Merge pull request #40889 from rbreslow/f-name_prefix-for-wafv2-resources

Add name_prefix argument for WAFv2 resources

Author: ewbankkit

.changelog/40889.txt

@@ -0,0 +1,11 @@
+```release-note:enhancement
+resource/aws_wafv2_ip_set: Add `name_prefix` argument and plan-time validation of `name`
+```
+
+```release-note:enhancement
+resource/aws_wafv2_regex_pattern_set: Add `name_prefix` argument and plan-time validation of `name`
+```
+
+```release-note:enhancement
+resource/aws_wafv2_web_acl: Add `name_prefix` argument
+```

internal/service/wafv2/ip_set.go

@@ -10,14 +10,17 @@ import (
 	"strings"
 	"time"
 
+	"github.com/YakDriver/regexache"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/wafv2"
 	awstypes "github.com/aws/aws-sdk-go-v2/service/wafv2/types"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/id"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/internal/create"
 	"github.com/hashicorp/terraform-provider-aws/internal/enum"
 	"github.com/hashicorp/terraform-provider-aws/internal/errs"
 	"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
@@ -104,10 +107,26 @@ func resourceIPSet() *schema.Resource {
 					Computed: true,
 				},
 				names.AttrName: {
-					Type:         schema.TypeString,
-					Required:     true,
-					ForceNew:     true,
-					ValidateFunc: validation.StringLenBetween(1, 128),
+					Type:          schema.TypeString,
+					Optional:      true,
+					Computed:      true,
+					ForceNew:      true,
+					ConflictsWith: []string{names.AttrNamePrefix},
+					ValidateFunc: validation.All(
+						validation.StringLenBetween(1, 128),
+						validation.StringMatch(regexache.MustCompile(`^[0-9A-Za-z_-]+$`), "must contain only alphanumeric hyphen and underscore characters"),
+					),
+				},
+				names.AttrNamePrefix: {
+					Type:          schema.TypeString,
+					Optional:      true,
+					Computed:      true,
+					ForceNew:      true,
+					ConflictsWith: []string{names.AttrName},
+					ValidateFunc: validation.All(
+						validation.StringLenBetween(1, 128-id.UniqueIDSuffixLength),
+						validation.StringMatch(regexache.MustCompile(`^[0-9A-Za-z_-]+$`), "must contain only alphanumeric hyphen and underscore characters"),
+					),
 				},
 				names.AttrScope: {
 					Type:             schema.TypeString,
@@ -126,7 +145,7 @@ func resourceIPSetCreate(ctx context.Context, d *schema.ResourceData, meta any)
 	var diags diag.Diagnostics
 	conn := meta.(*conns.AWSClient).WAFV2Client(ctx)
 
-	name := d.Get(names.AttrName).(string)
+	name := create.Name(d.Get(names.AttrName).(string), d.Get(names.AttrNamePrefix).(string))
 	input := &wafv2.CreateIPSetInput{
 		Addresses:        []string{},
 		IPAddressVersion: awstypes.IPAddressVersion(d.Get("ip_address_version").(string)),
@@ -150,6 +169,7 @@ func resourceIPSetCreate(ctx context.Context, d *schema.ResourceData, meta any)
 	}
 
 	d.SetId(aws.ToString(output.Summary.Id))
+	d.Set(names.AttrName, name) // Required in Read.
 
 	return append(diags, resourceIPSetRead(ctx, d, meta)...)
 }
@@ -172,12 +192,12 @@ func resourceIPSetRead(ctx context.Context, d *schema.ResourceData, meta any) di
 
 	ipSet := output.IPSet
 	d.Set("addresses", ipSet.Addresses)
-	arn := aws.ToString(ipSet.ARN)
-	d.Set(names.AttrARN, arn)
+	d.Set(names.AttrARN, ipSet.ARN)
 	d.Set(names.AttrDescription, ipSet.Description)
 	d.Set("ip_address_version", ipSet.IPAddressVersion)
 	d.Set("lock_token", output.LockToken)
 	d.Set(names.AttrName, ipSet.Name)
+	d.Set(names.AttrNamePrefix, create.NamePrefixFromName(aws.ToString(ipSet.Name)))
 
 	return diags
 }

internal/service/wafv2/ip_set_test.go

@@ -10,6 +10,7 @@ import (
 
 	"github.com/YakDriver/regexache"
 	awstypes "github.com/aws/aws-sdk-go-v2/service/wafv2/types"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/id"
 	sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 	"github.com/hashicorp/terraform-plugin-testing/terraform"
@@ -38,6 +39,7 @@ func TestAccWAFV2IPSet_basic(t *testing.T) {
 					testAccCheckIPSetExists(ctx, resourceName, &v),
 					acctest.MatchResourceAttrRegionalARN(ctx, resourceName, names.AttrARN, "wafv2", regexache.MustCompile(`regional/ipset/.+$`)),
 					resource.TestCheckResourceAttr(resourceName, names.AttrName, ipSetName),
+					resource.TestCheckResourceAttr(resourceName, names.AttrNamePrefix, ""),
 					resource.TestCheckResourceAttr(resourceName, names.AttrDescription, ipSetName),
 					resource.TestCheckResourceAttr(resourceName, names.AttrScope, string(awstypes.ScopeRegional)),
 					resource.TestCheckResourceAttr(resourceName, "ip_address_version", string(awstypes.IPAddressVersionIpv4)),
@@ -69,6 +71,64 @@ func TestAccWAFV2IPSet_basic(t *testing.T) {
 	})
 }
 
+func TestAccWAFV2IPSet_nameGenerated(t *testing.T) {
+	ctx := acctest.Context(t)
+	var v awstypes.IPSet
+	resourceName := "aws_wafv2_ip_set.ip_set"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t); testAccPreCheckScopeRegional(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.WAFV2ServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckIPSetDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccIPSetConfig_nameGenerated(),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIPSetExists(ctx, resourceName, &v),
+					acctest.CheckResourceAttrNameGenerated(resourceName, names.AttrName),
+					resource.TestCheckResourceAttr(resourceName, names.AttrNamePrefix, id.UniqueIdPrefix),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateIdFunc: testAccIPSetImportStateIdFunc(resourceName),
+			},
+		},
+	})
+}
+
+func TestAccWAFV2IPSet_namePrefix(t *testing.T) {
+	ctx := acctest.Context(t)
+	var v awstypes.IPSet
+	resourceName := "aws_wafv2_ip_set.ip_set"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t); testAccPreCheckScopeRegional(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.WAFV2ServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckIPSetDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccIPSetConfig_namePrefix("tf-acc-test-prefix-"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIPSetExists(ctx, resourceName, &v),
+					acctest.CheckResourceAttrNameFromPrefix(resourceName, names.AttrName, "tf-acc-test-prefix-"),
+					resource.TestCheckResourceAttr(resourceName, names.AttrNamePrefix, "tf-acc-test-prefix-"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateIdFunc: testAccIPSetImportStateIdFunc(resourceName),
+			},
+		},
+	})
+}
+
 func TestAccWAFV2IPSet_disappears(t *testing.T) {
 	ctx := acctest.Context(t)
 	var r awstypes.IPSet
@@ -380,6 +440,39 @@ resource "aws_wafv2_ip_set" "ip_set" {
 `, name)
 }
 
+func testAccIPSetConfig_nameGenerated() string {
+	return `
+resource "aws_wafv2_ip_set" "ip_set" {
+  description        = "test"
+  scope              = "REGIONAL"
+  ip_address_version = "IPV4"
+  addresses          = ["1.2.3.4/32", "5.6.7.8/32"]
+
+  tags = {
+    Tag1 = "Value1"
+    Tag2 = "Value2"
+  }
+}
+  `
+}
+
+func testAccIPSetConfig_namePrefix(namePrefix string) string {
+	return fmt.Sprintf(`
+resource "aws_wafv2_ip_set" "ip_set" {
+  name_prefix        = %[1]q
+  description        = %[1]q
+  scope              = "REGIONAL"
+  ip_address_version = "IPV4"
+  addresses          = ["1.2.3.4/32", "5.6.7.8/32"]
+
+  tags = {
+    Tag1 = "Value1"
+    Tag2 = "Value2"
+  }
+}
+  `, namePrefix)
+}
+
 func testAccIPSetConfig_addresses(name string) string {
 	return fmt.Sprintf(`
 resource "aws_eip" "test" {

internal/service/wafv2/regex_pattern_set.go

@@ -10,14 +10,17 @@ import (
 	"strings"
 	"time"
 
+	"github.com/YakDriver/regexache"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/wafv2"
 	awstypes "github.com/aws/aws-sdk-go-v2/service/wafv2/types"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/id"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/internal/create"
 	"github.com/hashicorp/terraform-provider-aws/internal/enum"
 	"github.com/hashicorp/terraform-provider-aws/internal/errs"
 	"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
@@ -67,10 +70,26 @@ func resourceRegexPatternSet() *schema.Resource {
 					Computed: true,
 				},
 				names.AttrName: {
-					Type:         schema.TypeString,
-					Required:     true,
-					ForceNew:     true,
-					ValidateFunc: validation.StringLenBetween(1, 128),
+					Type:          schema.TypeString,
+					Optional:      true,
+					Computed:      true,
+					ForceNew:      true,
+					ConflictsWith: []string{names.AttrNamePrefix},
+					ValidateFunc: validation.All(
+						validation.StringLenBetween(1, 128),
+						validation.StringMatch(regexache.MustCompile(`^[0-9A-Za-z_-]+$`), "must contain only alphanumeric hyphen and underscore characters"),
+					),
+				},
+				names.AttrNamePrefix: {
+					Type:          schema.TypeString,
+					Optional:      true,
+					Computed:      true,
+					ForceNew:      true,
+					ConflictsWith: []string{names.AttrName},
+					ValidateFunc: validation.All(
+						validation.StringLenBetween(1, 128-id.UniqueIDSuffixLength),
+						validation.StringMatch(regexache.MustCompile(`^[0-9A-Za-z_-]+$`), "must contain only alphanumeric hyphen and underscore characters"),
+					),
 				},
 				"regular_expression": {
 					Type:     schema.TypeSet,
@@ -106,7 +125,7 @@ func resourceRegexPatternSetCreate(ctx context.Context, d *schema.ResourceData,
 	var diags diag.Diagnostics
 	conn := meta.(*conns.AWSClient).WAFV2Client(ctx)
 
-	name := d.Get(names.AttrName).(string)
+	name := create.Name(d.Get(names.AttrName).(string), d.Get(names.AttrNamePrefix).(string))
 	input := &wafv2.CreateRegexPatternSetInput{
 		Name:                  aws.String(name),
 		RegularExpressionList: []awstypes.Regex{},
@@ -129,6 +148,7 @@ func resourceRegexPatternSetCreate(ctx context.Context, d *schema.ResourceData,
 	}
 
 	d.SetId(aws.ToString(output.Summary.Id))
+	d.Set(names.AttrName, name) // Required in Read.
 
 	return append(diags, resourceRegexPatternSetRead(ctx, d, meta)...)
 }
@@ -150,11 +170,11 @@ func resourceRegexPatternSetRead(ctx context.Context, d *schema.ResourceData, me
 	}
 
 	regexPatternSet := output.RegexPatternSet
-	arn := aws.ToString(regexPatternSet.ARN)
-	d.Set(names.AttrARN, arn)
+	d.Set(names.AttrARN, regexPatternSet.ARN)
 	d.Set(names.AttrDescription, regexPatternSet.Description)
 	d.Set("lock_token", output.LockToken)
 	d.Set(names.AttrName, regexPatternSet.Name)
+	d.Set(names.AttrNamePrefix, create.NamePrefixFromName(aws.ToString(regexPatternSet.Name)))
 	if err := d.Set("regular_expression", flattenRegexPatternSet(regexPatternSet.RegularExpressionList)); err != nil {
 		return sdkdiag.AppendErrorf(diags, "setting regular_expression: %s", err)
 	}