Allow WAF web ACL rule import

[julienduchesne]

Fixes #4589

Changes proposed in this pull request:

• Title says it all
• The WAF web ACL resource doesn't get rules and I'm guessing if it did, that would conflict with the rule resource so I excluded it from the import test.

Output from acceptance testing:

TESTARGS='-run=TestAccAWSWafWebAcl'  make testacc
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./... -v -run=TestAccAWSWafWebAcl -timeout 120m
?       github.com/terraform-providers/terraform-provider-aws   [no test files]
=== RUN   TestAccAWSWafWebAcl_basic
--- PASS: TestAccAWSWafWebAcl_basic (36.13s)
=== RUN   TestAccAWSWafWebAcl_group
--- PASS: TestAccAWSWafWebAcl_group (34.00s)
=== RUN   TestAccAWSWafWebAcl_changeNameForceNew
--- PASS: TestAccAWSWafWebAcl_changeNameForceNew (66.05s)
=== RUN   TestAccAWSWafWebAcl_changeDefaultAction
--- PASS: TestAccAWSWafWebAcl_changeDefaultAction (65.58s)
=== RUN   TestAccAWSWafWebAcl_disappears
--- PASS: TestAccAWSWafWebAcl_disappears (38.07s)
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       239.855s

[bflad]

The rules issues can be found at #4786 and #534 -- while it'd be awesome to fix the d.Set() handling for that attribute, I think we can treat that separately as long as its noted in the import documentation.

[bflad]

Can you please add the ## Import documentation to website/docs/r/waf_web_acl.html.markdown? Thanks! It'd probably also be good to note the rules limitation (for now).

[bflad]

😍

[julienduchesne]

I added the documentation.

About the rules though, if they are handled by this resource, it will be incompatible with the resource_aws_waf_rule. It can only be handled by one or the other. Otherwise, the resource_aws_waf_web_acl will revoke every rule not added within itself. How do you handle such a case? As I understand it, the general trend is to prefer independant resources to attribute blocks. So the best way to handle this would be to simply remove the rules block in resource_aws_waf_web_acl, no?

Thanks

[bflad]

Unless I'm misunderstanding the aws_waf_web_acl resource documentation:

• rules - (Required) The rules to associate with the web ACL and the settings for each rule.

The rules within the aws_waf_web_acl resource are intended to associate the ordering and actions of various rules/rule groups to form the actual ACL. Rules themselves are created and managed by the aws_waf_rule resource.

[bflad]

Let's get this in! 🚀

5 tests passed (all tests)
=== RUN   TestAccAWSWafWebAcl_basic
--- PASS: TestAccAWSWafWebAcl_basic (43.42s)
=== RUN   TestAccAWSWafWebAcl_group
--- PASS: TestAccAWSWafWebAcl_group (58.59s)
=== RUN   TestAccAWSWafWebAcl_changeNameForceNew
--- PASS: TestAccAWSWafWebAcl_changeNameForceNew (90.89s)
=== RUN   TestAccAWSWafWebAcl_disappears
--- PASS: TestAccAWSWafWebAcl_disappears (97.03s)
=== RUN   TestAccAWSWafWebAcl_changeDefaultAction
--- PASS: TestAccAWSWafWebAcl_changeDefaultAction (106.53s)

[bflad]

This has been released in version 1.29.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!