Support CIS RateLimit

IBM-Cloud · May 26, 2020 · a709f0e · a709f0e
1 parent 2bcc928
commit a709f0e
Show file tree

Hide file tree

Showing 8 changed files with 1,337 additions and 6 deletions.
diff --git a/ibm/data_source_ibm_cis_rate_limit.go b/ibm/data_source_ibm_cis_rate_limit.go
@@ -0,0 +1,215 @@
+package ibm
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func dataSourceIBMCISRateLimit() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceIBMCISRateLimitRead,
+		Schema: map[string]*schema.Schema{
+			"cis_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"domain_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"rate_limit": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"disabled": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+						"description": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"bypass": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"name": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+									"value": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+								},
+							},
+						},
+						"threshold": {
+							Type:     schema.TypeInt,
+							Computed: true,
+						},
+						"period": {
+							Type:     schema.TypeInt,
+							Computed: true,
+						},
+						"correlate": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"by": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+								},
+							},
+						},
+						"action": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"mode": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+									"timeout": {
+										Type:     schema.TypeInt,
+										Computed: true,
+									},
+									"response": {
+										Type:     schema.TypeList,
+										Computed: true,
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"content_type": {
+													Type:     schema.TypeString,
+													Computed: true,
+												},
+												"body": {
+													Type:     schema.TypeString,
+													Computed: true,
+												},
+											},
+										},
+									},
+								},
+							},
+						},
+						"match": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"request": {
+										Type:     schema.TypeList,
+										Computed: true,
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"methods": {
+													Type:     schema.TypeList,
+													Computed: true,
+													Elem:     &schema.Schema{Type: schema.TypeString},
+												},
+												"schemes": {
+													Type:     schema.TypeList,
+													Computed: true,
+													Elem:     &schema.Schema{Type: schema.TypeString},
+												},
+												"url": {
+													Type:     schema.TypeString,
+													Computed: true,
+												},
+											},
+										},
+									},
+									"response": {
+										Type:     schema.TypeList,
+										Computed: true,
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"status": {
+													Type:     schema.TypeList,
+													Computed: true,
+													Elem:     &schema.Schema{Type: schema.TypeInt},
+												},
+												"origin_traffic": {
+													Type:     schema.TypeBool,
+													Computed: true,
+												},
+												"headers": {
+													Type:     schema.TypeList,
+													Computed: true,
+													Elem: &schema.Resource{
+														Schema: map[string]*schema.Schema{
+															"name": {
+																Type:     schema.TypeString,
+																Computed: true,
+															},
+															"op": {
+																Type:     schema.TypeString,
+																Computed: true,
+															},
+															"value": {
+																Type:     schema.TypeString,
+																Computed: true,
+															},
+														},
+													},
+												},
+											},
+										},
+									},
+								},
+							},
+						},
+						"rule_id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceIBMCISRateLimitRead(d *schema.ResourceData, meta interface{}) error {
+	cisClient, err := meta.(ClientSession).CisAPI()
+	if err != nil {
+		return err
+	}
+	cisID := d.Get("cis_id").(string)
+	zoneID, _, err := convertTftoCisTwoVar(d.Get("domain_id").(string))
+	if err != nil {
+		return err
+	}
+
+	rateLimitRecord, err := cisClient.RateLimit().ListRateLimit(cisID, zoneID)
+	if err != nil {
+		return fmt.Errorf("Failed to read RateLimit: %v", err)
+	}
+	rules := make([]map[string]interface{}, 0, len(rateLimitRecord))
+	for _, r := range rateLimitRecord {
+		rule := make(map[string]interface{})
+		rule["rule_id"] = r.ID
+		rule["disabled"] = r.Disabled
+		rule["description"] = r.Description
+		rule["threshold"] = r.Threshold
+		rule["period"] = r.Period
+		rule["action"] = flattenRateLimitAction(r.Action)
+		rule["match"] = flattenRateLimitMatch(r.Match)
+		rule["correlate"] = flattenRateLimitCorrelate(*r.Correlate)
+		rule["bypass"] = flattenRateLimitByPass(r.Bypass)
+		rules = append(rules, rule)
+
+	}
+	d.SetId(cisID)
+	d.Set("rate_limit", rules)
+	d.Set("cis_id", cisID)
+	d.Set("domain_id", convertCisToTfTwoVar(zoneID, cisID))
+	return nil
+}
diff --git a/ibm/data_source_ibm_cis_rate_limit_test.go b/ibm/data_source_ibm_cis_rate_limit_test.go
@@ -0,0 +1,43 @@
+package ibm
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccIBMCisRateLimitDataSource_Basic(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccCheckIBMCisRateLimitDataSourceConfig_basic1(),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.ibm_cis_rate_limit.ratelimit", "cis_id"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckIBMCisRateLimitDataSourceConfig_basic1() string {
+	return fmt.Sprintf(`
+	data "ibm_resource_group" "test_acc" {
+		name = "Default"
+	}
+	data "ibm_cis" "cis" {
+		resource_group_id = data.ibm_resource_group.test_acc.id
+		name              = "CISTest"
+	}
+	data "ibm_cis_domain" "cis_domain" {
+		cis_id = data.ibm_cis.cis.id
+		domain = "cis-terraform.com"
+	}
+	data "ibm_cis_rate_limit" "ratelimit" {
+		cis_id = data.ibm_cis.cis.id
+		domain_id = data.ibm_cis_domain.cis_domain.id
+	}
+	  
+	`)
+}
diff --git a/ibm/provider.go b/ibm/provider.go
@@ -167,6 +167,7 @@ func Provider() terraform.ResourceProvider {
 			"ibm_cis":                              dataSourceIBMCISInstance(),
 			"ibm_cis_domain":                       dataSourceIBMCISDomain(),
 			"ibm_cis_firewall":                     dataIBMCISFirewallRecord(),
+			"ibm_cis_rate_limit":                   dataSourceIBMCISRateLimit(),
 			"ibm_cis_ip_addresses":                 dataSourceIBMCISIP(),
 			"ibm_database":                         dataSourceIBMDatabaseInstance(),
 			"ibm_compute_bare_metal":               dataSourceIBMComputeBareMetal(),
@@ -260,6 +261,7 @@ func Provider() terraform.ResourceProvider {
 			"ibm_cis_origin_pool":                                resourceIBMCISPool(),
 			"ibm_cis_global_load_balancer":                       resourceIBMCISGlb(),
 			"ibm_cis_dns_record":                                 resourceIBMCISDnsRecord(),
+			"ibm_cis_rate_limit":                                 resourceIBMCISRateLimit(),
 			"ibm_compute_autoscale_group":                        resourceIBMComputeAutoScaleGroup(),
 			"ibm_compute_autoscale_policy":                       resourceIBMComputeAutoScalePolicy(),
 			"ibm_compute_bare_metal":                             resourceIBMComputeBareMetal(),
@@ -392,6 +394,7 @@ func Validator() ValidatorDict {
 				"ibm_is_vpc":          resourceIBMISVPCValidator(),
 				"ibm_is_ike_policy":   resourceIBMISIKEValidator(),
 				"ibm_iam_custom_role": resourceIBMIAMCustomRoleValidator(),
+				"ibm_cis_rate_limit":  resourceIBMCISRateLimitValidator(),
 			},
 		}
 	})