From 964ddefcd9cc304b475f2a50143981f651f1c757 Mon Sep 17 00:00:00 2001 From: Andrew Date: Wed, 16 Jan 2019 02:35:48 +0000 Subject: [PATCH] azurerm_application_gateway: Adding upload limit (#2666) This PR introduces the ability to set the file upload limit in the Azure Application Gateway WAF (requested in #2409) --- azurerm/resource_arm_application_gateway.go | 19 +- .../resource_arm_application_gateway_test.go | 2 + .../docs/r/application_gateway.html.markdown | 194 +++++++++--------- 3 files changed, 115 insertions(+), 100 deletions(-) diff --git a/azurerm/resource_arm_application_gateway.go b/azurerm/resource_arm_application_gateway.go index 3d0497b6f21d..8445629a0e38 100644 --- a/azurerm/resource_arm_application_gateway.go +++ b/azurerm/resource_arm_application_gateway.go @@ -711,6 +711,11 @@ func resourceArmApplicationGateway() *schema.Resource { "3.0", }, false), }, + "file_upload_limit_mb": { + Type: schema.TypeInt, + Optional: true, + ValidateFunc: validation.IntBetween(1, 500), + }, }, }, }, @@ -2050,12 +2055,14 @@ func expandApplicationGatewayWafConfig(d *schema.ResourceData) *network.Applicat mode := v["firewall_mode"].(string) ruleSetType := v["rule_set_type"].(string) ruleSetVersion := v["rule_set_version"].(string) + fileUploadLimitInMb := v["file_upload_limit_mb"].(int) return &network.ApplicationGatewayWebApplicationFirewallConfiguration{ - Enabled: utils.Bool(enabled), - FirewallMode: network.ApplicationGatewayFirewallMode(mode), - RuleSetType: utils.String(ruleSetType), - RuleSetVersion: utils.String(ruleSetVersion), + Enabled: utils.Bool(enabled), + FirewallMode: network.ApplicationGatewayFirewallMode(mode), + RuleSetType: utils.String(ruleSetType), + RuleSetVersion: utils.String(ruleSetVersion), + FileUploadLimitInMb: utils.Int32(int32(fileUploadLimitInMb)), } } @@ -2081,6 +2088,10 @@ func flattenApplicationGatewayWafConfig(input *network.ApplicationGatewayWebAppl output["rule_set_version"] = *input.RuleSetVersion } + if input.FileUploadLimitInMb != nil { + output["file_upload_limit_mb"] = int(*input.FileUploadLimitInMb) + } + results = append(results, output) return results diff --git a/azurerm/resource_arm_application_gateway_test.go b/azurerm/resource_arm_application_gateway_test.go index f713f0215658..3bca35c59e64 100644 --- a/azurerm/resource_arm_application_gateway_test.go +++ b/azurerm/resource_arm_application_gateway_test.go @@ -287,6 +287,7 @@ func TestAccAzureRMApplicationGateway_webApplicationFirewall(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "waf_configuration.0.firewall_mode", "Detection"), resource.TestCheckResourceAttr(resourceName, "waf_configuration.0.rule_set_type", "OWASP"), resource.TestCheckResourceAttr(resourceName, "waf_configuration.0.rule_set_version", "3.0"), + resource.TestCheckResourceAttr(resourceName, "waf_configuration.0.file_upload_limit_mb", "100"), ), }, }, @@ -1029,6 +1030,7 @@ resource "azurerm_application_gateway" "test" { firewall_mode = "Detection" rule_set_type = "OWASP" rule_set_version = "3.0" + file_upload_limit_mb = 100 } gateway_ip_configuration { diff --git a/website/docs/r/application_gateway.html.markdown b/website/docs/r/application_gateway.html.markdown index 7f2f43032ee2..8fb8a0af8a6d 100644 --- a/website/docs/r/application_gateway.html.markdown +++ b/website/docs/r/application_gateway.html.markdown @@ -13,102 +13,102 @@ Manages an Application Gateway. ## Example Usage ```hcl -resource "azurerm_resource_group" "test" { - name = "example-resources" - location = "West US" -} - -resource "azurerm_virtual_network" "test" { - name = "example-network" - resource_group_name = "${azurerm_resource_group.test.name}" - location = "${azurerm_resource_group.test.location}" - address_space = ["10.254.0.0/16"] -} - -resource "azurerm_subnet" "frontend" { - name = "frontend" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.254.0.0/24" -} - -resource "azurerm_subnet" "backend" { - name = "backend" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.254.2.0/24" -} - -resource "azurerm_public_ip" "test" { - name = "example-pip" - resource_group_name = "${azurerm_resource_group.test.name}" - location = "${azurerm_resource_group.test.location}" - allocation_method = "Dynamic" -} - -# since these variables are re-used - a locals block makes this more maintainable -locals { - backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" - frontend_port_name = "${azurerm_virtual_network.test.name}-feport" - frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip" - http_setting_name = "${azurerm_virtual_network.test.name}-be-htst" - listener_name = "${azurerm_virtual_network.test.name}-httplstn" - request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt" -} - -resource "azurerm_application_gateway" "network" { - name = "example-appgateway" - resource_group_name = "${azurerm_resource_group.test.name}" - location = "${azurerm_resource_group.test.location}" - - sku { - name = "Standard_Small" - tier = "Standard" - capacity = 2 - } - - gateway_ip_configuration { - name = "my-gateway-ip-configuration" - subnet_id = "${azurerm_subnet.frontend.id}" - } - - frontend_port { - name = "${local.frontend_port_name}" - port = 80 - } - - frontend_ip_configuration { - name = "${local.frontend_ip_configuration_name}" - public_ip_address_id = "${azurerm_public_ip.test.id}" - } - - backend_address_pool { - name = "${local.backend_address_pool_name}" - } - - backend_http_settings { - name = "${local.http_setting_name}" - cookie_based_affinity = "Disabled" - port = 80 - protocol = "Http" - request_timeout = 1 - } - - http_listener { - name = "${local.listener_name}" - frontend_ip_configuration_name = "${local.frontend_ip_configuration_name}" - frontend_port_name = "${local.frontend_port_name}" - protocol = "Http" - } - - request_routing_rule { - name = "${local.request_routing_rule_name}" - rule_type = "Basic" - http_listener_name = "${local.listener_name}" - backend_address_pool_name = "${local.backend_address_pool_name}" - backend_http_settings_name = "${local.http_setting_name}" - } -} +resource "azurerm_resource_group" "test" { + name = "example-resources" + location = "West US" +} + +resource "azurerm_virtual_network" "test" { + name = "example-network" + resource_group_name = "${azurerm_resource_group.test.name}" + location = "${azurerm_resource_group.test.location}" + address_space = ["10.254.0.0/16"] +} + +resource "azurerm_subnet" "frontend" { + name = "frontend" + resource_group_name = "${azurerm_resource_group.test.name}" + virtual_network_name = "${azurerm_virtual_network.test.name}" + address_prefix = "10.254.0.0/24" +} + +resource "azurerm_subnet" "backend" { + name = "backend" + resource_group_name = "${azurerm_resource_group.test.name}" + virtual_network_name = "${azurerm_virtual_network.test.name}" + address_prefix = "10.254.2.0/24" +} + +resource "azurerm_public_ip" "test" { + name = "example-pip" + resource_group_name = "${azurerm_resource_group.test.name}" + location = "${azurerm_resource_group.test.location}" + allocation_method = "Dynamic" +} + +# since these variables are re-used - a locals block makes this more maintainable +locals { + backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap" + frontend_port_name = "${azurerm_virtual_network.test.name}-feport" + frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip" + http_setting_name = "${azurerm_virtual_network.test.name}-be-htst" + listener_name = "${azurerm_virtual_network.test.name}-httplstn" + request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt" +} + +resource "azurerm_application_gateway" "network" { + name = "example-appgateway" + resource_group_name = "${azurerm_resource_group.test.name}" + location = "${azurerm_resource_group.test.location}" + + sku { + name = "Standard_Small" + tier = "Standard" + capacity = 2 + } + + gateway_ip_configuration { + name = "my-gateway-ip-configuration" + subnet_id = "${azurerm_subnet.frontend.id}" + } + + frontend_port { + name = "${local.frontend_port_name}" + port = 80 + } + + frontend_ip_configuration { + name = "${local.frontend_ip_configuration_name}" + public_ip_address_id = "${azurerm_public_ip.test.id}" + } + + backend_address_pool { + name = "${local.backend_address_pool_name}" + } + + backend_http_settings { + name = "${local.http_setting_name}" + cookie_based_affinity = "Disabled" + port = 80 + protocol = "Http" + request_timeout = 1 + } + + http_listener { + name = "${local.listener_name}" + frontend_ip_configuration_name = "${local.frontend_ip_configuration_name}" + frontend_port_name = "${local.frontend_port_name}" + protocol = "Http" + } + + request_routing_rule { + name = "${local.request_routing_rule_name}" + rule_type = "Basic" + http_listener_name = "${local.listener_name}" + backend_address_pool_name = "${local.backend_address_pool_name}" + backend_http_settings_name = "${local.http_setting_name}" + } +} ``` ## Argument Reference @@ -335,6 +335,8 @@ A `waf_configuration` block supports the following: * `rule_set_version` - (Required) The Version of the Rule Set used for this Web Application Firewall. +* `file_upload_limit_mb` - (Optional) The File Upload Limit in MB. Accepted values are in the range `1`MB to `500`MB. Defaults to `100`MB. + ## Attributes Reference The following attributes are exported: