Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added data source for WAF policy (fixes #7468) #7469

Merged
merged 12 commits into from
Jul 7, 2020
1 change: 1 addition & 0 deletions azurerm/internal/services/network/registration.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ func (r Registration) SupportedDataSources() map[string]*schema.Resource {
"azurerm_virtual_network_gateway": dataSourceArmVirtualNetworkGateway(),
"azurerm_virtual_network_gateway_connection": dataSourceArmVirtualNetworkGatewayConnection(),
"azurerm_virtual_network": dataSourceArmVirtualNetwork(),
"azurerm_web_application_firewall_policy": dataArmWebApplicationFirewallPolicy(),
}
}

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
package tests

import (
"fmt"
"testing"

"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance"
)

func TestAccDataSourceAzureRMWebApplicationFirewallPolicy_basic(t *testing.T) {
data := acceptance.BuildTestData(t, "data.azurerm_web_application_firewall_policy", "test")
resourceGroupName := fmt.Sprintf("acctestRG-%d", data.RandomInteger)

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { acceptance.PreCheck(t) },
Providers: acceptance.SupportedProviders,
Steps: []resource.TestStep{
{
Config: testAccDataSourceAzureRMWebApplicationFirewallPolicyBasic(data),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(data.ResourceName, "name", "example-wafpolicy"),
resource.TestCheckResourceAttr(data.ResourceName, "resource_group_name", resourceGroupName),
resource.TestCheckResourceAttr(data.ResourceName, "tags.%", "1"),
manicminer marked this conversation as resolved.
Show resolved Hide resolved
resource.TestCheckResourceAttr(data.ResourceName, "tags.env", "test"),
),
},
},
})
}

func testAccDataSourceAzureRMWebApplicationFirewallPolicyBasic(data acceptance.TestData) string {
return fmt.Sprintf(`
resource "azurerm_resource_group" "test" {
name = "acctestRG-%d"
location = "%s"
}

resource "azurerm_web_application_firewall_policy" "test" {
name = "example-wafpolicy"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location

custom_rules {
name = "Rule1"
priority = 1
rule_type = "MatchRule"

match_conditions {
match_variables {
variable_name = "RemoteAddr"
}

operator = "IPMatch"
negation_condition = false
match_values = ["192.168.1.0/24", "10.0.0.0/24"]
}

action = "Block"
}

custom_rules {
name = "Rule2"
priority = 2
rule_type = "MatchRule"

match_conditions {
match_variables {
variable_name = "RemoteAddr"
}

operator = "IPMatch"
negation_condition = false
match_values = ["192.168.1.0/24"]
}

match_conditions {
match_variables {
variable_name = "RequestHeaders"
selector = "UserAgent"
}

operator = "Contains"
negation_condition = false
match_values = ["Windows"]
}

action = "Block"
}

policy_settings {
enabled = true
mode = "Prevention"
}

managed_rules {
exclusion {
match_variable = "RequestHeaderNames"
selector = "x-company-secret-header"
selector_match_operator = "Equals"
}
exclusion {
match_variable = "RequestCookieNames"
selector = "too-tasty"
selector_match_operator = "EndsWith"
}

managed_rule_set {
type = "OWASP"
version = "3.1"
rule_group_override {
rule_group_name = "REQUEST-920-PROTOCOL-ENFORCEMENT"
disabled_rules = [
"920300",
"920440"
]
}
}
}
}

data "azurerm_web_application_firewall_policy" "test" {
resource_group_name = azurerm_resource_group.test.name
name = azurerm_web_application_firewall_policy.test.name
}
`, data.RandomInteger, data.Locations.Primary)
rikribbers marked this conversation as resolved.
Show resolved Hide resolved
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
package network

import (
"fmt"
"time"

"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
)

func dataArmWebApplicationFirewallPolicy() *schema.Resource {
rikribbers marked this conversation as resolved.
Show resolved Hide resolved
return &schema.Resource{
Read: dataSourceArmWebApplicationFirewallPolicy,

Timeouts: &schema.ResourceTimeout{
Read: schema.DefaultTimeout(5 * time.Minute),
},

Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringIsNotEmpty,
},

rikribbers marked this conversation as resolved.
Show resolved Hide resolved
"resource_group_name": azure.SchemaResourceGroupNameForDataSource(),

"tags": tags.Schema(),
},
}
}

func dataSourceArmWebApplicationFirewallPolicy(d *schema.ResourceData, meta interface{}) error {
client := meta.(*clients.Client).Network.WebApplicationFirewallPoliciesClient
ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
defer cancel()

name := d.Get("name").(string)
resourceGroup := d.Get("resource_group_name").(string)
resp, err := client.Get(ctx, resourceGroup, name)
if err != nil {
if utils.ResponseWasNotFound(resp.Response) {
return fmt.Errorf("Error: Web Application Firewall Policy %q was not found", name)
}
return err
}

d.SetId(*resp.ID)

d.Set("name", resp.Name)
d.Set("resource_group_name", resourceGroup)
if location := resp.Location; location != nil {
d.Set("location", azure.NormalizeLocation(*location))
}

return tags.FlattenAndSet(d, resp.Tags)
}
3 changes: 3 additions & 0 deletions website/azurerm.erb
Original file line number Diff line number Diff line change
Expand Up @@ -640,6 +640,9 @@
<li>
<a href="/docs/providers/azurerm/d/virtual_network_gateway_connection.html">azurerm_virtual_network_gateway_connection</a>
</li>
<li>
<a href="/docs/providers/azurerm/d/web_application_firewall_policy.html">azurerm_web_application_firewall_policy</a>
</li>
</ul>
</li>

Expand Down
44 changes: 44 additions & 0 deletions website/docs/d/web_application_firewall_policy.html.markdown
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
---
subcategory: "Network"
layout: "azurerm"
page_title: "Azure Resource Manager: Data Source: azurerm_web_application_firewall_policy"
description: |-
Gets information about an existing Web Application Firewall Policy.
---

# Data Source: azurerm_web_application_firewall_policy

Use this data source to access information about an existing Web Application Firewall Policy.

## Example Usage

```hcl
data "azurerm_web_application_firewall_policy" "example" {
resource_group_name = "existing"
name = "existing"
}

output "id" {
value = data.azurerm_web_application_firewall_policy.example.id
}
```

## Arguments Reference

The following arguments are supported:

* `name` - (Required) The name of the Web Application Firewall Policy

* `resource_group_name` - (Required) The name of the Resource Group where the Web Application Firewall Policy exists.

## Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

* `id` - The ID of the Web Application Firewall Policy.

## Timeouts

The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions:

* `read` - (Defaults to 5 minutes) Used when retrieving the Web Application Firewall Policy.