Skip to content

Commit

Permalink
Introduce SBFM ruleset warning deprication message
Browse files Browse the repository at this point in the history
  • Loading branch information
Curtis Lowder committed Apr 17, 2023
1 parent 1bd50b6 commit 338b485
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 3 deletions.
2 changes: 1 addition & 1 deletion docs/data-sources/rulesets.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ Optional:
- `id` (String) The ID of the Ruleset to target.
- `kind` (String) Type of Ruleset to create. Available values: `custom`, `managed`, `root`, `schema`, `zone`.
- `name` (String) Name of the ruleset.
- `phase` (String) Point in the request/response lifecycle where the ruleset will be created. Available values: `ddos_l4`, `ddos_l7`, `http_custom_errors`, `http_log_custom_fields`, `http_request_cache_settings`, `http_request_firewall_custom`, `http_request_firewall_managed`, `http_request_late_transform`, `http_request_late_transform_managed`, `http_request_main`, `http_request_origin`, `http_request_dynamic_redirect`, `http_request_redirect`, `http_request_sanitize`, `http_request_transform`, `http_response_firewall_managed`, `http_response_headers_transform`, `http_response_headers_transform_managed`, `magic_transit`, `http_ratelimit`, `http_request_sbfm`, `http_config_settings`.
- `phase` (String) Point in the request/response lifecycle where the ruleset will be created. Available values: `ddos_l4`, `ddos_l7`, `http_custom_errors`, `http_log_custom_fields`, `http_request_cache_settings`, `http_request_firewall_custom`, `http_request_firewall_managed`, `http_request_late_transform`, `http_request_late_transform_managed`, `http_request_main`, `http_request_origin`, `http_request_dynamic_redirect`, `http_request_redirect`, `http_request_sanitize`, `http_request_transform`, `http_response_firewall_managed`, `http_response_headers_transform`, `http_response_headers_transform_managed`, `magic_transit`, `http_ratelimit`, `http_config_settings`. `http_request_sbfm` is also available, but will be deprecated sometime in the future soon.
- `version` (String) Version of the ruleset to filter on.


Expand Down
4 changes: 2 additions & 2 deletions docs/resources/ruleset.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -424,7 +424,7 @@ resource "cloudflare_ruleset" "http_config_rules_example" {

- `kind` (String) Type of Ruleset to create. Available values: `custom`, `managed`, `root`, `schema`, `zone`.
- `name` (String) Name of the ruleset.
- `phase` (String) Point in the request/response lifecycle where the ruleset will be created. Available values: `ddos_l4`, `ddos_l7`, `http_custom_errors`, `http_log_custom_fields`, `http_request_cache_settings`, `http_request_firewall_custom`, `http_request_firewall_managed`, `http_request_late_transform`, `http_request_late_transform_managed`, `http_request_main`, `http_request_origin`, `http_request_dynamic_redirect`, `http_request_redirect`, `http_request_sanitize`, `http_request_transform`, `http_response_firewall_managed`, `http_response_headers_transform`, `http_response_headers_transform_managed`, `magic_transit`, `http_ratelimit`, `http_request_sbfm`, `http_config_settings`.
- `phase` (String) Point in the request/response lifecycle where the ruleset will be created. Available values: `ddos_l4`, `ddos_l7`, `http_custom_errors`, `http_log_custom_fields`, `http_request_cache_settings`, `http_request_firewall_custom`, `http_request_firewall_managed`, `http_request_late_transform`, `http_request_late_transform_managed`, `http_request_main`, `http_request_origin`, `http_request_dynamic_redirect`, `http_request_redirect`, `http_request_sanitize`, `http_request_transform`, `http_response_firewall_managed`, `http_response_headers_transform`, `http_response_headers_transform_managed`, `magic_transit`, `http_ratelimit`, `http_config_settings`. `http_request_sbfm` is also available, but will be deprecated sometime in the future soon.

### Optional

Expand Down Expand Up @@ -491,7 +491,7 @@ Optional:
- `origin` (Block List) List of properties to change request origin. (see [below for nested schema](#nestedblock--rules--action_parameters--origin))
- `origin_error_page_passthru` (Boolean) Pass-through error page for origin.
- `overrides` (Block List) List of override configurations to apply to the ruleset. (see [below for nested schema](#nestedblock--rules--action_parameters--overrides))
- `phases` (Set of String) Point in the request/response lifecycle where the ruleset will be created. Available values: `ddos_l4`, `ddos_l7`, `http_custom_errors`, `http_log_custom_fields`, `http_request_cache_settings`, `http_request_firewall_custom`, `http_request_firewall_managed`, `http_request_late_transform`, `http_request_late_transform_managed`, `http_request_main`, `http_request_origin`, `http_request_dynamic_redirect`, `http_request_redirect`, `http_request_sanitize`, `http_request_transform`, `http_response_firewall_managed`, `http_response_headers_transform`, `http_response_headers_transform_managed`, `magic_transit`, `http_ratelimit`, `http_request_sbfm`, `http_config_settings`.
- `phases` (Set of String) Point in the request/response lifecycle where the ruleset will be created. Available values: `ddos_l4`, `ddos_l7`, `http_custom_errors`, `http_log_custom_fields`, `http_request_cache_settings`, `http_request_firewall_custom`, `http_request_firewall_managed`, `http_request_late_transform`, `http_request_late_transform_managed`, `http_request_main`, `http_request_origin`, `http_request_dynamic_redirect`, `http_request_redirect`, `http_request_sanitize`, `http_request_transform`, `http_response_firewall_managed`, `http_response_headers_transform`, `http_response_headers_transform_managed`, `magic_transit`, `http_ratelimit`, `http_config_settings`. `http_request_sbfm` is also available, but will be deprecated sometime in the future soon.
- `polish` (String) Apply options from the Polish feature of the Cloudflare Speed app.
- `products` (Set of String) Products to target with the actions. Available values: `bic`, `hot`, `ratelimit`, `securityLevel`, `uablock`, `waf`, `zonelockdown`.
- `request_fields` (Set of String) List of request headers to include as part of custom fields logging, in lowercase.
Expand Down
19 changes: 19 additions & 0 deletions internal/framework/service/rulesets/resource.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,11 @@ import (
)

const (
sbfmPhaseName = "http_request_sbfm"
accountLevelRulesetDeleteURL = "https://api.cloudflare.com/#account-rulesets-delete-account-ruleset"
zoneLevelRulesetDeleteURL = "https://api.cloudflare.com/#zone-rulesets-delete-zone-ruleset"
duplicateRulesetError = "A similar configuration with rules already exists and overwriting will have unintended consequences. If you are migrating from the Dashboard, you will need to first remove the existing rules otherwise you can remove the existing phase yourself using the API (%s)."
sbfmDepricationWarning = "Cloudflare is going to change the way Super Bot Fight Mode managed rules are configured through Terraform and our API. Please follow updates to our documentation regarding this here: https://developers.cloudflare.com/bots/get-started/biz-and-ent/#ruleset-engine"
)

var _ resource.Resource = &RulesetResource{}
Expand Down Expand Up @@ -73,6 +75,13 @@ func (r *RulesetResource) Create(ctx context.Context, req resource.CreateRequest
zoneID := data.ZoneID
rulesetPhase := data.Phase.ValueString()

if rulesetPhase == sbfmPhaseName {
resp.Diagnostics.AddWarning(
"'http_request_sbfm' to be deprecated in the 'cloudflare_ruleset' resource",
sbfmDepricationWarning,
)
}

var ruleset cloudflare.Ruleset
var sempahoreErr error

Expand Down Expand Up @@ -171,13 +180,22 @@ func (r *RulesetResource) Create(ctx context.Context, req resource.CreateRequest
}

func (r *RulesetResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
resp.Diagnostics.AddError("FLAG A", "ERR")
var data *RulesetResourceModel

resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
if resp.Diagnostics.HasError() {
return
}

rulesetPhase := data.Phase.ValueString()
if rulesetPhase == sbfmPhaseName {
resp.Diagnostics.AddWarning(
"'http_request_sbfm' to be deprecated in the 'cloudflare_ruleset' resource",
sbfmDepricationWarning,
)
}

accountID := data.AccountID
zoneID := data.ZoneID
var err error
Expand Down Expand Up @@ -272,6 +290,7 @@ func (r *RulesetResource) Delete(ctx context.Context, req resource.DeleteRequest
}

func (r *RulesetResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
resp.Diagnostics.AddError("FLAG B", "ERR")
idParts := strings.Split(req.ID, "/")
resourceLevel, resourceIdentifier, rulesetID := idParts[0], idParts[1], idParts[2]

Expand Down

0 comments on commit 338b485

Please sign in to comment.