From 6f19d2c34d034c048c5efe2469e8d8915206ac0b Mon Sep 17 00:00:00 2001
From: Gavin Chappell <gchappell@barracuda.com>
Date: Tue, 25 Aug 2020 14:56:49 +0100
Subject: [PATCH 1/3] allow SocketAddr to be used as a match_variable

This is already supported by the 2020-01-01 Front Door schema, which is an included module in v44.2.0+incompatible of azure-sdk-for-go, so this is a relatively simple change to the validation within the provider only and has a test

Fixes: #8121
---
 .../frontdoor_firewall_policy_resource.go     |  1 +
 ...frontdoor_firewall_policy_resource_test.go | 27 +++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/azurerm/internal/services/frontdoor/frontdoor_firewall_policy_resource.go b/azurerm/internal/services/frontdoor/frontdoor_firewall_policy_resource.go
index a73b62294f6d..33af01949828 100644
--- a/azurerm/internal/services/frontdoor/frontdoor_firewall_policy_resource.go
+++ b/azurerm/internal/services/frontdoor/frontdoor_firewall_policy_resource.go
@@ -167,6 +167,7 @@ func resourceArmFrontDoorFirewallPolicy() *schema.Resource {
 											string(frontdoor.RequestHeader),
 											string(frontdoor.RequestMethod),
 											string(frontdoor.RequestURI),
+											string(frontdoor.SocketAddr),
 										}, false),
 									},
 
diff --git a/azurerm/internal/services/frontdoor/tests/frontdoor_firewall_policy_resource_test.go b/azurerm/internal/services/frontdoor/tests/frontdoor_firewall_policy_resource_test.go
index 91cc7327aad7..de7f7b6ed9b0 100644
--- a/azurerm/internal/services/frontdoor/tests/frontdoor_firewall_policy_resource_test.go
+++ b/azurerm/internal/services/frontdoor/tests/frontdoor_firewall_policy_resource_test.go
@@ -72,6 +72,7 @@ func TestAccAzureRMFrontDoorFirewallPolicy_update(t *testing.T) {
 					resource.TestCheckResourceAttr(data.ResourceName, "name", fmt.Sprintf("testAccFrontDoorWAF%d", data.RandomInteger)),
 					resource.TestCheckResourceAttr(data.ResourceName, "mode", "Prevention"),
 					resource.TestCheckResourceAttr(data.ResourceName, "custom_rule.1.name", "Rule2"),
+					resource.TestCheckResourceAttr(data.ResourceName, "custom_rule.2.name", "Rule3"),
 				),
 			},
 			{
@@ -336,6 +337,32 @@ resource "azurerm_frontdoor_firewall_policy" "test" {
     }
   }
 
+  custom_rule {
+    name                           = "Rule3"
+    enabled                        = true
+    priority                       = 2
+    rate_limit_duration_in_minutes = 1
+    rate_limit_threshold           = 10
+    type                           = "MatchRule"
+    action                         = "Block"
+
+    match_condition {
+      match_variable     = "SocketAddr"
+      operator           = "IPMatch"
+      negation_condition = false
+      match_values       = ["192.168.1.0/24"]
+    }
+
+    match_condition {
+      match_variable     = "RequestHeader"
+      selector           = "UserAgent"
+      operator           = "Contains"
+      negation_condition = false
+      match_values       = ["windows"]
+      transforms         = ["Lowercase", "Trim"]
+    }
+  }
+
   managed_rule {
     type    = "DefaultRuleSet"
     version = "1.0"

From 9d477ce9727ea2792de03f711fa1b65dca255d3b Mon Sep 17 00:00:00 2001
From: Gavin Chappell <gchappell@barracuda.com>
Date: Tue, 25 Aug 2020 15:57:02 +0100
Subject: [PATCH 2/3] update docs

---
 website/docs/r/frontdoor_firewall_policy.html.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/docs/r/frontdoor_firewall_policy.html.markdown b/website/docs/r/frontdoor_firewall_policy.html.markdown
index 129a3785910a..f4072867f94c 100644
--- a/website/docs/r/frontdoor_firewall_policy.html.markdown
+++ b/website/docs/r/frontdoor_firewall_policy.html.markdown
@@ -167,7 +167,7 @@ The `custom_rule` block supports the following:
 
 The `match_condition` block supports the following:
 
-* `match_variable` - (Required) The request variable to compare with. Possible values are `Cookies`, `PostArgs`, `QueryString`, `RemoteAddr`, `RequestBody`, `RequestHeader`, `RequestMethod`, or `RequestUri`.
+* `match_variable` - (Required) The request variable to compare with. Possible values are `Cookies`, `PostArgs`, `QueryString`, `RemoteAddr`, `RequestBody`, `RequestHeader`, `RequestMethod`, `RequestUri`, or `SocketAddr`.
 
 * `match_values` - (Required) Up to `100` possible values to match.
 

From 11a33dce12e691853ccba336072cb2d712527f57 Mon Sep 17 00:00:00 2001
From: Gavin Chappell <gchappell@barracuda.com>
Date: Wed, 26 Aug 2020 17:40:34 +0100
Subject: [PATCH 3/3] provide unique priority value for newly-created rule

---
 .../frontdoor/tests/frontdoor_firewall_policy_resource_test.go  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azurerm/internal/services/frontdoor/tests/frontdoor_firewall_policy_resource_test.go b/azurerm/internal/services/frontdoor/tests/frontdoor_firewall_policy_resource_test.go
index de7f7b6ed9b0..bc35caa7973f 100644
--- a/azurerm/internal/services/frontdoor/tests/frontdoor_firewall_policy_resource_test.go
+++ b/azurerm/internal/services/frontdoor/tests/frontdoor_firewall_policy_resource_test.go
@@ -340,7 +340,7 @@ resource "azurerm_frontdoor_firewall_policy" "test" {
   custom_rule {
     name                           = "Rule3"
     enabled                        = true
-    priority                       = 2
+    priority                       = 3
     rate_limit_duration_in_minutes = 1
     rate_limit_threshold           = 10
     type                           = "MatchRule"