Merge pull request #597 from alpineriveredge/add-wafv2-ip-set

Add wafv2_ip_set resource

Author: k1LoW

.rubocop.yml

@@ -20,6 +20,7 @@ Lint/DuplicateMethods:
     - 'lib/awspec/type/ecs_service.rb'
     - 'lib/awspec/type/eks_nodegroup.rb'
     - 'lib/awspec/type/resource_base.rb'
+    - 'lib/awspec/type/wafv2_ip_set.rb'
 
 Lint/ErbNewArguments:
   Enabled: false

doc/_resource_types/wafv2_ip_set.md

@@ -0,0 +1,17 @@
+### exist
+
+You can set `scope` to CLOUDFRONT or REGIONAL ( default: `REGIONAL` ).
+
+```ruby
+describe wafv2_ip_set('my-ip-set'), scope: 'REGIONAL' do
+  it { should exist }
+end
+```
+
+### have_ip_address
+
+```ruby
+describe wafv2_ip_set('my-ip-set'), scope: 'REGIONAL' do
+  it { should have_ip_address('10.0.0.0/32') }
+end
+```

doc/resource_types.md

@@ -89,6 +89,7 @@
 | [vpn_gateway](#vpn_gateway)
 | [waf_web_acl](#waf_web_acl)
 | [wafregional_web_acl](#wafregional_web_acl)
+| [wafv2_ip_set](#wafv2_ip_set)
 | [account](#account)
 
 ## <a name="acm">acm</a>
@@ -4300,6 +4301,30 @@ end
 
 
 ### its(:default_action), its(:web_acl_id), its(:name), its(:metric_name), its(:web_acl_arn)
+## <a name="wafv2_ip_set">wafv2_ip_set</a>
+
+Wafv2IpSet resource type.
+
+### exist
+
+You can set `scope` to CLOUDFRONT or REGIONAL ( default: `REGIONAL` ).
+
+```ruby
+describe wafv2_ip_set('my-ip-set'), scope: 'REGIONAL' do
+  it { should exist }
+end
+```
+
+
+### have_ip_address
+
+```ruby
+describe wafv2_ip_set('my-ip-set'), scope: 'REGIONAL' do
+  it { should have_ip_address('10.0.0.0/32') }
+end
+```
+
+### its(:name), its(:id), its(:arn), its(:description), its(:ip_address_version), its(:addresses)
 # Account and Attributes
 
 ## <a name="account">account</a>

lib/awspec/command/generate.rb

@@ -62,6 +62,18 @@ def s3_bucket(bucket_name = nil)
       end
     end
 
+    types = %w[
+      wafv2_ip_set
+    ]
+
+    types.each do |type|
+      desc "#{type} [scope]", "Generate #{type} spec from scope: (CLOUDFRONT or REGIONAL)."
+      define_method type do |_scope|
+        Awsecrets.load(profile: options[:profile], region: options[:region], secrets_path: options[:secrets_path])
+        eval "puts Awspec::Generator::Spec::#{type.camelize}.new.generate_by_scope(_scope)"
+      end
+    end
+
     types_for_generate_all = %w[
       cloudwatch_alarm cloudwatch_event directconnect ebs efs
       elasticsearch iam_group iam_policy iam_role iam_user kms lambda

lib/awspec/generator.rb

@@ -45,6 +45,7 @@
 require 'awspec/generator/spec/rds_global_cluster'
 require 'awspec/generator/spec/managed_prefix_list'
 require 'awspec/generator/spec/codepipeline'
+require 'awspec/generator/spec/wafv2_ip_set'
 
 # Doc
 require 'awspec/generator/doc/type'

lib/awspec/generator/doc/type/wafv2_ip_set.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Awspec::Generator
+  module Doc
+    module Type
+      class Wafv2IpSet < Base
+        def initialize
+          super
+          @type_name = 'Wafv2IpSet'
+          @type = Awspec::Type::Wafv2IpSet.new('my-ip-set')
+          @ret = @type.resource_via_client
+          @matchers = []
+          @ignore_matchers = []
+          @describes = []
+        end
+      end
+    end
+  end
+end

lib/awspec/generator/spec/wafv2_ip_set.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Awspec::Generator
+  module Spec
+    class Wafv2IpSet
+      include Awspec::Helper::Finder
+      def generate_by_scope(scope)
+        ip_sets = select_all_ip_sets(scope)
+        raise 'Not Found WAFV2 IP sets' if ip_sets.empty?
+
+        specs = ip_sets.map do |i|
+          ip_set = get_ip_set(scope, i.name, i.id)
+          ERB.new(wafv2_ip_set_spec_template, nil, '-').result(binding).gsub(/^\n/, '')
+        end
+        specs.join("\n")
+      end
+
+      def wafv2_ip_set_spec_template
+        <<-'EOF'
+describe wafv2_ip_set('<%= ip_set.name %>'), scope: '<%= scope %>' do
+  it { should exist }
+  its(:name) { should eq '<%= ip_set.name %>' }
+  its(:id) { should eq '<%= ip_set.id %>' }
+  its(:arn) { should eq '<%= ip_set.arn %>' }
+  its(:description) { should eq '<%= ip_set.description %>' }
+  its(:ip_address_version) { should eq '<%= ip_set.ip_address_version %>' }
+<% ip_set.addresses.each do |address| %>
+  it { should have_ip_address('<%= address %>') }
+<% end %>
+end
+EOF
+      end
+    end
+  end
+end

lib/awspec/helper/finder.rb

@@ -56,6 +56,7 @@
 require 'awspec/helper/finder/cognito_identity_pool'
 require 'awspec/helper/finder/transfer'
 require 'awspec/helper/finder/codepipeline'
+require 'awspec/helper/finder/wafv2'
 
 require 'awspec/helper/finder/account_attributes'
 
@@ -119,6 +120,7 @@ module Finder
     include Awspec::Helper::Finder::CognitoIdentityPool
     include Awspec::Helper::Finder::Transfer
     include Awspec::Helper::Finder::Codepipeline
+    include Awspec::Helper::Finder::Wafv2
 
     CLIENTS = {
       ec2_client: Aws::EC2::Client,
@@ -168,7 +170,8 @@ module Finder
       cognito_identity_client: Aws::CognitoIdentity::Client,
       cognito_identity_provider_client: Aws::CognitoIdentityProvider::Client,
       transfer_client: Aws::Transfer::Client,
-      codepipeline_client: Aws::CodePipeline::Client
+      codepipeline_client: Aws::CodePipeline::Client,
+      wafv2_client: Aws::WAFV2::Client
     }
 
     CLIENT_OPTIONS = {

lib/awspec/helper/finder/wafv2.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Awspec::Helper
+  module Finder
+    module Wafv2
+      def find_ip_set(scope, name)
+        ip_sets = select_all_ip_sets(scope)
+        ip_set  = ip_sets.find do |i|
+          i.name == name
+        end
+        return false unless ip_set
+
+        get_ip_set(scope, name, ip_set.id)
+      end
+
+      def select_all_ip_sets(scope)
+        res = wafv2_client.list_ip_sets({ scope: scope })
+        res.ip_sets
+      end
+
+      def get_ip_set(scope, name, id)
+        res = wafv2_client.get_ip_set({ name: name, scope: scope, id: id })
+        res.ip_set
+      end
+    end
+  end
+end

lib/awspec/helper/type.rb

@@ -24,7 +24,7 @@ module Type
         internet_gateway acm cloudwatch_logs dynamodb_table eip sqs ssm_parameter cloudformation_stack
         codebuild sns_topic redshift redshift_cluster_parameter_group codedeploy codedeploy_deployment_group
         secretsmanager msk transit_gateway cognito_identity_pool cognito_user_pool vpc_endpoints
-        transfer_server managed_prefix_list codepipeline
+        transfer_server managed_prefix_list codepipeline wafv2_ip_set
       ]
 
       ACCOUNT_ATTRIBUTES = %w[