diff --git a/internal/services/firewall/firewall_policy_rule_collection_group_resource.go b/internal/services/firewall/firewall_policy_rule_collection_group_resource.go index 3bc95544e0d8..37293257df7b 100644 --- a/internal/services/firewall/firewall_policy_rule_collection_group_resource.go +++ b/internal/services/firewall/firewall_policy_rule_collection_group_resource.go @@ -126,6 +126,24 @@ func resourceFirewallPolicyRuleCollectionGroup() *pluginsdk.Resource { }, }, }, + "http_headers": { + Type: pluginsdk.TypeList, + Optional: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Required: true, + ValidateFunc: validation.StringIsNotEmpty, + }, + "value": { + Type: pluginsdk.TypeString, + Required: true, + ValidateFunc: validation.StringIsNotEmpty, + }, + }, + }, + }, "source_addresses": { Type: pluginsdk.TypeList, Optional: true, @@ -616,10 +634,21 @@ func expandFirewallPolicyRuleApplication(input []interface{}) *[]firewallpolicyr Port: utils.Int64(int64(proto["port"].(int))), }) } + + var httpHeader []firewallpolicyrulecollectiongroups.FirewallPolicyHTTPHeaderToInsert + for _, h := range condition["http_headers"].([]interface{}) { + header := h.(map[string]interface{}) + httpHeader = append(httpHeader, firewallpolicyrulecollectiongroups.FirewallPolicyHTTPHeaderToInsert{ + HeaderName: pointer.To(header["name"].(string)), + HeaderValue: pointer.To(header["value"].(string)), + }) + } + output := &firewallpolicyrulecollectiongroups.ApplicationRule{ Name: utils.String(condition["name"].(string)), Description: utils.String(condition["description"].(string)), Protocols: &protocols, + HTTPHeadersToInsert: &httpHeader, SourceAddresses: utils.ExpandStringSlice(condition["source_addresses"].([]interface{})), SourceIPGroups: utils.ExpandStringSlice(condition["source_ip_groups"].([]interface{})), DestinationAddresses: utils.ExpandStringSlice(condition["destination_addresses"].([]interface{})), @@ -839,10 +868,19 @@ func flattenFirewallPolicyRuleApplication(input *[]firewallpolicyrulecollectiong } } + httpHeaders := make([]interface{}, 0) + for _, header := range pointer.From(rule.HTTPHeadersToInsert) { + httpHeaders = append(httpHeaders, map[string]interface{}{ + "name": pointer.From(header.HeaderName), + "value": pointer.From(header.HeaderValue), + }) + } + output = append(output, map[string]interface{}{ "name": name, "description": description, "protocols": protocols, + "http_headers": httpHeaders, "source_addresses": utils.FlattenStringSlice(rule.SourceAddresses), "source_ip_groups": utils.FlattenStringSlice(rule.SourceIPGroups), "destination_addresses": utils.FlattenStringSlice(rule.DestinationAddresses), diff --git a/internal/services/firewall/firewall_policy_rule_collection_group_resource_test.go b/internal/services/firewall/firewall_policy_rule_collection_group_resource_test.go index 5574330b273e..07673156fe9e 100644 --- a/internal/services/firewall/firewall_policy_rule_collection_group_resource_test.go +++ b/internal/services/firewall/firewall_policy_rule_collection_group_resource_test.go @@ -519,6 +519,14 @@ resource "azurerm_firewall_policy_rule_collection_group" "test" { destination_urls = ["www.google.com/en"] terminate_tls = true web_categories = ["News"] + http_headers { + name = "head_foo" + value = "value_bar" + } + http_headers { + name = "head_bar" + value = "value2" + } } rule { name = "app_rule_collection1_rule2" @@ -794,6 +802,14 @@ resource "azurerm_firewall_policy_rule_collection_group" "test" { destination_urls = ["www.google.com/en"] terminate_tls = true web_categories = ["News"] + http_headers { + name = "head_foo" + value = "value_bar2" + } + http_headers { + name = "head_bar2" + value = "value_bar2" + } } rule { name = "app_rule_collection1_rule2" diff --git a/website/docs/r/firewall_policy_rule_collection_group.html.markdown b/website/docs/r/firewall_policy_rule_collection_group.html.markdown index 966dcf19ae9c..e46f62d63e44 100644 --- a/website/docs/r/firewall_policy_rule_collection_group.html.markdown +++ b/website/docs/r/firewall_policy_rule_collection_group.html.markdown @@ -141,6 +141,8 @@ A `application_rule` (application rule) block supports the following: * `protocols` - (Optional) One or more `protocols` blocks as defined below. +* `http_headers` - (Required) Specifies a list of HTTP/HTTPS headers to insert. One or more `http_headers` blocks as defined below. + * `source_addresses` - (Optional) Specifies a list of source IP addresses (including CIDR, IP range and `*`). * `source_ip_groups` - (Optional) Specifies a list of source IP groups. @@ -213,6 +215,14 @@ A `protocols` block supports the following: * `port` - (Required) Port number of the protocol. Range is 0-64000. +--- + +A `http_headers` block supports the following: + +* `name` - (Required) Specifies the name of the header. + +* `value` - (Required) Specifies the value of the value. + ## Attributes Reference In addition to the Arguments listed above - the following Attributes are exported: