opentofu · mbialon · Sep 26, 2023 · Sep 20, 2023 · Sep 21, 2023 · Sep 21, 2023
diff --git a/.changelog/33594.txt b/.changelog/33594.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+resource/aws_wafv2_web_acl: Add `rate_based_statement.custom_key` configuration block
+```
+
+```release-note:enhancement
+resource/aws_wafv2_rule_group: Add `rate_based_statement.custom_key` configuration block
+```
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,7 +6,13 @@ FEATURES:
 
 ENHANCEMENTS:
 
+* resource/aws_fsx_ontap_volume: Add `bypass_snaplock_enterprise_retention` argument and `snaplock_configuration` configuration block to support [SnapLock](https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/snaplock.html) ([#32530](https://github.com/hashicorp/terraform-provider-aws/issues/32530))
+* resource/aws_fsx_ontap_volume: Add `copy_tags_to_backups` and `snapshot_policy` arguments ([#32530](https://github.com/hashicorp/terraform-provider-aws/issues/32530))
+* resource/aws_fsx_openzfs_volume: Add `delete_volume_options` argument ([#32530](https://github.com/hashicorp/terraform-provider-aws/issues/32530))
 * resource/aws_lightsail_bucket: Add `force_delete` argument ([#33586](https://github.com/hashicorp/terraform-provider-aws/issues/33586))
+* resource/aws_opensearch_outbound_connection: Add `connection_properties`, `connection_mode` and `accept_connection` arguments ([#32990](https://github.com/hashicorp/terraform-provider-aws/issues/32990))
+* resource/aws_wafv2_rule_group: Add `rate_based_statement.custom_key` configuration block ([#33594](https://github.com/hashicorp/terraform-provider-aws/issues/33594))
+* resource/aws_wafv2_web_acl: Add `rate_based_statement.custom_key` configuration block ([#33594](https://github.com/hashicorp/terraform-provider-aws/issues/33594))
 
 BUG FIXES:
 

diff --git a/internal/service/fsx/sweep.go b/internal/service/fsx/sweep.go
@@ -294,6 +294,7 @@ func sweepONTAPVolumes(region string) error {
 			r := ResourceONTAPVolume()
 			d := r.Data(nil)
 			d.SetId(aws.StringValue(v.VolumeId))
+			d.Set("bypass_snaplock_enterprise_retention", true)
 			d.Set("skip_final_backup", true)
 
 			sweepResources = append(sweepResources, sweep.NewSweepResource(r, d, client))

diff --git a/internal/service/wafv2/flex.go b/internal/service/wafv2/flex.go
@@ -1279,6 +1279,109 @@ func expandStatusCode(tfList []interface{}) *wafv2.ResponseInspectionStatusCode
 	return &out
 }
 
+func expandRateLimitCookie(l []interface{}) *wafv2.RateLimitCookie {
+	if len(l) == 0 || l[0] == nil {
+		return nil
+	}
+	m := l[0].(map[string]interface{})
+	return &wafv2.RateLimitCookie{
+		Name:                aws.String(m["name"].(string)),
+		TextTransformations: expandTextTransformations(m["text_transformation"].(*schema.Set).List()),
+	}
+}
+
+func expandRateLimitHeader(l []interface{}) *wafv2.RateLimitHeader {
+	if len(l) == 0 || l[0] == nil {
+		return nil
+	}
+	m := l[0].(map[string]interface{})
+	return &wafv2.RateLimitHeader{
+		Name:                aws.String(m["name"].(string)),
+		TextTransformations: expandTextTransformations(m["text_transformation"].(*schema.Set).List()),
+	}
+}
+
+func expandRateLimitLabelNamespace(l []interface{}) *wafv2.RateLimitLabelNamespace {
+	if len(l) == 0 || l[0] == nil {
+		return nil
+	}
+	m := l[0].(map[string]interface{})
+	return &wafv2.RateLimitLabelNamespace{
+		Namespace: aws.String(m["namespace"].(string)),
+	}
+}
+
+func expandRateLimitQueryArgument(l []interface{}) *wafv2.RateLimitQueryArgument {
+	if len(l) == 0 || l[0] == nil {
+		return nil
+	}
+	m := l[0].(map[string]interface{})
+	return &wafv2.RateLimitQueryArgument{
+		Name:                aws.String(m["name"].(string)),
+		TextTransformations: expandTextTransformations(m["text_transformation"].(*schema.Set).List()),
+	}
+}
+
+func expandRateLimitQueryString(l []interface{}) *wafv2.RateLimitQueryString {
+	if len(l) == 0 || l[0] == nil {
+		return nil
+	}
+	m := l[0].(map[string]interface{})
+	return &wafv2.RateLimitQueryString{
+		TextTransformations: expandTextTransformations(m["text_transformation"].(*schema.Set).List()),
+	}
+}
+
+func expandRateLimitURIPath(l []interface{}) *wafv2.RateLimitUriPath {
+	if len(l) == 0 || l[0] == nil {
+		return nil
+	}
+	m := l[0].(map[string]interface{})
+	return &wafv2.RateLimitUriPath{
+		TextTransformations: expandTextTransformations(m["text_transformation"].(*schema.Set).List()),
+	}
+}
+
+func expandRateBasedStatementCustomKeys(l []interface{}) []*wafv2.RateBasedStatementCustomKey {
+	if len(l) == 0 {
+		return nil
+	}
+	out := make([]*wafv2.RateBasedStatementCustomKey, 0)
+	for _, ck := range l {
+		r := &wafv2.RateBasedStatementCustomKey{}
+		m := ck.(map[string]interface{})
+		if v, ok := m["cookie"]; ok {
+			r.Cookie = expandRateLimitCookie(v.([]interface{}))
+		}
+		if v, ok := m["forwarded_ip"]; ok && len(v.([]interface{})) > 0 {
+			r.ForwardedIP = &wafv2.RateLimitForwardedIP{}
+		}
+		if v, ok := m["http_method"]; ok && len(v.([]interface{})) > 0 {
+			r.HTTPMethod = &wafv2.RateLimitHTTPMethod{}
+		}
+		if v, ok := m["header"]; ok {
+			r.Header = expandRateLimitHeader(v.([]interface{}))
+		}
+		if v, ok := m["ip"]; ok && len(v.([]interface{})) > 0 {
+			r.IP = &wafv2.RateLimitIP{}
+		}
+		if v, ok := m["label_namespace"]; ok {
+			r.LabelNamespace = expandRateLimitLabelNamespace(v.([]interface{}))
+		}
+		if v, ok := m["query_argument"]; ok {
+			r.QueryArgument = expandRateLimitQueryArgument(v.([]interface{}))
+		}
+		if v, ok := m["query_string"]; ok {
+			r.QueryString = expandRateLimitQueryString(v.([]interface{}))
+		}
+		if v, ok := m["uri_path"]; ok {
+			r.UriPath = expandRateLimitURIPath(v.([]interface{}))
+		}
+		out = append(out, r)
+	}
+	return out
+}
+
 func expandRateBasedStatement(l []interface{}) *wafv2.RateBasedStatement {
 	if len(l) == 0 || l[0] == nil {
 		return nil
@@ -1294,6 +1397,10 @@ func expandRateBasedStatement(l []interface{}) *wafv2.RateBasedStatement {
 		r.ForwardedIPConfig = expandForwardedIPConfig(v.([]interface{}))
 	}
 
+	if v, ok := m["custom_key"]; ok {
+		r.CustomKeys = expandRateBasedStatementCustomKeys(v.([]interface{}))
+	}
+
 	s := m["scope_down_statement"].([]interface{})
 	if len(s) > 0 && s[0] != nil {
 		r.ScopeDownStatement = expandStatement(s[0].(map[string]interface{}))
@@ -2427,6 +2534,122 @@ func flattenStatusCode(apiObject *wafv2.ResponseInspectionStatusCode) []interfac
 	return []interface{}{m}
 }
 
+func flattenRateLimitCookie(apiObject *wafv2.RateLimitCookie) []interface{} {
+	if apiObject == nil {
+		return nil
+	}
+	return []interface{}{
+		map[string]interface{}{
+			"name":                aws.StringValue(apiObject.Name),
+			"text_transformation": flattenTextTransformations(apiObject.TextTransformations),
+		},
+	}
+}
+
+func flattenRateLimitHeader(apiObject *wafv2.RateLimitHeader) []interface{} {
+	if apiObject == nil {
+		return nil
+	}
+	return []interface{}{
+		map[string]interface{}{
+			"name":                aws.StringValue(apiObject.Name),
+			"text_transformation": flattenTextTransformations(apiObject.TextTransformations),
+		},
+	}
+}
+
+func flattenRateLimitLabelNamespace(apiObject *wafv2.RateLimitLabelNamespace) []interface{} {
+	if apiObject == nil {
+		return nil
+	}
+	return []interface{}{
+		map[string]interface{}{
+			"namespace": aws.StringValue(apiObject.Namespace),
+		},
+	}
+}
+
+func flattenRateLimitQueryArgument(apiObject *wafv2.RateLimitQueryArgument) []interface{} {
+	if apiObject == nil {
+		return nil
+	}
+	return []interface{}{
+		map[string]interface{}{
+			"name":                aws.StringValue(apiObject.Name),
+			"text_transformation": flattenTextTransformations(apiObject.TextTransformations),
+		},
+	}
+}
+
+func flattenRateLimitQueryString(apiObject *wafv2.RateLimitQueryString) []interface{} {
+	if apiObject == nil {
+		return nil
+	}
+	return []interface{}{
+		map[string]interface{}{
+			"text_transformation": flattenTextTransformations(apiObject.TextTransformations),
+		},
+	}
+}
+
+func flattenRateLimitURIPath(apiObject *wafv2.RateLimitUriPath) []interface{} {
+	if apiObject == nil {
+		return nil
+	}
+	return []interface{}{
+		map[string]interface{}{
+			"text_transformation": flattenTextTransformations(apiObject.TextTransformations),
+		},
+	}
+}
+
+func flattenRateBasedStatementCustomKeys(apiObject []*wafv2.RateBasedStatementCustomKey) []interface{} {
+	if apiObject == nil {
+		return nil
+	}
+
+	out := make([]interface{}, len(apiObject))
+	for i, o := range apiObject {
+		tfMap := map[string]interface{}{}
+
+		if o.Cookie != nil {
+			tfMap["cookie"] = flattenRateLimitCookie(o.Cookie)
+		}
+		if o.ForwardedIP != nil {
+			tfMap["forwarded_ip"] = []interface{}{
+				map[string]interface{}{},
+			}
+		}
+		if o.HTTPMethod != nil {
+			tfMap["http_method"] = []interface{}{
+				map[string]interface{}{},
+			}
+		}
+		if o.Header != nil {
+			tfMap["header"] = flattenRateLimitHeader(o.Header)
+		}
+		if o.IP != nil {
+			tfMap["ip"] = []interface{}{
+				map[string]interface{}{},
+			}
+		}
+		if o.LabelNamespace != nil {
+			tfMap["label_namespace"] = flattenRateLimitLabelNamespace(o.LabelNamespace)
+		}
+		if o.QueryArgument != nil {
+			tfMap["query_argument"] = flattenRateLimitQueryArgument(o.QueryArgument)
+		}
+		if o.QueryString != nil {
+			tfMap["query_string"] = flattenRateLimitQueryString(o.QueryString)
+		}
+		if o.UriPath != nil {
+			tfMap["uri_path"] = flattenRateLimitURIPath(o.UriPath)
+		}
+		out[i] = tfMap
+	}
+	return out
+}
+
 func flattenRateBasedStatement(apiObject *wafv2.RateBasedStatement) interface{} {
 	if apiObject == nil {
 		return []interface{}{}
@@ -2442,6 +2665,10 @@ func flattenRateBasedStatement(apiObject *wafv2.RateBasedStatement) interface{}
 		tfMap["forwarded_ip_config"] = flattenForwardedIPConfig(apiObject.ForwardedIPConfig)
 	}
 
+	if apiObject.CustomKeys != nil {
+		tfMap["custom_key"] = flattenRateBasedStatementCustomKeys(apiObject.CustomKeys)
+	}
+
 	if apiObject.Limit != nil {
 		tfMap["limit"] = int(aws.Int64Value(apiObject.Limit))
 	}