Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add table azure_web_application_firewall_policy Closes #827 #834

Merged
merged 2 commits into from
Sep 2, 2024
Merged

Add table azure_web_application_firewall_policy Closes #827 #834

merged 2 commits into from
Sep 2, 2024

Conversation

ParthaI
Copy link
Contributor

@ParthaI ParthaI commented Aug 29, 2024

Integration test logs

Logs 
No env file present for the current environment:  staging 
 Falling back to .env config
No env file present for the current environment:  staging
customEnv TURBOT_TEST_EXPECTED_TIMEOUT undefined

SETUP: tests/azure_web_application_firewall_policy []

PRETEST: tests/azure_web_application_firewall_policy

TEST: tests/azure_web_application_firewall_policy
Running terraform

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # azurerm_resource_group.named_test_resource will be created
  + resource "azurerm_resource_group" "named_test_resource" {
      + id       = (known after apply)
      + location = "westeurope"
      + name     = "turbottest97527"
    }

  # azurerm_web_application_firewall_policy.named_test_resource will be created
  + resource "azurerm_web_application_firewall_policy" "named_test_resource" {
      + http_listener_ids   = (known after apply)
      + id                  = (known after apply)
      + location            = "westeurope"
      + name                = "turbottest97527"
      + path_based_rule_ids = (known after apply)
      + resource_group_name = "turbottest97527"

      + custom_rules {
          + action    = "Block"
          + name      = "Rule1"
          + priority  = 1
          + rule_type = "MatchRule"

          + match_conditions {
              + match_values       = [
                  + "192.168.1.0/24",
                  + "10.0.0.0/24",
                ]
              + negation_condition = false
              + operator           = "IPMatch"

              + match_variables {
                  + variable_name = "RemoteAddr"
                }
            }
        }
      + custom_rules {
          + action    = "Block"
          + name      = "Rule2"
          + priority  = 2
          + rule_type = "MatchRule"

          + match_conditions {
              + match_values       = [
                  + "192.168.1.0/24",
                ]
              + negation_condition = false
              + operator           = "IPMatch"

              + match_variables {
                  + variable_name = "RemoteAddr"
                }
            }
          + match_conditions {
              + match_values       = [
                  + "Windows",
                ]
              + negation_condition = false
              + operator           = "Contains"

              + match_variables {
                  + selector      = "UserAgent"
                  + variable_name = "RequestHeaders"
                }
            }
        }

      + managed_rules {
          + exclusion {
              + match_variable          = "RequestHeaderNames"
              + selector                = "x-company-secret-header"
              + selector_match_operator = "Equals"
            }
          + exclusion {
              + match_variable          = "RequestCookieNames"
              + selector                = "too-tasty"
              + selector_match_operator = "EndsWith"
            }
          + managed_rule_set {
              + type    = "OWASP"
              + version = "3.2"
            }
        }

      + policy_settings {
          + enabled                     = true
          + file_upload_limit_in_mb     = 100
          + max_request_body_size_in_kb = 128
          + mode                        = "Prevention"
          + request_body_check          = true
        }
    }

Plan: 2 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + region             = "westeurope"
  + resource_aka       = (known after apply)
  + resource_aka_lower = (known after apply)
  + resource_id        = (known after apply)
  + resource_name      = "turbottest97527"
  + subscription_id    = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
azurerm_resource_group.named_test_resource: Creating...
azurerm_resource_group.named_test_resource: Creation complete after 2s [id=/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/turbottest97527]
azurerm_web_application_firewall_policy.named_test_resource: Creating...
azurerm_web_application_firewall_policy.named_test_resource: Creation complete after 4s [id=/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/turbottest97527/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/turbottest97527]

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

Outputs:

region = "westeurope"
resource_aka = "azure:///subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/turbottest97527/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/turbottest97527"
resource_aka_lower = "azure:///subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/turbottest97527/providers/microsoft.network/applicationgatewaywebapplicationfirewallpolicies/turbottest97527"
resource_id = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/turbottest97527/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/turbottest97527"
resource_name = "turbottest97527"
subscription_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

Running SQL query: test-get-query.sql

Time: 1.5s. Rows returned: 1. Rows fetched: 1. Hydrate calls: 1.

Scans:
  1) azure_web_application_firewall_policy.azure: Time: 1.2s. Fetched: 1. Hydrates: 1. Quals: name=turbottest97527, resource_group=turbottest97527.

[
  {
    "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/turbottest97527/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/turbottest97527",
    "name": "turbottest97527",
    "region": "westeurope",
    "resource_group": "turbottest97527",
    "subscription_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "type": "Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies"
  }
]
✔ PASSED

Running SQL query: test-list-query.sql

Time: 1.7s. Rows returned: 1. Rows fetched: 2. Hydrate calls: 2.

Scans:
  1) azure_web_application_firewall_policy.azure: Time: 1.4s. Fetched: 2. Hydrates: 2. Quals: id=/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/turbottest97527/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/turbottest97527.

[
  {
    "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/turbottest97527/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/turbottest97527",
    "name": "turbottest97527",
    "region": "westeurope",
    "resource_group": "turbottest97527",
    "subscription_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "type": "Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies"
  }
]
✔ PASSED

Running SQL query: test-not-found-query.sql

Time: 1.5s. Rows returned: 0.
[]
✔ PASSED

Running SQL query: test-turbot-query.sql

Time: 1.5s. Rows returned: 1. Rows fetched: 1. Hydrate calls: 0.

Scans:
  1) azure_web_application_firewall_policy.azure: Time: 1.3s. Fetched: 1. Hydrates: 0. Quals: name=turbottest97527, resource_group=turbottest97527.

[
  {
    "akas": [
      "azure:///subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/turbottest97527/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/turbottest97527",
      "azure:///subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/turbottest97527/providers/microsoft.network/applicationgatewaywebapplicationfirewallpolicies/turbottest97527"
    ],
    "name": "turbottest97527",
    "title": "turbottest97527"
  }
]
✔ PASSED

POSTTEST: tests/azure_web_application_firewall_policy

TEARDOWN: tests/azure_web_application_firewall_policy

SUMMARY:

1/1 passed.

Example query results

Results 
> select
  a.name as application_name,
  a.provisioning_state as application_provisioning_state,
  a.enable_fips,
  a.autoscale_configuration,
  p.name as policy_name,
  p.policy_settings
from
  azure_application_gateway as a
  join azure_web_application_firewall_policy as p on (a.firewall_policy ->> 'id') = p.id;
+------------------+--------------------------------+-------------+------------------------------------+-------------+------------------------------------------------------------------------------------------------------------------------+
| application_name | application_provisioning_state | enable_fips | autoscale_configuration            | policy_name | policy_settings                                                                                                        |
+------------------+--------------------------------+-------------+------------------------------------+-------------+------------------------------------------------------------------------------------------------------------------------+
| test5333         | Succeeded                      | false       | {"maxCapacity":10,"minCapacity":0} | test53      | {"fileUploadLimitInMb":100,"maxRequestBodySizeInKb":128,"mode":"Detection","requestBodyCheck":true,"state":"Disabled"} |
+------------------+--------------------------------+-------------+------------------------------------+-------------+------------------------------------------------------------------------------------------------------------------------+

@ParthaI ParthaI requested a review from misraved August 29, 2024 13:04
@ParthaI ParthaI self-assigned this Aug 29, 2024
@ParthaI ParthaI linked an issue Aug 29, 2024 that may be closed by this pull request
Add table azure_waf_policy #827
Closed
@ParthaI ParthaI mentioned this pull request Aug 29, 2024
Merged
@misraved misraved merged commit 9cc6a2b into main Sep 2, 2024
1 check passed
@misraved misraved deleted the issue-827 branch September 2, 2024 05:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@misraved misraved misraved approved these changes

Assignees

@ParthaI ParthaI

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add table azure_waf_policy
2 participants
@ParthaI @misraved