Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add evaluation_window_sec arg to rate_based_statement for aws_wafv2_rule_group and aws_wafv2_web_acl #36045

Merged
merged 1 commit into from
Mar 5, 2024
+67 −14
Merged

feat: Add evaluation_window_sec arg to rate_based_statement for aws_wafv2_rule_group and aws_wafv2_web_acl #36045

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .changelog/36045.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
```release-note:enhancement
resource/aws_wafv2_rule_group: Add `evaluation_window_sec` argument to the `rate_based_statement` configuration block
```

```release-note:enhancement
resource/aws_wafv2_web_acl: Add `evaluation_window_sec` argument to the `rate_based_statement` configuration block
```
9 changes: 7 additions & 2 deletions internal/service/wafv2/flex.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1505,8 +1505,9 @@ func expandRateBasedStatement(l []interface{}) *wafv2.RateBasedStatement {

m := l[0].(map[string]interface{})
r := &wafv2.RateBasedStatement{
AggregateKeyType: aws.String(m["aggregate_key_type"].(string)),
Limit: aws.Int64(int64(m["limit"].(int))),
AggregateKeyType: aws.String(m["aggregate_key_type"].(string)),
EvaluationWindowSec: aws.Int64(int64(m["evaluation_window_sec"].(int))),
Limit: aws.Int64(int64(m["limit"].(int))),
}

if v, ok := m["forwarded_ip_config"]; ok {
Expand Down Expand Up @@ -2884,6 +2885,10 @@ func flattenRateBasedStatement(apiObject *wafv2.RateBasedStatement) interface{}
tfMap["custom_key"] = flattenRateBasedStatementCustomKeys(apiObject.CustomKeys)
}

if apiObject.EvaluationWindowSec != nil {
tfMap["evaluation_window_sec"] = int(aws.Int64Value(apiObject.EvaluationWindowSec))
}

if apiObject.Limit != nil {
tfMap["limit"] = int(aws.Int64Value(apiObject.Limit))
}
Expand Down
16 changes: 15 additions & 1 deletion internal/service/wafv2/rule_group_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2053,6 +2053,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "0",
"statement.0.rate_based_statement.0.aggregate_key_type": "IP",
"statement.0.rate_based_statement.0.evaluation_window_sec": "600",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand All @@ -2070,6 +2071,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "0",
"statement.0.rate_based_statement.0.aggregate_key_type": "FORWARDED_IP",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "1",
"statement.0.rate_based_statement.0.forwarded_ip_config.0.fallback_behavior": "MATCH",
"statement.0.rate_based_statement.0.forwarded_ip_config.0.header_name": "X-Forwarded-For",
Expand All @@ -2089,6 +2091,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "0",
"statement.0.rate_based_statement.0.aggregate_key_type": "FORWARDED_IP",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "1",
"statement.0.rate_based_statement.0.forwarded_ip_config.0.fallback_behavior": "NO_MATCH",
"statement.0.rate_based_statement.0.forwarded_ip_config.0.header_name": "Updated",
Expand All @@ -2108,6 +2111,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "1",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand Down Expand Up @@ -2135,6 +2139,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "2",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "1",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand Down Expand Up @@ -2162,6 +2167,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "1",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand All @@ -2188,6 +2194,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "1",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand Down Expand Up @@ -2215,6 +2222,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "2",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand Down Expand Up @@ -2242,6 +2250,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "1",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand Down Expand Up @@ -2269,6 +2278,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "1",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand Down Expand Up @@ -2296,6 +2306,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "1",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand Down Expand Up @@ -2323,6 +2334,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "5",
"statement.0.rate_based_statement.0.aggregate_key_type": "CUSTOM_KEYS",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "50000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "0",
Expand All @@ -2340,6 +2352,7 @@ func TestAccWAFV2RuleGroup_rateBasedStatement(t *testing.T) {
"statement.0.rate_based_statement.#": "1",
"statement.0.rate_based_statement.0.custom_key.#": "0",
"statement.0.rate_based_statement.0.aggregate_key_type": "IP",
"statement.0.rate_based_statement.0.evaluation_window_sec": "300",
"statement.0.rate_based_statement.0.forwarded_ip_config.#": "0",
"statement.0.rate_based_statement.0.limit": "10000",
"statement.0.rate_based_statement.0.scope_down_statement.#": "1",
Expand Down Expand Up @@ -4719,7 +4732,8 @@ resource "aws_wafv2_rule_group" "test" {
statement {
rate_based_statement {
limit = 50000
evaluation_window_sec = 600
limit = 50000
}
}
Expand Down
6 changes: 6 additions & 0 deletions internal/service/wafv2/schemas.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1090,6 +1090,12 @@ func rateBasedStatementSchema(level int) *schema.Schema {
},
},
},
"evaluation_window_sec": {
Type: schema.TypeInt,
Optional: true,
Default: 300,
ValidateFunc: validation.IntInSlice([]int{60, 120, 300, 600}),
},
"forwarded_ip_config": forwardedIPConfigSchema(),
"limit": {
Type: schema.TypeInt,
Expand Down
Loading
Loading