diff --git a/internal/services/network/application_gateway_resource.go b/internal/services/network/application_gateway_resource.go index 4fd1bacd9b68..39a7c65a26ba 100644 --- a/internal/services/network/application_gateway_resource.go +++ b/internal/services/network/application_gateway_resource.go @@ -16,6 +16,7 @@ import ( "github.com/hashicorp/go-azure-helpers/resourcemanager/identity" "github.com/hashicorp/go-azure-helpers/resourcemanager/location" "github.com/hashicorp/go-azure-helpers/resourcemanager/zones" + "github.com/hashicorp/go-azure-sdk/resource-manager/network/2023-02-01/webapplicationfirewallpolicies" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-azurerm/helpers/azure" "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" @@ -543,7 +544,7 @@ func resourceApplicationGateway() *pluginsdk.Resource { "firewall_policy_id": { Type: pluginsdk.TypeString, Optional: true, - ValidateFunc: networkValidate.ApplicationGatewayWebApplicationFirewallPolicyID, + ValidateFunc: webapplicationfirewallpolicies.ValidateApplicationGatewayWebApplicationFirewallPolicyID, }, "ssl_profile_name": { @@ -1355,7 +1356,7 @@ func resourceApplicationGateway() *pluginsdk.Resource { "firewall_policy_id": { Type: pluginsdk.TypeString, Optional: true, - ValidateFunc: networkValidate.ApplicationGatewayWebApplicationFirewallPolicyID, + ValidateFunc: webapplicationfirewallpolicies.ValidateApplicationGatewayWebApplicationFirewallPolicyID, }, }, }, @@ -1507,7 +1508,7 @@ func resourceApplicationGateway() *pluginsdk.Resource { "firewall_policy_id": { Type: pluginsdk.TypeString, Optional: true, - ValidateFunc: networkValidate.ApplicationGatewayWebApplicationFirewallPolicyID, + ValidateFunc: webapplicationfirewallpolicies.ValidateApplicationGatewayWebApplicationFirewallPolicyID, }, "custom_error_configuration": { @@ -2184,7 +2185,7 @@ func resourceApplicationGatewayRead(d *pluginsdk.ResourceData, meta interface{}) firewallPolicyId := "" if props.FirewallPolicy != nil && props.FirewallPolicy.ID != nil { firewallPolicyId = *props.FirewallPolicy.ID - policyId, err := parse.ApplicationGatewayWebApplicationFirewallPolicyIDInsensitively(firewallPolicyId) + policyId, err := webapplicationfirewallpolicies.ParseApplicationGatewayWebApplicationFirewallPolicyIDInsensitively(firewallPolicyId) if err == nil { firewallPolicyId = policyId.ID() } @@ -2920,7 +2921,11 @@ func flattenApplicationGatewayHTTPListeners(input *[]network.ApplicationGatewayH } if fwp := props.FirewallPolicy; fwp != nil && fwp.ID != nil { - output["firewall_policy_id"] = *fwp.ID + policyId, err := webapplicationfirewallpolicies.ParseApplicationGatewayWebApplicationFirewallPolicyIDInsensitively(*fwp.ID) + if err != nil { + return nil, err + } + output["firewall_policy_id"] = policyId.ID() } if sslp := props.SslProfile; sslp != nil { @@ -4537,7 +4542,11 @@ func flattenApplicationGatewayURLPathMaps(input *[]network.ApplicationGatewayURL } if fwp := ruleProps.FirewallPolicy; fwp != nil && fwp.ID != nil { - ruleOutput["firewall_policy_id"] = *fwp.ID + policyId, err := webapplicationfirewallpolicies.ParseApplicationGatewayWebApplicationFirewallPolicyIDInsensitively(*fwp.ID) + if err != nil { + return nil, err + } + ruleOutput["firewall_policy_id"] = policyId.ID() } pathOutputs := make([]interface{}, 0) diff --git a/internal/services/network/client/client.go b/internal/services/network/client/client.go index d410a5df1faf..6b5283bfb6f9 100644 --- a/internal/services/network/client/client.go +++ b/internal/services/network/client/client.go @@ -63,7 +63,6 @@ type Client struct { VpnServerConfigurationsClient *network.VpnServerConfigurationsClient VpnSitesClient *network.VpnSitesClient WatcherClient *network.WatchersClient - WebApplicationFirewallPoliciesClient *network.WebApplicationFirewallPoliciesClient } func NewClient(o *common.ClientOptions) (*Client, error) { @@ -205,9 +204,6 @@ func NewClient(o *common.ClientOptions) (*Client, error) { WatcherClient := network.NewWatchersClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId) o.ConfigureClient(&WatcherClient.Client, o.ResourceManagerAuthorizer) - WebApplicationFirewallPoliciesClient := network.NewWebApplicationFirewallPoliciesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId) - o.ConfigureClient(&WebApplicationFirewallPoliciesClient.Client, o.ResourceManagerAuthorizer) - ServiceAssociationLinkClient := network.NewServiceAssociationLinksClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId) o.ConfigureClient(&ServiceAssociationLinkClient.Client, o.ResourceManagerAuthorizer) @@ -268,7 +264,6 @@ func NewClient(o *common.ClientOptions) (*Client, error) { VpnServerConfigurationsClient: &vpnServerConfigurationsClient, VpnSitesClient: &vpnSitesClient, WatcherClient: &WatcherClient, - WebApplicationFirewallPoliciesClient: &WebApplicationFirewallPoliciesClient, PrivateDnsZoneGroupClient: &PrivateDnsZoneGroupClient, PrivateLinkServiceClient: &PrivateLinkServiceClient, ServiceAssociationLinkClient: &ServiceAssociationLinkClient, diff --git a/internal/services/network/migration/web_application_firewall_policy.go b/internal/services/network/migration/web_application_firewall_policy.go new file mode 100644 index 000000000000..0a5dd04a2cda --- /dev/null +++ b/internal/services/network/migration/web_application_firewall_policy.go @@ -0,0 +1,264 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 +package migration + +import ( + "context" + "fmt" + "log" + + "github.com/hashicorp/go-azure-sdk/resource-manager/network/2023-02-01/webapplicationfirewallpolicies" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" +) + +var _ pluginsdk.StateUpgrade = WebApplicationFirewallPolicyV0ToV1{} + +type WebApplicationFirewallPolicyV0ToV1 struct{} + +func (WebApplicationFirewallPolicyV0ToV1) Schema() map[string]*pluginsdk.Schema { + return map[string]*pluginsdk.Schema{ + "custom_rules": { + Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{ + "action": { + Required: true, + Type: pluginsdk.TypeString, + }, + "match_conditions": { + Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{ + "match_values": { + Elem: &pluginsdk.Schema{Type: pluginsdk.TypeString}, + Optional: true, + Type: pluginsdk.TypeList, + }, + "match_variables": { + Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{ + "selector": { + Optional: true, + Type: pluginsdk.TypeString, + }, + "variable_name": { + Required: true, + Type: pluginsdk.TypeString, + }, + }}, + Required: true, + Type: pluginsdk.TypeList, + }, + "negation_condition": { + Optional: true, + Type: pluginsdk.TypeBool, + }, + "operator": { + Required: true, + Type: pluginsdk.TypeString, + }, + "transforms": { + Elem: &pluginsdk.Schema{Type: pluginsdk.TypeString}, + Optional: true, + Type: pluginsdk.TypeSet, + }, + }}, + Required: true, + Type: pluginsdk.TypeList, + }, + "name": { + Optional: true, + Type: pluginsdk.TypeString, + }, + "priority": { + Required: true, + Type: pluginsdk.TypeInt, + }, + "rule_type": { + Required: true, + Type: pluginsdk.TypeString, + }, + }}, + Optional: true, + Type: pluginsdk.TypeList, + }, + "http_listener_ids": { + Computed: true, + Elem: &pluginsdk.Schema{Type: pluginsdk.TypeString}, + Type: pluginsdk.TypeList, + }, + "location": { + ForceNew: true, + Required: true, + Type: pluginsdk.TypeString, + }, + "managed_rules": { + Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{ + "exclusion": { + Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{ + "excluded_rule_set": { + Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{ + "rule_group": { + Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{ + "excluded_rules": { + Elem: &pluginsdk.Schema{Type: pluginsdk.TypeString}, + Optional: true, + Type: pluginsdk.TypeList, + }, + "rule_group_name": { + Required: true, + Type: pluginsdk.TypeString, + }, + }}, + Optional: true, + Type: pluginsdk.TypeList, + }, + "type": { + Optional: true, + Type: pluginsdk.TypeString, + }, + "version": { + Optional: true, + Type: pluginsdk.TypeString, + }, + }}, + Optional: true, + Type: pluginsdk.TypeList, + }, + "match_variable": { + Required: true, + Type: pluginsdk.TypeString, + }, + "selector": { + Required: true, + Type: pluginsdk.TypeString, + }, + "selector_match_operator": { + Required: true, + Type: pluginsdk.TypeString, + }, + }}, + Optional: true, + Type: pluginsdk.TypeList, + }, + "managed_rule_set": { + Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{ + "rule_group_override": { + Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{ + "disabled_rules": { + Computed: true, + Elem: &pluginsdk.Schema{Type: pluginsdk.TypeString}, + Optional: true, + Type: pluginsdk.TypeList, + }, + "rule": { + Computed: true, + Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{ + "action": { + Optional: true, + Type: pluginsdk.TypeString, + }, + "enabled": { + Optional: true, + Type: pluginsdk.TypeBool, + }, + "id": { + Required: true, + Type: pluginsdk.TypeString, + }, + }}, + Optional: true, + Type: pluginsdk.TypeList, + }, + "rule_group_name": { + Required: true, + Type: pluginsdk.TypeString, + }, + }}, + Optional: true, + Type: pluginsdk.TypeList, + }, + "type": { + Optional: true, + Type: pluginsdk.TypeString, + }, + "version": { + Required: true, + Type: pluginsdk.TypeString, + }, + }}, + Required: true, + Type: pluginsdk.TypeList, + }, + }}, + Required: true, + Type: pluginsdk.TypeList, + }, + "name": { + ForceNew: true, + Required: true, + Type: pluginsdk.TypeString, + }, + "path_based_rule_ids": { + Computed: true, + Elem: &pluginsdk.Schema{Type: pluginsdk.TypeString}, + Type: pluginsdk.TypeList, + }, + "policy_settings": { + Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{ + "enabled": { + Optional: true, + Type: pluginsdk.TypeBool, + }, + "file_upload_limit_in_mb": { + Optional: true, + Type: pluginsdk.TypeInt, + }, + "max_request_body_size_in_kb": { + Optional: true, + Type: pluginsdk.TypeInt, + }, + "mode": { + Optional: true, + Type: pluginsdk.TypeString, + }, + "request_body_check": { + Optional: true, + Type: pluginsdk.TypeBool, + }, + }}, + Optional: true, + Type: pluginsdk.TypeList, + }, + "resource_group_name": { + ForceNew: true, + Required: true, + Type: pluginsdk.TypeString, + }, + "tags": { + Elem: &pluginsdk.Schema{Type: pluginsdk.TypeString}, + Optional: true, + Type: pluginsdk.TypeMap, + }, + } +} + +func (WebApplicationFirewallPolicyV0ToV1) UpgradeFunc() pluginsdk.StateUpgraderFunc { + return func(ctx context.Context, rawState map[string]interface{}, meta interface{}) (map[string]interface{}, error) { + log.Printf("[Debug] start upgrade web application firewall policy id") + oldID := rawState["id"].(string) + if newID, err := normalizeWebAppFirewallPolicyID(oldID); err != nil { + return nil, err + } else if newID != nil { + rawState["id"] = *newID + } + return rawState, nil + } +} + +func normalizeWebAppFirewallPolicyID(id string) (*string, error) { + if id == "" { + return nil, nil + } + parseID, err := webapplicationfirewallpolicies.ParseApplicationGatewayWebApplicationFirewallPolicyIDInsensitively(id) + if err != nil { + return nil, fmt.Errorf("prase id: %v", err) + } + normalizedID := parseID.ID() + return &normalizedID, nil +} diff --git a/internal/services/network/parse/application_gateway_web_application_firewall_policy.go b/internal/services/network/parse/application_gateway_web_application_firewall_policy.go deleted file mode 100644 index e8b5e3e7692c..000000000000 --- a/internal/services/network/parse/application_gateway_web_application_firewall_policy.go +++ /dev/null @@ -1,116 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package parse - -// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten - -import ( - "fmt" - "strings" - - "github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids" -) - -type ApplicationGatewayWebApplicationFirewallPolicyId struct { - SubscriptionId string - ResourceGroup string - Name string -} - -func NewApplicationGatewayWebApplicationFirewallPolicyID(subscriptionId, resourceGroup, name string) ApplicationGatewayWebApplicationFirewallPolicyId { - return ApplicationGatewayWebApplicationFirewallPolicyId{ - SubscriptionId: subscriptionId, - ResourceGroup: resourceGroup, - Name: name, - } -} - -func (id ApplicationGatewayWebApplicationFirewallPolicyId) String() string { - segments := []string{ - fmt.Sprintf("Name %q", id.Name), - fmt.Sprintf("Resource Group %q", id.ResourceGroup), - } - segmentsStr := strings.Join(segments, " / ") - return fmt.Sprintf("%s: (%s)", "Application Gateway Web Application Firewall Policy", segmentsStr) -} - -func (id ApplicationGatewayWebApplicationFirewallPolicyId) ID() string { - fmtString := "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/%s" - return fmt.Sprintf(fmtString, id.SubscriptionId, id.ResourceGroup, id.Name) -} - -// ApplicationGatewayWebApplicationFirewallPolicyID parses a ApplicationGatewayWebApplicationFirewallPolicy ID into an ApplicationGatewayWebApplicationFirewallPolicyId struct -func ApplicationGatewayWebApplicationFirewallPolicyID(input string) (*ApplicationGatewayWebApplicationFirewallPolicyId, error) { - id, err := resourceids.ParseAzureResourceID(input) - if err != nil { - return nil, fmt.Errorf("parsing %q as an ApplicationGatewayWebApplicationFirewallPolicy ID: %+v", input, err) - } - - resourceId := ApplicationGatewayWebApplicationFirewallPolicyId{ - SubscriptionId: id.SubscriptionID, - ResourceGroup: id.ResourceGroup, - } - - if resourceId.SubscriptionId == "" { - return nil, fmt.Errorf("ID was missing the 'subscriptions' element") - } - - if resourceId.ResourceGroup == "" { - return nil, fmt.Errorf("ID was missing the 'resourceGroups' element") - } - - if resourceId.Name, err = id.PopSegment("ApplicationGatewayWebApplicationFirewallPolicies"); err != nil { - return nil, err - } - - if err := id.ValidateNoEmptySegments(input); err != nil { - return nil, err - } - - return &resourceId, nil -} - -// ApplicationGatewayWebApplicationFirewallPolicyIDInsensitively parses an ApplicationGatewayWebApplicationFirewallPolicy ID into an ApplicationGatewayWebApplicationFirewallPolicyId struct, insensitively -// This should only be used to parse an ID for rewriting, the ApplicationGatewayWebApplicationFirewallPolicyID -// method should be used instead for validation etc. -// -// Whilst this may seem strange, this enables Terraform have consistent casing -// which works around issues in Core, whilst handling broken API responses. -func ApplicationGatewayWebApplicationFirewallPolicyIDInsensitively(input string) (*ApplicationGatewayWebApplicationFirewallPolicyId, error) { - id, err := resourceids.ParseAzureResourceID(input) - if err != nil { - return nil, err - } - - resourceId := ApplicationGatewayWebApplicationFirewallPolicyId{ - SubscriptionId: id.SubscriptionID, - ResourceGroup: id.ResourceGroup, - } - - if resourceId.SubscriptionId == "" { - return nil, fmt.Errorf("ID was missing the 'subscriptions' element") - } - - if resourceId.ResourceGroup == "" { - return nil, fmt.Errorf("ID was missing the 'resourceGroups' element") - } - - // find the correct casing for the 'ApplicationGatewayWebApplicationFirewallPolicies' segment - ApplicationGatewayWebApplicationFirewallPoliciesKey := "ApplicationGatewayWebApplicationFirewallPolicies" - for key := range id.Path { - if strings.EqualFold(key, ApplicationGatewayWebApplicationFirewallPoliciesKey) { - ApplicationGatewayWebApplicationFirewallPoliciesKey = key - break - } - } - if resourceId.Name, err = id.PopSegment(ApplicationGatewayWebApplicationFirewallPoliciesKey); err != nil { - return nil, err - } - - if err := id.ValidateNoEmptySegments(input); err != nil { - return nil, err - } - - return &resourceId, nil -} diff --git a/internal/services/network/parse/application_gateway_web_application_firewall_policy_test.go b/internal/services/network/parse/application_gateway_web_application_firewall_policy_test.go deleted file mode 100644 index 490700b6a238..000000000000 --- a/internal/services/network/parse/application_gateway_web_application_firewall_policy_test.go +++ /dev/null @@ -1,232 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package parse - -// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten - -import ( - "testing" - - "github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids" -) - -var _ resourceids.Id = ApplicationGatewayWebApplicationFirewallPolicyId{} - -func TestApplicationGatewayWebApplicationFirewallPolicyIDFormatter(t *testing.T) { - actual := NewApplicationGatewayWebApplicationFirewallPolicyID("12345678-1234-9876-4563-123456789012", "resGroup1", "applicationGatewayWebApplicationFirewallPolicy1").ID() - expected := "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/applicationGatewayWebApplicationFirewallPolicy1" - if actual != expected { - t.Fatalf("Expected %q but got %q", expected, actual) - } -} - -func TestApplicationGatewayWebApplicationFirewallPolicyID(t *testing.T) { - testData := []struct { - Input string - Error bool - Expected *ApplicationGatewayWebApplicationFirewallPolicyId - }{ - - { - // empty - Input: "", - Error: true, - }, - - { - // missing SubscriptionId - Input: "/", - Error: true, - }, - - { - // missing value for SubscriptionId - Input: "/subscriptions/", - Error: true, - }, - - { - // missing ResourceGroup - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/", - Error: true, - }, - - { - // missing value for ResourceGroup - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/", - Error: true, - }, - - { - // missing Name - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/", - Error: true, - }, - - { - // missing value for Name - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/", - Error: true, - }, - - { - // valid - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/applicationGatewayWebApplicationFirewallPolicy1", - Expected: &ApplicationGatewayWebApplicationFirewallPolicyId{ - SubscriptionId: "12345678-1234-9876-4563-123456789012", - ResourceGroup: "resGroup1", - Name: "applicationGatewayWebApplicationFirewallPolicy1", - }, - }, - - { - // upper-cased - Input: "/SUBSCRIPTIONS/12345678-1234-9876-4563-123456789012/RESOURCEGROUPS/RESGROUP1/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYWEBAPPLICATIONFIREWALLPOLICIES/APPLICATIONGATEWAYWEBAPPLICATIONFIREWALLPOLICY1", - Error: true, - }, - } - - for _, v := range testData { - t.Logf("[DEBUG] Testing %q", v.Input) - - actual, err := ApplicationGatewayWebApplicationFirewallPolicyID(v.Input) - if err != nil { - if v.Error { - continue - } - - t.Fatalf("Expect a value but got an error: %s", err) - } - if v.Error { - t.Fatal("Expect an error but didn't get one") - } - - if actual.SubscriptionId != v.Expected.SubscriptionId { - t.Fatalf("Expected %q but got %q for SubscriptionId", v.Expected.SubscriptionId, actual.SubscriptionId) - } - if actual.ResourceGroup != v.Expected.ResourceGroup { - t.Fatalf("Expected %q but got %q for ResourceGroup", v.Expected.ResourceGroup, actual.ResourceGroup) - } - if actual.Name != v.Expected.Name { - t.Fatalf("Expected %q but got %q for Name", v.Expected.Name, actual.Name) - } - } -} - -func TestApplicationGatewayWebApplicationFirewallPolicyIDInsensitively(t *testing.T) { - testData := []struct { - Input string - Error bool - Expected *ApplicationGatewayWebApplicationFirewallPolicyId - }{ - - { - // empty - Input: "", - Error: true, - }, - - { - // missing SubscriptionId - Input: "/", - Error: true, - }, - - { - // missing value for SubscriptionId - Input: "/subscriptions/", - Error: true, - }, - - { - // missing ResourceGroup - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/", - Error: true, - }, - - { - // missing value for ResourceGroup - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/", - Error: true, - }, - - { - // missing Name - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/", - Error: true, - }, - - { - // missing value for Name - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/", - Error: true, - }, - - { - // valid - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/applicationGatewayWebApplicationFirewallPolicy1", - Expected: &ApplicationGatewayWebApplicationFirewallPolicyId{ - SubscriptionId: "12345678-1234-9876-4563-123456789012", - ResourceGroup: "resGroup1", - Name: "applicationGatewayWebApplicationFirewallPolicy1", - }, - }, - - { - // lower-cased segment names - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/applicationgatewaywebapplicationfirewallpolicies/applicationGatewayWebApplicationFirewallPolicy1", - Expected: &ApplicationGatewayWebApplicationFirewallPolicyId{ - SubscriptionId: "12345678-1234-9876-4563-123456789012", - ResourceGroup: "resGroup1", - Name: "applicationGatewayWebApplicationFirewallPolicy1", - }, - }, - - { - // upper-cased segment names - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/APPLICATIONGATEWAYWEBAPPLICATIONFIREWALLPOLICIES/applicationGatewayWebApplicationFirewallPolicy1", - Expected: &ApplicationGatewayWebApplicationFirewallPolicyId{ - SubscriptionId: "12345678-1234-9876-4563-123456789012", - ResourceGroup: "resGroup1", - Name: "applicationGatewayWebApplicationFirewallPolicy1", - }, - }, - - { - // mixed-cased segment names - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/ApPlIcAtIoNgAtEwAyWeBaPpLiCaTiOnFiReWaLlPoLiCiEs/applicationGatewayWebApplicationFirewallPolicy1", - Expected: &ApplicationGatewayWebApplicationFirewallPolicyId{ - SubscriptionId: "12345678-1234-9876-4563-123456789012", - ResourceGroup: "resGroup1", - Name: "applicationGatewayWebApplicationFirewallPolicy1", - }, - }, - } - - for _, v := range testData { - t.Logf("[DEBUG] Testing %q", v.Input) - - actual, err := ApplicationGatewayWebApplicationFirewallPolicyIDInsensitively(v.Input) - if err != nil { - if v.Error { - continue - } - - t.Fatalf("Expect a value but got an error: %s", err) - } - if v.Error { - t.Fatal("Expect an error but didn't get one") - } - - if actual.SubscriptionId != v.Expected.SubscriptionId { - t.Fatalf("Expected %q but got %q for SubscriptionId", v.Expected.SubscriptionId, actual.SubscriptionId) - } - if actual.ResourceGroup != v.Expected.ResourceGroup { - t.Fatalf("Expected %q but got %q for ResourceGroup", v.Expected.ResourceGroup, actual.ResourceGroup) - } - if actual.Name != v.Expected.Name { - t.Fatalf("Expected %q but got %q for Name", v.Expected.Name, actual.Name) - } - } -} diff --git a/internal/services/network/resourceids.go b/internal/services/network/resourceids.go index 529260bca5c1..293b43175dea 100644 --- a/internal/services/network/resourceids.go +++ b/internal/services/network/resourceids.go @@ -7,7 +7,6 @@ package network //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=ApplicationGateway -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/applicationGateways/applicationGateway1 //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=ApplicationGatewayHTTPListener -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/applicationGateways/applicationGateway1/httpListeners/httpListener1 //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=ApplicationGatewayURLPathMapPathRule -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/applicationGateways/applicationGateway1/urlPathMaps/urlPathMap1/pathRules/pathRule1 -//go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=ApplicationGatewayWebApplicationFirewallPolicy -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/applicationGatewayWebApplicationFirewallPolicy1 -rewrite=true //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=IpGroup -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/ipGroups/group1 //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=NetworkInterface -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/networkInterfaces/networkInterface1 //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=NetworkSecurityGroup -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/networkSecurityGroups/securityGroup1 -rewrite=true diff --git a/internal/services/network/validate/application_gateway_web_application_firewall_policy_id.go b/internal/services/network/validate/application_gateway_web_application_firewall_policy_id.go deleted file mode 100644 index b1c01078f7a8..000000000000 --- a/internal/services/network/validate/application_gateway_web_application_firewall_policy_id.go +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package validate - -// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten - -import ( - "fmt" - - "github.com/hashicorp/terraform-provider-azurerm/internal/services/network/parse" -) - -func ApplicationGatewayWebApplicationFirewallPolicyID(input interface{}, key string) (warnings []string, errors []error) { - v, ok := input.(string) - if !ok { - errors = append(errors, fmt.Errorf("expected %q to be a string", key)) - return - } - - if _, err := parse.ApplicationGatewayWebApplicationFirewallPolicyID(v); err != nil { - errors = append(errors, err) - } - - return -} diff --git a/internal/services/network/validate/application_gateway_web_application_firewall_policy_id_test.go b/internal/services/network/validate/application_gateway_web_application_firewall_policy_id_test.go deleted file mode 100644 index cdeefde237ba..000000000000 --- a/internal/services/network/validate/application_gateway_web_application_firewall_policy_id_test.go +++ /dev/null @@ -1,79 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package validate - -// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten - -import "testing" - -func TestApplicationGatewayWebApplicationFirewallPolicyID(t *testing.T) { - cases := []struct { - Input string - Valid bool - }{ - - { - // empty - Input: "", - Valid: false, - }, - - { - // missing SubscriptionId - Input: "/", - Valid: false, - }, - - { - // missing value for SubscriptionId - Input: "/subscriptions/", - Valid: false, - }, - - { - // missing ResourceGroup - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/", - Valid: false, - }, - - { - // missing value for ResourceGroup - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/", - Valid: false, - }, - - { - // missing Name - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/", - Valid: false, - }, - - { - // missing value for Name - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/", - Valid: false, - }, - - { - // valid - Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/applicationGatewayWebApplicationFirewallPolicy1", - Valid: true, - }, - - { - // upper-cased - Input: "/SUBSCRIPTIONS/12345678-1234-9876-4563-123456789012/RESOURCEGROUPS/RESGROUP1/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYWEBAPPLICATIONFIREWALLPOLICIES/APPLICATIONGATEWAYWEBAPPLICATIONFIREWALLPOLICY1", - Valid: false, - }, - } - for _, tc := range cases { - t.Logf("[DEBUG] Testing Value %s", tc.Input) - _, errors := ApplicationGatewayWebApplicationFirewallPolicyID(tc.Input, "test") - valid := len(errors) == 0 - - if tc.Valid != valid { - t.Fatalf("Expected %t but got %t", tc.Valid, valid) - } - } -} diff --git a/internal/services/network/web_application_firewall_policy_data_source.go b/internal/services/network/web_application_firewall_policy_data_source.go index 43ac7e7d6cd4..12c3a9870341 100644 --- a/internal/services/network/web_application_firewall_policy_data_source.go +++ b/internal/services/network/web_application_firewall_policy_data_source.go @@ -7,15 +7,15 @@ import ( "fmt" "time" + "github.com/hashicorp/go-azure-helpers/lang/response" "github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema" "github.com/hashicorp/go-azure-helpers/resourcemanager/location" + "github.com/hashicorp/go-azure-helpers/resourcemanager/tags" + "github.com/hashicorp/go-azure-sdk/resource-manager/network/2023-02-01/webapplicationfirewallpolicies" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" - "github.com/hashicorp/terraform-provider-azurerm/internal/services/network/parse" - "github.com/hashicorp/terraform-provider-azurerm/internal/tags" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" "github.com/hashicorp/terraform-provider-azurerm/internal/timeouts" - "github.com/hashicorp/terraform-provider-azurerm/utils" ) func dataWebApplicationFirewallPolicy() *pluginsdk.Resource { @@ -37,32 +37,36 @@ func dataWebApplicationFirewallPolicy() *pluginsdk.Resource { "location": commonschema.LocationComputed(), - "tags": tags.Schema(), + "tags": commonschema.Tags(), }, } } func dataSourceWebApplicationFirewallPolicy(d *pluginsdk.ResourceData, meta interface{}) error { - client := meta.(*clients.Client).Network.WebApplicationFirewallPoliciesClient + client := meta.(*clients.Client).Network.WebApplicationFirewallPolicies subscriptionId := meta.(*clients.Client).Account.SubscriptionId ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() - id := parse.NewApplicationGatewayWebApplicationFirewallPolicyID(subscriptionId, d.Get("resource_group_name").(string), d.Get("name").(string)) - resp, err := client.Get(ctx, id.ResourceGroup, id.Name) + id := webapplicationfirewallpolicies.NewApplicationGatewayWebApplicationFirewallPolicyID(subscriptionId, d.Get("resource_group_name").(string), d.Get("name").(string)) + resp, err := client.Get(ctx, id) if err != nil { - if utils.ResponseWasNotFound(resp.Response) { + if response.WasNotFound(resp.HttpResponse) { return fmt.Errorf("%s was not found", id) } return err } d.SetId(id.ID()) + d.Set("name", id.ApplicationGatewayWebApplicationFirewallPolicyName) + d.Set("resource_group_name", id.ResourceGroupName) - d.Set("name", resp.Name) - d.Set("resource_group_name", id.ResourceGroup) + if model := resp.Model; model != nil { + d.Set("location", location.NormalizeNilable(model.Location)) - d.Set("location", location.NormalizeNilable(resp.Location)) - - return tags.FlattenAndSet(d, resp.Tags) + if err := tags.FlattenAndSet(d, model.Tags); err != nil { + return err + } + } + return nil } diff --git a/internal/services/network/web_application_firewall_policy_resource.go b/internal/services/network/web_application_firewall_policy_resource.go index 91725c8210ae..3533c1eafd70 100644 --- a/internal/services/network/web_application_firewall_policy_resource.go +++ b/internal/services/network/web_application_firewall_policy_resource.go @@ -9,19 +9,22 @@ import ( "log" "time" + "github.com/hashicorp/go-azure-helpers/lang/pointer" + "github.com/hashicorp/go-azure-helpers/lang/response" "github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema" + "github.com/hashicorp/go-azure-helpers/resourcemanager/location" + "github.com/hashicorp/go-azure-helpers/resourcemanager/tags" + "github.com/hashicorp/go-azure-sdk/resource-manager/network/2023-02-01/webapplicationfirewallpolicies" "github.com/hashicorp/terraform-provider-azurerm/helpers/azure" "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" "github.com/hashicorp/terraform-provider-azurerm/internal/features" - "github.com/hashicorp/terraform-provider-azurerm/internal/services/network/parse" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/network/migration" "github.com/hashicorp/terraform-provider-azurerm/internal/services/network/validate" - "github.com/hashicorp/terraform-provider-azurerm/internal/tags" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" "github.com/hashicorp/terraform-provider-azurerm/internal/timeouts" "github.com/hashicorp/terraform-provider-azurerm/utils" - "github.com/tombuildsstuff/kermit/sdk/network/2022-07-01/network" ) func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource { @@ -31,7 +34,7 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource { Update: resourceWebApplicationFirewallPolicyCreateUpdate, Delete: resourceWebApplicationFirewallPolicyDelete, Importer: pluginsdk.ImporterValidatingResourceId(func(id string) error { - _, err := parse.ApplicationGatewayWebApplicationFirewallPolicyID(id) + _, err := webapplicationfirewallpolicies.ParseApplicationGatewayWebApplicationFirewallPolicyID(id) return err }), @@ -42,6 +45,11 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource { Delete: pluginsdk.DefaultTimeout(30 * time.Minute), }, + SchemaVersion: 1, + StateUpgraders: pluginsdk.StateUpgrades(map[int]pluginsdk.StateUpgrade{ + 0: migration.WebApplicationFirewallPolicyV0ToV1{}, + }), + Schema: map[string]*pluginsdk.Schema{ "name": { Type: pluginsdk.TypeString, @@ -63,9 +71,9 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource { Type: pluginsdk.TypeString, Required: true, ValidateFunc: validation.StringInSlice([]string{ - string(network.WebApplicationFirewallActionAllow), - string(network.WebApplicationFirewallActionBlock), - string(network.WebApplicationFirewallActionLog), + string(webapplicationfirewallpolicies.WebApplicationFirewallActionAllow), + string(webapplicationfirewallpolicies.WebApplicationFirewallActionBlock), + string(webapplicationfirewallpolicies.WebApplicationFirewallActionLog), }, false), }, "match_conditions": { @@ -89,14 +97,14 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource { Type: pluginsdk.TypeString, Required: true, ValidateFunc: validation.StringInSlice([]string{ - string(network.WebApplicationFirewallMatchVariableRemoteAddr), - string(network.WebApplicationFirewallMatchVariableRequestMethod), - string(network.WebApplicationFirewallMatchVariableQueryString), - string(network.WebApplicationFirewallMatchVariablePostArgs), - string(network.WebApplicationFirewallMatchVariableRequestURI), - string(network.WebApplicationFirewallMatchVariableRequestHeaders), - string(network.WebApplicationFirewallMatchVariableRequestBody), - string(network.WebApplicationFirewallMatchVariableRequestCookies), + string(webapplicationfirewallpolicies.WebApplicationFirewallMatchVariableRemoteAddr), + string(webapplicationfirewallpolicies.WebApplicationFirewallMatchVariableRequestMethod), + string(webapplicationfirewallpolicies.WebApplicationFirewallMatchVariableQueryString), + string(webapplicationfirewallpolicies.WebApplicationFirewallMatchVariablePostArgs), + string(webapplicationfirewallpolicies.WebApplicationFirewallMatchVariableRequestUri), + string(webapplicationfirewallpolicies.WebApplicationFirewallMatchVariableRequestHeaders), + string(webapplicationfirewallpolicies.WebApplicationFirewallMatchVariableRequestBody), + string(webapplicationfirewallpolicies.WebApplicationFirewallMatchVariableRequestCookies), }, false), }, "selector": { @@ -110,18 +118,18 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource { Type: pluginsdk.TypeString, Required: true, ValidateFunc: validation.StringInSlice([]string{ - string(network.WebApplicationFirewallOperatorAny), - string(network.WebApplicationFirewallOperatorIPMatch), - string(network.WebApplicationFirewallOperatorGeoMatch), - string(network.WebApplicationFirewallOperatorEqual), - string(network.WebApplicationFirewallOperatorContains), - string(network.WebApplicationFirewallOperatorLessThan), - string(network.WebApplicationFirewallOperatorGreaterThan), - string(network.WebApplicationFirewallOperatorLessThanOrEqual), - string(network.WebApplicationFirewallOperatorGreaterThanOrEqual), - string(network.WebApplicationFirewallOperatorBeginsWith), - string(network.WebApplicationFirewallOperatorEndsWith), - string(network.WebApplicationFirewallOperatorRegex), + string(webapplicationfirewallpolicies.WebApplicationFirewallOperatorAny), + string(webapplicationfirewallpolicies.WebApplicationFirewallOperatorIPMatch), + string(webapplicationfirewallpolicies.WebApplicationFirewallOperatorGeoMatch), + string(webapplicationfirewallpolicies.WebApplicationFirewallOperatorEqual), + string(webapplicationfirewallpolicies.WebApplicationFirewallOperatorContains), + string(webapplicationfirewallpolicies.WebApplicationFirewallOperatorLessThan), + string(webapplicationfirewallpolicies.WebApplicationFirewallOperatorGreaterThan), + string(webapplicationfirewallpolicies.WebApplicationFirewallOperatorLessThanOrEqual), + string(webapplicationfirewallpolicies.WebApplicationFirewallOperatorGreaterThanOrEqual), + string(webapplicationfirewallpolicies.WebApplicationFirewallOperatorBeginsWith), + string(webapplicationfirewallpolicies.WebApplicationFirewallOperatorEndsWith), + string(webapplicationfirewallpolicies.WebApplicationFirewallOperatorRegex), }, false), }, "negation_condition": { @@ -134,12 +142,12 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource { Elem: &pluginsdk.Schema{ Type: pluginsdk.TypeString, ValidateFunc: validation.StringInSlice([]string{ - string(network.WebApplicationFirewallTransformHTMLEntityDecode), - string(network.WebApplicationFirewallTransformLowercase), - string(network.WebApplicationFirewallTransformRemoveNulls), - string(network.WebApplicationFirewallTransformTrim), - string(network.WebApplicationFirewallTransformURLDecode), - string(network.WebApplicationFirewallTransformURLEncode), + string(webapplicationfirewallpolicies.WebApplicationFirewallTransformHtmlEntityDecode), + string(webapplicationfirewallpolicies.WebApplicationFirewallTransformLowercase), + string(webapplicationfirewallpolicies.WebApplicationFirewallTransformRemoveNulls), + string(webapplicationfirewallpolicies.WebApplicationFirewallTransformTrim), + string(webapplicationfirewallpolicies.WebApplicationFirewallTransformUrlDecode), + string(webapplicationfirewallpolicies.WebApplicationFirewallTransformUrlEncode), }, false), }, }, @@ -154,8 +162,8 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource { Type: pluginsdk.TypeString, Required: true, ValidateFunc: validation.StringInSlice([]string{ - string(network.WebApplicationFirewallRuleTypeMatchRule), - string(network.WebApplicationFirewallRuleTypeInvalid), + string(webapplicationfirewallpolicies.WebApplicationFirewallRuleTypeMatchRule), + string(webapplicationfirewallpolicies.WebApplicationFirewallRuleTypeInvalid), }, false), }, "name": { @@ -181,15 +189,15 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource { Type: pluginsdk.TypeString, Required: true, ValidateFunc: validation.StringInSlice([]string{ - string(network.OwaspCrsExclusionEntryMatchVariableRequestArgKeys), - string(network.OwaspCrsExclusionEntryMatchVariableRequestArgNames), - string(network.OwaspCrsExclusionEntryMatchVariableRequestArgValues), - string(network.OwaspCrsExclusionEntryMatchVariableRequestCookieKeys), - string(network.OwaspCrsExclusionEntryMatchVariableRequestCookieNames), - string(network.OwaspCrsExclusionEntryMatchVariableRequestCookieValues), - string(network.OwaspCrsExclusionEntryMatchVariableRequestHeaderKeys), - string(network.OwaspCrsExclusionEntryMatchVariableRequestHeaderNames), - string(network.OwaspCrsExclusionEntryMatchVariableRequestHeaderValues), + string(webapplicationfirewallpolicies.OwaspCrsExclusionEntryMatchVariableRequestArgKeys), + string(webapplicationfirewallpolicies.OwaspCrsExclusionEntryMatchVariableRequestArgNames), + string(webapplicationfirewallpolicies.OwaspCrsExclusionEntryMatchVariableRequestArgValues), + string(webapplicationfirewallpolicies.OwaspCrsExclusionEntryMatchVariableRequestCookieKeys), + string(webapplicationfirewallpolicies.OwaspCrsExclusionEntryMatchVariableRequestCookieNames), + string(webapplicationfirewallpolicies.OwaspCrsExclusionEntryMatchVariableRequestCookieValues), + string(webapplicationfirewallpolicies.OwaspCrsExclusionEntryMatchVariableRequestHeaderKeys), + string(webapplicationfirewallpolicies.OwaspCrsExclusionEntryMatchVariableRequestHeaderNames), + string(webapplicationfirewallpolicies.OwaspCrsExclusionEntryMatchVariableRequestHeaderValues), }, false), }, "selector": { @@ -201,11 +209,11 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource { Type: pluginsdk.TypeString, Required: true, ValidateFunc: validation.StringInSlice([]string{ - string(network.OwaspCrsExclusionEntrySelectorMatchOperatorContains), - string(network.OwaspCrsExclusionEntrySelectorMatchOperatorEndsWith), - string(network.OwaspCrsExclusionEntrySelectorMatchOperatorEquals), - string(network.OwaspCrsExclusionEntrySelectorMatchOperatorEqualsAny), - string(network.OwaspCrsExclusionEntrySelectorMatchOperatorStartsWith), + string(webapplicationfirewallpolicies.OwaspCrsExclusionEntrySelectorMatchOperatorContains), + string(webapplicationfirewallpolicies.OwaspCrsExclusionEntrySelectorMatchOperatorEndsWith), + string(webapplicationfirewallpolicies.OwaspCrsExclusionEntrySelectorMatchOperatorEquals), + string(webapplicationfirewallpolicies.OwaspCrsExclusionEntrySelectorMatchOperatorEqualsAny), + string(webapplicationfirewallpolicies.OwaspCrsExclusionEntrySelectorMatchOperatorStartsWith), }, false), }, "excluded_rule_set": { @@ -306,10 +314,10 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource { Type: pluginsdk.TypeString, Optional: true, ValidateFunc: validation.StringInSlice([]string{ - string(network.ActionTypeAllow), - string(network.ActionTypeAnomalyScoring), - string(network.ActionTypeBlock), - string(network.ActionTypeLog), + string(webapplicationfirewallpolicies.ActionTypeAllow), + string(webapplicationfirewallpolicies.ActionTypeAnomalyScoring), + string(webapplicationfirewallpolicies.ActionTypeBlock), + string(webapplicationfirewallpolicies.ActionTypeLog), }, false), }, }, @@ -340,10 +348,10 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource { Type: pluginsdk.TypeString, Optional: true, ValidateFunc: validation.StringInSlice([]string{ - string(network.WebApplicationFirewallModePrevention), - string(network.WebApplicationFirewallModeDetection), + string(webapplicationfirewallpolicies.WebApplicationFirewallModePrevention), + string(webapplicationfirewallpolicies.WebApplicationFirewallModeDetection), }, false), - Default: string(network.WebApplicationFirewallModePrevention), + Default: string(webapplicationfirewallpolicies.WebApplicationFirewallModePrevention), }, "request_body_check": { Type: pluginsdk.TypeBool, @@ -378,7 +386,7 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource { Elem: &pluginsdk.Schema{Type: pluginsdk.TypeString}, }, - "tags": tags.Schema(), + "tags": commonschema.Tags(), }, CustomizeDiff: pluginsdk.CustomizeDiffShim(func(ctx context.Context, diff *pluginsdk.ResourceDiff, v interface{}) error { @@ -417,22 +425,22 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource { } func resourceWebApplicationFirewallPolicyCreateUpdate(d *pluginsdk.ResourceData, meta interface{}) error { - client := meta.(*clients.Client).Network.WebApplicationFirewallPoliciesClient + client := meta.(*clients.Client).Network.WebApplicationFirewallPolicies subscriptionId := meta.(*clients.Client).Account.SubscriptionId ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) defer cancel() - id := parse.NewApplicationGatewayWebApplicationFirewallPolicyID(subscriptionId, d.Get("resource_group_name").(string), d.Get("name").(string)) + id := webapplicationfirewallpolicies.NewApplicationGatewayWebApplicationFirewallPolicyID(subscriptionId, d.Get("resource_group_name").(string), d.Get("name").(string)) if d.IsNewResource() { - resp, err := client.Get(ctx, id.ResourceGroup, id.Name) + resp, err := client.Get(ctx, id) if err != nil { - if !utils.ResponseWasNotFound(resp.Response) { + if !response.WasNotFound(resp.HttpResponse) { return fmt.Errorf("checking for present of existing %s: %+v", id, err) } } - if !utils.ResponseWasNotFound(resp.Response) { - return tf.ImportAsExistsError("azurerm_web_application_firewall_policy", *resp.ID) + if !response.WasNotFound(resp.HttpResponse) { + return tf.ImportAsExistsError("azurerm_web_application_firewall_policy", id.ID()) } } @@ -447,17 +455,17 @@ func resourceWebApplicationFirewallPolicyCreateUpdate(d *pluginsdk.ResourceData, return err } - parameters := network.WebApplicationFirewallPolicy{ + parameters := webapplicationfirewallpolicies.WebApplicationFirewallPolicy{ Location: utils.String(location), - WebApplicationFirewallPolicyPropertiesFormat: &network.WebApplicationFirewallPolicyPropertiesFormat{ + Properties: &webapplicationfirewallpolicies.WebApplicationFirewallPolicyPropertiesFormat{ CustomRules: expandWebApplicationFirewallPolicyWebApplicationFirewallCustomRule(customRules), PolicySettings: expandWebApplicationFirewallPolicyPolicySettings(policySettings), - ManagedRules: expandedManagedRules, + ManagedRules: pointer.From(expandedManagedRules), }, Tags: tags.Expand(t), } - if _, err := client.CreateOrUpdate(ctx, id.ResourceGroup, id.Name, parameters); err != nil { + if _, err := client.CreateOrUpdate(ctx, id, parameters); err != nil { return fmt.Errorf("creating %s: %+v", id, err) } @@ -467,18 +475,18 @@ func resourceWebApplicationFirewallPolicyCreateUpdate(d *pluginsdk.ResourceData, } func resourceWebApplicationFirewallPolicyRead(d *pluginsdk.ResourceData, meta interface{}) error { - client := meta.(*clients.Client).Network.WebApplicationFirewallPoliciesClient + client := meta.(*clients.Client).Network.WebApplicationFirewallPolicies ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() - id, err := parse.ApplicationGatewayWebApplicationFirewallPolicyID(d.Id()) + id, err := webapplicationfirewallpolicies.ParseApplicationGatewayWebApplicationFirewallPolicyID(d.Id()) if err != nil { return err } - resp, err := client.Get(ctx, id.ResourceGroup, id.Name) + resp, err := client.Get(ctx, *id) if err != nil { - if utils.ResponseWasNotFound(resp.Response) { + if !response.WasNotFound(resp.HttpResponse) { log.Printf("[INFO] Web Application Firewall Policy %q does not exist - removing from state", d.Id()) d.SetId("") return nil @@ -486,56 +494,52 @@ func resourceWebApplicationFirewallPolicyRead(d *pluginsdk.ResourceData, meta in return fmt.Errorf("reading %s: %+v", *id, err) } - d.Set("name", id.Name) - d.Set("resource_group_name", id.ResourceGroup) - if location := resp.Location; location != nil { - d.Set("location", azure.NormalizeLocation(*location)) - } - if webApplicationFirewallPolicyPropertiesFormat := resp.WebApplicationFirewallPolicyPropertiesFormat; webApplicationFirewallPolicyPropertiesFormat != nil { - if err := d.Set("custom_rules", flattenWebApplicationFirewallPolicyWebApplicationFirewallCustomRule(webApplicationFirewallPolicyPropertiesFormat.CustomRules)); err != nil { - return fmt.Errorf("setting `custom_rules`: %+v", err) - } - if err := d.Set("policy_settings", flattenWebApplicationFirewallPolicyPolicySettings(webApplicationFirewallPolicyPropertiesFormat.PolicySettings)); err != nil { - return fmt.Errorf("setting `policy_settings`: %+v", err) - } - if err := d.Set("managed_rules", flattenWebApplicationFirewallPolicyManagedRulesDefinition(webApplicationFirewallPolicyPropertiesFormat.ManagedRules)); err != nil { - return fmt.Errorf("setting `managed_rules`: %+v", err) - } - if err := d.Set("http_listener_ids", flattenSubResourcesToIDs(webApplicationFirewallPolicyPropertiesFormat.HTTPListeners)); err != nil { - return fmt.Errorf("setting `http_listeners`: %+v", err) - } - if err := d.Set("path_based_rule_ids", flattenSubResourcesToIDs(webApplicationFirewallPolicyPropertiesFormat.PathBasedRules)); err != nil { - return fmt.Errorf("setting `path_based_rules`: %+v", err) + d.Set("name", id.ApplicationGatewayWebApplicationFirewallPolicyName) + d.Set("resource_group_name", id.ResourceGroupName) + if model := resp.Model; model != nil { + d.Set("location", location.NormalizeNilable(model.Location)) + if prop := model.Properties; prop != nil { + if err := d.Set("custom_rules", flattenWebApplicationFirewallPolicyWebApplicationFirewallCustomRule(prop.CustomRules)); err != nil { + return fmt.Errorf("setting `custom_rules`: %+v", err) + } + if err := d.Set("policy_settings", flattenWebApplicationFirewallPolicyPolicySettings(prop.PolicySettings)); err != nil { + return fmt.Errorf("setting `policy_settings`: %+v", err) + } + if err := d.Set("managed_rules", flattenWebApplicationFirewallPolicyManagedRulesDefinition(prop.ManagedRules)); err != nil { + return fmt.Errorf("setting `managed_rules`: %+v", err) + } + if err := d.Set("http_listener_ids", flattenWebApplicationFirewallPoliciesSubResourcesToIDs(prop.HTTPListeners)); err != nil { + return fmt.Errorf("setting `http_listeners`: %+v", err) + } + if err := d.Set("path_based_rule_ids", flattenWebApplicationFirewallPoliciesSubResourcesToIDs(prop.PathBasedRules)); err != nil { + return fmt.Errorf("setting `path_based_rules`: %+v", err) + } } - } - return tags.FlattenAndSet(d, resp.Tags) + return tags.FlattenAndSet(d, model.Tags) + } + return nil } func resourceWebApplicationFirewallPolicyDelete(d *pluginsdk.ResourceData, meta interface{}) error { - client := meta.(*clients.Client).Network.WebApplicationFirewallPoliciesClient + client := meta.(*clients.Client).Network.WebApplicationFirewallPolicies ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d) defer cancel() - id, err := parse.ApplicationGatewayWebApplicationFirewallPolicyID(d.Id()) + id, err := webapplicationfirewallpolicies.ParseApplicationGatewayWebApplicationFirewallPolicyID(d.Id()) if err != nil { return err } - future, err := client.Delete(ctx, id.ResourceGroup, id.Name) - if err != nil { + if err := client.DeleteThenPoll(ctx, *id); err != nil { return fmt.Errorf("deleting %s: %+v", *id, err) } - if err = future.WaitForCompletionRef(ctx, client.Client); err != nil { - return fmt.Errorf("waiting for the deletion of %s: %+v", *id, err) - } - return nil } -func expandWebApplicationFirewallPolicyWebApplicationFirewallCustomRule(input []interface{}) *[]network.WebApplicationFirewallCustomRule { - results := make([]network.WebApplicationFirewallCustomRule, 0) +func expandWebApplicationFirewallPolicyWebApplicationFirewallCustomRule(input []interface{}) *[]webapplicationfirewallpolicies.WebApplicationFirewallCustomRule { + results := make([]webapplicationfirewallpolicies.WebApplicationFirewallCustomRule, 0) for _, item := range input { v := item.(map[string]interface{}) name := v["name"].(string) @@ -544,12 +548,12 @@ func expandWebApplicationFirewallPolicyWebApplicationFirewallCustomRule(input [] matchConditions := v["match_conditions"].([]interface{}) action := v["action"].(string) - result := network.WebApplicationFirewallCustomRule{ - Action: network.WebApplicationFirewallAction(action), + result := webapplicationfirewallpolicies.WebApplicationFirewallCustomRule{ + Action: webapplicationfirewallpolicies.WebApplicationFirewallAction(action), MatchConditions: expandWebApplicationFirewallPolicyMatchCondition(matchConditions), - Name: utils.String(name), - Priority: utils.Int32(int32(priority)), - RuleType: network.WebApplicationFirewallRuleType(ruleType), + Name: pointer.To(name), + Priority: int64(priority), + RuleType: webapplicationfirewallpolicies.WebApplicationFirewallRuleType(ruleType), } results = append(results, result) @@ -557,32 +561,32 @@ func expandWebApplicationFirewallPolicyWebApplicationFirewallCustomRule(input [] return &results } -func expandWebApplicationFirewallPolicyPolicySettings(input []interface{}) *network.PolicySettings { +func expandWebApplicationFirewallPolicyPolicySettings(input []interface{}) *webapplicationfirewallpolicies.PolicySettings { if len(input) == 0 { return nil } v := input[0].(map[string]interface{}) - enabled := network.WebApplicationFirewallEnabledStateDisabled + enabled := webapplicationfirewallpolicies.WebApplicationFirewallEnabledStateDisabled if value, ok := v["enabled"].(bool); ok && value { - enabled = network.WebApplicationFirewallEnabledStateEnabled + enabled = webapplicationfirewallpolicies.WebApplicationFirewallEnabledStateEnabled } mode := v["mode"].(string) requestBodyCheck := v["request_body_check"].(bool) maxRequestBodySizeInKb := v["max_request_body_size_in_kb"].(int) fileUploadLimitInMb := v["file_upload_limit_in_mb"].(int) - result := network.PolicySettings{ - State: enabled, - Mode: network.WebApplicationFirewallMode(mode), - RequestBodyCheck: utils.Bool(requestBodyCheck), - MaxRequestBodySizeInKb: utils.Int32(int32(maxRequestBodySizeInKb)), - FileUploadLimitInMb: utils.Int32(int32(fileUploadLimitInMb)), + result := webapplicationfirewallpolicies.PolicySettings{ + State: pointer.To(enabled), + Mode: pointer.To(webapplicationfirewallpolicies.WebApplicationFirewallMode(mode)), + RequestBodyCheck: pointer.To(requestBodyCheck), + MaxRequestBodySizeInKb: pointer.To(int64(maxRequestBodySizeInKb)), + FileUploadLimitInMb: pointer.To(int64(fileUploadLimitInMb)), } return &result } -func expandWebApplicationFirewallPolicyManagedRulesDefinition(input []interface{}, d *pluginsdk.ResourceData) (*network.ManagedRulesDefinition, error) { +func expandWebApplicationFirewallPolicyManagedRulesDefinition(input []interface{}, d *pluginsdk.ResourceData) (*webapplicationfirewallpolicies.ManagedRulesDefinition, error) { if len(input) == 0 { return nil, nil } @@ -596,19 +600,19 @@ func expandWebApplicationFirewallPolicyManagedRulesDefinition(input []interface{ return nil, err } - return &network.ManagedRulesDefinition{ + return &webapplicationfirewallpolicies.ManagedRulesDefinition{ Exclusions: expandWebApplicationFirewallPolicyExclusions(exclusions), - ManagedRuleSets: expandedManagedRuleSets, + ManagedRuleSets: *expandedManagedRuleSets, }, nil } -func expandWebApplicationFirewallPolicyExclusionManagedRules(input []interface{}) *[]network.ExclusionManagedRule { - results := make([]network.ExclusionManagedRule, 0) +func expandWebApplicationFirewallPolicyExclusionManagedRules(input []interface{}) *[]webapplicationfirewallpolicies.ExclusionManagedRule { + results := make([]webapplicationfirewallpolicies.ExclusionManagedRule, 0) for _, item := range input { ruleID := item.(string) - result := network.ExclusionManagedRule{ - RuleID: utils.String(ruleID), + result := webapplicationfirewallpolicies.ExclusionManagedRule{ + RuleId: ruleID, } results = append(results, result) @@ -616,15 +620,15 @@ func expandWebApplicationFirewallPolicyExclusionManagedRules(input []interface{} return &results } -func expandWebApplicationFirewallPolicyExclusionManagedRuleGroup(input []interface{}) *[]network.ExclusionManagedRuleGroup { - results := make([]network.ExclusionManagedRuleGroup, 0) +func expandWebApplicationFirewallPolicyExclusionManagedRuleGroup(input []interface{}) *[]webapplicationfirewallpolicies.ExclusionManagedRuleGroup { + results := make([]webapplicationfirewallpolicies.ExclusionManagedRuleGroup, 0) for _, item := range input { v := item.(map[string]interface{}) ruleGroupName := v["rule_group_name"].(string) - result := network.ExclusionManagedRuleGroup{ - RuleGroupName: utils.String(ruleGroupName), + result := webapplicationfirewallpolicies.ExclusionManagedRuleGroup{ + RuleGroupName: ruleGroupName, } if excludedRules := v["excluded_rules"].([]interface{}); len(excludedRules) > 0 { @@ -636,8 +640,8 @@ func expandWebApplicationFirewallPolicyExclusionManagedRuleGroup(input []interfa return &results } -func expandWebApplicationFirewallPolicyExclusionManagedRuleSet(input []interface{}) *[]network.ExclusionManagedRuleSet { - results := make([]network.ExclusionManagedRuleSet, 0) +func expandWebApplicationFirewallPolicyExclusionManagedRuleSet(input []interface{}) *[]webapplicationfirewallpolicies.ExclusionManagedRuleSet { + results := make([]webapplicationfirewallpolicies.ExclusionManagedRuleSet, 0) for _, item := range input { v := item.(map[string]interface{}) @@ -647,9 +651,9 @@ func expandWebApplicationFirewallPolicyExclusionManagedRuleSet(input []interface if value, exists := v["rule_group"]; exists { ruleGroups = value.([]interface{}) } - result := network.ExclusionManagedRuleSet{ - RuleSetType: utils.String(ruleSetType), - RuleSetVersion: utils.String(ruleSetVersion), + result := webapplicationfirewallpolicies.ExclusionManagedRuleSet{ + RuleSetType: ruleSetType, + RuleSetVersion: ruleSetVersion, RuleGroups: expandWebApplicationFirewallPolicyExclusionManagedRuleGroup(ruleGroups), } @@ -658,8 +662,8 @@ func expandWebApplicationFirewallPolicyExclusionManagedRuleSet(input []interface return &results } -func expandWebApplicationFirewallPolicyExclusions(input []interface{}) *[]network.OwaspCrsExclusionEntry { - results := make([]network.OwaspCrsExclusionEntry, 0) +func expandWebApplicationFirewallPolicyExclusions(input []interface{}) *[]webapplicationfirewallpolicies.OwaspCrsExclusionEntry { + results := make([]webapplicationfirewallpolicies.OwaspCrsExclusionEntry, 0) for _, item := range input { v := item.(map[string]interface{}) @@ -668,10 +672,10 @@ func expandWebApplicationFirewallPolicyExclusions(input []interface{}) *[]networ selector := v["selector"].(string) exclusionManagedRuleSets := v["excluded_rule_set"].([]interface{}) - result := network.OwaspCrsExclusionEntry{ - MatchVariable: network.OwaspCrsExclusionEntryMatchVariable(matchVariable), - SelectorMatchOperator: network.OwaspCrsExclusionEntrySelectorMatchOperator(selectorMatchOperator), - Selector: utils.String(selector), + result := webapplicationfirewallpolicies.OwaspCrsExclusionEntry{ + MatchVariable: webapplicationfirewallpolicies.OwaspCrsExclusionEntryMatchVariable(matchVariable), + SelectorMatchOperator: webapplicationfirewallpolicies.OwaspCrsExclusionEntrySelectorMatchOperator(selectorMatchOperator), + Selector: selector, ExclusionManagedRuleSets: expandWebApplicationFirewallPolicyExclusionManagedRuleSet(exclusionManagedRuleSets), } @@ -680,8 +684,8 @@ func expandWebApplicationFirewallPolicyExclusions(input []interface{}) *[]networ return &results } -func expandWebApplicationFirewallPolicyManagedRuleSet(input []interface{}, d *pluginsdk.ResourceData) (*[]network.ManagedRuleSet, error) { - results := make([]network.ManagedRuleSet, 0) +func expandWebApplicationFirewallPolicyManagedRuleSet(input []interface{}, d *pluginsdk.ResourceData) (*[]webapplicationfirewallpolicies.ManagedRuleSet, error) { + results := make([]webapplicationfirewallpolicies.ManagedRuleSet, 0) for i, item := range input { v := item.(map[string]interface{}) @@ -697,9 +701,9 @@ func expandWebApplicationFirewallPolicyManagedRuleSet(input []interface{}, d *pl return nil, err } - result := network.ManagedRuleSet{ - RuleSetType: utils.String(ruleSetType), - RuleSetVersion: utils.String(ruleSetVersion), + result := webapplicationfirewallpolicies.ManagedRuleSet{ + RuleSetType: ruleSetType, + RuleSetVersion: ruleSetVersion, RuleGroupOverrides: expandedRuleGroupOverrides, } @@ -708,15 +712,15 @@ func expandWebApplicationFirewallPolicyManagedRuleSet(input []interface{}, d *pl return &results, nil } -func expandWebApplicationFirewallPolicyRuleGroupOverrides(input []interface{}, d *pluginsdk.ResourceData, managedRuleSetIndex int) (*[]network.ManagedRuleGroupOverride, error) { - results := make([]network.ManagedRuleGroupOverride, 0) +func expandWebApplicationFirewallPolicyRuleGroupOverrides(input []interface{}, d *pluginsdk.ResourceData, managedRuleSetIndex int) (*[]webapplicationfirewallpolicies.ManagedRuleGroupOverride, error) { + results := make([]webapplicationfirewallpolicies.ManagedRuleGroupOverride, 0) for i, item := range input { v := item.(map[string]interface{}) ruleGroupName := v["rule_group_name"].(string) - result := network.ManagedRuleGroupOverride{ - RuleGroupName: utils.String(ruleGroupName), + result := webapplicationfirewallpolicies.ManagedRuleGroupOverride{ + RuleGroupName: ruleGroupName, } if !features.FourPointOhBeta() { @@ -751,14 +755,14 @@ func expandWebApplicationFirewallPolicyRuleGroupOverrides(input []interface{}, d return &results, nil } -func expandWebApplicationFirewallPolicyRules(input []interface{}) *[]network.ManagedRuleOverride { - results := make([]network.ManagedRuleOverride, 0) +func expandWebApplicationFirewallPolicyRules(input []interface{}) *[]webapplicationfirewallpolicies.ManagedRuleOverride { + results := make([]webapplicationfirewallpolicies.ManagedRuleOverride, 0) for _, item := range input { ruleID := item.(string) - result := network.ManagedRuleOverride{ - RuleID: utils.String(ruleID), - State: network.ManagedRuleEnabledStateDisabled, + result := webapplicationfirewallpolicies.ManagedRuleOverride{ + RuleId: ruleID, + State: pointer.To(webapplicationfirewallpolicies.ManagedRuleEnabledStateDisabled), } results = append(results, result) @@ -766,23 +770,23 @@ func expandWebApplicationFirewallPolicyRules(input []interface{}) *[]network.Man return &results } -func expandWebApplicationFirewallPolicyOverrideRules(input []interface{}) *[]network.ManagedRuleOverride { - results := make([]network.ManagedRuleOverride, 0) +func expandWebApplicationFirewallPolicyOverrideRules(input []interface{}) *[]webapplicationfirewallpolicies.ManagedRuleOverride { + results := make([]webapplicationfirewallpolicies.ManagedRuleOverride, 0) for _, item := range input { v := item.(map[string]interface{}) - state := network.ManagedRuleEnabledStateDisabled + state := webapplicationfirewallpolicies.ManagedRuleEnabledStateDisabled if v["enabled"].(bool) { - state = network.ManagedRuleEnabledStateEnabled + state = webapplicationfirewallpolicies.ManagedRuleEnabledStateEnabled } - result := network.ManagedRuleOverride{ - RuleID: utils.String(v["id"].(string)), - State: state, + result := webapplicationfirewallpolicies.ManagedRuleOverride{ + RuleId: v["id"].(string), + State: pointer.To(state), } action := v["action"].(string) if action != "" { - result.Action = network.ActionType(action) + result.Action = pointer.To(webapplicationfirewallpolicies.ActionType(action)) } results = append(results, result) @@ -791,8 +795,8 @@ func expandWebApplicationFirewallPolicyOverrideRules(input []interface{}) *[]net return &results } -func expandWebApplicationFirewallPolicyMatchCondition(input []interface{}) *[]network.MatchCondition { - results := make([]network.MatchCondition, 0) +func expandWebApplicationFirewallPolicyMatchCondition(input []interface{}) []webapplicationfirewallpolicies.MatchCondition { + results := make([]webapplicationfirewallpolicies.MatchCondition, 0) for _, item := range input { v := item.(map[string]interface{}) matchVariables := v["match_variables"].([]interface{}) @@ -801,41 +805,41 @@ func expandWebApplicationFirewallPolicyMatchCondition(input []interface{}) *[]ne matchValues := v["match_values"].([]interface{}) transformsRaw := v["transforms"].(*pluginsdk.Set).List() - var transforms []network.WebApplicationFirewallTransform + var transforms []webapplicationfirewallpolicies.WebApplicationFirewallTransform for _, trans := range transformsRaw { - transforms = append(transforms, network.WebApplicationFirewallTransform(trans.(string))) + transforms = append(transforms, webapplicationfirewallpolicies.WebApplicationFirewallTransform(trans.(string))) } - result := network.MatchCondition{ - MatchValues: utils.ExpandStringSlice(matchValues), + result := webapplicationfirewallpolicies.MatchCondition{ + MatchValues: pointer.From(utils.ExpandStringSlice(matchValues)), MatchVariables: expandWebApplicationFirewallPolicyMatchVariable(matchVariables), NegationConditon: utils.Bool(negationCondition), - Operator: network.WebApplicationFirewallOperator(operator), + Operator: webapplicationfirewallpolicies.WebApplicationFirewallOperator(operator), Transforms: &transforms, } results = append(results, result) } - return &results + return results } -func expandWebApplicationFirewallPolicyMatchVariable(input []interface{}) *[]network.MatchVariable { - results := make([]network.MatchVariable, 0) +func expandWebApplicationFirewallPolicyMatchVariable(input []interface{}) []webapplicationfirewallpolicies.MatchVariable { + results := make([]webapplicationfirewallpolicies.MatchVariable, 0) for _, item := range input { v := item.(map[string]interface{}) variableName := v["variable_name"].(string) selector := v["selector"].(string) - result := network.MatchVariable{ + result := webapplicationfirewallpolicies.MatchVariable{ Selector: utils.String(selector), - VariableName: network.WebApplicationFirewallMatchVariable(variableName), + VariableName: webapplicationfirewallpolicies.WebApplicationFirewallMatchVariable(variableName), } results = append(results, result) } - return &results + return results } -func flattenWebApplicationFirewallPolicyWebApplicationFirewallCustomRule(input *[]network.WebApplicationFirewallCustomRule) []interface{} { +func flattenWebApplicationFirewallPolicyWebApplicationFirewallCustomRule(input *[]webapplicationfirewallpolicies.WebApplicationFirewallCustomRule) []interface{} { results := make([]interface{}, 0) if input == nil { return results @@ -849,9 +853,7 @@ func flattenWebApplicationFirewallPolicyWebApplicationFirewallCustomRule(input * } v["action"] = string(item.Action) v["match_conditions"] = flattenWebApplicationFirewallPolicyMatchCondition(item.MatchConditions) - if priority := item.Priority; priority != nil { - v["priority"] = int(*priority) - } + v["priority"] = int(item.Priority) v["rule_type"] = string(item.RuleType) results = append(results, v) @@ -860,15 +862,15 @@ func flattenWebApplicationFirewallPolicyWebApplicationFirewallCustomRule(input * return results } -func flattenWebApplicationFirewallPolicyPolicySettings(input *network.PolicySettings) []interface{} { +func flattenWebApplicationFirewallPolicyPolicySettings(input *webapplicationfirewallpolicies.PolicySettings) []interface{} { if input == nil { return make([]interface{}, 0) } result := make(map[string]interface{}) - result["enabled"] = input.State == network.WebApplicationFirewallEnabledStateEnabled - result["mode"] = string(input.Mode) + result["enabled"] = pointer.From(input.State) == webapplicationfirewallpolicies.WebApplicationFirewallEnabledStateEnabled + result["mode"] = string(pointer.From(input.Mode)) result["request_body_check"] = input.RequestBodyCheck result["max_request_body_size_in_kb"] = int(*input.MaxRequestBodySizeInKb) result["file_upload_limit_in_mb"] = int(*input.FileUploadLimitInMb) @@ -876,11 +878,8 @@ func flattenWebApplicationFirewallPolicyPolicySettings(input *network.PolicySett return []interface{}{result} } -func flattenWebApplicationFirewallPolicyManagedRulesDefinition(input *network.ManagedRulesDefinition) []interface{} { +func flattenWebApplicationFirewallPolicyManagedRulesDefinition(input webapplicationfirewallpolicies.ManagedRulesDefinition) []interface{} { results := make([]interface{}, 0) - if input == nil { - return results - } v := make(map[string]interface{}) @@ -892,23 +891,20 @@ func flattenWebApplicationFirewallPolicyManagedRulesDefinition(input *network.Ma return results } -func flattenWebApplicationFirewallPolicyExclusionManagedRules(input *[]network.ExclusionManagedRule) []string { +func flattenWebApplicationFirewallPolicyExclusionManagedRules(input *[]webapplicationfirewallpolicies.ExclusionManagedRule) []string { results := make([]string, 0) if input == nil || len(*input) == 0 { return results } for _, item := range *input { - if item.RuleID != nil { - v := *item.RuleID - results = append(results, v) - } + results = append(results, item.RuleId) } return results } -func flattenWebApplicationFirewallPolicyExclusionManagedRuleGroups(input *[]network.ExclusionManagedRuleGroup) []interface{} { +func flattenWebApplicationFirewallPolicyExclusionManagedRuleGroups(input *[]webapplicationfirewallpolicies.ExclusionManagedRuleGroup) []interface{} { results := make([]interface{}, 0) if input == nil { return results @@ -925,7 +921,7 @@ func flattenWebApplicationFirewallPolicyExclusionManagedRuleGroups(input *[]netw return results } -func flattenWebApplicationFirewallPolicyExclusionManagedRuleSets(input *[]network.ExclusionManagedRuleSet) []interface{} { +func flattenWebApplicationFirewallPolicyExclusionManagedRuleSets(input *[]webapplicationfirewallpolicies.ExclusionManagedRuleSet) []interface{} { results := make([]interface{}, 0) if input == nil { return results @@ -943,7 +939,7 @@ func flattenWebApplicationFirewallPolicyExclusionManagedRuleSets(input *[]networ return results } -func flattenWebApplicationFirewallPolicyExclusions(input *[]network.OwaspCrsExclusionEntry) []interface{} { +func flattenWebApplicationFirewallPolicyExclusions(input *[]webapplicationfirewallpolicies.OwaspCrsExclusionEntry) []interface{} { results := make([]interface{}, 0) if input == nil { return results @@ -955,9 +951,7 @@ func flattenWebApplicationFirewallPolicyExclusions(input *[]network.OwaspCrsExcl selector := item.Selector v["match_variable"] = string(item.MatchVariable) - if selector != nil { - v["selector"] = *selector - } + v["selector"] = selector v["selector_match_operator"] = string(item.SelectorMatchOperator) v["excluded_rule_set"] = flattenWebApplicationFirewallPolicyExclusionManagedRuleSets(item.ExclusionManagedRuleSets) @@ -967,13 +961,13 @@ func flattenWebApplicationFirewallPolicyExclusions(input *[]network.OwaspCrsExcl return results } -func flattenWebApplicationFirewallPolicyManagedRuleSets(input *[]network.ManagedRuleSet) []interface{} { +func flattenWebApplicationFirewallPolicyManagedRuleSets(input []webapplicationfirewallpolicies.ManagedRuleSet) []interface{} { results := make([]interface{}, 0) if input == nil { return results } - for _, item := range *input { + for _, item := range input { v := make(map[string]interface{}) v["type"] = item.RuleSetType @@ -985,7 +979,7 @@ func flattenWebApplicationFirewallPolicyManagedRuleSets(input *[]network.Managed return results } -func flattenWebApplicationFirewallPolicyRuleGroupOverrides(input *[]network.ManagedRuleGroupOverride) []interface{} { +func flattenWebApplicationFirewallPolicyRuleGroupOverrides(input *[]webapplicationfirewallpolicies.ManagedRuleGroupOverride) []interface{} { results := make([]interface{}, 0) if input == nil { return results @@ -1007,24 +1001,22 @@ func flattenWebApplicationFirewallPolicyRuleGroupOverrides(input *[]network.Mana return results } -func flattenWebApplicationFirewallPolicyRules(input *[]network.ManagedRuleOverride) []string { +func flattenWebApplicationFirewallPolicyRules(input *[]webapplicationfirewallpolicies.ManagedRuleOverride) []string { results := make([]string, 0) if input == nil || len(*input) == 0 { return results } for _, item := range *input { - if (item.State == "" || item.State == network.ManagedRuleEnabledStateDisabled) && item.RuleID != nil { - v := *item.RuleID - - results = append(results, v) + if item.State == nil || *item.State == webapplicationfirewallpolicies.ManagedRuleEnabledStateDisabled { + results = append(results, item.RuleId) } } return results } -func flattenWebApplicationFirewallPolicyOverrideRules(input *[]network.ManagedRuleOverride) []interface{} { +func flattenWebApplicationFirewallPolicyOverrideRules(input *[]webapplicationfirewallpolicies.ManagedRuleOverride) []interface{} { results := make([]interface{}, 0) if input == nil || len(*input) == 0 { return results @@ -1032,13 +1024,11 @@ func flattenWebApplicationFirewallPolicyOverrideRules(input *[]network.ManagedRu for _, item := range *input { v := make(map[string]interface{}) - if item.RuleID != nil { - v["id"] = *item.RuleID - } + v["id"] = item.RuleId - v["enabled"] = item.State == network.ManagedRuleEnabledStateEnabled + v["enabled"] = pointer.From(item.State) == webapplicationfirewallpolicies.ManagedRuleEnabledStateEnabled - v["action"] = string(item.Action) + v["action"] = string(pointer.From(item.Action)) results = append(results, v) } @@ -1046,13 +1036,13 @@ func flattenWebApplicationFirewallPolicyOverrideRules(input *[]network.ManagedRu return results } -func flattenWebApplicationFirewallPolicyMatchCondition(input *[]network.MatchCondition) []interface{} { +func flattenWebApplicationFirewallPolicyMatchCondition(input []webapplicationfirewallpolicies.MatchCondition) []interface{} { results := make([]interface{}, 0) if input == nil { return results } - for _, item := range *input { + for _, item := range input { v := make(map[string]interface{}) var transforms []interface{} @@ -1061,7 +1051,7 @@ func flattenWebApplicationFirewallPolicyMatchCondition(input *[]network.MatchCon transforms = append(transforms, string(trans)) } } - v["match_values"] = utils.FlattenStringSlice(item.MatchValues) + v["match_values"] = utils.FlattenStringSlice(pointer.To(item.MatchValues)) v["match_variables"] = flattenWebApplicationFirewallPolicyMatchVariable(item.MatchVariables) if negationCondition := item.NegationConditon; negationCondition != nil { v["negation_condition"] = *negationCondition @@ -1075,13 +1065,13 @@ func flattenWebApplicationFirewallPolicyMatchCondition(input *[]network.MatchCon return results } -func flattenWebApplicationFirewallPolicyMatchVariable(input *[]network.MatchVariable) []interface{} { +func flattenWebApplicationFirewallPolicyMatchVariable(input []webapplicationfirewallpolicies.MatchVariable) []interface{} { results := make([]interface{}, 0) if input == nil { return results } - for _, item := range *input { + for _, item := range input { v := make(map[string]interface{}) if selector := item.Selector; selector != nil { @@ -1094,3 +1084,20 @@ func flattenWebApplicationFirewallPolicyMatchVariable(input *[]network.MatchVari return results } + +func flattenWebApplicationFirewallPoliciesSubResourcesToIDs(input *[]webapplicationfirewallpolicies.SubResource) []interface{} { + ids := make([]interface{}, 0) + if input == nil { + return ids + } + + for _, v := range *input { + if v.Id == nil { + continue + } + + ids = append(ids, *v.Id) + } + + return ids +} diff --git a/internal/services/network/web_application_firewall_policy_resource_test.go b/internal/services/network/web_application_firewall_policy_resource_test.go index 331d4d3b5956..3f1542c0dd19 100644 --- a/internal/services/network/web_application_firewall_policy_resource_test.go +++ b/internal/services/network/web_application_firewall_policy_resource_test.go @@ -8,10 +8,10 @@ import ( "fmt" "testing" + "github.com/hashicorp/go-azure-sdk/resource-manager/network/2023-02-01/webapplicationfirewallpolicies" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" - "github.com/hashicorp/terraform-provider-azurerm/internal/services/network/parse" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/utils" ) @@ -287,17 +287,17 @@ func TestAccWebApplicationFirewallPolicy_updateDisabledRules(t *testing.T) { } func (t WebApplicationFirewallResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { - id, err := parse.ApplicationGatewayWebApplicationFirewallPolicyID(state.ID) + id, err := webapplicationfirewallpolicies.ParseApplicationGatewayWebApplicationFirewallPolicyID(state.ID) if err != nil { return nil, err } - resp, err := clients.Network.WebApplicationFirewallPoliciesClient.Get(ctx, id.ResourceGroup, id.Name) + resp, err := clients.Network.WebApplicationFirewallPolicies.Get(ctx, *id) if err != nil { return nil, fmt.Errorf("reading %s: %+v", *id, err) } - return utils.Bool(resp.ID != nil), nil + return utils.Bool(resp.Model != nil), nil } func (WebApplicationFirewallResource) basic(data acceptance.TestData) string { diff --git a/website/docs/r/web_application_firewall_policy.html.markdown b/website/docs/r/web_application_firewall_policy.html.markdown index 6d44ed9812ad..6b60b13cbfdb 100644 --- a/website/docs/r/web_application_firewall_policy.html.markdown +++ b/website/docs/r/web_application_firewall_policy.html.markdown @@ -270,5 +270,5 @@ The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/l Web Application Firewall Policy can be imported using the `resource id`, e.g. ```shell -terraform import azurerm_web_application_firewall_policy.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/example-wafpolicy +terraform import azurerm_web_application_firewall_policy.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/example-wafpolicy ```