datasource/cloudflare_waf_rule: expose default_mode

[jacobbednarz]

Updates the data source to expose the default_mode field for people to
use.

Closes #979

[JoseRoman32]

Hi @jacobbednarz,

What's left/needed to merge this? It would be super useful for one of my use case of Terraform and Cloudflare

[jacobbednarz]

just some testing that i mentioned in my comment over at #979 (comment). once we confirm it's working as expected for your use case, we can merge it in.

[jacobbednarz]

@JoseRoman32 have you confirmed this locally? once you can confirm it meets the needs, this can be merged.

[JoseRoman32]

@jacobbednarz Yes, I tested locally, but the default_mode seems to be coming back null?

I'm using Go 1.16.5, does that matter?

[jacobbednarz]

Can you provide the steps and configuration you are using which is causing this? Essentially a simple reproduction case.

[JoseRoman32]

Can you provide the steps and configuration you are using which is causing this? Essentially a simple reproduction case.

data "cloudflare_waf_rules" "cloudflare_miscellaneous_rules" {
  zone_id = local.cloudflare_zone_id
  filter {
    group_id = data.cloudflare_waf_groups.cloudflare_miscellaneous.groups[0].id
  }
}

resource "cloudflare_waf_rule" "cloudflare_miscellaneous_rules" {
  for_each = {
    for rule in data.cloudflare_waf_rules.cloudflare_miscellaneous_rules.rules :
    rule.id => rule
    if rule.default_mode == "block"
  }

  rule_id = each.value.id
  zone_id = local.cloudflare_zone_id
  mode    = local.firewall_mode
}

Terraform v0.15.3
Provider built locally with these changes

[jacobbednarz]

Which group are you trying to reference? Not all rules have a default_mode property.

[jacobbednarz]

OWASP ModSecurity Core Rule Set

$ curl -s 'https://api.cloudflare.com/client/v4/zones/0da42c8d2132a9ddaf714f9e7c920711/firewall/waf/packages/c504870194831cd12c3fc0284f294abb/rules' \
                    -H 'Content-Type: application/json' \
                    -H 'X-Auth-Email: $CF_EMAIL' \
                    -H 'X-Auth-Key: $CF_API_KEY' \
 | jq -e -r '.result[] | [.id,.description,.default_mode // "null"] | @tsv'

100000356  SLR: GPL WEB_SPECIFIC_APPS BASE base_qry_common.php remote file include                  null
100000357  SLR: GPL WEB_SPECIFIC_APPS BASE base_stat_common.php remote file include                 null
100000358  SLR: GPL WEB_SPECIFIC_APPS BASE base_include.inc.php remote file include                 null
100000728  SLR: GPL WEB_SPECIFIC_APPS Geeklog functions.inc remote file include                     null
100000729  SLR: GPL WEB_SPECIFIC_APPS Geeklog functions.inc remote file include                     null
100000730  SLR: GPL WEB_SPECIFIC_APPS Geeklog BlackList.Examine.class.php remote file include       null
100000731  SLR: GPL WEB_SPECIFIC_APPS Geeklog DeleteComment.Action.class.php remote file include    null
100000732  SLR: GPL WEB_SPECIFIC_APPS Geeklog EditIPofURL.Admin.class.php remote file include       null
100000733  SLR: GPL WEB_SPECIFIC_APPS Geeklog MTBlackList.Examine.class.php remote file include     null
100000734  SLR: GPL WEB_SPECIFIC_APPS Geeklog MassDelete.Admin.class.php remote file include        null
100000735  SLR: GPL WEB_SPECIFIC_APPS Geeklog MailAdmin.Action.class.php remote file include        null
100000736  SLR: GPL WEB_SPECIFIC_APPS Geeklog MassDelTrackback.Admin.class.php remote file include  null
100000737  SLR: GPL WEB_SPECIFIC_APPS Geeklog EditHeader.Admin.class.php remote file include        null
100000738  SLR: GPL WEB_SPECIFIC_APPS Geeklog EditIP.Admin.class.php remote file include            null
100000739  SLR: GPL WEB_SPECIFIC_APPS Geeklog IPofUrl.Examine.class.php remote file include         null
100000740  SLR: GPL WEB_SPECIFIC_APPS Geeklog Import.Admin.class.php remote file include            null
100000741  SLR: GPL WEB_SPECIFIC_APPS Geeklog LogView.Admin.class.php remote file include           null
100000742  SLR: GPL WEB_SPECIFIC_APPS Geeklog functions.inc remote file include                     null
100000908  SLR: GPL WEB_SPECIFIC_APPS WEB-PHP phpMyWebmin create_file script remote file include    null
20012181   SLR: ET WEB_SPECIFIC_APPS PHPNuke general XSS attempt                                    null

Cloudflare

$ curl -s 'https://api.cloudflare.com/client/v4/zones/0da42c8d2132a9ddaf714f9e7c920711/firewall/waf/packages/1e334934fd7ae32ad705667f8c1057aa/rules' \
                    -H 'Content-Type: application/json' \
                    -H 'X-Auth-Email: $CF_EMAIL' \
                    -H 'X-Auth-Key: $CF_API_KEY' \
 | jq -r '.result[] | [.id,.description,.default_mode // "n/a"] | @tsv'

100000     Wordpress - DoS - Numbers Botnet                                      disable
100001     Anomaly:Header:User-Agent - Missing                                   disable
100002     DoS - IE6 Binary POST                                                 disable
100002A    DoS - CtrlFunc Botnet                                                 disable
100003     DoS - Query String Cache Busting - number1=number2                    disable
100003AZ   DoS - Query String Cache Busting - word1=word2                        disable
100003BIS  DoS - Query String Cache Busting - 6 or more Numbers                  disable
100004     Anomaly:Header:User-Agent, Anomaly:Header:Referer - Missing or empty  disable
100005     DotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-1892    block
100005A    File Inclusion                                                        disable
100006     Newsletter Tailor - File Inclusion                                    disable
100007     Command Injection - Common Attack Commands                            block
100007B    Command Injection - Command ps                                        disable
100007N    Command Injection - Common Attack Commands                            disable
100007NS   Command Injection - Netcat                                            block
100008     SQLi - Common Patterns                                                block
100008A    SQLi - String Function                                                block
100008B    SQLi - String Concatenation                                           block
100008C    SQLi - Sleep Function                                                 block
100008CW   SQLi - WaitFor Function                                               block

[JoseRoman]

Which group are you trying to reference? Not all rules have a default_mode property.

Cloudflare Miscellaneous and Special Rules

That looks like what I need! 🥳 maybe I just didn't build the provider correctly locally

[JoseRoman]

Thank you for your help with this! @jacobbednarz I really appreciate it