Skip to content

Commit

Permalink
Add challenge action support for wafv2 rule group
Browse files Browse the repository at this point in the history
  • Loading branch information
@n11c
n11c committed Feb 27, 2023
1 parent a2e7512 commit 13228fd
Show file tree
Hide file tree
Showing 3 changed files with 75 additions and 53 deletions.
9 changes: 5 additions & 4 deletions internal/service/wafv2/rule_group.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,10 +91,11 @@ func ResourceRuleGroup() *schema.Resource {
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"allow": allowConfigSchema(),
"block": blockConfigSchema(),
"count": countConfigSchema(),
"captcha": captchaConfigSchema(),
"allow": allowConfigSchema(),
"block": blockConfigSchema(),
"count": countConfigSchema(),
"captcha": captchaConfigSchema(),
"challenge": challengeConfigSchema(),
},
},
},
Expand Down
112 changes: 63 additions & 49 deletions internal/service/wafv2/rule_group_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,7 @@ func TestAccWAFV2RuleGroup_updateRule(t *testing.T) {
"action.0.block.#": "0",
"action.0.count.#": "1",
"action.0.captcha.#": "0",
"action.0.challenge.#": "0",
"statement.#": "1",
"statement.0.geo_match_statement.#": "1",
"statement.0.geo_match_statement.0.country_codes.#": "2",
Expand Down Expand Up @@ -153,13 +154,14 @@ func TestAccWAFV2RuleGroup_updateRuleProperties(t *testing.T) {
resource.TestCheckResourceAttr(resourceName, "visibility_config.0.sampled_requests_enabled", "false"),
resource.TestCheckResourceAttr(resourceName, "rule.#", "1"),
resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule.*", map[string]string{
"name": "rule-1",
"priority": "1",
"action.#": "1",
"action.0.allow.#": "0",
"action.0.block.#": "0",
"action.0.count.#": "1",
"action.0.captcha.#": "0",
"name": "rule-1",
"priority": "1",
"action.#": "1",
"action.0.allow.#": "0",
"action.0.block.#": "0",
"action.0.count.#": "1",
"action.0.captcha.#": "0",
"action.0.challenge.#": "0",
"visibility_config.0.cloudwatch_metrics_enabled": "false",
"visibility_config.0.metric_name": "friendly-rule-metric-name",
"visibility_config.0.sampled_requests_enabled": "false",
Expand All @@ -186,14 +188,15 @@ func TestAccWAFV2RuleGroup_updateRuleProperties(t *testing.T) {
resource.TestCheckResourceAttr(resourceName, "visibility_config.0.sampled_requests_enabled", "false"),
resource.TestCheckResourceAttr(resourceName, "rule.#", "2"),
resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule.*", map[string]string{
"name": "rule-1",
"priority": "1",
"action.#": "1",
"action.0.allow.#": "0",
"action.0.block.#": "0",
"action.0.count.#": "1",
"action.0.captcha.#": "0",
"visibility_config.#": "1",
"name": "rule-1",
"priority": "1",
"action.#": "1",
"action.0.allow.#": "0",
"action.0.block.#": "0",
"action.0.count.#": "1",
"action.0.captcha.#": "0",
"action.0.challenge.#": "0",
"visibility_config.#": "1",
"visibility_config.0.cloudwatch_metrics_enabled": "false",
"visibility_config.0.metric_name": "rule-1",
"visibility_config.0.sampled_requests_enabled": "false",
Expand All @@ -202,14 +205,15 @@ func TestAccWAFV2RuleGroup_updateRuleProperties(t *testing.T) {
"statement.0.geo_match_statement.0.country_codes.#": "2",
}),
resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule.*", map[string]string{
"name": ruleName2,
"priority": "2",
"action.#": "1",
"action.0.allow.#": "0",
"action.0.block.#": "1",
"action.0.count.#": "0",
"action.0.captcha.#": "0",
"visibility_config.#": "1",
"name": ruleName2,
"priority": "2",
"action.#": "1",
"action.0.allow.#": "0",
"action.0.block.#": "1",
"action.0.count.#": "0",
"action.0.captcha.#": "0",
"action.0.challenge.#": "0",
"visibility_config.#": "1",
"visibility_config.0.cloudwatch_metrics_enabled": "false",
"visibility_config.0.metric_name": ruleName2,
"visibility_config.0.sampled_requests_enabled": "false",
Expand Down Expand Up @@ -248,14 +252,15 @@ func TestAccWAFV2RuleGroup_updateRuleProperties(t *testing.T) {
resource.TestCheckResourceAttr(resourceName, "visibility_config.0.sampled_requests_enabled", "false"),
resource.TestCheckResourceAttr(resourceName, "rule.#", "2"),
resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule.*", map[string]string{
"name": "rule-1",
"priority": "5",
"action.#": "1",
"action.0.allow.#": "0",
"action.0.block.#": "0",
"action.0.count.#": "1",
"action.0.captcha.#": "0",
"visibility_config.#": "1",
"name": "rule-1",
"priority": "5",
"action.#": "1",
"action.0.allow.#": "0",
"action.0.block.#": "0",
"action.0.count.#": "1",
"action.0.captcha.#": "0",
"action.0.challenge.#": "0",
"visibility_config.#": "1",
"visibility_config.0.cloudwatch_metrics_enabled": "false",
"visibility_config.0.metric_name": "rule-1",
"visibility_config.0.sampled_requests_enabled": "false",
Expand All @@ -264,14 +269,15 @@ func TestAccWAFV2RuleGroup_updateRuleProperties(t *testing.T) {
"statement.0.geo_match_statement.0.country_codes.#": "2",
}),
resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule.*", map[string]string{
"name": "updated",
"priority": "10",
"action.#": "1",
"action.0.allow.#": "0",
"action.0.block.#": "1",
"action.0.count.#": "0",
"action.0.captcha.#": "0",
"visibility_config.#": "1",
"name": "updated",
"priority": "10",
"action.#": "1",
"action.0.allow.#": "0",
"action.0.block.#": "1",
"action.0.count.#": "0",
"action.0.captcha.#": "0",
"action.0.challenge.#": "0",
"visibility_config.#": "1",
"visibility_config.0.cloudwatch_metrics_enabled": "false",
"visibility_config.0.metric_name": "updated",
"visibility_config.0.sampled_requests_enabled": "false",
Expand Down Expand Up @@ -1425,6 +1431,7 @@ func TestAccWAFV2RuleGroup_ruleAction(t *testing.T) {
"action.0.block.#": "0",
"action.0.count.#": "0",
"action.0.captcha.#": "0",
"action.0.challenge.#": "0",
}),
),
},
Expand All @@ -1446,6 +1453,7 @@ func TestAccWAFV2RuleGroup_ruleAction(t *testing.T) {
"action.0.block.0.custom_response.#": "0",
"action.0.count.#": "0",
"action.0.captcha.#": "0",
"action.0.challenge.#": "0",
}),
),
},
Expand All @@ -1467,6 +1475,7 @@ func TestAccWAFV2RuleGroup_ruleAction(t *testing.T) {
"action.0.count.#": "1",
"action.0.count.0.custom_request_handling.#": "0",
"action.0.captcha.#": "0",
"action.0.challenge.#": "0",
}),
),
},
Expand Down Expand Up @@ -1512,9 +1521,10 @@ func TestAccWAFV2RuleGroup_RuleAction_customRequestHandling(t *testing.T) {
"action.0.allow.0.custom_request_handling.0.insert_header.0.value": "test-val1",
"action.0.allow.0.custom_request_handling.0.insert_header.1.name": "x-hdr2",
"action.0.allow.0.custom_request_handling.0.insert_header.1.value": "test-val2",
"action.0.block.#": "0",
"action.0.count.#": "0",
"action.0.captcha.#": "0",
"action.0.block.#": "0",
"action.0.count.#": "0",
"action.0.captcha.#": "0",
"action.0.challenge.#": "0",
}),
),
},
Expand All @@ -1540,7 +1550,8 @@ func TestAccWAFV2RuleGroup_RuleAction_customRequestHandling(t *testing.T) {
"action.0.count.0.custom_request_handling.0.insert_header.0.value": "test-val1",
"action.0.count.0.custom_request_handling.0.insert_header.1.name": "x-hdr2",
"action.0.count.0.custom_request_handling.0.insert_header.1.value": "test-val2",
"action.0.captcha.#": "0",
"action.0.captcha.#": "0",
"action.0.challenge.#": "0",
}),
),
},
Expand Down Expand Up @@ -1588,8 +1599,9 @@ func TestAccWAFV2RuleGroup_RuleAction_customResponse(t *testing.T) {
"action.0.block.0.custom_response.0.response_header.0.value": "test-val1",
"action.0.block.0.custom_response.0.response_header.1.name": "x-hdr2",
"action.0.block.0.custom_response.0.response_header.1.value": "test-val2",
"action.0.count.#": "0",
"action.0.captcha.#": "0",
"action.0.count.#": "0",
"action.0.captcha.#": "0",
"action.0.challenge.#": "0",
}),
),
},
Expand Down Expand Up @@ -1621,8 +1633,9 @@ func TestAccWAFV2RuleGroup_RuleAction_customResponse(t *testing.T) {
"action.0.block.0.custom_response.#": "1",
"action.0.block.0.custom_response.0.response_code": "429",
"action.0.block.0.custom_response.0.custom_response_body_key": "test_body_1",
"action.0.count.#": "0",
"action.0.captcha.#": "0",
"action.0.count.#": "0",
"action.0.captcha.#": "0",
"action.0.challenge.#": "0",
}),
),
},
Expand Down Expand Up @@ -1655,8 +1668,9 @@ func TestAccWAFV2RuleGroup_RuleAction_customResponse(t *testing.T) {
"action.0.block.0.custom_response.#": "1",
"action.0.block.0.custom_response.0.response_code": "429",
"action.0.block.0.custom_response.0.custom_response_body_key": "test_body_2",
"action.0.count.#": "0",
"action.0.captcha.#": "0",
"action.0.count.#": "0",
"action.0.captcha.#": "0",
"action.0.challenge.#": "0",
}),
),
},
Expand Down
7 changes: 7 additions & 0 deletions website/docs/r/wafv2_rule_group.html.markdown
View file
Original file line number Diff line number Diff line change
Expand Up @@ -341,6 +341,7 @@ The `action` block supports the following arguments:
* `allow` - (Optional) Instructs AWS WAF to allow the web request. See [Allow](#action) below for details.
* `block` - (Optional) Instructs AWS WAF to block the web request. See [Block](#block) below for details.
* `captcha` - (Optional) Instructs AWS WAF to run a `CAPTCHA` check against the web request. See [Captcha](#captcha) below for details.
* `challenge` - (Optional) Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See [Challenge](#challenge) below for details.
* `count` - (Optional) Instructs AWS WAF to count the web request and allow it. See [Count](#count) below for details.

### Allow
Expand All @@ -361,6 +362,12 @@ The `captcha` block supports the following arguments:

* `custom_request_handling` - (Optional) Defines custom handling for the web request. See [Custom Request Handling](#custom-request-handling) below for details.

#### Challenge

The `challenge` block supports the following arguments:

* `custom_request_handling` - (Optional) Defines custom handling for the web request. See [`custom_request_handling`](#custom_request_handling) below for details.

### Count

The `count` block supports the following arguments:
Expand Down

0 comments on commit 13228fd

Please sign in to comment.