diff --git a/aws/resource_aws_wafregional_web_acl_association.go b/aws/resource_aws_wafregional_web_acl_association.go index c858948bbab..3adea483d67 100644 --- a/aws/resource_aws_wafregional_web_acl_association.go +++ b/aws/resource_aws_wafregional_web_acl_association.go @@ -94,7 +94,9 @@ func resourceAwsWafRegionalWebAclAssociationRead(d *schema.ResourceData, meta in } if output == nil || output.WebACLSummary == nil { - return fmt.Errorf("error getting WAF Regional Web ACL for resource (%s): empty response", resourceArn) + log.Printf("[WARN] WAF Regional Web ACL for resource (%s) not found, removing from state", resourceArn) + d.SetId("") + return nil } d.Set("resource_arn", resourceArn) diff --git a/aws/resource_aws_wafregional_web_acl_association_test.go b/aws/resource_aws_wafregional_web_acl_association_test.go index d21b9beb7cd..aaa9bf36307 100644 --- a/aws/resource_aws_wafregional_web_acl_association_test.go +++ b/aws/resource_aws_wafregional_web_acl_association_test.go @@ -28,6 +28,24 @@ func TestAccAWSWafRegionalWebAclAssociation_basic(t *testing.T) { }) } +func TestAccAWSWafRegionalWebAclAssociation_disappears(t *testing.T) { + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckWafRegionalWebAclAssociationDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckWafRegionalWebAclAssociationConfig_basic, + Check: resource.ComposeTestCheckFunc( + testAccCheckWafRegionalWebAclAssociationExists("aws_wafregional_web_acl_association.foo"), + testAccCheckWafRegionalWebAclAssociationDisappears("aws_wafregional_web_acl_association.foo"), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + func TestAccAWSWafRegionalWebAclAssociation_multipleAssociations(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -119,6 +137,33 @@ func testAccCheckWafRegionalWebAclAssociationExists(n string) resource.TestCheck } } +func testAccCheckWafRegionalWebAclAssociationDisappears(resourceName string) resource.TestCheckFunc { + return func(s *terraform.State) error { + // waf.WebACLSummary does not contain the information so we instead just use the state information + + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("Not found: %s", resourceName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No WebACL association ID is set") + } + + _, resourceArn := resourceAwsWafRegionalWebAclAssociationParseId(rs.Primary.ID) + + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + + input := &wafregional.DisassociateWebACLInput{ + ResourceArn: aws.String(resourceArn), + } + + _, err := conn.DisassociateWebACL(input) + + return err + } +} + const testAccCheckWafRegionalWebAclAssociationConfig_basic = ` resource "aws_wafregional_rule" "foo" { name = "foo"