From 1565ae8e7101d7c9665355eb3d9d894e2c8bd526 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Beamonte?= Date: Thu, 5 Dec 2019 11:49:14 -0500 Subject: [PATCH] Support allowed modes for WAF Rules (#550) This was causing an issue when using WAF Rules that did not use the 'default' mode but the on/off approach. This fixes that by switching the default value to reset depending in the available values in the `AllowedModes` field. --- cloudflare/data_source_waf_rules.go | 22 ++++++++---- cloudflare/import_cloudflare_waf_rule_test.go | 2 +- cloudflare/resource_cloudflare_waf_rule.go | 10 ++++-- .../resource_cloudflare_waf_rule_test.go | 36 ++++++++++++++++++- website/docs/d/waf_rules.html.md | 1 + 5 files changed, 60 insertions(+), 11 deletions(-) diff --git a/cloudflare/data_source_waf_rules.go b/cloudflare/data_source_waf_rules.go index 83e3f5386c..f087facee7 100644 --- a/cloudflare/data_source_waf_rules.go +++ b/cloudflare/data_source_waf_rules.go @@ -80,6 +80,13 @@ func dataSourceCloudflareWAFRules() *schema.Resource { Type: schema.TypeString, Optional: true, }, + "allowed_modes": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, }, }, }, @@ -139,13 +146,14 @@ func dataSourceCloudflareWAFRulesRead(d *schema.ResourceData, meta interface{}) } ruleDetails = append(ruleDetails, map[string]interface{}{ - "id": rule.ID, - "description": rule.Description, - "priority": rule.Priority, - "mode": rule.Mode, - "group_id": rule.Group.ID, - "group_name": rule.Group.Name, - "package_id": pkg.ID, + "id": rule.ID, + "description": rule.Description, + "priority": rule.Priority, + "mode": rule.Mode, + "group_id": rule.Group.ID, + "group_name": rule.Group.Name, + "package_id": pkg.ID, + "allowed_modes": rule.AllowedModes, }) } diff --git a/cloudflare/import_cloudflare_waf_rule_test.go b/cloudflare/import_cloudflare_waf_rule_test.go index 6fe58d1634..7ca90639af 100644 --- a/cloudflare/import_cloudflare_waf_rule_test.go +++ b/cloudflare/import_cloudflare_waf_rule_test.go @@ -11,7 +11,7 @@ import ( func TestAccCloudflareWAFRule_Import(t *testing.T) { t.Parallel() zoneID := os.Getenv("CLOUDFLARE_ZONE_ID") - ruleID := "100000" + ruleID := "100001" name := generateRandomResourceName() resource.Test(t, resource.TestCase{ diff --git a/cloudflare/resource_cloudflare_waf_rule.go b/cloudflare/resource_cloudflare_waf_rule.go index c4c7fead2a..c946dd38b9 100644 --- a/cloudflare/resource_cloudflare_waf_rule.go +++ b/cloudflare/resource_cloudflare_waf_rule.go @@ -111,9 +111,15 @@ func resourceCloudflareWAFRuleDelete(d *schema.ResourceData, meta interface{}) e return err } + // Find the default mode to be used + defaultMode := "default" + if !contains(rule.AllowedModes, defaultMode) { + defaultMode = "on" + } + // Can't delete WAF Rule so instead reset it to default - if rule.Mode != "default" { - _, err = client.UpdateWAFRule(zoneID, packageID, ruleID, "default") + if rule.Mode != defaultMode { + _, err = client.UpdateWAFRule(zoneID, packageID, ruleID, defaultMode) if err != nil { return err } diff --git a/cloudflare/resource_cloudflare_waf_rule_test.go b/cloudflare/resource_cloudflare_waf_rule_test.go index 94e6c04813..95e89643ce 100644 --- a/cloudflare/resource_cloudflare_waf_rule_test.go +++ b/cloudflare/resource_cloudflare_waf_rule_test.go @@ -44,6 +44,40 @@ func TestAccCloudflareWAFRule_CreateThenUpdate(t *testing.T) { }) } +func TestAccCloudflareWAFRule_CreateThenUpdate_SimpleModes(t *testing.T) { + t.Parallel() + zoneID := os.Getenv("CLOUDFLARE_ZONE_ID") + ruleID := "950000" + rnd := generateRandomResourceName() + name := fmt.Sprintf("cloudflare_waf_rule.%s", rnd) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckCloudflareWAFRuleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckCloudflareWAFRuleConfig(zoneID, ruleID, "on", rnd), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(name, "rule_id", ruleID), + resource.TestCheckResourceAttr(name, "zone_id", zoneID), + resource.TestCheckResourceAttrSet(name, "package_id"), + resource.TestCheckResourceAttr(name, "mode", "on"), + ), + }, + { + Config: testAccCheckCloudflareWAFRuleConfig(zoneID, ruleID, "off", rnd), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(name, "rule_id", ruleID), + resource.TestCheckResourceAttr(name, "zone_id", zoneID), + resource.TestCheckResourceAttrSet(name, "package_id"), + resource.TestCheckResourceAttr(name, "mode", "off"), + ), + }, + }, + }) +} + func testAccCheckCloudflareWAFRuleDestroy(s *terraform.State) error { client := testAccProvider.Meta().(*cloudflare.API) @@ -57,7 +91,7 @@ func testAccCheckCloudflareWAFRuleDestroy(s *terraform.State) error { return err } - if rule.Mode != "default" { + if rule.Mode != "default" && rule.Mode != "on" { return fmt.Errorf("Expected mode to be reset to default, got: %s", rule.Mode) } } diff --git a/website/docs/d/waf_rules.html.md b/website/docs/d/waf_rules.html.md index e6b4a037dd..9b5cb24bd0 100644 --- a/website/docs/d/waf_rules.html.md +++ b/website/docs/d/waf_rules.html.md @@ -57,5 +57,6 @@ values must match in order to be included, see below for full list. - `group_id` - The ID of the WAF Rule Group that contains the WAF Rule - `group_name` - The Name of the WAF Rule Group that contains the WAF Rule - `package_id` - The ID of the WAF Rule Package that contains the WAF Rule +- `allowed_modes` - The list of allowed `mode` values for the WAF Rule [1]: https://api.cloudflare.com/#waf-rule-groups-properties