-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add support for Attack Challenge Mode (#181)
- Loading branch information
1 parent
f30b68f
commit 38c997e
Showing
13 changed files
with
865 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
package client | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
) | ||
|
||
type AttackChallengeMode struct { | ||
ProjectID string `json:"projectId"` | ||
TeamID string `json:"-"` | ||
Enabled bool `json:"attackModeEnabled"` | ||
} | ||
|
||
func (c *Client) GetAttackChallengeMode(ctx context.Context, projectID, teamID string) (a AttackChallengeMode, err error) { | ||
project, err := c.GetProject(ctx, projectID, teamID) | ||
if err != nil { | ||
return a, err | ||
} | ||
var enabled bool | ||
if project.Security != nil { | ||
enabled = project.Security.AttackModeEnabled | ||
} | ||
return AttackChallengeMode{ | ||
ProjectID: projectID, | ||
TeamID: teamID, | ||
Enabled: enabled, | ||
}, err | ||
} | ||
|
||
func (c *Client) UpdateAttackChallengeMode(ctx context.Context, request AttackChallengeMode) (a AttackChallengeMode, err error) { | ||
url := fmt.Sprintf("%s/security/attack-mode", c.baseURL) | ||
if c.teamID(request.TeamID) != "" { | ||
url = fmt.Sprintf("%s?teamId=%s", url, c.teamID(request.TeamID)) | ||
} | ||
|
||
payload := string(mustMarshal(request)) | ||
var res struct { | ||
AttackModeEnabled bool `json:"attackModeEnabled"` | ||
} | ||
err = c.doRequest(clientRequest{ | ||
ctx: ctx, | ||
method: "POST", | ||
url: url, | ||
body: payload, | ||
}, &res) | ||
if err != nil { | ||
return a, err | ||
} | ||
return AttackChallengeMode{ | ||
ProjectID: request.ProjectID, | ||
TeamID: request.TeamID, | ||
Enabled: res.AttackModeEnabled, | ||
}, err | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
--- | ||
# generated by https://github.com/hashicorp/terraform-plugin-docs | ||
page_title: "vercel_attack_challenge_mode Data Source - terraform-provider-vercel" | ||
subcategory: "" | ||
description: |- | ||
Provides an Attack Challenge Mode resource. | ||
Attack Challenge Mode prevent malicious traffic by showing a verification challenge for every visitor. | ||
--- | ||
|
||
# vercel_attack_challenge_mode (Data Source) | ||
|
||
Provides an Attack Challenge Mode resource. | ||
|
||
Attack Challenge Mode prevent malicious traffic by showing a verification challenge for every visitor. | ||
|
||
## Example Usage | ||
|
||
```terraform | ||
data "vercel_attack_challenge_mode" "example" { | ||
project_id = vercel_project.example.id | ||
} | ||
``` | ||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Required | ||
|
||
- `project_id` (String) The ID of the Project to adjust the CPU for. | ||
|
||
### Optional | ||
|
||
- `team_id` (String) The ID of the team the Project exists under. Required when configuring a team resource if a default team has not been set in the provider. | ||
|
||
### Read-Only | ||
|
||
- `enabled` (Boolean) Whether Attack Challenge Mode is enabled or not. | ||
- `id` (String) The resource identifier. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
--- | ||
# generated by https://github.com/hashicorp/terraform-plugin-docs | ||
page_title: "vercel_attack_challenge_mode Resource - terraform-provider-vercel" | ||
subcategory: "" | ||
description: |- | ||
Provides an Attack Challenge Mode resource. | ||
Attack Challenge Mode prevent malicious traffic by showing a verification challenge for every visitor. | ||
--- | ||
|
||
# vercel_attack_challenge_mode (Resource) | ||
|
||
Provides an Attack Challenge Mode resource. | ||
|
||
Attack Challenge Mode prevent malicious traffic by showing a verification challenge for every visitor. | ||
|
||
## Example Usage | ||
|
||
```terraform | ||
resource "vercel_project" "example" { | ||
name = "example-project" | ||
} | ||
resource "vercel_attack_challenge_mode" "example" { | ||
project_id = vercel_project.example.id | ||
enabled = true | ||
} | ||
``` | ||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Required | ||
|
||
- `enabled` (Boolean) Whether Attack Challenge Mode is enabled or not. | ||
- `project_id` (String) The ID of the Project to adjust the CPU for. | ||
|
||
### Optional | ||
|
||
- `team_id` (String) The ID of the team the Project exists under. Required when configuring a team resource if a default team has not been set in the provider. | ||
|
||
### Read-Only | ||
|
||
- `id` (String) The resource identifier. | ||
|
||
## Import | ||
|
||
Import is supported using the following syntax: | ||
|
||
```shell | ||
# You can import via the team_id and project_id. | ||
# - team_id can be found in the team `settings` tab in the Vercel UI. | ||
# - project_id can be found in the project `settings` tab in the Vercel UI. | ||
terraform import vercel_attack_challenge_mode.example team_xxxxxxxxxxxxxxxxxxxxxxxx/prj_xxxxxxxxxxxxxxxxxxxxxxxxxxxx | ||
``` |
3 changes: 3 additions & 0 deletions
3
examples/data-sources/vercel_attack_challenge_mode/data-source.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
data "vercel_attack_challenge_mode" "example" { | ||
project_id = vercel_project.example.id | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
# You can import via the team_id and project_id. | ||
# - team_id can be found in the team `settings` tab in the Vercel UI. | ||
# - project_id can be found in the project `settings` tab in the Vercel UI. | ||
terraform import vercel_attack_challenge_mode.example team_xxxxxxxxxxxxxxxxxxxxxxxx/prj_xxxxxxxxxxxxxxxxxxxxxxxxxxxx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
resource "vercel_project" "example" { | ||
name = "example-project" | ||
} | ||
|
||
resource "vercel_attack_challenge_mode" "example" { | ||
project_id = vercel_project.example.id | ||
enabled = true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,113 @@ | ||
package vercel | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
|
||
"github.com/hashicorp/terraform-plugin-framework/datasource" | ||
"github.com/hashicorp/terraform-plugin-framework/datasource/schema" | ||
"github.com/hashicorp/terraform-plugin-log/tflog" | ||
"github.com/vercel/terraform-provider-vercel/client" | ||
) | ||
|
||
// Ensure the implementation satisfies the expected interfaces. | ||
var ( | ||
_ datasource.DataSource = &attackChallengeModeDataSource{} | ||
_ datasource.DataSourceWithConfigure = &attackChallengeModeDataSource{} | ||
) | ||
|
||
func newAttackChallengeModeDataSource() datasource.DataSource { | ||
return &attackChallengeModeDataSource{} | ||
} | ||
|
||
type attackChallengeModeDataSource struct { | ||
client *client.Client | ||
} | ||
|
||
func (d *attackChallengeModeDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) { | ||
resp.TypeName = req.ProviderTypeName + "_attack_challenge_mode" | ||
} | ||
|
||
func (d *attackChallengeModeDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) { | ||
// Prevent panic if the provider has not been configured. | ||
if req.ProviderData == nil { | ||
return | ||
} | ||
|
||
client, ok := req.ProviderData.(*client.Client) | ||
if !ok { | ||
resp.Diagnostics.AddError( | ||
"Unexpected Data Source Configure Type", | ||
fmt.Sprintf("Expected *client.Client, got: %T. Please report this issue to the provider developers.", req.ProviderData), | ||
) | ||
return | ||
} | ||
|
||
d.client = client | ||
} | ||
|
||
func (r *attackChallengeModeDataSource) Schema(_ context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) { | ||
resp.Schema = schema.Schema{ | ||
Description: ` | ||
Provides an Attack Challenge Mode resource. | ||
Attack Challenge Mode prevent malicious traffic by showing a verification challenge for every visitor.`, | ||
Attributes: map[string]schema.Attribute{ | ||
"id": schema.StringAttribute{ | ||
Description: "The resource identifier.", | ||
Computed: true, | ||
}, | ||
"project_id": schema.StringAttribute{ | ||
Description: "The ID of the Project to adjust the CPU for.", | ||
Required: true, | ||
}, | ||
"team_id": schema.StringAttribute{ | ||
Optional: true, | ||
Computed: true, | ||
Description: "The ID of the team the Project exists under. Required when configuring a team resource if a default team has not been set in the provider.", | ||
}, | ||
"enabled": schema.BoolAttribute{ | ||
Computed: true, | ||
Description: "Whether Attack Challenge Mode is enabled or not.", | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func (d *attackChallengeModeDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { | ||
var config AttackChallengeMode | ||
diags := req.Config.Get(ctx, &config) | ||
resp.Diagnostics.Append(diags...) | ||
if resp.Diagnostics.HasError() { | ||
return | ||
} | ||
|
||
out, err := d.client.GetAttackChallengeMode(ctx, config.ProjectID.ValueString(), config.TeamID.ValueString()) | ||
if client.NotFound(err) { | ||
resp.State.RemoveResource(ctx) | ||
return | ||
} | ||
if err != nil { | ||
resp.Diagnostics.AddError( | ||
"Error reading Attack Challenge Mode", | ||
fmt.Sprintf("Could not get Attack Challenge Mode %s %s, unexpected error: %s", | ||
config.TeamID.ValueString(), | ||
config.ProjectID.ValueString(), | ||
err, | ||
), | ||
) | ||
return | ||
} | ||
|
||
result := responseToAttackChallengeMode(out) | ||
tflog.Info(ctx, "read attack challenge mode", map[string]interface{}{ | ||
"team_id": result.TeamID.ValueString(), | ||
"project_id": result.ProjectID.ValueString(), | ||
}) | ||
|
||
diags = resp.State.Set(ctx, result) | ||
resp.Diagnostics.Append(diags...) | ||
if resp.Diagnostics.HasError() { | ||
return | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
package vercel_test | ||
|
||
import ( | ||
"fmt" | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform-plugin-testing/helper/acctest" | ||
"github.com/hashicorp/terraform-plugin-testing/helper/resource" | ||
) | ||
|
||
func TestAcc_AttackChallengeModeDataSource(t *testing.T) { | ||
name := acctest.RandString(16) | ||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { testAccPreCheck(t) }, | ||
ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccAttackChallengeModeConfig(name, teamIDConfig()), | ||
Check: resource.ComposeAggregateTestCheckFunc( | ||
resource.TestCheckResourceAttr("data.vercel_attack_challenge_mode.never_enabled", "enabled", "false"), | ||
resource.TestCheckResourceAttr("data.vercel_attack_challenge_mode.enabled", "enabled", "true"), | ||
resource.TestCheckResourceAttr("data.vercel_attack_challenge_mode.disabled", "enabled", "false"), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testAccAttackChallengeModeConfig(name, teamID string) string { | ||
return fmt.Sprintf(` | ||
resource "vercel_project" "never_enabled" { | ||
name = "test-acc-%[1]s" | ||
%[2]s | ||
} | ||
data "vercel_attack_challenge_mode" "never_enabled" { | ||
project_id = vercel_project.never_enabled.id | ||
%[2]s | ||
} | ||
resource "vercel_project" "enabled" { | ||
name = "test-acc-%[1]s-enabled" | ||
%[2]s | ||
} | ||
resource "vercel_attack_challenge_mode" "enabled" { | ||
project_id = vercel_project.enabled.id | ||
enabled = true | ||
%[2]s | ||
} | ||
data "vercel_attack_challenge_mode" "enabled" { | ||
project_id = vercel_attack_challenge_mode.enabled.project_id | ||
%[2]s | ||
} | ||
resource "vercel_project" "disabled" { | ||
name = "test-acc-%[1]s-disabled" | ||
%[2]s | ||
} | ||
resource "vercel_attack_challenge_mode" "disabled" { | ||
project_id = vercel_project.disabled.id | ||
enabled = false | ||
%[2]s | ||
} | ||
data "vercel_attack_challenge_mode" "disabled" { | ||
project_id = vercel_attack_challenge_mode.disabled.project_id | ||
%[2]s | ||
} | ||
`, name, teamID) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.