Skip to content

Commit

Permalink
Merge pull request #22455 from wuxu92/webappfirewall/20230201
Browse files Browse the repository at this point in the history 
`azurerm_web_application_firewall_policy`: upgrade API version to 2023-02-01
  • Loading branch information
@tombuildsstuff
tombuildsstuff authored Jul 28, 2023
2 parents d0851e8 + 4517144 commit 17c2a5a
Show file tree
Hide file tree
Showing 12 changed files with 523 additions and 698 deletions.
21 changes: 15 additions & 6 deletions internal/services/network/application_gateway_resource.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import (
"github.com/hashicorp/go-azure-helpers/resourcemanager/identity"
"github.com/hashicorp/go-azure-helpers/resourcemanager/location"
"github.com/hashicorp/go-azure-helpers/resourcemanager/zones"
"github.com/hashicorp/go-azure-sdk/resource-manager/network/2023-02-01/webapplicationfirewallpolicies"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-provider-azurerm/helpers/azure"
"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
Expand Down Expand Up @@ -543,7 +544,7 @@ func resourceApplicationGateway() *pluginsdk.Resource {
"firewall_policy_id": {
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: networkValidate.ApplicationGatewayWebApplicationFirewallPolicyID,
ValidateFunc: webapplicationfirewallpolicies.ValidateApplicationGatewayWebApplicationFirewallPolicyID,
},

"ssl_profile_name": {
Expand Down Expand Up @@ -1355,7 +1356,7 @@ func resourceApplicationGateway() *pluginsdk.Resource {
"firewall_policy_id": {
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: networkValidate.ApplicationGatewayWebApplicationFirewallPolicyID,
ValidateFunc: webapplicationfirewallpolicies.ValidateApplicationGatewayWebApplicationFirewallPolicyID,
},
},
},
Expand Down Expand Up @@ -1507,7 +1508,7 @@ func resourceApplicationGateway() *pluginsdk.Resource {
"firewall_policy_id": {
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: networkValidate.ApplicationGatewayWebApplicationFirewallPolicyID,
ValidateFunc: webapplicationfirewallpolicies.ValidateApplicationGatewayWebApplicationFirewallPolicyID,
},

"custom_error_configuration": {
Expand Down Expand Up @@ -2184,7 +2185,7 @@ func resourceApplicationGatewayRead(d *pluginsdk.ResourceData, meta interface{})
firewallPolicyId := ""
if props.FirewallPolicy != nil && props.FirewallPolicy.ID != nil {
firewallPolicyId = *props.FirewallPolicy.ID
policyId, err := parse.ApplicationGatewayWebApplicationFirewallPolicyIDInsensitively(firewallPolicyId)
policyId, err := webapplicationfirewallpolicies.ParseApplicationGatewayWebApplicationFirewallPolicyIDInsensitively(firewallPolicyId)
if err == nil {
firewallPolicyId = policyId.ID()
}
Expand Down Expand Up @@ -2920,7 +2921,11 @@ func flattenApplicationGatewayHTTPListeners(input *[]network.ApplicationGatewayH
}

if fwp := props.FirewallPolicy; fwp != nil && fwp.ID != nil {
output["firewall_policy_id"] = *fwp.ID
policyId, err := webapplicationfirewallpolicies.ParseApplicationGatewayWebApplicationFirewallPolicyIDInsensitively(*fwp.ID)
if err != nil {
return nil, err
}
output["firewall_policy_id"] = policyId.ID()
}

if sslp := props.SslProfile; sslp != nil {
Expand Down Expand Up @@ -4537,7 +4542,11 @@ func flattenApplicationGatewayURLPathMaps(input *[]network.ApplicationGatewayURL
}

if fwp := ruleProps.FirewallPolicy; fwp != nil && fwp.ID != nil {
ruleOutput["firewall_policy_id"] = *fwp.ID
policyId, err := webapplicationfirewallpolicies.ParseApplicationGatewayWebApplicationFirewallPolicyIDInsensitively(*fwp.ID)
if err != nil {
return nil, err
}
ruleOutput["firewall_policy_id"] = policyId.ID()
}

pathOutputs := make([]interface{}, 0)
Expand Down
5 changes: 0 additions & 5 deletions internal/services/network/client/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,6 @@ type Client struct {
VpnServerConfigurationsClient *network.VpnServerConfigurationsClient
VpnSitesClient *network.VpnSitesClient
WatcherClient *network.WatchersClient
WebApplicationFirewallPoliciesClient *network.WebApplicationFirewallPoliciesClient
}

func NewClient(o *common.ClientOptions) (*Client, error) {
Expand Down Expand Up @@ -205,9 +204,6 @@ func NewClient(o *common.ClientOptions) (*Client, error) {
WatcherClient := network.NewWatchersClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&WatcherClient.Client, o.ResourceManagerAuthorizer)

WebApplicationFirewallPoliciesClient := network.NewWebApplicationFirewallPoliciesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&WebApplicationFirewallPoliciesClient.Client, o.ResourceManagerAuthorizer)

ServiceAssociationLinkClient := network.NewServiceAssociationLinksClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&ServiceAssociationLinkClient.Client, o.ResourceManagerAuthorizer)

Expand Down Expand Up @@ -268,7 +264,6 @@ func NewClient(o *common.ClientOptions) (*Client, error) {
VpnServerConfigurationsClient: &vpnServerConfigurationsClient,
VpnSitesClient: &vpnSitesClient,
WatcherClient: &WatcherClient,
WebApplicationFirewallPoliciesClient: &WebApplicationFirewallPoliciesClient,
PrivateDnsZoneGroupClient: &PrivateDnsZoneGroupClient,
PrivateLinkServiceClient: &PrivateLinkServiceClient,
ServiceAssociationLinkClient: &ServiceAssociationLinkClient,
Expand Down
264 changes: 264 additions & 0 deletions internal/services/network/migration/web_application_firewall_policy.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,264 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package migration

import (
"context"
"fmt"
"log"

"github.com/hashicorp/go-azure-sdk/resource-manager/network/2023-02-01/webapplicationfirewallpolicies"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
)

var _ pluginsdk.StateUpgrade = WebApplicationFirewallPolicyV0ToV1{}

type WebApplicationFirewallPolicyV0ToV1 struct{}

func (WebApplicationFirewallPolicyV0ToV1) Schema() map[string]*pluginsdk.Schema {
return map[string]*pluginsdk.Schema{
"custom_rules": {
Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{
"action": {
Required: true,
Type: pluginsdk.TypeString,
},
"match_conditions": {
Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{
"match_values": {
Elem: &pluginsdk.Schema{Type: pluginsdk.TypeString},
Optional: true,
Type: pluginsdk.TypeList,
},
"match_variables": {
Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{
"selector": {
Optional: true,
Type: pluginsdk.TypeString,
},
"variable_name": {
Required: true,
Type: pluginsdk.TypeString,
},
}},
Required: true,
Type: pluginsdk.TypeList,
},
"negation_condition": {
Optional: true,
Type: pluginsdk.TypeBool,
},
"operator": {
Required: true,
Type: pluginsdk.TypeString,
},
"transforms": {
Elem: &pluginsdk.Schema{Type: pluginsdk.TypeString},
Optional: true,
Type: pluginsdk.TypeSet,
},
}},
Required: true,
Type: pluginsdk.TypeList,
},
"name": {
Optional: true,
Type: pluginsdk.TypeString,
},
"priority": {
Required: true,
Type: pluginsdk.TypeInt,
},
"rule_type": {
Required: true,
Type: pluginsdk.TypeString,
},
}},
Optional: true,
Type: pluginsdk.TypeList,
},
"http_listener_ids": {
Computed: true,
Elem: &pluginsdk.Schema{Type: pluginsdk.TypeString},
Type: pluginsdk.TypeList,
},
"location": {
ForceNew: true,
Required: true,
Type: pluginsdk.TypeString,
},
"managed_rules": {
Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{
"exclusion": {
Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{
"excluded_rule_set": {
Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{
"rule_group": {
Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{
"excluded_rules": {
Elem: &pluginsdk.Schema{Type: pluginsdk.TypeString},
Optional: true,
Type: pluginsdk.TypeList,
},
"rule_group_name": {
Required: true,
Type: pluginsdk.TypeString,
},
}},
Optional: true,
Type: pluginsdk.TypeList,
},
"type": {
Optional: true,
Type: pluginsdk.TypeString,
},
"version": {
Optional: true,
Type: pluginsdk.TypeString,
},
}},
Optional: true,
Type: pluginsdk.TypeList,
},
"match_variable": {
Required: true,
Type: pluginsdk.TypeString,
},
"selector": {
Required: true,
Type: pluginsdk.TypeString,
},
"selector_match_operator": {
Required: true,
Type: pluginsdk.TypeString,
},
}},
Optional: true,
Type: pluginsdk.TypeList,
},
"managed_rule_set": {
Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{
"rule_group_override": {
Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{
"disabled_rules": {
Computed: true,
Elem: &pluginsdk.Schema{Type: pluginsdk.TypeString},
Optional: true,
Type: pluginsdk.TypeList,
},
"rule": {
Computed: true,
Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{
"action": {
Optional: true,
Type: pluginsdk.TypeString,
},
"enabled": {
Optional: true,
Type: pluginsdk.TypeBool,
},
"id": {
Required: true,
Type: pluginsdk.TypeString,
},
}},
Optional: true,
Type: pluginsdk.TypeList,
},
"rule_group_name": {
Required: true,
Type: pluginsdk.TypeString,
},
}},
Optional: true,
Type: pluginsdk.TypeList,
},
"type": {
Optional: true,
Type: pluginsdk.TypeString,
},
"version": {
Required: true,
Type: pluginsdk.TypeString,
},
}},
Required: true,
Type: pluginsdk.TypeList,
},
}},
Required: true,
Type: pluginsdk.TypeList,
},
"name": {
ForceNew: true,
Required: true,
Type: pluginsdk.TypeString,
},
"path_based_rule_ids": {
Computed: true,
Elem: &pluginsdk.Schema{Type: pluginsdk.TypeString},
Type: pluginsdk.TypeList,
},
"policy_settings": {
Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{
"enabled": {
Optional: true,
Type: pluginsdk.TypeBool,
},
"file_upload_limit_in_mb": {
Optional: true,
Type: pluginsdk.TypeInt,
},
"max_request_body_size_in_kb": {
Optional: true,
Type: pluginsdk.TypeInt,
},
"mode": {
Optional: true,
Type: pluginsdk.TypeString,
},
"request_body_check": {
Optional: true,
Type: pluginsdk.TypeBool,
},
}},
Optional: true,
Type: pluginsdk.TypeList,
},
"resource_group_name": {
ForceNew: true,
Required: true,
Type: pluginsdk.TypeString,
},
"tags": {
Elem: &pluginsdk.Schema{Type: pluginsdk.TypeString},
Optional: true,
Type: pluginsdk.TypeMap,
},
}
}

func (WebApplicationFirewallPolicyV0ToV1) UpgradeFunc() pluginsdk.StateUpgraderFunc {
return func(ctx context.Context, rawState map[string]interface{}, meta interface{}) (map[string]interface{}, error) {
log.Printf("[Debug] start upgrade web application firewall policy id")
oldID := rawState["id"].(string)
if newID, err := normalizeWebAppFirewallPolicyID(oldID); err != nil {
return nil, err
} else if newID != nil {
rawState["id"] = *newID
}
return rawState, nil
}
}

func normalizeWebAppFirewallPolicyID(id string) (*string, error) {
if id == "" {
return nil, nil
}
parseID, err := webapplicationfirewallpolicies.ParseApplicationGatewayWebApplicationFirewallPolicyIDInsensitively(id)
if err != nil {
return nil, fmt.Errorf("prase id: %v", err)
}
normalizedID := parseID.ID()
return &normalizedID, nil
}
Loading

0 comments on commit 17c2a5a

Please sign in to comment.