expandRules: Ignore rule with empty 'name'.
01bfe91
@ewbankkit
Revert "expandRules: Ignore rule with empty 'name'."
c81b7ca 
This reverts commit 01bfe91.
@ewbankkit
WAFv2: 'body.oversize_handling' is Required (breaking change).
8e8046e
@ewbankkit
WAFv2: Add required 'body.oversize_handling' values.
1d826f4
@ewbankkit
WAFv2: Document required 'body.oversize_handling' value.
422c3dd
@ewbankkit
Breaking change: Add Required 'oversize_handling' attribute to the 'f…
e8aa32c 
…ield_to_match.body' block.
@ewbankkit
Copy link
Contributor

If we make field_to_match.body.oversize_handling Required, which will be a breaking change as all existing configurations containing

        field_to_match {
          body {}
        }

must be changed to

        field_to_match {
          body {
            oversize_handling = "CONTINUE"
          }
        }

then all (modified) acceptance tests pass:

% ACCTEST_TIMEOUT=360m  make testacc TESTARGS='-run=TestAccWAFV2RuleGroup_\|TestAccWAFV2WebACL_\|TestAccWAFV2IPSet_\|TestAccWAFV2RegexPatternSet_\|TestAccWAFV2WebACLAssociation_' PKG=wafv2 ACCTEST_PARALLELISM=3
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/wafv2/... -v -count 1 -parallel 3  -run=TestAccWAFV2RuleGroup_\|TestAccWAFV2WebACL_\|TestAccWAFV2IPSet_\|TestAccWAFV2RegexPatternSet_\|TestAccWAFV2WebACLAssociation_ -timeout 360m
=== RUN   TestAccWAFV2IPSet_basic
=== PAUSE TestAccWAFV2IPSet_basic
=== RUN   TestAccWAFV2IPSet_disappears
=== PAUSE TestAccWAFV2IPSet_disappears
=== RUN   TestAccWAFV2IPSet_ipv6
=== PAUSE TestAccWAFV2IPSet_ipv6
=== RUN   TestAccWAFV2IPSet_minimal
=== PAUSE TestAccWAFV2IPSet_minimal
=== RUN   TestAccWAFV2IPSet_changeNameForceNew
=== PAUSE TestAccWAFV2IPSet_changeNameForceNew
=== RUN   TestAccWAFV2IPSet_tags
=== PAUSE TestAccWAFV2IPSet_tags
=== RUN   TestAccWAFV2IPSet_large
=== PAUSE TestAccWAFV2IPSet_large
=== RUN   TestAccWAFV2RegexPatternSet_basic
=== PAUSE TestAccWAFV2RegexPatternSet_basic
=== RUN   TestAccWAFV2RegexPatternSet_disappears
=== PAUSE TestAccWAFV2RegexPatternSet_disappears
=== RUN   TestAccWAFV2RegexPatternSet_minimal
=== PAUSE TestAccWAFV2RegexPatternSet_minimal
=== RUN   TestAccWAFV2RegexPatternSet_changeNameForceNew
=== PAUSE TestAccWAFV2RegexPatternSet_changeNameForceNew
=== RUN   TestAccWAFV2RegexPatternSet_tags
=== PAUSE TestAccWAFV2RegexPatternSet_tags
=== RUN   TestAccWAFV2RuleGroup_basic
=== PAUSE TestAccWAFV2RuleGroup_basic
=== RUN   TestAccWAFV2RuleGroup_updateRule
=== PAUSE TestAccWAFV2RuleGroup_updateRule
=== RUN   TestAccWAFV2RuleGroup_updateRuleProperties
=== PAUSE TestAccWAFV2RuleGroup_updateRuleProperties
=== RUN   TestAccWAFV2RuleGroup_byteMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_byteMatchStatement
=== RUN   TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
=== PAUSE TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
=== RUN   TestAccWAFV2RuleGroup_changeNameForceNew
=== PAUSE TestAccWAFV2RuleGroup_changeNameForceNew
=== RUN   TestAccWAFV2RuleGroup_changeCapacityForceNew
=== PAUSE TestAccWAFV2RuleGroup_changeCapacityForceNew
=== RUN   TestAccWAFV2RuleGroup_changeMetricNameForceNew
=== PAUSE TestAccWAFV2RuleGroup_changeMetricNameForceNew
=== RUN   TestAccWAFV2RuleGroup_disappears
=== PAUSE TestAccWAFV2RuleGroup_disappears
=== RUN   TestAccWAFV2RuleGroup_RuleLabels
=== PAUSE TestAccWAFV2RuleGroup_RuleLabels
=== RUN   TestAccWAFV2RuleGroup_geoMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_geoMatchStatement
=== RUN   TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP
=== PAUSE TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP
=== RUN   TestAccWAFV2RuleGroup_LabelMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_LabelMatchStatement
=== RUN   TestAccWAFV2RuleGroup_ipSetReferenceStatement
=== PAUSE TestAccWAFV2RuleGroup_ipSetReferenceStatement
=== RUN   TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP
=== PAUSE TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP
=== RUN   TestAccWAFV2RuleGroup_logicalRuleStatements
=== PAUSE TestAccWAFV2RuleGroup_logicalRuleStatements
=== RUN   TestAccWAFV2RuleGroup_minimal
=== PAUSE TestAccWAFV2RuleGroup_minimal
=== RUN   TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement
=== PAUSE TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement
=== RUN   TestAccWAFV2RuleGroup_ruleAction
=== PAUSE TestAccWAFV2RuleGroup_ruleAction
=== RUN   TestAccWAFV2RuleGroup_RuleAction_customRequestHandling
=== PAUSE TestAccWAFV2RuleGroup_RuleAction_customRequestHandling
=== RUN   TestAccWAFV2RuleGroup_RuleAction_customResponse
=== PAUSE TestAccWAFV2RuleGroup_RuleAction_customResponse
=== RUN   TestAccWAFV2RuleGroup_sizeConstraintStatement
=== PAUSE TestAccWAFV2RuleGroup_sizeConstraintStatement
=== RUN   TestAccWAFV2RuleGroup_sqliMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_sqliMatchStatement
=== RUN   TestAccWAFV2RuleGroup_tags
=== PAUSE TestAccWAFV2RuleGroup_tags
=== RUN   TestAccWAFV2RuleGroup_xssMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_xssMatchStatement
=== RUN   TestAccWAFV2WebACLAssociation_basic
=== PAUSE TestAccWAFV2WebACLAssociation_basic
=== RUN   TestAccWAFV2WebACLAssociation_disappears
=== PAUSE TestAccWAFV2WebACLAssociation_disappears
=== RUN   TestAccWAFV2WebACL_basic
=== PAUSE TestAccWAFV2WebACL_basic
=== RUN   TestAccWAFV2WebACL_Update_rule
=== PAUSE TestAccWAFV2WebACL_Update_rule
=== RUN   TestAccWAFV2WebACL_Update_ruleProperties
=== PAUSE TestAccWAFV2WebACL_Update_ruleProperties
=== RUN   TestAccWAFV2WebACL_Update_nameForceNew
=== PAUSE TestAccWAFV2WebACL_Update_nameForceNew
=== RUN   TestAccWAFV2WebACL_disappears
=== PAUSE TestAccWAFV2WebACL_disappears
=== RUN   TestAccWAFV2WebACL_ManagedRuleGroup_basic
=== PAUSE TestAccWAFV2WebACL_ManagedRuleGroup_basic
=== RUN   TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
=== PAUSE TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
=== RUN   TestAccWAFV2WebACL_minimal
=== PAUSE TestAccWAFV2WebACL_minimal
=== RUN   TestAccWAFV2WebACL_RateBased_basic
=== PAUSE TestAccWAFV2WebACL_RateBased_basic
=== RUN   TestAccWAFV2WebACL_ByteMatchStatement_basic
=== PAUSE TestAccWAFV2WebACL_ByteMatchStatement_basic
=== RUN   TestAccWAFV2WebACL_ByteMatchStatement_jsonBody
=== PAUSE TestAccWAFV2WebACL_ByteMatchStatement_jsonBody
=== RUN   TestAccWAFV2WebACL_GeoMatch_basic
=== PAUSE TestAccWAFV2WebACL_GeoMatch_basic
=== RUN   TestAccWAFV2WebACL_GeoMatch_forwardedIP
=== PAUSE TestAccWAFV2WebACL_GeoMatch_forwardedIP
=== RUN   TestAccWAFV2WebACL_LabelMatchStatement
=== PAUSE TestAccWAFV2WebACL_LabelMatchStatement
=== RUN   TestAccWAFV2WebACL_RuleLabels
=== PAUSE TestAccWAFV2WebACL_RuleLabels
=== RUN   TestAccWAFV2WebACL_IPSetReference_basic
=== PAUSE TestAccWAFV2WebACL_IPSetReference_basic
=== RUN   TestAccWAFV2WebACL_IPSetReference_forwardedIP
=== PAUSE TestAccWAFV2WebACL_IPSetReference_forwardedIP
=== RUN   TestAccWAFV2WebACL_RateBased_forwardedIP
=== PAUSE TestAccWAFV2WebACL_RateBased_forwardedIP
=== RUN   TestAccWAFV2WebACL_RuleGroupReference_basic
=== PAUSE TestAccWAFV2WebACL_RuleGroupReference_basic
=== RUN   TestAccWAFV2WebACL_Custom_requestHandling
=== PAUSE TestAccWAFV2WebACL_Custom_requestHandling
=== RUN   TestAccWAFV2WebACL_Custom_response
=== PAUSE TestAccWAFV2WebACL_Custom_response
=== RUN   TestAccWAFV2WebACL_tags
=== PAUSE TestAccWAFV2WebACL_tags
=== RUN   TestAccWAFV2WebACL_RateBased_maxNested
=== PAUSE TestAccWAFV2WebACL_RateBased_maxNested
=== RUN   TestAccWAFV2WebACL_Operators_maxNested
=== PAUSE TestAccWAFV2WebACL_Operators_maxNested
=== CONT  TestAccWAFV2IPSet_basic
=== CONT  TestAccWAFV2RuleGroup_RuleAction_customResponse
=== CONT  TestAccWAFV2WebACL_ByteMatchStatement_basic
--- PASS: TestAccWAFV2IPSet_basic (40.34s)
=== CONT  TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
--- PASS: TestAccWAFV2RuleGroup_RuleAction_customResponse (59.18s)
=== CONT  TestAccWAFV2WebACL_Operators_maxNested
--- PASS: TestAccWAFV2WebACL_ByteMatchStatement_basic (59.87s)
=== CONT  TestAccWAFV2WebACL_RateBased_maxNested
--- PASS: TestAccWAFV2WebACL_RateBased_maxNested (31.65s)
=== CONT  TestAccWAFV2WebACL_tags
--- PASS: TestAccWAFV2WebACL_Operators_maxNested (32.34s)
=== CONT  TestAccWAFV2WebACL_Custom_response
--- PASS: TestAccWAFV2WebACL_tags (70.52s)
=== CONT  TestAccWAFV2WebACL_Custom_requestHandling
--- PASS: TestAccWAFV2WebACL_Custom_response (80.81s)
=== CONT  TestAccWAFV2WebACL_RuleGroupReference_basic
--- PASS: TestAccWAFV2WebACL_RuleGroupReference_basic (58.75s)
=== CONT  TestAccWAFV2WebACL_RateBased_forwardedIP
--- PASS: TestAccWAFV2WebACL_Custom_requestHandling (73.14s)
=== CONT  TestAccWAFV2WebACL_IPSetReference_forwardedIP
--- PASS: TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch (218.62s)
=== CONT  TestAccWAFV2WebACL_IPSetReference_basic
--- PASS: TestAccWAFV2WebACL_RateBased_forwardedIP (49.77s)
=== CONT  TestAccWAFV2WebACL_RuleLabels
--- PASS: TestAccWAFV2WebACL_IPSetReference_basic (30.46s)
=== CONT  TestAccWAFV2WebACL_LabelMatchStatement
--- PASS: TestAccWAFV2WebACL_IPSetReference_forwardedIP (95.36s)
=== CONT  TestAccWAFV2WebACL_GeoMatch_forwardedIP
--- PASS: TestAccWAFV2WebACL_RuleLabels (50.59s)
=== CONT  TestAccWAFV2WebACL_GeoMatch_basic
--- PASS: TestAccWAFV2WebACL_LabelMatchStatement (51.11s)
=== CONT  TestAccWAFV2WebACL_ByteMatchStatement_jsonBody
--- PASS: TestAccWAFV2WebACL_GeoMatch_basic (50.89s)
=== CONT  TestAccWAFV2IPSet_changeNameForceNew
--- PASS: TestAccWAFV2WebACL_GeoMatch_forwardedIP (52.81s)
=== CONT  TestAccWAFV2RuleGroup_RuleAction_customRequestHandling
--- PASS: TestAccWAFV2WebACL_ByteMatchStatement_jsonBody (51.01s)
=== CONT  TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP
--- PASS: TestAccWAFV2IPSet_changeNameForceNew (30.32s)
=== CONT  TestAccWAFV2RuleGroup_LabelMatchStatement
--- PASS: TestAccWAFV2RuleGroup_RuleAction_customRequestHandling (37.24s)
=== CONT  TestAccWAFV2RuleGroup_ruleAction
--- PASS: TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP (37.14s)
=== CONT  TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement
--- PASS: TestAccWAFV2RuleGroup_LabelMatchStatement (35.36s)
=== CONT  TestAccWAFV2RuleGroup_geoMatchStatement
--- PASS: TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement (21.13s)
=== CONT  TestAccWAFV2RuleGroup_RuleLabels
--- PASS: TestAccWAFV2RuleGroup_ruleAction (51.75s)
=== CONT  TestAccWAFV2RuleGroup_disappears
--- PASS: TestAccWAFV2RuleGroup_geoMatchStatement (37.03s)
=== CONT  TestAccWAFV2IPSet_ipv6
--- PASS: TestAccWAFV2RuleGroup_RuleLabels (35.95s)
=== CONT  TestAccWAFV2IPSet_minimal
--- PASS: TestAccWAFV2RuleGroup_disappears (15.18s)
=== CONT  TestAccWAFV2WebACL_Update_rule
--- PASS: TestAccWAFV2IPSet_ipv6 (19.45s)
=== CONT  TestAccWAFV2WebACL_RateBased_basic
--- PASS: TestAccWAFV2IPSet_minimal (20.57s)
=== CONT  TestAccWAFV2WebACL_minimal
--- PASS: TestAccWAFV2WebACL_minimal (24.36s)
=== CONT  TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
--- PASS: TestAccWAFV2WebACL_Update_rule (51.74s)
=== CONT  TestAccWAFV2WebACL_ManagedRuleGroup_basic
--- PASS: TestAccWAFV2WebACL_RateBased_basic (50.41s)
=== CONT  TestAccWAFV2RegexPatternSet_disappears
--- PASS: TestAccWAFV2RegexPatternSet_disappears (14.82s)
=== CONT  TestAccWAFV2RuleGroup_byteMatchStatement
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion (50.79s)
=== CONT  TestAccWAFV2RuleGroup_changeMetricNameForceNew
--- PASS: TestAccWAFV2RuleGroup_byteMatchStatement (38.03s)
=== CONT  TestAccWAFV2WebACL_disappears
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_basic (72.96s)
=== CONT  TestAccWAFV2RuleGroup_changeCapacityForceNew
--- PASS: TestAccWAFV2RuleGroup_changeMetricNameForceNew (32.31s)
=== CONT  TestAccWAFV2RuleGroup_changeNameForceNew
--- PASS: TestAccWAFV2WebACL_disappears (21.10s)
=== CONT  TestAccWAFV2RuleGroup_updateRuleProperties
--- PASS: TestAccWAFV2RuleGroup_changeCapacityForceNew (34.66s)
=== CONT  TestAccWAFV2WebACL_Update_nameForceNew
--- PASS: TestAccWAFV2RuleGroup_changeNameForceNew (34.59s)
=== CONT  TestAccWAFV2RegexPatternSet_tags
--- PASS: TestAccWAFV2RuleGroup_updateRuleProperties (56.79s)
=== CONT  TestAccWAFV2WebACL_Update_ruleProperties
--- PASS: TestAccWAFV2WebACL_Update_nameForceNew (50.30s)
=== CONT  TestAccWAFV2RuleGroup_basic
--- PASS: TestAccWAFV2RegexPatternSet_tags (48.94s)
=== CONT  TestAccWAFV2IPSet_disappears
--- PASS: TestAccWAFV2IPSet_disappears (15.01s)
=== CONT  TestAccWAFV2RuleGroup_updateRule
--- PASS: TestAccWAFV2RuleGroup_basic (21.94s)
=== CONT  TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP
--- PASS: TestAccWAFV2RuleGroup_updateRule (40.06s)
=== CONT  TestAccWAFV2RegexPatternSet_changeNameForceNew
--- PASS: TestAccWAFV2RegexPatternSet_changeNameForceNew (37.35s)
=== CONT  TestAccWAFV2RegexPatternSet_minimal
--- PASS: TestAccWAFV2WebACL_Update_ruleProperties (104.89s)
=== CONT  TestAccWAFV2RuleGroup_logicalRuleStatements
--- PASS: TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP (77.12s)
=== CONT  TestAccWAFV2IPSet_large
--- PASS: TestAccWAFV2RegexPatternSet_minimal (17.64s)
=== CONT  TestAccWAFV2RuleGroup_xssMatchStatement
--- PASS: TestAccWAFV2IPSet_large (21.65s)
=== CONT  TestAccWAFV2WebACLAssociation_disappears
--- PASS: TestAccWAFV2RuleGroup_xssMatchStatement (39.88s)
=== CONT  TestAccWAFV2WebACL_basic
--- PASS: TestAccWAFV2RuleGroup_logicalRuleStatements (58.53s)
=== CONT  TestAccWAFV2WebACLAssociation_basic
--- PASS: TestAccWAFV2WebACL_basic (29.49s)
=== CONT  TestAccWAFV2IPSet_tags
--- PASS: TestAccWAFV2WebACLAssociation_disappears (84.73s)
=== CONT  TestAccWAFV2RuleGroup_sqliMatchStatement
--- PASS: TestAccWAFV2IPSet_tags (48.46s)
=== CONT  TestAccWAFV2RegexPatternSet_basic
--- PASS: TestAccWAFV2WebACLAssociation_basic (91.72s)
=== CONT  TestAccWAFV2RuleGroup_sizeConstraintStatement
--- PASS: TestAccWAFV2RuleGroup_sqliMatchStatement (38.48s)
=== CONT  TestAccWAFV2RuleGroup_ipSetReferenceStatement
--- PASS: TestAccWAFV2RegexPatternSet_basic (36.60s)
=== CONT  TestAccWAFV2RuleGroup_tags
--- PASS: TestAccWAFV2RuleGroup_ipSetReferenceStatement (24.81s)
=== CONT  TestAccWAFV2RuleGroup_minimal
--- PASS: TestAccWAFV2RuleGroup_sizeConstraintStatement (41.04s)
--- PASS: TestAccWAFV2RuleGroup_minimal (21.26s)
--- PASS: TestAccWAFV2RuleGroup_tags (55.06s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/wafv2	1021.197s

@ewbankkit ewbankkit added the breaking-change Introduces a breaking change in current functionality; usually deferred to the next major release. label Sep 28, 2022
@ewbankkit
Copy link
Contributor

Waiting until oversize handling change release date is clarified by AWS...

@ch0ppy35
Copy link

Any updates in regards to this PR? Based on the email messaging from AWS, this is going to be a problem come tomorrow...

Although defining oversize handling behavior is optional today, on October 1, 2022, we will make specifying the handling behavior for oversized requests required when there is no size constraint on the Body or JSON body rule. After October 1, 2022, if you have not updated your web ACL to either add a size constraint statement on Body or JSON body rules in your web ACL, or define the oversize handling behavior for these rules, updates to your WAF rules using the API will fail.

@phillipsbrianj
Copy link

@ch0ppy35

Any updates in regards to this PR? Based on the email messaging from AWS, this is going to be a problem come tomorrow...

Although defining oversize handling behavior is optional today, on October 1, 2022, we will make specifying the handling behavior for oversized requests required when there is no size constraint on the Body or JSON body rule. After October 1, 2022, if you have not updated your web ACL to either add a size constraint statement on Body or JSON body rules in your web ACL, or define the oversize handling behavior for these rules, updates to your WAF rules using the API will fail.

I opened a ticket with AWS and verified they are deferring the date of enforcement - they told me it would be sometime in February and are working on a formal notice communication.

@ewbankkit ewbankkit removed the breaking-change Introduces a breaking change in current functionality; usually deferred to the next major release. label Oct 3, 2022
@ewbankkit
Copy link
Contributor

ewbankkit commented Oct 3, 2022
edited

As AWS have now pushed back the change to WAFv2 oversize handling behaviour until February 2023, I have modified this PR to remove the breaking changes (which were adding a required oversize_handling attribute to the body block and changing json_body.oversize_handling from optional to required), leaving the addition of a headersblock tofields_to_match`.
The oversize handling changes will be done in a future PR (please keep upvoting the GitHub Issues linked in this PR's initial description). If those future changes do require a breaking change they will be done as part of a Terraform AWS Provider major version.

@ewbankkit
Copy link
Contributor 

% ACCTEST_TIMEOUT=360m  make testacc TESTARGS='-run=TestAccWAFV2RuleGroup_\|TestAccWAFV2WebACL_\|TestAccWAFV2IPSet_\|TestAccWAFV2RegexPatternSet_\|TestAccWAFV2WebACLAssociation_' PKG=wafv2 ACCTEST_PARALLELISM=3
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/wafv2/... -v -count 1 -parallel 3  -run=TestAccWAFV2RuleGroup_\|TestAccWAFV2WebACL_\|TestAccWAFV2IPSet_\|TestAccWAFV2RegexPatternSet_\|TestAccWAFV2WebACLAssociation_ -timeout 360m
=== RUN   TestAccWAFV2IPSet_basic
=== PAUSE TestAccWAFV2IPSet_basic
=== RUN   TestAccWAFV2IPSet_disappears
=== PAUSE TestAccWAFV2IPSet_disappears
=== RUN   TestAccWAFV2IPSet_ipv6
=== PAUSE TestAccWAFV2IPSet_ipv6
=== RUN   TestAccWAFV2IPSet_minimal
=== PAUSE TestAccWAFV2IPSet_minimal
=== RUN   TestAccWAFV2IPSet_changeNameForceNew
=== PAUSE TestAccWAFV2IPSet_changeNameForceNew
=== RUN   TestAccWAFV2IPSet_tags
=== PAUSE TestAccWAFV2IPSet_tags
=== RUN   TestAccWAFV2IPSet_large
=== PAUSE TestAccWAFV2IPSet_large
=== RUN   TestAccWAFV2RegexPatternSet_basic
=== PAUSE TestAccWAFV2RegexPatternSet_basic
=== RUN   TestAccWAFV2RegexPatternSet_disappears
=== PAUSE TestAccWAFV2RegexPatternSet_disappears
=== RUN   TestAccWAFV2RegexPatternSet_minimal
=== PAUSE TestAccWAFV2RegexPatternSet_minimal
=== RUN   TestAccWAFV2RegexPatternSet_changeNameForceNew
=== PAUSE TestAccWAFV2RegexPatternSet_changeNameForceNew
=== RUN   TestAccWAFV2RegexPatternSet_tags
=== PAUSE TestAccWAFV2RegexPatternSet_tags
=== RUN   TestAccWAFV2RuleGroup_basic
=== PAUSE TestAccWAFV2RuleGroup_basic
=== RUN   TestAccWAFV2RuleGroup_updateRule
=== PAUSE TestAccWAFV2RuleGroup_updateRule
=== RUN   TestAccWAFV2RuleGroup_updateRuleProperties
=== PAUSE TestAccWAFV2RuleGroup_updateRuleProperties
=== RUN   TestAccWAFV2RuleGroup_byteMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_byteMatchStatement
=== RUN   TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
=== PAUSE TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
=== RUN   TestAccWAFV2RuleGroup_changeNameForceNew
=== PAUSE TestAccWAFV2RuleGroup_changeNameForceNew
=== RUN   TestAccWAFV2RuleGroup_changeCapacityForceNew
=== PAUSE TestAccWAFV2RuleGroup_changeCapacityForceNew
=== RUN   TestAccWAFV2RuleGroup_changeMetricNameForceNew
=== PAUSE TestAccWAFV2RuleGroup_changeMetricNameForceNew
=== RUN   TestAccWAFV2RuleGroup_disappears
=== PAUSE TestAccWAFV2RuleGroup_disappears
=== RUN   TestAccWAFV2RuleGroup_RuleLabels
=== PAUSE TestAccWAFV2RuleGroup_RuleLabels
=== RUN   TestAccWAFV2RuleGroup_geoMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_geoMatchStatement
=== RUN   TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP
=== PAUSE TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP
=== RUN   TestAccWAFV2RuleGroup_LabelMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_LabelMatchStatement
=== RUN   TestAccWAFV2RuleGroup_ipSetReferenceStatement
=== PAUSE TestAccWAFV2RuleGroup_ipSetReferenceStatement
=== RUN   TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP
=== PAUSE TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP
=== RUN   TestAccWAFV2RuleGroup_logicalRuleStatements
=== PAUSE TestAccWAFV2RuleGroup_logicalRuleStatements
=== RUN   TestAccWAFV2RuleGroup_minimal
=== PAUSE TestAccWAFV2RuleGroup_minimal
=== RUN   TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement
=== PAUSE TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement
=== RUN   TestAccWAFV2RuleGroup_ruleAction
=== PAUSE TestAccWAFV2RuleGroup_ruleAction
=== RUN   TestAccWAFV2RuleGroup_RuleAction_customRequestHandling
=== PAUSE TestAccWAFV2RuleGroup_RuleAction_customRequestHandling
=== RUN   TestAccWAFV2RuleGroup_RuleAction_customResponse
=== PAUSE TestAccWAFV2RuleGroup_RuleAction_customResponse
=== RUN   TestAccWAFV2RuleGroup_sizeConstraintStatement
=== PAUSE TestAccWAFV2RuleGroup_sizeConstraintStatement
=== RUN   TestAccWAFV2RuleGroup_sqliMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_sqliMatchStatement
=== RUN   TestAccWAFV2RuleGroup_tags
=== PAUSE TestAccWAFV2RuleGroup_tags
=== RUN   TestAccWAFV2RuleGroup_xssMatchStatement
=== PAUSE TestAccWAFV2RuleGroup_xssMatchStatement
=== RUN   TestAccWAFV2WebACLAssociation_basic
=== PAUSE TestAccWAFV2WebACLAssociation_basic
=== RUN   TestAccWAFV2WebACLAssociation_disappears
=== PAUSE TestAccWAFV2WebACLAssociation_disappears
=== RUN   TestAccWAFV2WebACL_basic
=== PAUSE TestAccWAFV2WebACL_basic
=== RUN   TestAccWAFV2WebACL_Update_rule
=== PAUSE TestAccWAFV2WebACL_Update_rule
=== RUN   TestAccWAFV2WebACL_Update_ruleProperties
=== PAUSE TestAccWAFV2WebACL_Update_ruleProperties
=== RUN   TestAccWAFV2WebACL_Update_nameForceNew
=== PAUSE TestAccWAFV2WebACL_Update_nameForceNew
=== RUN   TestAccWAFV2WebACL_disappears
=== PAUSE TestAccWAFV2WebACL_disappears
=== RUN   TestAccWAFV2WebACL_ManagedRuleGroup_basic
=== PAUSE TestAccWAFV2WebACL_ManagedRuleGroup_basic
=== RUN   TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
=== PAUSE TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
=== RUN   TestAccWAFV2WebACL_minimal
=== PAUSE TestAccWAFV2WebACL_minimal
=== RUN   TestAccWAFV2WebACL_RateBased_basic
=== PAUSE TestAccWAFV2WebACL_RateBased_basic
=== RUN   TestAccWAFV2WebACL_ByteMatchStatement_basic
=== PAUSE TestAccWAFV2WebACL_ByteMatchStatement_basic
=== RUN   TestAccWAFV2WebACL_ByteMatchStatement_jsonBody
=== PAUSE TestAccWAFV2WebACL_ByteMatchStatement_jsonBody
=== RUN   TestAccWAFV2WebACL_GeoMatch_basic
=== PAUSE TestAccWAFV2WebACL_GeoMatch_basic
=== RUN   TestAccWAFV2WebACL_GeoMatch_forwardedIP
=== PAUSE TestAccWAFV2WebACL_GeoMatch_forwardedIP
=== RUN   TestAccWAFV2WebACL_LabelMatchStatement
=== PAUSE TestAccWAFV2WebACL_LabelMatchStatement
=== RUN   TestAccWAFV2WebACL_RuleLabels
=== PAUSE TestAccWAFV2WebACL_RuleLabels
=== RUN   TestAccWAFV2WebACL_IPSetReference_basic
=== PAUSE TestAccWAFV2WebACL_IPSetReference_basic
=== RUN   TestAccWAFV2WebACL_IPSetReference_forwardedIP
=== PAUSE TestAccWAFV2WebACL_IPSetReference_forwardedIP
=== RUN   TestAccWAFV2WebACL_RateBased_forwardedIP
=== PAUSE TestAccWAFV2WebACL_RateBased_forwardedIP
=== RUN   TestAccWAFV2WebACL_RuleGroupReference_basic
=== PAUSE TestAccWAFV2WebACL_RuleGroupReference_basic
=== RUN   TestAccWAFV2WebACL_Custom_requestHandling
=== PAUSE TestAccWAFV2WebACL_Custom_requestHandling
=== RUN   TestAccWAFV2WebACL_Custom_response
=== PAUSE TestAccWAFV2WebACL_Custom_response
=== RUN   TestAccWAFV2WebACL_tags
=== PAUSE TestAccWAFV2WebACL_tags
=== RUN   TestAccWAFV2WebACL_RateBased_maxNested
=== PAUSE TestAccWAFV2WebACL_RateBased_maxNested
=== RUN   TestAccWAFV2WebACL_Operators_maxNested
=== PAUSE TestAccWAFV2WebACL_Operators_maxNested
=== CONT  TestAccWAFV2IPSet_basic
=== CONT  TestAccWAFV2RuleGroup_sizeConstraintStatement
=== CONT  TestAccWAFV2WebACL_ByteMatchStatement_basic
--- PASS: TestAccWAFV2IPSet_basic (42.17s)
=== CONT  TestAccWAFV2WebACL_RateBased_forwardedIP
--- PASS: TestAccWAFV2RuleGroup_sizeConstraintStatement (47.09s)
=== CONT  TestAccWAFV2WebACL_Operators_maxNested
--- PASS: TestAccWAFV2WebACL_ByteMatchStatement_basic (66.60s)
=== CONT  TestAccWAFV2WebACL_RateBased_maxNested
--- PASS: TestAccWAFV2WebACL_Operators_maxNested (34.50s)
=== CONT  TestAccWAFV2WebACL_IPSetReference_forwardedIP
--- PASS: TestAccWAFV2WebACL_RateBased_forwardedIP (57.89s)
=== CONT  TestAccWAFV2WebACL_tags
--- PASS: TestAccWAFV2WebACL_RateBased_maxNested (33.86s)
=== CONT  TestAccWAFV2WebACL_IPSetReference_basic
--- PASS: TestAccWAFV2WebACL_IPSetReference_basic (28.59s)
=== CONT  TestAccWAFV2WebACL_Custom_response
--- PASS: TestAccWAFV2WebACL_tags (68.45s)
=== CONT  TestAccWAFV2WebACL_RuleLabels
--- PASS: TestAccWAFV2WebACL_IPSetReference_forwardedIP (99.41s)
=== CONT  TestAccWAFV2WebACL_Custom_requestHandling
--- PASS: TestAccWAFV2WebACL_Custom_response (72.45s)
=== CONT  TestAccWAFV2WebACL_LabelMatchStatement
--- PASS: TestAccWAFV2WebACL_RuleLabels (50.91s)
=== CONT  TestAccWAFV2WebACL_RuleGroupReference_basic
--- PASS: TestAccWAFV2WebACL_LabelMatchStatement (52.35s)
=== CONT  TestAccWAFV2WebACL_GeoMatch_forwardedIP
--- PASS: TestAccWAFV2WebACL_Custom_requestHandling (74.47s)
=== CONT  TestAccWAFV2WebACL_GeoMatch_basic
--- PASS: TestAccWAFV2WebACL_RuleGroupReference_basic (57.82s)
=== CONT  TestAccWAFV2WebACL_ByteMatchStatement_jsonBody
--- PASS: TestAccWAFV2WebACL_GeoMatch_forwardedIP (51.58s)
=== CONT  TestAccWAFV2WebACL_Update_ruleProperties
--- PASS: TestAccWAFV2WebACL_GeoMatch_basic (50.79s)
=== CONT  TestAccWAFV2WebACL_RateBased_basic
--- PASS: TestAccWAFV2WebACL_ByteMatchStatement_jsonBody (51.74s)
=== CONT  TestAccWAFV2WebACLAssociation_basic
--- PASS: TestAccWAFV2WebACL_RateBased_basic (52.29s)
=== CONT  TestAccWAFV2RuleGroup_xssMatchStatement
--- PASS: TestAccWAFV2WebACL_Update_ruleProperties (82.51s)
=== CONT  TestAccWAFV2WebACL_Update_rule
--- PASS: TestAccWAFV2RuleGroup_xssMatchStatement (39.12s)
=== CONT  TestAccWAFV2WebACL_basic
--- PASS: TestAccWAFV2WebACL_basic (28.56s)
=== CONT  TestAccWAFV2WebACLAssociation_disappears
--- PASS: TestAccWAFV2WebACLAssociation_basic (98.60s)
=== CONT  TestAccWAFV2RuleGroup_changeNameForceNew
--- PASS: TestAccWAFV2WebACL_Update_rule (56.26s)
=== CONT  TestAccWAFV2RuleGroup_RuleAction_customResponse
--- PASS: TestAccWAFV2RuleGroup_changeNameForceNew (36.80s)
=== CONT  TestAccWAFV2RuleGroup_RuleAction_customRequestHandling
--- PASS: TestAccWAFV2RuleGroup_RuleAction_customResponse (51.75s)
=== CONT  TestAccWAFV2RuleGroup_ruleAction
--- PASS: TestAccWAFV2RuleGroup_RuleAction_customRequestHandling (35.78s)
=== CONT  TestAccWAFV2WebACL_Update_nameForceNew
--- PASS: TestAccWAFV2WebACLAssociation_disappears (81.52s)
=== CONT  TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement
--- PASS: TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement (21.56s)
=== CONT  TestAccWAFV2WebACL_minimal
--- PASS: TestAccWAFV2WebACL_Update_nameForceNew (46.28s)
=== CONT  TestAccWAFV2RuleGroup_minimal
--- PASS: TestAccWAFV2RuleGroup_ruleAction (51.17s)
=== CONT  TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
--- PASS: TestAccWAFV2WebACL_minimal (25.27s)
=== CONT  TestAccWAFV2RuleGroup_logicalRuleStatements
--- PASS: TestAccWAFV2RuleGroup_minimal (17.65s)
=== CONT  TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion (49.41s)
=== CONT  TestAccWAFV2RuleGroup_ipSetReferenceStatement
--- PASS: TestAccWAFV2RuleGroup_logicalRuleStatements (51.02s)
=== CONT  TestAccWAFV2RuleGroup_LabelMatchStatement
--- PASS: TestAccWAFV2RuleGroup_ipSetReferenceStatement (21.88s)
=== CONT  TestAccWAFV2RuleGroup_sqliMatchStatement
--- PASS: TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP (71.60s)
=== CONT  TestAccWAFV2RegexPatternSet_minimal
--- PASS: TestAccWAFV2RuleGroup_LabelMatchStatement (36.08s)
=== CONT  TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch
--- PASS: TestAccWAFV2RegexPatternSet_minimal (16.37s)
=== CONT  TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP
--- PASS: TestAccWAFV2RuleGroup_sqliMatchStatement (36.28s)
=== CONT  TestAccWAFV2RuleGroup_byteMatchStatement
--- PASS: TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP (38.06s)
=== CONT  TestAccWAFV2RuleGroup_geoMatchStatement
--- PASS: TestAccWAFV2RuleGroup_byteMatchStatement (38.21s)
=== CONT  TestAccWAFV2RuleGroup_RuleLabels
--- PASS: TestAccWAFV2RuleGroup_geoMatchStatement (37.45s)
=== CONT  TestAccWAFV2RuleGroup_updateRuleProperties
--- PASS: TestAccWAFV2RuleGroup_RuleLabels (36.60s)
=== CONT  TestAccWAFV2WebACL_ManagedRuleGroup_basic
--- PASS: TestAccWAFV2RuleGroup_updateRuleProperties (54.42s)
=== CONT  TestAccWAFV2RuleGroup_disappears
--- PASS: TestAccWAFV2RuleGroup_disappears (15.02s)
=== CONT  TestAccWAFV2RuleGroup_changeMetricNameForceNew
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_basic (75.09s)
=== CONT  TestAccWAFV2RuleGroup_changeCapacityForceNew
--- PASS: TestAccWAFV2RuleGroup_changeMetricNameForceNew (33.47s)
=== CONT  TestAccWAFV2RuleGroup_updateRule
--- PASS: TestAccWAFV2RuleGroup_changeCapacityForceNew (34.26s)
=== CONT  TestAccWAFV2WebACL_disappears
--- PASS: TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch (198.41s)
=== CONT  TestAccWAFV2RuleGroup_tags
--- PASS: TestAccWAFV2WebACL_disappears (21.30s)
=== CONT  TestAccWAFV2RegexPatternSet_tags
--- PASS: TestAccWAFV2RuleGroup_updateRule (37.09s)
=== CONT  TestAccWAFV2RegexPatternSet_changeNameForceNew
--- PASS: TestAccWAFV2RuleGroup_tags (50.43s)
=== CONT  TestAccWAFV2IPSet_tags
--- PASS: TestAccWAFV2RegexPatternSet_changeNameForceNew (30.68s)
=== CONT  TestAccWAFV2RegexPatternSet_basic
--- PASS: TestAccWAFV2RegexPatternSet_tags (46.38s)
=== CONT  TestAccWAFV2IPSet_large
--- PASS: TestAccWAFV2IPSet_large (20.20s)
=== CONT  TestAccWAFV2RegexPatternSet_disappears
--- PASS: TestAccWAFV2RegexPatternSet_basic (34.21s)
=== CONT  TestAccWAFV2IPSet_minimal
--- PASS: TestAccWAFV2IPSet_tags (48.33s)
=== CONT  TestAccWAFV2IPSet_changeNameForceNew
--- PASS: TestAccWAFV2RegexPatternSet_disappears (14.51s)
=== CONT  TestAccWAFV2RuleGroup_basic
--- PASS: TestAccWAFV2IPSet_minimal (19.90s)
=== CONT  TestAccWAFV2IPSet_disappears
--- PASS: TestAccWAFV2RuleGroup_basic (21.10s)
=== CONT  TestAccWAFV2IPSet_ipv6
--- PASS: TestAccWAFV2IPSet_disappears (14.89s)
--- PASS: TestAccWAFV2IPSet_changeNameForceNew (31.42s)
--- PASS: TestAccWAFV2IPSet_ipv6 (19.63s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/wafv2	985.926s

@ewbankkit ewbankkit merged commit 4f580c1 into hashicorp:main Oct 3, 2022
@github-actions github-actions bot added this to the v4.34.0 milestone Oct 3, 2022
@scottwestover scottwestover deleted the GH-25832/waf-v2-oversize-content-handling branch October 4, 2022 12:13
@github-actions
Copy link

github-actions bot commented Oct 6, 2022

This functionality has been released in v4.34.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@ewbankkit ewbankkit mentioned this pull request Oct 17, 2022
Closed
@catej-clayton catej-clayton mentioned this pull request Oct 27, 2022
Closed
@github-actions
Copy link

github-actions bot commented Nov 6, 2022

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 6, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@github-actions github-actions[bot] github-actions left review comments

Assignees
No one assigned
Labels
documentation Introduces or discusses updates to documentation. service/wafv2 Issues and PRs that pertain to the wafv2 service. size/XL Managed by automation to categorize the size of a PR. sweeper Pertains to changes to or issues with the sweeper. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v4.34.0
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@scottwestover @bschaatsbergen @ewbankkit @catej-clayton @ch0ppy35 @phillipsbrianj