From 065bb3a584468c01386f1ab34cb07ae13c7f97cd Mon Sep 17 00:00:00 2001
From: magodo <wztdyl@sina.com>
Date: Wed, 1 Jul 2020 13:47:38 +0800
Subject: [PATCH] azurerm_web_application_firewall_policy:
 `custom_rules.match_conditions` support `transforms`

---
 ...plication_firewall_policy_resource_test.go |  7 +++--
 ...eb_application_firewall_policy_resource.go | 28 +++++++++++++++++++
 ..._application_firewall_policy.html.markdown |  6 ++--
 3 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/azurerm/internal/services/network/tests/web_application_firewall_policy_resource_test.go b/azurerm/internal/services/network/tests/web_application_firewall_policy_resource_test.go
index 8df8d533dd92..160c27c4aca6 100644
--- a/azurerm/internal/services/network/tests/web_application_firewall_policy_resource_test.go
+++ b/azurerm/internal/services/network/tests/web_application_firewall_policy_resource_test.go
@@ -71,7 +71,7 @@ func TestAccAzureRMWebApplicationFirewallPolicy_complete(t *testing.T) {
 					resource.TestCheckResourceAttr(data.ResourceName, "custom_rules.1.match_conditions.1.operator", "Contains"),
 					resource.TestCheckResourceAttr(data.ResourceName, "custom_rules.1.match_conditions.1.negation_condition", "false"),
 					resource.TestCheckResourceAttr(data.ResourceName, "custom_rules.1.match_conditions.1.match_values.#", "1"),
-					resource.TestCheckResourceAttr(data.ResourceName, "custom_rules.1.match_conditions.1.match_values.0", "Windows"),
+					resource.TestCheckResourceAttr(data.ResourceName, "custom_rules.1.match_conditions.1.match_values.0", "windows"),
 					resource.TestCheckResourceAttr(data.ResourceName, "custom_rules.1.action", "Block"),
 					resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.#", "1"),
 					resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.0.exclusion.#", "2"),
@@ -146,7 +146,7 @@ func TestAccAzureRMWebApplicationFirewallPolicy_update(t *testing.T) {
 					resource.TestCheckResourceAttr(data.ResourceName, "custom_rules.1.match_conditions.1.operator", "Contains"),
 					resource.TestCheckResourceAttr(data.ResourceName, "custom_rules.1.match_conditions.1.negation_condition", "false"),
 					resource.TestCheckResourceAttr(data.ResourceName, "custom_rules.1.match_conditions.1.match_values.#", "1"),
-					resource.TestCheckResourceAttr(data.ResourceName, "custom_rules.1.match_conditions.1.match_values.0", "Windows"),
+					resource.TestCheckResourceAttr(data.ResourceName, "custom_rules.1.match_conditions.1.match_values.0", "windows"),
 					resource.TestCheckResourceAttr(data.ResourceName, "custom_rules.1.action", "Block"),
 					resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.#", "1"),
 					resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.0.exclusion.#", "2"),
@@ -310,7 +310,8 @@ resource "azurerm_web_application_firewall_policy" "test" {
 
       operator           = "Contains"
       negation_condition = false
-      match_values       = ["Windows"]
+      match_values       = ["windows"]
+      transforms         = ["Lowercase"]
     }
 
     action = "Block"
diff --git a/azurerm/internal/services/network/web_application_firewall_policy_resource.go b/azurerm/internal/services/network/web_application_firewall_policy_resource.go
index e11c013d391c..503062e1ad95 100644
--- a/azurerm/internal/services/network/web_application_firewall_policy_resource.go
+++ b/azurerm/internal/services/network/web_application_firewall_policy_resource.go
@@ -122,6 +122,21 @@ func resourceArmWebApplicationFirewallPolicy() *schema.Resource {
 										Type:     schema.TypeBool,
 										Optional: true,
 									},
+									"transforms": {
+										Type:     schema.TypeSet,
+										Optional: true,
+										Elem: &schema.Schema{
+											Type: schema.TypeString,
+											ValidateFunc: validation.StringInSlice([]string{
+												string(network.HTMLEntityDecode),
+												string(network.Lowercase),
+												string(network.RemoveNulls),
+												string(network.Trim),
+												string(network.URLDecode),
+												string(network.URLEncode),
+											}, false),
+										},
+									},
 								},
 							},
 						},
@@ -522,12 +537,18 @@ func expandArmWebApplicationFirewallPolicyMatchCondition(input []interface{}) *[
 		operator := v["operator"].(string)
 		negationCondition := v["negation_condition"].(bool)
 		matchValues := v["match_values"].([]interface{})
+		transformsRaw := v["transforms"].(*schema.Set).List()
 
+		var transforms []network.WebApplicationFirewallTransform
+		for _, trans := range transformsRaw {
+			transforms = append(transforms, network.WebApplicationFirewallTransform(trans.(string)))
+		}
 		result := network.MatchCondition{
 			MatchValues:      utils.ExpandStringSlice(matchValues),
 			MatchVariables:   expandArmWebApplicationFirewallPolicyMatchVariable(matchVariables),
 			NegationConditon: utils.Bool(negationCondition),
 			Operator:         network.WebApplicationFirewallOperator(operator),
+			Transforms:       &transforms,
 		}
 
 		results = append(results, result)
@@ -689,12 +710,19 @@ func flattenArmWebApplicationFirewallPolicyMatchCondition(input *[]network.Match
 	for _, item := range *input {
 		v := make(map[string]interface{})
 
+		var transforms []interface{}
+		if item.Transforms != nil {
+			for _, trans := range *item.Transforms {
+				transforms = append(transforms, string(trans))
+			}
+		}
 		v["match_values"] = utils.FlattenStringSlice(item.MatchValues)
 		v["match_variables"] = flattenArmWebApplicationFirewallPolicyMatchVariable(item.MatchVariables)
 		if negationCondition := item.NegationConditon; negationCondition != nil {
 			v["negation_condition"] = *negationCondition
 		}
 		v["operator"] = string(item.Operator)
+		v["transforms"] = transforms
 
 		results = append(results, v)
 	}
diff --git a/website/docs/r/web_application_firewall_policy.html.markdown b/website/docs/r/web_application_firewall_policy.html.markdown
index 4c5d17f2d59b..870bb09ee0d8 100644
--- a/website/docs/r/web_application_firewall_policy.html.markdown
+++ b/website/docs/r/web_application_firewall_policy.html.markdown
@@ -117,7 +117,7 @@ The following arguments are supported:
 
 * `policy_settings` - (Optional) A `policy_settings` block as defined below.
 
-* `managed_rules` - (Optional) A `managed_rules` blocks as defined below.
+* `managed_rules` - (Required) A `managed_rules` blocks as defined below.
 
 * `tags` - (Optional) A mapping of tags to assign to the Web Application Firewall Policy.
 
@@ -141,11 +141,13 @@ The `match_conditions` block supports the following:
 
 * `match_variables` - (Required) One or more `match_variables` blocks as defined below.
 
+* `match_values` - (Required) A list of match values.
+
 * `operator` - (Required) Describes operator to be matched.
 
 * `negation_condition` - (Optional) Describes if this is negate condition or not
 
-* `match_values` - (Required) A list of match values.
+* `transforms` - (Optional) A list of transformations to do before the match is attempted.
 
 ---