Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[enhancement] r/aws_wafv2_{web_acl, rule_group}: Add custom keys aggregate on Rate based rules #33594

Merged
merged 18 commits into from
Sep 26, 2023
Merged

[enhancement] r/aws_wafv2_{web_acl, rule_group}: Add custom keys aggregate on Rate based rules #33594

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
fa771a3
Update wafv2 ratebased statement schema to support custom keys
luqmanMohammed Sep 20, 2023
2d5da82
Update wafv2 flex expand custom keys aggregate on ratebased statements
luqmanMohammed Sep 21, 2023
6d50a08
Rename custom_keys to custom_key
luqmanMohammed Sep 21, 2023
5430dae
Add tests to test ratebased statement custom keys
luqmanMohammed Sep 21, 2023
b902776
Update wafv2 flex to flatten customkeys for reading
luqmanMohammed Sep 22, 2023
36ed3ee
Add acceptance tests for all custom keys on rule groups
luqmanMohammed Sep 22, 2023
00b70e4
Add tests to test custom keys usage on WebACLv2
luqmanMohammed Sep 22, 2023
a757054
Merge branch 'hashicorp:main' into f-aws_wafv2-add-ratelimit-aggregat…
luqmanMohammed Sep 22, 2023
d14f526
Add changelog
luqmanMohammed Sep 22, 2023
6828663
Add docs
luqmanMohammed Sep 22, 2023
b3d8111
Merge branch 'main' into HEAD
ewbankkit Sep 26, 2023
fa39efa
Tweak CHANGELOG entries.
ewbankkit Sep 26, 2023
1d6735c
Fix semgrep 'ci.caps5-in-func-name'.
ewbankkit Sep 26, 2023
b7f5bc1
Fix markdownlint 'MD012/no-multiple-blanks Multiple consecutive blank…
ewbankkit Sep 26, 2023
c4a3093
Fix terrafmt errors.
ewbankkit Sep 26, 2023
7848ab3
Fix terrafmt errors.
ewbankkit Sep 26, 2023
f703166
Correct broken links.
ewbankkit Sep 26, 2023
97cce02
Correct broken links
luqmanMohammed Sep 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .changelog/33594.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
```release-note:enhancement
resource/aws_wafv2_web_acl: Add `rate_based_statement.custom_key` configuration block
```

```release-note:enhancement
resource/aws_wafv2_rule_group: Add `rate_based_statement.custom_key` configuration block
```
227 changes: 227 additions & 0 deletions internal/service/wafv2/flex.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1279,6 +1279,109 @@ func expandStatusCode(tfList []interface{}) *wafv2.ResponseInspectionStatusCode
return &out
}

func expandRateLimitCookie(l []interface{}) *wafv2.RateLimitCookie {
if len(l) == 0 || l[0] == nil {
return nil
}
m := l[0].(map[string]interface{})
return &wafv2.RateLimitCookie{
Name: aws.String(m["name"].(string)),
TextTransformations: expandTextTransformations(m["text_transformation"].(*schema.Set).List()),
}
}

func expandRateLimitHeader(l []interface{}) *wafv2.RateLimitHeader {
if len(l) == 0 || l[0] == nil {
return nil
}
m := l[0].(map[string]interface{})
return &wafv2.RateLimitHeader{
Name: aws.String(m["name"].(string)),
TextTransformations: expandTextTransformations(m["text_transformation"].(*schema.Set).List()),
}
}

func expandRateLimitLabelNamespace(l []interface{}) *wafv2.RateLimitLabelNamespace {
if len(l) == 0 || l[0] == nil {
return nil
}
m := l[0].(map[string]interface{})
return &wafv2.RateLimitLabelNamespace{
Namespace: aws.String(m["namespace"].(string)),
}
}

func expandRateLimitQueryArgument(l []interface{}) *wafv2.RateLimitQueryArgument {
if len(l) == 0 || l[0] == nil {
return nil
}
m := l[0].(map[string]interface{})
return &wafv2.RateLimitQueryArgument{
Name: aws.String(m["name"].(string)),
TextTransformations: expandTextTransformations(m["text_transformation"].(*schema.Set).List()),
}
}

func expandRateLimitQueryString(l []interface{}) *wafv2.RateLimitQueryString {
if len(l) == 0 || l[0] == nil {
return nil
}
m := l[0].(map[string]interface{})
return &wafv2.RateLimitQueryString{
TextTransformations: expandTextTransformations(m["text_transformation"].(*schema.Set).List()),
}
}

func expandRateLimitURIPath(l []interface{}) *wafv2.RateLimitUriPath {
if len(l) == 0 || l[0] == nil {
return nil
}
m := l[0].(map[string]interface{})
return &wafv2.RateLimitUriPath{
TextTransformations: expandTextTransformations(m["text_transformation"].(*schema.Set).List()),
}
}

func expandRateBasedStatementCustomKeys(l []interface{}) []*wafv2.RateBasedStatementCustomKey {
if len(l) == 0 {
return nil
}
out := make([]*wafv2.RateBasedStatementCustomKey, 0)
for _, ck := range l {
r := &wafv2.RateBasedStatementCustomKey{}
m := ck.(map[string]interface{})
if v, ok := m["cookie"]; ok {
r.Cookie = expandRateLimitCookie(v.([]interface{}))
}
if v, ok := m["forwarded_ip"]; ok && len(v.([]interface{})) > 0 {
r.ForwardedIP = &wafv2.RateLimitForwardedIP{}
}
if v, ok := m["http_method"]; ok && len(v.([]interface{})) > 0 {
r.HTTPMethod = &wafv2.RateLimitHTTPMethod{}
}
if v, ok := m["header"]; ok {
r.Header = expandRateLimitHeader(v.([]interface{}))
}
if v, ok := m["ip"]; ok && len(v.([]interface{})) > 0 {
r.IP = &wafv2.RateLimitIP{}
}
if v, ok := m["label_namespace"]; ok {
r.LabelNamespace = expandRateLimitLabelNamespace(v.([]interface{}))
}
if v, ok := m["query_argument"]; ok {
r.QueryArgument = expandRateLimitQueryArgument(v.([]interface{}))
}
if v, ok := m["query_string"]; ok {
r.QueryString = expandRateLimitQueryString(v.([]interface{}))
}
if v, ok := m["uri_path"]; ok {
r.UriPath = expandRateLimitURIPath(v.([]interface{}))
}
out = append(out, r)
}
return out
}

func expandRateBasedStatement(l []interface{}) *wafv2.RateBasedStatement {
if len(l) == 0 || l[0] == nil {
return nil
Expand All @@ -1294,6 +1397,10 @@ func expandRateBasedStatement(l []interface{}) *wafv2.RateBasedStatement {
r.ForwardedIPConfig = expandForwardedIPConfig(v.([]interface{}))
}

if v, ok := m["custom_key"]; ok {
r.CustomKeys = expandRateBasedStatementCustomKeys(v.([]interface{}))
}

s := m["scope_down_statement"].([]interface{})
if len(s) > 0 && s[0] != nil {
r.ScopeDownStatement = expandStatement(s[0].(map[string]interface{}))
Expand Down Expand Up @@ -2427,6 +2534,122 @@ func flattenStatusCode(apiObject *wafv2.ResponseInspectionStatusCode) []interfac
return []interface{}{m}
}

func flattenRateLimitCookie(apiObject *wafv2.RateLimitCookie) []interface{} {
if apiObject == nil {
return nil
}
return []interface{}{
map[string]interface{}{
"name": aws.StringValue(apiObject.Name),
"text_transformation": flattenTextTransformations(apiObject.TextTransformations),
},
}
}

func flattenRateLimitHeader(apiObject *wafv2.RateLimitHeader) []interface{} {
if apiObject == nil {
return nil
}
return []interface{}{
map[string]interface{}{
"name": aws.StringValue(apiObject.Name),
"text_transformation": flattenTextTransformations(apiObject.TextTransformations),
},
}
}

func flattenRateLimitLabelNamespace(apiObject *wafv2.RateLimitLabelNamespace) []interface{} {
if apiObject == nil {
return nil
}
return []interface{}{
map[string]interface{}{
"namespace": aws.StringValue(apiObject.Namespace),
},
}
}

func flattenRateLimitQueryArgument(apiObject *wafv2.RateLimitQueryArgument) []interface{} {
if apiObject == nil {
return nil
}
return []interface{}{
map[string]interface{}{
"name": aws.StringValue(apiObject.Name),
"text_transformation": flattenTextTransformations(apiObject.TextTransformations),
},
}
}

func flattenRateLimitQueryString(apiObject *wafv2.RateLimitQueryString) []interface{} {
if apiObject == nil {
return nil
}
return []interface{}{
map[string]interface{}{
"text_transformation": flattenTextTransformations(apiObject.TextTransformations),
},
}
}

func flattenRateLimitURIPath(apiObject *wafv2.RateLimitUriPath) []interface{} {
if apiObject == nil {
return nil
}
return []interface{}{
map[string]interface{}{
"text_transformation": flattenTextTransformations(apiObject.TextTransformations),
},
}
}

func flattenRateBasedStatementCustomKeys(apiObject []*wafv2.RateBasedStatementCustomKey) []interface{} {
if apiObject == nil {
return nil
}

out := make([]interface{}, len(apiObject))
for i, o := range apiObject {
tfMap := map[string]interface{}{}

if o.Cookie != nil {
tfMap["cookie"] = flattenRateLimitCookie(o.Cookie)
}
if o.ForwardedIP != nil {
tfMap["forwarded_ip"] = []interface{}{
map[string]interface{}{},
}
}
if o.HTTPMethod != nil {
tfMap["http_method"] = []interface{}{
map[string]interface{}{},
}
}
if o.Header != nil {
tfMap["header"] = flattenRateLimitHeader(o.Header)
}
if o.IP != nil {
tfMap["ip"] = []interface{}{
map[string]interface{}{},
}
}
if o.LabelNamespace != nil {
tfMap["label_namespace"] = flattenRateLimitLabelNamespace(o.LabelNamespace)
}
if o.QueryArgument != nil {
tfMap["query_argument"] = flattenRateLimitQueryArgument(o.QueryArgument)
}
if o.QueryString != nil {
tfMap["query_string"] = flattenRateLimitQueryString(o.QueryString)
}
if o.UriPath != nil {
tfMap["uri_path"] = flattenRateLimitURIPath(o.UriPath)
}
out[i] = tfMap
}
return out
}

func flattenRateBasedStatement(apiObject *wafv2.RateBasedStatement) interface{} {
if apiObject == nil {
return []interface{}{}
Expand All @@ -2442,6 +2665,10 @@ func flattenRateBasedStatement(apiObject *wafv2.RateBasedStatement) interface{}
tfMap["forwarded_ip_config"] = flattenForwardedIPConfig(apiObject.ForwardedIPConfig)
}

if apiObject.CustomKeys != nil {
tfMap["custom_key"] = flattenRateBasedStatementCustomKeys(apiObject.CustomKeys)
}

if apiObject.Limit != nil {
tfMap["limit"] = int(aws.Int64Value(apiObject.Limit))
}
Expand Down
Loading