Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add missing Web Application Firewall Policy settings #7363

Merged
merged 14 commits into from
Jul 9, 2020
Merged
Original file line number Diff line number Diff line change
Expand Up @@ -2044,8 +2044,11 @@ resource "azurerm_web_application_firewall_policy" "testfwp" {
location = azurerm_resource_group.test.location

policy_settings {
enabled = true
mode = "Prevention"
enabled = true
mode = "Prevention"
file_upload_limit_in_mb = 100
max_request_body_size_in_kb = 100
request_body_check = "true"
boschcrank marked this conversation as resolved.
Show resolved Hide resolved
}

managed_rules {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,9 @@ func TestAccAzureRMWebApplicationFirewallPolicy_complete(t *testing.T) {
resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.#", "1"),
resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.enabled", "true"),
resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.mode", "Prevention"),
resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.request_body_check", "true"),
resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.file_upload_limit_in_mb", "100"),
resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.max_request_body_size_in_kb", "128"),
),
},
data.ImportStep(),
Expand Down Expand Up @@ -167,6 +170,9 @@ func TestAccAzureRMWebApplicationFirewallPolicy_update(t *testing.T) {
resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.#", "1"),
resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.enabled", "true"),
resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.mode", "Prevention"),
resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.request_body_check", "true"),
resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.file_upload_limit_in_mb", "100"),
resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.max_request_body_size_in_kb", "128"),
),
},
data.ImportStep(),
Expand Down Expand Up @@ -246,8 +252,11 @@ resource "azurerm_web_application_firewall_policy" "test" {
}

policy_settings {
enabled = true
mode = "Detection"
enabled = true
mode = "Detection"
request_body_check = true
file_upload_limit_in_mb = 100
max_request_body_size_in_kb = 128
boschcrank marked this conversation as resolved.
Show resolved Hide resolved
}
}
`, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
Expand Down Expand Up @@ -344,8 +353,11 @@ resource "azurerm_web_application_firewall_policy" "test" {
}

policy_settings {
enabled = true
mode = "Prevention"
enabled = true
mode = "Prevention"
request_body_check = true
file_upload_limit_in_mb = 100
max_request_body_size_in_kb = 128
boschcrank marked this conversation as resolved.
Show resolved Hide resolved
}
}
`, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,23 @@ func resourceArmWebApplicationFirewallPolicy() *schema.Resource {
}, false),
Default: string(network.Prevention),
},
"request_body_check": {
Type: schema.TypeBool,
Optional: true,
Default: true,
},
"file_upload_limit_in_mb": {
Type: schema.TypeInt,
Optional: true,
ValidateFunc: validation.IntBetween(1, 500),
Default: 100,
boschcrank marked this conversation as resolved.
Show resolved Hide resolved
},
"max_request_body_size_in_kb": {
Type: schema.TypeInt,
Optional: true,
ValidateFunc: validation.IntBetween(1, 128),
boschcrank marked this conversation as resolved.
Show resolved Hide resolved
Default: 128,
},
},
},
},
Expand Down Expand Up @@ -416,10 +433,16 @@ func expandArmWebApplicationFirewallPolicyPolicySettings(input []interface{}) *n
enabled = network.WebApplicationFirewallEnabledStateEnabled
}
mode := v["mode"].(string)
requestBodyCheck := v["request_body_check"].(bool)
maxRequestBodySizeInKb := v["max_request_body_size_in_kb"].(int)
fileUploadLimitInMb := v["file_upload_limit_in_mb"].(int)

result := network.PolicySettings{
State: enabled,
Mode: network.WebApplicationFirewallMode(mode),
State: enabled,
Mode: network.WebApplicationFirewallMode(mode),
RequestBodyCheck: utils.Bool(requestBodyCheck),
MaxRequestBodySizeInKb: utils.Int32(int32(maxRequestBodySizeInKb)),
FileUploadLimitInMb: utils.Int32(int32(fileUploadLimitInMb)),
}
return &result
}
Expand Down Expand Up @@ -586,6 +609,9 @@ func flattenArmWebApplicationFirewallPolicyPolicySettings(input *network.PolicyS

result["enabled"] = input.State == network.WebApplicationFirewallEnabledStateEnabled
result["mode"] = string(input.Mode)
result["request_body_check"] = input.RequestBodyCheck
result["max_request_body_size_in_kb"] = int(*input.MaxRequestBodySizeInKb)
result["file_upload_limit_in_mb"] = int(*input.FileUploadLimitInMb)

return []interface{}{result}
}
Expand Down
17 changes: 13 additions & 4 deletions website/docs/r/web_application_firewall_policy.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -71,8 +71,11 @@ resource "azurerm_web_application_firewall_policy" "example" {
}

policy_settings {
enabled = true
mode = "Prevention"
enabled = true
mode = "Prevention"
request_body_check = true
file_upload_limit_in_mb = 100
max_request_body_size_in_kb = 128
}

managed_rules {
Expand Down Expand Up @@ -159,9 +162,15 @@ The `match_variables` block supports the following:

The `policy_settings` block supports the following:

* `enabled` - (Optional) Describes if the policy is in enabled state or disabled state Defaults to `Enabled`.
* `enabled` - (Optional) Describes if the policy is in enabled state or disabled state. Defaults to `Enabled`.

* `mode` - (Optional) Describes if it is in detection mode or prevention mode at the policy level Defaults to `Prevention`.
* `mode` - (Optional) Describes if it is in detection mode or prevention mode at the policy level. Defaults to `Prevention`.
boschcrank marked this conversation as resolved.
Show resolved Hide resolved

* `file_upload_limit_mb` - (Optional) The File Upload Limit in MB. Accepted values are in the range `1`MB to `500`MB. Defaults to `100`MB.
boschcrank marked this conversation as resolved.
Show resolved Hide resolved

* `request_body_check` - (Optional) Is Request Body Inspection enabled? Defaults to `true`.

* `max_request_body_size_kb` - (Optional) The Maximum Request Body Size in KB. Accepted values are in the range `1`KB to `128`KB. Defaults to `128`KB.
boschcrank marked this conversation as resolved.
Show resolved Hide resolved

---

Expand Down