diff --git a/internal/service/wafv2/rule_group.go b/internal/service/wafv2/rule_group.go index c8de0a13adb..f20c44aef5a 100644 --- a/internal/service/wafv2/rule_group.go +++ b/internal/service/wafv2/rule_group.go @@ -91,10 +91,11 @@ func ResourceRuleGroup() *schema.Resource { MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "allow": allowConfigSchema(), - "block": blockConfigSchema(), - "count": countConfigSchema(), - "captcha": captchaConfigSchema(), + "allow": allowConfigSchema(), + "block": blockConfigSchema(), + "count": countConfigSchema(), + "captcha": captchaConfigSchema(), + "challenge": challengeConfigSchema(), }, }, }, diff --git a/internal/service/wafv2/rule_group_test.go b/internal/service/wafv2/rule_group_test.go index 664c4849de0..ad35630bc36 100644 --- a/internal/service/wafv2/rule_group_test.go +++ b/internal/service/wafv2/rule_group_test.go @@ -108,6 +108,7 @@ func TestAccWAFV2RuleGroup_updateRule(t *testing.T) { "action.0.block.#": "0", "action.0.count.#": "1", "action.0.captcha.#": "0", + "action.0.challenge.#": "0", "statement.#": "1", "statement.0.geo_match_statement.#": "1", "statement.0.geo_match_statement.0.country_codes.#": "2", @@ -153,13 +154,14 @@ func TestAccWAFV2RuleGroup_updateRuleProperties(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "visibility_config.0.sampled_requests_enabled", "false"), resource.TestCheckResourceAttr(resourceName, "rule.#", "1"), resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule.*", map[string]string{ - "name": "rule-1", - "priority": "1", - "action.#": "1", - "action.0.allow.#": "0", - "action.0.block.#": "0", - "action.0.count.#": "1", - "action.0.captcha.#": "0", + "name": "rule-1", + "priority": "1", + "action.#": "1", + "action.0.allow.#": "0", + "action.0.block.#": "0", + "action.0.count.#": "1", + "action.0.captcha.#": "0", + "action.0.challenge.#": "0", "visibility_config.0.cloudwatch_metrics_enabled": "false", "visibility_config.0.metric_name": "friendly-rule-metric-name", "visibility_config.0.sampled_requests_enabled": "false", @@ -186,14 +188,15 @@ func TestAccWAFV2RuleGroup_updateRuleProperties(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "visibility_config.0.sampled_requests_enabled", "false"), resource.TestCheckResourceAttr(resourceName, "rule.#", "2"), resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule.*", map[string]string{ - "name": "rule-1", - "priority": "1", - "action.#": "1", - "action.0.allow.#": "0", - "action.0.block.#": "0", - "action.0.count.#": "1", - "action.0.captcha.#": "0", - "visibility_config.#": "1", + "name": "rule-1", + "priority": "1", + "action.#": "1", + "action.0.allow.#": "0", + "action.0.block.#": "0", + "action.0.count.#": "1", + "action.0.captcha.#": "0", + "action.0.challenge.#": "0", + "visibility_config.#": "1", "visibility_config.0.cloudwatch_metrics_enabled": "false", "visibility_config.0.metric_name": "rule-1", "visibility_config.0.sampled_requests_enabled": "false", @@ -202,14 +205,15 @@ func TestAccWAFV2RuleGroup_updateRuleProperties(t *testing.T) { "statement.0.geo_match_statement.0.country_codes.#": "2", }), resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule.*", map[string]string{ - "name": ruleName2, - "priority": "2", - "action.#": "1", - "action.0.allow.#": "0", - "action.0.block.#": "1", - "action.0.count.#": "0", - "action.0.captcha.#": "0", - "visibility_config.#": "1", + "name": ruleName2, + "priority": "2", + "action.#": "1", + "action.0.allow.#": "0", + "action.0.block.#": "1", + "action.0.count.#": "0", + "action.0.captcha.#": "0", + "action.0.challenge.#": "0", + "visibility_config.#": "1", "visibility_config.0.cloudwatch_metrics_enabled": "false", "visibility_config.0.metric_name": ruleName2, "visibility_config.0.sampled_requests_enabled": "false", @@ -248,14 +252,15 @@ func TestAccWAFV2RuleGroup_updateRuleProperties(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "visibility_config.0.sampled_requests_enabled", "false"), resource.TestCheckResourceAttr(resourceName, "rule.#", "2"), resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule.*", map[string]string{ - "name": "rule-1", - "priority": "5", - "action.#": "1", - "action.0.allow.#": "0", - "action.0.block.#": "0", - "action.0.count.#": "1", - "action.0.captcha.#": "0", - "visibility_config.#": "1", + "name": "rule-1", + "priority": "5", + "action.#": "1", + "action.0.allow.#": "0", + "action.0.block.#": "0", + "action.0.count.#": "1", + "action.0.captcha.#": "0", + "action.0.challenge.#": "0", + "visibility_config.#": "1", "visibility_config.0.cloudwatch_metrics_enabled": "false", "visibility_config.0.metric_name": "rule-1", "visibility_config.0.sampled_requests_enabled": "false", @@ -264,14 +269,15 @@ func TestAccWAFV2RuleGroup_updateRuleProperties(t *testing.T) { "statement.0.geo_match_statement.0.country_codes.#": "2", }), resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule.*", map[string]string{ - "name": "updated", - "priority": "10", - "action.#": "1", - "action.0.allow.#": "0", - "action.0.block.#": "1", - "action.0.count.#": "0", - "action.0.captcha.#": "0", - "visibility_config.#": "1", + "name": "updated", + "priority": "10", + "action.#": "1", + "action.0.allow.#": "0", + "action.0.block.#": "1", + "action.0.count.#": "0", + "action.0.captcha.#": "0", + "action.0.challenge.#": "0", + "visibility_config.#": "1", "visibility_config.0.cloudwatch_metrics_enabled": "false", "visibility_config.0.metric_name": "updated", "visibility_config.0.sampled_requests_enabled": "false", @@ -1425,6 +1431,7 @@ func TestAccWAFV2RuleGroup_ruleAction(t *testing.T) { "action.0.block.#": "0", "action.0.count.#": "0", "action.0.captcha.#": "0", + "action.0.challenge.#": "0", }), ), }, @@ -1446,6 +1453,7 @@ func TestAccWAFV2RuleGroup_ruleAction(t *testing.T) { "action.0.block.0.custom_response.#": "0", "action.0.count.#": "0", "action.0.captcha.#": "0", + "action.0.challenge.#": "0", }), ), }, @@ -1467,6 +1475,7 @@ func TestAccWAFV2RuleGroup_ruleAction(t *testing.T) { "action.0.count.#": "1", "action.0.count.0.custom_request_handling.#": "0", "action.0.captcha.#": "0", + "action.0.challenge.#": "0", }), ), }, @@ -1512,9 +1521,10 @@ func TestAccWAFV2RuleGroup_RuleAction_customRequestHandling(t *testing.T) { "action.0.allow.0.custom_request_handling.0.insert_header.0.value": "test-val1", "action.0.allow.0.custom_request_handling.0.insert_header.1.name": "x-hdr2", "action.0.allow.0.custom_request_handling.0.insert_header.1.value": "test-val2", - "action.0.block.#": "0", - "action.0.count.#": "0", - "action.0.captcha.#": "0", + "action.0.block.#": "0", + "action.0.count.#": "0", + "action.0.captcha.#": "0", + "action.0.challenge.#": "0", }), ), }, @@ -1540,7 +1550,8 @@ func TestAccWAFV2RuleGroup_RuleAction_customRequestHandling(t *testing.T) { "action.0.count.0.custom_request_handling.0.insert_header.0.value": "test-val1", "action.0.count.0.custom_request_handling.0.insert_header.1.name": "x-hdr2", "action.0.count.0.custom_request_handling.0.insert_header.1.value": "test-val2", - "action.0.captcha.#": "0", + "action.0.captcha.#": "0", + "action.0.challenge.#": "0", }), ), }, @@ -1588,8 +1599,9 @@ func TestAccWAFV2RuleGroup_RuleAction_customResponse(t *testing.T) { "action.0.block.0.custom_response.0.response_header.0.value": "test-val1", "action.0.block.0.custom_response.0.response_header.1.name": "x-hdr2", "action.0.block.0.custom_response.0.response_header.1.value": "test-val2", - "action.0.count.#": "0", - "action.0.captcha.#": "0", + "action.0.count.#": "0", + "action.0.captcha.#": "0", + "action.0.challenge.#": "0", }), ), }, @@ -1621,8 +1633,9 @@ func TestAccWAFV2RuleGroup_RuleAction_customResponse(t *testing.T) { "action.0.block.0.custom_response.#": "1", "action.0.block.0.custom_response.0.response_code": "429", "action.0.block.0.custom_response.0.custom_response_body_key": "test_body_1", - "action.0.count.#": "0", - "action.0.captcha.#": "0", + "action.0.count.#": "0", + "action.0.captcha.#": "0", + "action.0.challenge.#": "0", }), ), }, @@ -1655,8 +1668,9 @@ func TestAccWAFV2RuleGroup_RuleAction_customResponse(t *testing.T) { "action.0.block.0.custom_response.#": "1", "action.0.block.0.custom_response.0.response_code": "429", "action.0.block.0.custom_response.0.custom_response_body_key": "test_body_2", - "action.0.count.#": "0", - "action.0.captcha.#": "0", + "action.0.count.#": "0", + "action.0.captcha.#": "0", + "action.0.challenge.#": "0", }), ), }, diff --git a/website/docs/r/wafv2_rule_group.html.markdown b/website/docs/r/wafv2_rule_group.html.markdown index 6534be707f6..4a823e7d8bc 100644 --- a/website/docs/r/wafv2_rule_group.html.markdown +++ b/website/docs/r/wafv2_rule_group.html.markdown @@ -341,6 +341,7 @@ The `action` block supports the following arguments: * `allow` - (Optional) Instructs AWS WAF to allow the web request. See [Allow](#action) below for details. * `block` - (Optional) Instructs AWS WAF to block the web request. See [Block](#block) below for details. * `captcha` - (Optional) Instructs AWS WAF to run a `CAPTCHA` check against the web request. See [Captcha](#captcha) below for details. +* `challenge` - (Optional) Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See [Challenge](#challenge) below for details. * `count` - (Optional) Instructs AWS WAF to count the web request and allow it. See [Count](#count) below for details. ### Allow @@ -361,6 +362,12 @@ The `captcha` block supports the following arguments: * `custom_request_handling` - (Optional) Defines custom handling for the web request. See [Custom Request Handling](#custom-request-handling) below for details. +#### Challenge + +The `challenge` block supports the following arguments: + +* `custom_request_handling` - (Optional) Defines custom handling for the web request. See [`custom_request_handling`](#custom_request_handling) below for details. + ### Count The `count` block supports the following arguments: