Support allowed modes for WAF Rules (#550)

This was causing an issue when using WAF Rules that did not use the
'default' mode but the on/off approach. This fixes that by switching
the default value to reset depending in the available values in the
`AllowedModes` field.

cloudflare/data_source_waf_rules.go

@@ -80,6 +80,13 @@ func dataSourceCloudflareWAFRules() *schema.Resource {
 							Type:     schema.TypeString,
 							Optional: true,
 						},
+						"allowed_modes": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
 					},
 				},
 			},
@@ -139,13 +146,14 @@ func dataSourceCloudflareWAFRulesRead(d *schema.ResourceData, meta interface{})
 			}
 
 			ruleDetails = append(ruleDetails, map[string]interface{}{
-				"id":          rule.ID,
-				"description": rule.Description,
-				"priority":    rule.Priority,
-				"mode":        rule.Mode,
-				"group_id":    rule.Group.ID,
-				"group_name":  rule.Group.Name,
-				"package_id":  pkg.ID,
+				"id":            rule.ID,
+				"description":   rule.Description,
+				"priority":      rule.Priority,
+				"mode":          rule.Mode,
+				"group_id":      rule.Group.ID,
+				"group_name":    rule.Group.Name,
+				"package_id":    pkg.ID,
+				"allowed_modes": rule.AllowedModes,
 			})
 		}
 

cloudflare/import_cloudflare_waf_rule_test.go

@@ -11,7 +11,7 @@ import (
 func TestAccCloudflareWAFRule_Import(t *testing.T) {
 	t.Parallel()
 	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")
-	ruleID := "100000"
+	ruleID := "100001"
 	name := generateRandomResourceName()
 
 	resource.Test(t, resource.TestCase{

cloudflare/resource_cloudflare_waf_rule.go

@@ -111,9 +111,15 @@ func resourceCloudflareWAFRuleDelete(d *schema.ResourceData, meta interface{}) e
 		return err
 	}
 
+	// Find the default mode to be used
+	defaultMode := "default"
+	if !contains(rule.AllowedModes, defaultMode) {
+		defaultMode = "on"
+	}
+
 	// Can't delete WAF Rule so instead reset it to default
-	if rule.Mode != "default" {
-		_, err = client.UpdateWAFRule(zoneID, packageID, ruleID, "default")
+	if rule.Mode != defaultMode {
+		_, err = client.UpdateWAFRule(zoneID, packageID, ruleID, defaultMode)
 		if err != nil {
 			return err
 		}

cloudflare/resource_cloudflare_waf_rule_test.go

@@ -44,6 +44,40 @@ func TestAccCloudflareWAFRule_CreateThenUpdate(t *testing.T) {
 	})
 }
 
+func TestAccCloudflareWAFRule_CreateThenUpdate_SimpleModes(t *testing.T) {
+	t.Parallel()
+	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")
+	ruleID := "950000"
+	rnd := generateRandomResourceName()
+	name := fmt.Sprintf("cloudflare_waf_rule.%s", rnd)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckCloudflareWAFRuleDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckCloudflareWAFRuleConfig(zoneID, ruleID, "on", rnd),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(name, "rule_id", ruleID),
+					resource.TestCheckResourceAttr(name, "zone_id", zoneID),
+					resource.TestCheckResourceAttrSet(name, "package_id"),
+					resource.TestCheckResourceAttr(name, "mode", "on"),
+				),
+			},
+			{
+				Config: testAccCheckCloudflareWAFRuleConfig(zoneID, ruleID, "off", rnd),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(name, "rule_id", ruleID),
+					resource.TestCheckResourceAttr(name, "zone_id", zoneID),
+					resource.TestCheckResourceAttrSet(name, "package_id"),
+					resource.TestCheckResourceAttr(name, "mode", "off"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckCloudflareWAFRuleDestroy(s *terraform.State) error {
 	client := testAccProvider.Meta().(*cloudflare.API)
 
@@ -57,7 +91,7 @@ func testAccCheckCloudflareWAFRuleDestroy(s *terraform.State) error {
 			return err
 		}
 
-		if rule.Mode != "default" {
+		if rule.Mode != "default" && rule.Mode != "on" {
 			return fmt.Errorf("Expected mode to be reset to default, got: %s", rule.Mode)
 		}
 	}

website/docs/d/waf_rules.html.md

@@ -57,5 +57,6 @@ values must match in order to be included, see below for full list.
 - `group_id` - The ID of the WAF Rule Group that contains the WAF Rule
 - `group_name` - The Name of the WAF Rule Group that contains the WAF Rule
 - `package_id` - The ID of the WAF Rule Package that contains the WAF Rule
+- `allowed_modes` - The list of allowed `mode` values for the WAF Rule
 
 [1]: https://api.cloudflare.com/#waf-rule-groups-properties