diff --git a/aws/data_source_aws_waf_ipset.go b/aws/data_source_aws_waf_ipset.go new file mode 100644 index 000000000000..8b07bf235e29 --- /dev/null +++ b/aws/data_source_aws_waf_ipset.go @@ -0,0 +1,59 @@ +package aws + +import ( + "fmt" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/terraform/helper/schema" +) + +func dataSourceAwsWafIpSet() *schema.Resource { + return &schema.Resource{ + Read: dataSourceAWSWafIpSetRead, + + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + }, + }, + } +} + +func dataSourceAWSWafIpSetRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafconn + name := d.Get("name").(string) + + ipsets := make([]*waf.IPSetSummary, 0) + // ListIPSetsInput does not have a name parameter for filtering or a paginator + input := &waf.ListIPSetsInput{} + for { + output, err := conn.ListIPSets(input) + if err != nil { + return fmt.Errorf("Error reading WAF IP sets: %s", err) + } + for _, ipset := range output.IPSets { + if aws.StringValue(ipset.Name) == name { + ipsets = append(ipsets, ipset) + } + } + + if output.NextMarker == nil { + break + } + input.NextMarker = output.NextMarker + } + + if len(ipsets) == 0 { + return fmt.Errorf("WAF IP Set not found for name: %s", name) + } + if len(ipsets) > 1 { + return fmt.Errorf("Multiple WAF IP Sets found for name: %s", name) + } + + ipset := ipsets[0] + d.SetId(aws.StringValue(ipset.IPSetId)) + + return nil +} diff --git a/aws/data_source_aws_waf_ipset_test.go b/aws/data_source_aws_waf_ipset_test.go new file mode 100644 index 000000000000..892a9076da47 --- /dev/null +++ b/aws/data_source_aws_waf_ipset_test.go @@ -0,0 +1,51 @@ +package aws + +import ( + "fmt" + "regexp" + "testing" + + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" +) + +func TestAccDataSourceAwsWafIPSet_Basic(t *testing.T) { + name := acctest.RandomWithPrefix("tf-acc-test") + resourceName := "aws_waf_ipset.ipset" + datasourceName := "data.aws_waf_ipset.ipset" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceAwsWafIPSet_NonExistent, + ExpectError: regexp.MustCompile(`WAF IP Set not found`), + }, + { + Config: testAccDataSourceAwsWafIPSet_Name(name), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(datasourceName, "id", resourceName, "id"), + resource.TestCheckResourceAttrPair(datasourceName, "name", resourceName, "name"), + ), + }, + }, + }) +} + +func testAccDataSourceAwsWafIPSet_Name(name string) string { + return fmt.Sprintf(` +resource "aws_waf_ipset" "ipset" { + name = %[1]q +} +data "aws_waf_ipset" "ipset" { + name = "${aws_waf_ipset.ipset.name}" +} +`, name) +} + +const testAccDataSourceAwsWafIPSet_NonExistent = ` +data "aws_waf_ipset" "ipset" { + name = "tf-acc-test-does-not-exist" +} +` diff --git a/aws/provider.go b/aws/provider.go index ab25fd228cba..adea1ec6fae3 100644 --- a/aws/provider.go +++ b/aws/provider.go @@ -273,6 +273,7 @@ func Provider() terraform.ResourceProvider { "aws_vpc_endpoint_service": dataSourceAwsVpcEndpointService(), "aws_vpc_peering_connection": dataSourceAwsVpcPeeringConnection(), "aws_vpn_gateway": dataSourceAwsVpnGateway(), + "aws_waf_ipset": dataSourceAwsWafIpSet(), "aws_waf_rule": dataSourceAwsWafRule(), "aws_waf_web_acl": dataSourceAwsWafWebAcl(), "aws_wafregional_rule": dataSourceAwsWafRegionalRule(), diff --git a/website/aws.erb b/website/aws.erb index d2c6cb0769a7..b387a2e2829c 100644 --- a/website/aws.erb +++ b/website/aws.erb @@ -3094,6 +3094,12 @@