Skip to content

Commit

Permalink
feat: Add evaluation_window_sec arg to rate_based_statement for aws_w…
Browse files Browse the repository at this point in the history
…afv2_rule_group and aws_wafv2_web_acl
  • Loading branch information
acwwat committed Mar 1, 2024
1 parent 1d0f025 commit 6bd5216
Show file tree
Hide file tree
Showing 7 changed files with 67 additions and 14 deletions.
7 changes: 7 additions & 0 deletions .changelog/36045.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
```release-note:enhancement
resource/aws_wafv2_rule_group: Add `evaluation_window_sec` argument to the `rate_based_statement` configuration block
```

```release-note:enhancement
resource/aws_wafv2_web_acl: Add `evaluation_window_sec` argument to the `rate_based_statement` configuration block
```
9 changes: 7 additions & 2 deletions internal/service/wafv2/flex.go
Original file line number Diff line number Diff line change
Expand Up @@ -1505,8 +1505,9 @@ func expandRateBasedStatement(l []interface{}) *wafv2.RateBasedStatement {

m := l[0].(map[string]interface{})
r := &wafv2.RateBasedStatement{
AggregateKeyType: aws.String(m["aggregate_key_type"].(string)),
Limit: aws.Int64(int64(m["limit"].(int))),
AggregateKeyType: aws.String(m["aggregate_key_type"].(string)),
EvaluationWindowSec: aws.Int64(int64(m["evaluation_window_sec"].(int))),
Limit: aws.Int64(int64(m["limit"].(int))),
}

if v, ok := m["forwarded_ip_config"]; ok {
Expand Down Expand Up @@ -2884,6 +2885,10 @@ func flattenRateBasedStatement(apiObject *wafv2.RateBasedStatement) interface{}
tfMap["custom_key"] = flattenRateBasedStatementCustomKeys(apiObject.CustomKeys)
}

if apiObject.EvaluationWindowSec != nil {
tfMap["evaluation_window_sec"] = int(aws.Int64Value(apiObject.EvaluationWindowSec))
}

if apiObject.Limit != nil {
tfMap["limit"] = int(aws.Int64Value(apiObject.Limit))
}
Expand Down
16 changes: 15 additions & 1 deletion internal/service/wafv2/rule_group_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2053,6 +2053,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "0",
"statement.0.rate_based_statement.0.aggregate_key_type": "IP",
"statement.0.rate_based_statement.0.evaluation_window_sec": "600",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand All @@ -2070,6 +2071,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "0",
"statement.0.rate_based_statement.0.aggregate_key_type": "FORWARDED_IP",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "1",
"statement.0.rate_based_statement.0.forwarded_ip_config.0.fallback_behavior": "MATCH",
"statement.0.rate_based_statement.0.forwarded_ip_config.0.header_name": "X-Forwarded-For",
Expand All @@ -2089,6 +2091,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "0",
"statement.0.rate_based_statement.0.aggregate_key_type": "FORWARDED_IP",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "1",
"statement.0.rate_based_statement.0.forwarded_ip_config.0.fallback_behavior": "NO_MATCH",
"statement.0.rate_based_statement.0.forwarded_ip_config.0.header_name": "Updated",
Expand All @@ -2108,6 +2111,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "1",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand Down Expand Up @@ -2135,6 +2139,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "2",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "1",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand Down Expand Up @@ -2162,6 +2167,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "1",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand All @@ -2188,6 +2194,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "1",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand Down Expand Up @@ -2215,6 +2222,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "2",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand Down Expand Up @@ -2242,6 +2250,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "1",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand Down Expand Up @@ -2269,6 +2278,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "1",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand Down Expand Up @@ -2296,6 +2306,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "1",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand Down Expand Up @@ -2323,6 +2334,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "5",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand All @@ -2340,6 +2352,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "0",
"statement.0.rate_based_statement.0.aggregate_key_type": "IP",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "10000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "1",
Expand Down Expand Up @@ -4719,7 +4732,8 @@ resource "aws_wafv2_rule_group" "test" {
statement {
rate_based_statement {
limit = 50000
evaluation_window_sec = 600
limit = 50000
}
}
Expand Down
6 changes: 6 additions & 0 deletions internal/service/wafv2/schemas.go
Original file line number Diff line number Diff line change
Expand Up @@ -1090,6 +1090,12 @@ func rateBasedStatementSchema(level int) *schema.Schema {
},
},
},
"evaluation_window_sec": {
Type: schema.TypeInt,
Optional: true,
Default: 300,
ValidateFunc: validation.IntInSlice([]int{60, 120, 300, 600}),
},
"forwarded_ip_config": forwardedIPConfigSchema(),
"limit": {
Type: schema.TypeInt,
Expand Down
Loading

0 comments on commit 6bd5216

Please sign in to comment.