tests/resource/aws_waf_web_acl: Remove hardcoded environment variable…

… handling (#16045) Reference: #8316 Reference: #15737 Previously in AWS GovCloud (US): ``` === CONT TestAccAWSWafWebAcl_LoggingConfiguration TestAccAWSWafWebAcl_LoggingConfiguration: provider_test.go:184: [{0 error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid. status code: 403, request id: 525f91fb-c193-46b4-861a-9cabab7f4303 []}] --- FAIL: TestAccAWSWafWebAcl_LoggingConfiguration (0.38s) ``` Output from acceptance testing in AWS Commercial: ``` --- PASS: TestAccAWSWafWebAcl_LoggingConfiguration (115.97s) ``` Output from acceptance testing in AWS GovCloud (US): ``` --- SKIP: TestAccAWSWafWebAcl_LoggingConfiguration (24.06s) ```
hashicorp · Nov 6, 2020 · 6328475 · 6328475
1 parent 32e2ce2
commit 6328475
Show file tree

Hide file tree

Showing 2 changed files with 119 additions and 13 deletions.
diff --git a/aws/resource_aws_waf_web_acl_test.go b/aws/resource_aws_waf_web_acl_test.go
@@ -3,7 +3,6 @@ package aws
 import (
 	"fmt"
 	"log"
-	"os"
 	"regexp"
 	"testing"
 
@@ -270,18 +269,18 @@ func TestAccAWSWafWebAcl_Rules(t *testing.T) {
 }
 
 func TestAccAWSWafWebAcl_LoggingConfiguration(t *testing.T) {
-	oldvar := os.Getenv("AWS_DEFAULT_REGION")
-	os.Setenv("AWS_DEFAULT_REGION", "us-east-1")
-	defer os.Setenv("AWS_DEFAULT_REGION", oldvar)
-
 	var webACL waf.WebACL
 	rName := fmt.Sprintf("wafacl%s", acctest.RandString(5))
 	resourceName := "aws_waf_web_acl.test"
 
 	resource.ParallelTest(t, resource.TestCase{
-		PreCheck:     func() { testAccPreCheck(t); testAccPreCheckAWSWaf(t) },
-		Providers:    testAccProviders,
-		CheckDestroy: testAccCheckAWSWafWebAclDestroy,
+		PreCheck: func() {
+			testAccPreCheck(t)
+			testAccPreCheckAWSWaf(t)
+			testAccPreCheckWafLoggingConfiguration(t)
+		},
+		ProviderFactories: testAccProviderFactories,
+		CheckDestroy:      testAccCheckAWSWafWebAclDestroy,
 		Steps: []resource.TestStep{
 			{
 				Config: testAccAWSWafWebAclConfig_Logging(rName),
@@ -294,6 +293,7 @@ func TestAccAWSWafWebAcl_LoggingConfiguration(t *testing.T) {
 			},
 			// Test resource import
 			{
+				Config:            testAccAWSWafWebAclConfig_Logging(rName),
 				ResourceName:      resourceName,
 				ImportState:       true,
 				ImportStateVerify: true,
@@ -309,7 +309,7 @@ func TestAccAWSWafWebAcl_LoggingConfiguration(t *testing.T) {
 			},
 			// Test logging configuration removal
 			{
-				Config: testAccAWSWafWebAclConfig_Required(rName),
+				Config: testAccAWSWafWebAclConfig_LoggingRemoved(rName),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSWafWebAclExists(resourceName, &webACL),
 					resource.TestCheckResourceAttr(resourceName, "logging_configuration.#", "0"),
@@ -632,7 +632,9 @@ resource "aws_waf_web_acl" "test" {
 }
 
 func testAccAWSWafWebAclConfig_Logging(rName string) string {
-	return fmt.Sprintf(`
+	return composeConfig(
+		testAccWafLoggingConfigurationRegionProviderConfig(),
+		fmt.Sprintf(`
 resource "aws_waf_web_acl" "test" {
   name        = %[1]q
   metric_name = %[1]q
@@ -693,11 +695,28 @@ resource "aws_kinesis_firehose_delivery_stream" "test" {
     bucket_arn = aws_s3_bucket.test.arn
   }
 }
-`, rName)
+`, rName))
+}
+
+func testAccAWSWafWebAclConfig_LoggingRemoved(rName string) string {
+	return composeConfig(
+		testAccWafLoggingConfigurationRegionProviderConfig(),
+		fmt.Sprintf(`
+resource "aws_waf_web_acl" "test" {
+  metric_name = %[1]q
+  name        = %[1]q
+
+  default_action {
+    type = "ALLOW"
+  }
+}
+`, rName))
 }
 
 func testAccAWSWafWebAclConfig_LoggingUpdate(rName string) string {
-	return fmt.Sprintf(`
+	return composeConfig(
+		testAccWafLoggingConfigurationRegionProviderConfig(),
+		fmt.Sprintf(`
 resource "aws_waf_web_acl" "test" {
   metric_name = %[1]q
   name        = %[1]q
@@ -747,7 +766,7 @@ resource "aws_kinesis_firehose_delivery_stream" "test" {
     bucket_arn = aws_s3_bucket.test.arn
   }
 }
-`, rName)
+`, rName))
 }
 
 func testAccAWSWafWebAclConfigTags1(rName, tag1Key, tag1Value string) string {

diff --git a/aws/waf_logging_configuration_test.go b/aws/waf_logging_configuration_test.go
@@ -0,0 +1,87 @@
+package aws
+
+import (
+	"context"
+	"sync"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws/endpoints"
+	"github.com/aws/aws-sdk-go/service/waf"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+)
+
+// WAF Logging Configurations can only be enabled with destinations in specific regions,
+
+// testAccWafLoggingConfigurationRegion is the chosen WAF Logging Configurations testing region
+//
+// Cached to prevent issues should multiple regions become available.
+var testAccWafLoggingConfigurationRegion string
+
+// testAccProviderWafLoggingConfiguration is the WAF Logging Configurations provider instance
+//
+// This Provider can be used in testing code for API calls without requiring
+// the use of saving and referencing specific ProviderFactories instances.
+//
+// testAccPreCheckWafLoggingConfiguration(t) must be called before using this provider instance.
+var testAccProviderWafLoggingConfiguration *schema.Provider
+
+// testAccProviderWafLoggingConfigurationConfigure ensures the provider is only configured once
+var testAccProviderWafLoggingConfigurationConfigure sync.Once
+
+// testAccPreCheckWafLoggingConfiguration verifies AWS credentials and that WAF Logging Configurations is supported
+func testAccPreCheckWafLoggingConfiguration(t *testing.T) {
+	testAccPartitionHasServicePreCheck(waf.EndpointsID, t)
+
+	// Since we are outside the scope of the Terraform configuration we must
+	// call Configure() to properly initialize the provider configuration.
+	testAccProviderWafLoggingConfigurationConfigure.Do(func() {
+		testAccProviderWafLoggingConfiguration = Provider()
+
+		region := testAccGetWafLoggingConfigurationRegion()
+
+		if region == "" {
+			t.Skip("WAF Logging Configuration not available in this AWS Partition")
+		}
+
+		config := map[string]interface{}{
+			"region": region,
+		}
+
+		diags := testAccProviderWafLoggingConfiguration.Configure(context.Background(), terraform.NewResourceConfigRaw(config))
+
+		if diags != nil && diags.HasError() {
+			for _, d := range diags {
+				if d.Severity == diag.Error {
+					t.Fatalf("error configuring WAF Logging Configurations provider: %s", d.Summary)
+				}
+			}
+		}
+	})
+}
+
+// testAccWafLoggingConfigurationRegionProviderConfig is the Terraform provider configuration for WAF Logging Configurations region testing
+//
+// Testing WAF Logging Configurations assumes no other provider configurations
+// are necessary and overwrites the "aws" provider configuration.
+func testAccWafLoggingConfigurationRegionProviderConfig() string {
+	return testAccRegionalProviderConfig(testAccGetWafLoggingConfigurationRegion())
+}
+
+// testAccGetWafLoggingConfigurationRegion returns the WAF Logging Configurations region for testing
+func testAccGetWafLoggingConfigurationRegion() string {
+	if testAccWafLoggingConfigurationRegion != "" {
+		return testAccWafLoggingConfigurationRegion
+	}
+
+	// AWS Commercial: https://docs.aws.amazon.com/waf/latest/developerguide/classic-logging.html
+	// AWS GovCloud (US) - not available yet: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-waf.html
+	// AWS China - not available yet
+	switch testAccGetPartition() {
+	case endpoints.AwsPartitionID:
+		testAccWafLoggingConfigurationRegion = endpoints.UsEast1RegionID
+	}
+
+	return testAccWafLoggingConfigurationRegion
+}