Skip to content

refactor!: adding a type for rule input #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
benpriestman wants to merge 5 commits into
base: main
Choose a base branch
from
Open

refactor!: adding a type for rule input #29

benpriestman wants to merge 5 commits into from

Conversation

@benpriestman
Copy link
Contributor

@benpriestman benpriestman commented Nov 11, 2025

Adding an object type for the rule input.
Also adding a suite of tests, based upon and extending the current examples.

Features:

  • allows changes to be made with higher confidence;
  • highlights some inconsistencies in the codebase (compare not_statements in different contexts);
  • makes it easier for newcomers to learn how to use this module;
  • allows IDEs to give useful hints and autocompletions;
  • makes it possible for AIs to make reliable choices when coding around this module.

@benpriestman
refactor!: adding a type for rule input
cb75294 
Adding an object type for the rule input.
Also adding a suite of tests, based upon and extending the current examples.

Features:
- allows changes to be made with higher confidence;
- highlights some inconsistencies in the codebase (compare not_statements in different contexts);
- makes it easier for newcomers to learn how to use this module;
- allows IDEs to give useful hints and autocompletions;
- makes it possible for AIs to make reliable choices when coding around this module.
@benpriestman benpriestman mentioned this pull request Nov 11, 2025
Closed
@benpriestman benpriestman marked this pull request as draft November 11, 2025 10:16
@benpriestman

This comment was marked as outdated.

Sign in to view
@benpriestman
incorporating review comments
0765725 
Claude did a deep analysis.
These were the only flaws we found.
@benpriestman benpriestman marked this pull request as ready for review November 11, 2025 14:46
@benpriestman
fix!: adding support for new custom_response functionality
381c39b 
[v3.13.0](https://github.com/aws-ss/terraform-aws-wafv2/releases/tag/v3.13.0) added support for a default custom response and custom responses in managed rules.
These were missed from the object type definition and tests.
Adding these.
@benpriestman
test: adding RegexMatchStatemnet tests
ad653b6 
Also adding an example for RegexMatchStatements.
Both were previously missing.
@benpriestman benpriestman force-pushed the CPSTREAM-2338-tests-and-type branch from 43e2686 to ad653b6 Compare November 14, 2025 10:10
@uyggnodoow uyggnodoow self-assigned this Nov 16, 2025
@uyggnodoow
Copy link
Member

uyggnodoow commented Nov 16, 2025

Hello @benpriestman

Thank you for your contribution.
Could you tell me how I can try using this test?

@benpriestman
Copy link
Contributor Author

benpriestman commented Nov 16, 2025

Hello @benpriestman

Thank you for your contribution. Could you tell me how I can try using this test?

Hi there,

You can read about Terraform tests here. These tests use mocked providers, so, you'll need to be running at least Terraform v1.7.0. I note that the module's current minimum version is v1.4.6.

The mocks mean that you don't need any credentials or a real infrastruture to run against. Effectively, they are unit tests, which just test the logic of the module itself, whether we can make a plan and whether that plan matches our expectations. They won't catch errors that only surface in a terraform apply. (Also note that, once a pattern is established, AI tools are pretty good at generating further tests and refining existing ones.)

To run the tests manually, just do:

terraform test

To run just one of them, do:

terraform test -filter tests/AndStatement.tftest.hcl

I see that you use precommit hooks for validation in this repo. I had a look at adding terraform test to these. However, the framework being used doesn't yet support this command. I see that there's an open issue to add support for this: antonbabenko/pre-commit-terraform#549.

As the tests have no dependencies other than an appropriate version of Terraform, it would be fairly simple to add a github workflow to run these against PRs. Do you think that this would be an acceptable complication?

All the above might be reasons for not adopting these tests fully. However, even if only run manually, I think you might find them useful when making changes. I'm happy to split this into two PRs: one for the type, one for the tests, if you might look more favourably on one than the other.

For context, I've been using similar tests and type definitions to develop an internal module, which calls yours. I can keep these in my module or a fork of yours but it would make more sense to put them in the module they are testing.

Give them a try and let me know what you think.

@benpriestman
chore!: bump minimum terraform version
49698c2 
terraform test with mocks requires tf v1.7.0.
@uyggnodoow
Copy link
Member

uyggnodoow commented Dec 8, 2025

Hello @benpriestman

The changes to variables.tf are very clear. However, verifying them one by one is not easy, and adding a new optional field, for example, could cause errors.

Therefore, I want to exclude changes to variables.tf. What are your thoughts on this suggestion?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@uyggnodoow uyggnodoow

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@benpriestman @uyggnodoow