Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Firewall Config resource #195

Merged
merged 19 commits into from
Sep 30, 2024
Merged

Add Firewall Config resource #195

merged 19 commits into from
Sep 30, 2024

Conversation

sueplex
Copy link
Contributor

@sueplex sueplex commented Jul 26, 2024
edited
Loading

Adds a new resource and client connector for the Firewall configuration API

Supports updating custom rules, ip blocking rules and managed rulesets

@sueplex sueplex requested a review from dglsparsons as a code owner July 26, 2024 00:20
@sueplex sueplex marked this pull request as draft July 26, 2024 00:20
dglsparsons
dglsparsons reviewed Jul 26, 2024
View reviewed changes
vercel/provider.go
@@ -57,6 +57,7 @@ func (p *vercelProvider) Resources(_ context.Context) []func() resource.Resource
newEdgeConfigResource,
newEdgeConfigSchemaResource,
newEdgeConfigTokenResource,
newFirewallConfigResource,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there value in having a DataSource too? (probably not?)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea ideally I'd want to have a couple separate datasources that you can actually use within the config resource to avoid this thing getting too out of control, but haven't quite spent the time to look into it. not sure if it makes too much sense for datasource of the firewall config

dglsparsons
dglsparsons reviewed Jul 26, 2024
View reviewed changes
vercel/resource_attack_challenge_mode.go
@@ -63,7 +63,7 @@ Attack Challenge Mode prevent malicious traffic by showing a verification challe
PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
},
"project_id": schema.StringAttribute{
Description: "The ID of the Project to adjust the CPU for.",
Description: "The ID of the Project to toggle Attack Challenge Mode on.",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good spot.

dglsparsons
dglsparsons reviewed Jul 26, 2024
View reviewed changes
vercel/resource_firewall_config.go Outdated
Algo types.String `tfsdk:"algo"`
Window types.Int64 `tfsdk:"window"`
Limit types.Int64 `tfsdk:"limit"`
Keys []types.String `tfsdk:"keys"`
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

types.List might be nicer 🤷

dglsparsons
dglsparsons reviewed Jul 26, 2024
View reviewed changes
vercel/resource_firewall_config.go Outdated
type Mitigate struct {
Action types.String `tfsdk:"action"`
RateLimit *RateLimit `tfsdk:"rate_limit"`
Redirect *Redirect `tfsdk:"redirect"`
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could consider using types.Object rather than *Redirect for these kinda fields. Not a biggie if it makes the code a lot messier though.

dglsparsons
dglsparsons reviewed Jul 26, 2024
View reviewed changes
go.mod
Comment on lines +6 to +8
github.com/hashicorp/terraform-plugin-framework v1.10.0
github.com/hashicorp/terraform-plugin-framework-validators v0.13.0
github.com/hashicorp/terraform-plugin-go v0.23.0
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I usually try to do package bumps as a separate PR, but not worth separating out now.

@socket-security Socket Security
Copy link

socket-security bot commented Aug 1, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
golang/github.com/hashicorp/terraform-plugin-framework-validators@v0.13.0 None 0 1.21 MB
golang/github.com/hashicorp/terraform-plugin-framework@v1.10.0 unsafe 0 14.3 MB
golang/github.com/hashicorp/terraform-plugin-go@v0.23.0 environment, filesystem, unsafe 0 1.81 MB

🚮 Removed packages: golang/github.com/hashicorp/terraform-plugin-framework@v1.7.0, golang/github.com/hashicorp/terraform-plugin-go@v0.22.1

View full report↗︎

@sueplex sueplex force-pushed the sa/firewall-resource branch from 07e498f to 7680352 Compare August 9, 2024 19:59
@sueplex sueplex marked this pull request as ready for review September 5, 2024 14:20
craigandrews
craigandrews previously approved these changes Sep 5, 2024
View reviewed changes
jasonodonnell
jasonodonnell reviewed Sep 20, 2024
View reviewed changes
vercel/resource_firewall_config.go
Blocks: map[string]schema.Block{
"managed_rulesets": schema.SingleNestedBlock{
Description: "The managed rulesets that are enabled.",
Blocks: map[string]schema.Block{
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A helper function to populate these might make this more readable.

@sueplex sueplex merged commit 7682ba9 into main Sep 30, 2024
9 checks passed
@sueplex sueplex deleted the sa/firewall-resource branch September 30, 2024 21:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonodonnell jasonodonnell jasonodonnell left review comments

@dglsparsons dglsparsons dglsparsons approved these changes

@craigandrews craigandrews craigandrews left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sueplex @jasonodonnell @dglsparsons @craigandrews