r/waf_rule: catch referenced item exception when removing WAF rule; additional linting

[anGie44]

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #14957
Relates #14601
Relates #15945

Output from acceptance testing:

--- PASS: TestAccAWSWafWebAcl_disappears (14.62s)
--- PASS: TestAccAWSWafWebAcl_basic (32.22s)
--- PASS: TestAccAWSWafWebAcl_DefaultAction (38.11s)
--- PASS: TestAccAWSWafWebAcl_changeNameForceNew (42.26s)
--- PASS: TestAccAWSWafWebAcl_Rules (58.64s)
--- PASS: TestAccAWSWafWebAcl_Tags (66.27s)
--- PASS: TestAccAWSWafWebAcl_LoggingConfiguration (97.69s)

--- PASS: TestAccAWSWafRule_noPredicates (22.30s)
--- PASS: TestAccAWSWafRule_geoMatchSetPredicate (39.42s)
--- PASS: TestAccAWSWafRule_basic (45.11s)
--- PASS: TestAccAWSWafRule_disappears (45.55s)
--- PASS: TestAccAWSWafRule_webACL (57.04s)
--- PASS: TestAccAWSWafRule_Tags (58.97s)
--- PASS: TestAccAWSWafRule_changeNameForceNew (60.97s)
--- PASS: TestAccAWSWafRule_changePredicates (68.42s)

Sanity checking after test runs:

$ aws waf list-rules

{
    "Rules": []
}

$ aws waf list-web-acls

{
    "WebACLs": []
}

[bflad]

Should probably have a bug fix changelog entry, but otherwise looking good aside from the comment. 👍

[bflad]

Can you explain how this error is being retried? The RetryWithToken helper currently only handles the waf.ErrCodeStaleDataException error and this logic is swallowing waf.ErrCodeReferencedItemException. I'm guessing this might be passing TestAccAWSWafWebAcl_Rules because that test uses CheckDestroy: testAccCheckAWSWafWebAclDestroy and does not verify rule deletion.

This logic would need another layer of resource.Retry() to retry successfully on waf.ErrCodeReferencedItemException and it might be worth creating a covering TestAccAWSWafRule_ test for this behavior so it can use CheckDestroy: testAccCheckAWSWafRuleDestroy,. 👍

[anGie44]

ahh cannot be explained ..totally in the wrong place there! but I forgot i've wrestled with the TestAccAWSWafWebACL_Rules test quite some time ago and from what i've tried it's a case where if the test config steps were applied outside of the test env (i've most recently used the latest version of the provider w/terraform 0.14), the resource modifications occur without any error. And with the suggestion you've provided, I'm still seeing the same error :/ should i close this PR and revisit?

[bflad]

Personally, I'd love to get the rest of these PR changes in just so those refactorings are out of the way for the future. Up to you if you'd like to revert this small little bit so we can get those in or if you would prefer working on this section some more here. Feel free to grab me directly to chat more!

[anGie44]

yep let me keep the refactorings in and remove the attempted test fix 👍

[anGie44]

...or may be not 😅 ..i think 62adf9a should correctly use the retry and the TestAccWafRule_webACL added for additional checking

[bflad]

This is great! 🚀

Output from acceptance testing in AWS Commercial:

--- PASS: TestAccAWSWafRule_basic (64.07s)
--- PASS: TestAccAWSWafRule_changeNameForceNew (90.51s)
--- PASS: TestAccAWSWafRule_changePredicates (79.43s)
--- PASS: TestAccAWSWafRule_disappears (65.97s)
--- PASS: TestAccAWSWafRule_geoMatchSetPredicate (63.47s)
--- PASS: TestAccAWSWafRule_noPredicates (28.63s)
--- PASS: TestAccAWSWafRule_Tags (90.98s)
--- PASS: TestAccAWSWafRule_webACL (89.73s)

--- PASS: TestAccAWSWafWebAcl_basic (33.99s)
--- PASS: TestAccAWSWafWebAcl_changeNameForceNew (51.18s)
--- PASS: TestAccAWSWafWebAcl_DefaultAction (49.82s)
--- PASS: TestAccAWSWafWebAcl_disappears (31.14s)
--- PASS: TestAccAWSWafWebAcl_LoggingConfiguration (141.12s)
--- PASS: TestAccAWSWafWebAcl_Rules (102.95s)
--- PASS: TestAccAWSWafWebAcl_Tags (48.51s)

Output from acceptance testing in AWS GovCloud (US):

--- SKIP: TestAccAWSWafRule_basic (28.71s)
--- SKIP: TestAccAWSWafRule_changeNameForceNew (23.36s)
--- SKIP: TestAccAWSWafRule_changePredicates (29.21s)
--- SKIP: TestAccAWSWafRule_disappears (29.19s)
--- SKIP: TestAccAWSWafRule_geoMatchSetPredicate (25.63s)
--- SKIP: TestAccAWSWafRule_noPredicates (24.83s)
--- SKIP: TestAccAWSWafRule_Tags (28.34s)
--- SKIP: TestAccAWSWafRule_webACL (26.39s)

--- SKIP: TestAccAWSWafWebAcl_basic (24.49s)
--- SKIP: TestAccAWSWafWebAcl_changeNameForceNew (21.41s)
--- SKIP: TestAccAWSWafWebAcl_DefaultAction (28.34s)
--- SKIP: TestAccAWSWafWebAcl_disappears (25.40s)
--- SKIP: TestAccAWSWafWebAcl_LoggingConfiguration (29.54s)
--- SKIP: TestAccAWSWafWebAcl_Rules (26.16s)
--- SKIP: TestAccAWSWafWebAcl_Tags (27.66s)

[ghost]

This has been released in version 3.33.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!