[WAF] new `resource/opentelekomcloud_waf_dedicated_known_attack_sourc…

…e_rule_v1` (#2303) [WAF] new `resource/opentelekomcloud_waf_dedicated_known_attack_source_rule_v1` Summary of the Pull Request PR Checklist Refers to: #2231 Tests added/passed. Documentation updated. Schema updated. Release notes added. Acceptance Steps Performed === RUN TestAccWafDedicatedKnownAttackRuleV1_basic --- PASS: TestAccWafDedicatedKnownAttackRuleV1_basic (69.43s) PASS Process finished with the exit code 0 Reviewed-by: Vladimir Vshivkov Reviewed-by: Artem Lifshits
opentelekomcloud · Sep 11, 2023 · 23c3e45 · 23c3e45
1 parent 8bea562
commit 23c3e45
Show file tree

Hide file tree

Showing 5 changed files with 550 additions and 174 deletions.
diff --git a/docs/resources/waf_dedicated_known_attack_source_rule_v1.md b/docs/resources/waf_dedicated_known_attack_source_rule_v1.md
@@ -0,0 +1,62 @@
+---
+subcategory: "Dedicated Web Application Firewall (WAFD)"
+---
+
+Up-to-date reference of API arguments for WAF dedicated Known Attack Source rule you can get at
+`https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_a_known_attack_source_rule.html`.
+
+# opentelekomcloud_waf_dedicated_known_attack_source_rule_v1
+
+Manages a WAF Dedicated Known Attack Source Rule resource within OpenTelekomCloud.
+
+## Example Usage
+
+```hcl
+resource "opentelekomcloud_waf_dedicated_policy_v1" "policy_1" {
+  name = "policy_ka"
+}
+
+resource "opentelekomcloud_waf_dedicated_known_attack_source_rule_v1" "rule_1" {
+  policy_id   = opentelekomcloud_waf_dedicated_policy_v1.policy_1.id
+  block_time  = 300
+  category    = "long_cookie_block"
+  description = "test description"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `policy_id` - (Required, ForceNew, String) The WAF policy ID. Changing this creates a new rule.
+
+* `block_time` - (Required, Int) Block duration, in seconds.
+  If prefix long is selected for the rule type, the value for `block_time` ranges from `301` to `1800`.
+  If prefix short is selected for the rule type, the value for `block_time` ranges from `0` to `300`.
+
+* `category` - (Required, ForceNew, String) Type of the know attack source rule.
+  Enumeration values:
+    + `long_ip_block`
+    + `long_cookie_block`
+    + `long_params_block`
+    + `short_ip_block`
+    + `short_cookie_block`
+    + `short_params_block`
+
+* `description` - (Optional, String) Rule description.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` -  ID of the rule.
+
+* `created_at` - Timestamp the rule is created.
+
+## Import
+
+Dedicated WAF Known Attack Source Rules can be imported using `policy_id/id`, e.g.
+
+```sh
+terraform import opentelekomcloud_waf_dedicated_known_attack_source_rule_v1.rule_1 ff95e71c8ae74eba9887193ab22c5757/b39f3a5a1b4f447a8030f0b0703f47f5
+```
diff --git a/...cceptance/waf/resource_opentelekomcloud_waf_dedicated_known_attack_source_rule_v1_test.go b/...cceptance/waf/resource_opentelekomcloud_waf_dedicated_known_attack_source_rule_v1_test.go
@@ -0,0 +1,131 @@
+package acceptance
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	"github.com/opentelekomcloud/gophertelekomcloud/openstack/waf-premium/v1/rules"
+
+	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/acceptance/common"
+	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/acceptance/env"
+	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common/cfg"
+)
+
+const wafdKnownAttackRuleName = "opentelekomcloud_waf_dedicated_known_attack_source_rule_v1.rule_1"
+
+func TestAccWafDedicatedKnownAttackRuleV1_basic(t *testing.T) {
+	var rule rules.KnownAttackSourceRule
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { common.TestAccPreCheck(t) },
+		ProviderFactories: common.TestAccProviderFactories,
+		CheckDestroy:      testAccCheckWafDedicatedKnownAttackRuleV1Destroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccWafDedicatedKnownAttackRuleV1Basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckWafDedicatedKnownAttackRuleV1Exists(wafdKnownAttackRuleName, &rule),
+					resource.TestCheckResourceAttr(wafdKnownAttackRuleName, "block_time", "300"),
+					resource.TestCheckResourceAttr(wafdKnownAttackRuleName, "category", "long_cookie_block"),
+					resource.TestCheckResourceAttr(wafdKnownAttackRuleName, "description", "test description"),
+				),
+			},
+			{
+				Config: testAccWafDedicatedKnownAttackRuleV1Update,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckWafDedicatedKnownAttackRuleV1Exists(wafdKnownAttackRuleName, &rule),
+					resource.TestCheckResourceAttr(wafdKnownAttackRuleName, "block_time", "1200"),
+					resource.TestCheckResourceAttr(wafdKnownAttackRuleName, "category", "long_cookie_block"),
+					resource.TestCheckResourceAttr(wafdKnownAttackRuleName, "description", "test description update"),
+				),
+			},
+			{
+				ResourceName:      wafdKnownAttackRuleName,
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateIdFunc: dedicatedRuleImportStateIDFunc(wafdKnownAttackRuleName, wafdPolicyResourceName),
+			},
+		},
+	})
+}
+
+func testAccCheckWafDedicatedKnownAttackRuleV1Destroy(s *terraform.State) error {
+	config := common.TestAccProvider.Meta().(*cfg.Config)
+	client, err := config.WafDedicatedV1Client(env.OS_REGION_NAME)
+	if err != nil {
+		return err
+	}
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "opentelekomcloud_waf_dedicated_known_attack_source_rule_v1" {
+			continue
+		}
+
+		_, err := rules.GetKnownAttackSource(client, rs.Primary.Attributes["policy_id"], rs.Primary.ID)
+		if err == nil {
+			return fmt.Errorf("waf dedicated rule still exists")
+		}
+	}
+
+	return nil
+}
+
+func testAccCheckWafDedicatedKnownAttackRuleV1Exists(n string, rule *rules.KnownAttackSourceRule) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("no ID is set")
+		}
+
+		config := common.TestAccProvider.Meta().(*cfg.Config)
+		client, err := config.WafDedicatedV1Client(env.OS_REGION_NAME)
+		if err != nil {
+			return err
+		}
+
+		found, err := rules.GetKnownAttackSource(client, rs.Primary.Attributes["policy_id"], rs.Primary.ID)
+		if err != nil {
+			return err
+		}
+
+		if found.ID != rs.Primary.ID {
+			return fmt.Errorf("waf dedicated rule not found")
+		}
+
+		*rule = *found
+
+		return nil
+	}
+}
+
+const testAccWafDedicatedKnownAttackRuleV1Basic = `
+resource "opentelekomcloud_waf_dedicated_policy_v1" "policy_1" {
+  name = "policy_ka"
+}
+
+resource "opentelekomcloud_waf_dedicated_known_attack_source_rule_v1" "rule_1" {
+  policy_id   = opentelekomcloud_waf_dedicated_policy_v1.policy_1.id
+  block_time  = 300
+  category    = "long_cookie_block"
+  description = "test description"
+}
+`
+
+const testAccWafDedicatedKnownAttackRuleV1Update = `
+resource "opentelekomcloud_waf_dedicated_policy_v1" "policy_1" {
+  name = "policy_ka"
+}
+
+resource "opentelekomcloud_waf_dedicated_known_attack_source_rule_v1" "rule_1" {
+  policy_id   = opentelekomcloud_waf_dedicated_policy_v1.policy_1.id
+  block_time  = 1200
+  category    = "long_cookie_block"
+  description = "test description update"
+}
+`