azurerm_firewall_policy_rule_collection_group: add support for `htt…

…p_headers` (#23641) * add support for http_header_to_insert * update http header in updatePremium
hashicorp · Nov 7, 2023 · 22ba106 · 22ba106
1 parent 28d6160
commit 22ba106
Show file tree

Hide file tree

Showing 3 changed files with 64 additions and 0 deletions.
diff --git a/internal/services/firewall/firewall_policy_rule_collection_group_resource.go b/internal/services/firewall/firewall_policy_rule_collection_group_resource.go
@@ -126,6 +126,24 @@ func resourceFirewallPolicyRuleCollectionGroup() *pluginsdk.Resource {
 											},
 										},
 									},
+									"http_headers": {
+										Type:     pluginsdk.TypeList,
+										Optional: true,
+										Elem: &pluginsdk.Resource{
+											Schema: map[string]*pluginsdk.Schema{
+												"name": {
+													Type:         pluginsdk.TypeString,
+													Required:     true,
+													ValidateFunc: validation.StringIsNotEmpty,
+												},
+												"value": {
+													Type:         pluginsdk.TypeString,
+													Required:     true,
+													ValidateFunc: validation.StringIsNotEmpty,
+												},
+											},
+										},
+									},
 									"source_addresses": {
 										Type:     pluginsdk.TypeList,
 										Optional: true,
@@ -616,10 +634,21 @@ func expandFirewallPolicyRuleApplication(input []interface{}) *[]firewallpolicyr
 				Port:         utils.Int64(int64(proto["port"].(int))),
 			})
 		}
+
+		var httpHeader []firewallpolicyrulecollectiongroups.FirewallPolicyHTTPHeaderToInsert
+		for _, h := range condition["http_headers"].([]interface{}) {
+			header := h.(map[string]interface{})
+			httpHeader = append(httpHeader, firewallpolicyrulecollectiongroups.FirewallPolicyHTTPHeaderToInsert{
+				HeaderName:  pointer.To(header["name"].(string)),
+				HeaderValue: pointer.To(header["value"].(string)),
+			})
+		}
+
 		output := &firewallpolicyrulecollectiongroups.ApplicationRule{
 			Name:                 utils.String(condition["name"].(string)),
 			Description:          utils.String(condition["description"].(string)),
 			Protocols:            &protocols,
+			HTTPHeadersToInsert:  &httpHeader,
 			SourceAddresses:      utils.ExpandStringSlice(condition["source_addresses"].([]interface{})),
 			SourceIPGroups:       utils.ExpandStringSlice(condition["source_ip_groups"].([]interface{})),
 			DestinationAddresses: utils.ExpandStringSlice(condition["destination_addresses"].([]interface{})),
@@ -839,10 +868,19 @@ func flattenFirewallPolicyRuleApplication(input *[]firewallpolicyrulecollectiong
 			}
 		}
 
+		httpHeaders := make([]interface{}, 0)
+		for _, header := range pointer.From(rule.HTTPHeadersToInsert) {
+			httpHeaders = append(httpHeaders, map[string]interface{}{
+				"name":  pointer.From(header.HeaderName),
+				"value": pointer.From(header.HeaderValue),
+			})
+		}
+
 		output = append(output, map[string]interface{}{
 			"name":                  name,
 			"description":           description,
 			"protocols":             protocols,
+			"http_headers":          httpHeaders,
 			"source_addresses":      utils.FlattenStringSlice(rule.SourceAddresses),
 			"source_ip_groups":      utils.FlattenStringSlice(rule.SourceIPGroups),
 			"destination_addresses": utils.FlattenStringSlice(rule.DestinationAddresses),

diff --git a/internal/services/firewall/firewall_policy_rule_collection_group_resource_test.go b/internal/services/firewall/firewall_policy_rule_collection_group_resource_test.go
@@ -519,6 +519,14 @@ resource "azurerm_firewall_policy_rule_collection_group" "test" {
       destination_urls      = ["www.google.com/en"]
       terminate_tls         = true
       web_categories        = ["News"]
+      http_headers {
+        name  = "head_foo"
+        value = "value_bar"
+      }
+      http_headers {
+        name  = "head_bar"
+        value = "value2"
+      }
     }
     rule {
       name        = "app_rule_collection1_rule2"
@@ -794,6 +802,14 @@ resource "azurerm_firewall_policy_rule_collection_group" "test" {
       destination_urls      = ["www.google.com/en"]
       terminate_tls         = true
       web_categories        = ["News"]
+      http_headers {
+        name  = "head_foo"
+        value = "value_bar2"
+      }
+      http_headers {
+        name  = "head_bar2"
+        value = "value_bar2"
+      }
     }
     rule {
       name        = "app_rule_collection1_rule2"

diff --git a/website/docs/r/firewall_policy_rule_collection_group.html.markdown b/website/docs/r/firewall_policy_rule_collection_group.html.markdown
@@ -141,6 +141,8 @@ A `application_rule` (application rule) block supports the following:
 
 * `protocols` - (Optional) One or more `protocols` blocks as defined below.
 
+* `http_headers` - (Required) Specifies a list of HTTP/HTTPS headers to insert. One or more `http_headers` blocks as defined below.
+
 * `source_addresses` - (Optional) Specifies a list of source IP addresses (including CIDR, IP range and `*`).
 
 * `source_ip_groups` - (Optional) Specifies a list of source IP groups.
@@ -213,6 +215,14 @@ A `protocols` block supports the following:
 
 * `port` - (Required) Port number of the protocol. Range is 0-64000.
 
+---
+
+A `http_headers` block supports the following:
+
+* `name` - (Required) Specifies the name of the header.
+
+* `value` - (Required) Specifies the value of the value.
+
 ## Attributes Reference
 
 In addition to the Arguments listed above - the following Attributes are exported: