From 2d4d4d6977b9e150059425263db9d4bf708fea71 Mon Sep 17 00:00:00 2001
From: Ben Vickers <ben.vickers@opencredo.com>
Date: Wed, 28 Feb 2018 12:35:38 +0000
Subject: [PATCH] add rate_limit resource docs

---
 cloudflare/resource_cloudflare_rate_limit.go | 92 +++++++++---------
 website/cloudflare.erb                       |  3 +
 website/docs/r/rate_limit.html.markdown      | 99 ++++++++++++++++++++
 3 files changed, 148 insertions(+), 46 deletions(-)
 create mode 100644 website/docs/r/rate_limit.html.markdown

diff --git a/cloudflare/resource_cloudflare_rate_limit.go b/cloudflare/resource_cloudflare_rate_limit.go
index b05f873fd7..1412f93127 100644
--- a/cloudflare/resource_cloudflare_rate_limit.go
+++ b/cloudflare/resource_cloudflare_rate_limit.go
@@ -21,7 +21,7 @@ func resourceCloudFlareRateLimit() *schema.Resource {
 			State: resourceCloudFlareRateLimitImport,
 		},
 
-		SchemaVersion: 1,
+		SchemaVersion: 0,
 		Schema: map[string]*schema.Schema{
 			"zone": {
 				Type:     schema.TypeString,
@@ -51,6 +51,51 @@ func resourceCloudFlareRateLimit() *schema.Resource {
 				ValidateFunc: validation.IntBetween(1, 86400),
 			},
 
+			"action": {
+				Type:     schema.TypeList,
+				Required: true,
+				MinItems: 1,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"mode": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: validation.StringInSlice([]string{"simulate", "ban"}, true),
+						},
+
+						"timeout": {
+							Type:         schema.TypeInt,
+							Required:     true,
+							ValidateFunc: validation.IntBetween(1, 86400),
+						},
+
+						"response": {
+							Type:     schema.TypeList,
+							Optional: true,
+							MinItems: 1,
+							MaxItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"content_type": {
+										Type:         schema.TypeString,
+										Required:     true,
+										ValidateFunc: validation.StringInSlice([]string{"text/plain", "text/xml", "application/json"}, true),
+									},
+
+									"body": {
+										Type:         schema.TypeString,
+										Required:     true,
+										ValidateFunc: validation.StringLenBetween(0, 10240),
+										// maybe good to hash the body before saving in state file?
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+
 			"match": {
 				Type:     schema.TypeList,
 				Optional: true,
@@ -119,51 +164,6 @@ func resourceCloudFlareRateLimit() *schema.Resource {
 				},
 			},
 
-			"action": {
-				Type:     schema.TypeList,
-				Required: true,
-				MinItems: 1,
-				MaxItems: 1,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"mode": {
-							Type:         schema.TypeString,
-							Required:     true,
-							ValidateFunc: validation.StringInSlice([]string{"simulate", "ban"}, true),
-						},
-
-						"timeout": {
-							Type:         schema.TypeInt,
-							Required:     true,
-							ValidateFunc: validation.IntBetween(1, 86400),
-						},
-
-						"response": {
-							Type:     schema.TypeList,
-							Optional: true,
-							MinItems: 1,
-							MaxItems: 1,
-							Elem: &schema.Resource{
-								Schema: map[string]*schema.Schema{
-									"content_type": {
-										Type:         schema.TypeString,
-										Required:     true,
-										ValidateFunc: validation.StringInSlice([]string{"text/plain", "text/xml", "application/json"}, true),
-									},
-
-									"body": {
-										Type:         schema.TypeString,
-										Required:     true,
-										ValidateFunc: validation.StringLenBetween(0, 10240),
-										// maybe good to hash the body before saving in state file?
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-
 			"disabled": {
 				Type:     schema.TypeBool,
 				Optional: true,
diff --git a/website/cloudflare.erb b/website/cloudflare.erb
index 575e827af8..03b37c432b 100644
--- a/website/cloudflare.erb
+++ b/website/cloudflare.erb
@@ -25,6 +25,9 @@
             <li<%= sidebar_current("docs-cloudflare-resource-record") %>>
               <a href="/docs/providers/cloudflare/r/record.html">cloudflare_record</a>
             </li>
+            <li<%= sidebar_current("docs-cloudflare-rate-limit") %>>
+              <a href="/docs/providers/cloudflare/r/rate_limit.html">cloudflare_rate_limit</a>
+            </li>
           </ul>
         </li>
       </ul>
diff --git a/website/docs/r/rate_limit.html.markdown b/website/docs/r/rate_limit.html.markdown
new file mode 100644
index 0000000000..0ad2359a75
--- /dev/null
+++ b/website/docs/r/rate_limit.html.markdown
@@ -0,0 +1,99 @@
+---
+layout: "cloudflare"
+page_title: "Cloudflare: cloudflare_rate_limit"
+sidebar_current: "docs-cloudflare-resource-rate-limit"
+description: |-
+  Provides a Cloudflare rate limit resource for a particular zone.
+---
+
+# cloudflare_rate_limit
+
+Provides a Cloudflare rate limit resource for a given zone. This can be used to limit the traffic you receive zone-wide, or matching more specific types of requests/responses.
+
+## Example Usage
+
+```hcl
+resource "cloudflare_rate_limit" "example" {
+  zone = "${var.cloudflare_zone}"
+  threshold = 2000
+  period = 2
+  match {
+    request {
+      url_pattern = "${var.cloudflare_zone}/*"
+      schemes = ["HTTP", "HTTPS"]
+      methods = ["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD"]
+    }
+    response {
+      statuses = [200, 201, 202, 301, 429]
+      origin_traffic = false
+    }
+  }
+  action {
+    mode = "simulate"
+    timeout = 43200
+    response {
+      content_type = "text/plain"
+      body = "custom response body"
+    }
+  }
+  disabled = false
+  description = "example rate limit for a zone"
+  bypass_url_patterns = ["${var.cloudflare_zone}/bypass1","${var.cloudflare_zone}/bypass2"]
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `zone` - (Required) The DNS zone to apply rate limiting to.
+* `threshold` - (Required) The threshold that triggers the rate limit mitigations, combine with period. i.e. threshold per period (min: 2, max: 1,000,000).
+* `period` - (Required) The time in seconds to count matching traffic. If the count exceeds threshold within this period the action will be performed (min: 1, max: 86,400).
+* `action` - (Required) The action to be performed when the threshold of matched traffic within the period defined is exceeded.
+* `match` - (Optional) Determines which traffic the rate limit counts towards the threshold. By default matches all traffic in the zone. See definition below.
+* `disabled` - (Optional) Whether this ratelimit is currently disabled. Default: `false`.
+* `description` - (Optional) A note that you can use to describe the reason for a rate limit. This value is sanitized and all tags are removed.
+* `bypass_url_patterns` - (Optional) URLs matching the patterns specified here will be excluded from rate limiting.
+
+The **match** block supports:
+
+* `request` - (Optional) Matches HTTP requests (from the client to Cloudflare). See definition below.
+* `response` (Optional) Matches HTTP responses before they are returned to the client from Cloudflare. If this is defined, then the entire counting of traffic occurs at this stage. This field is not required.
+
+The **match.request** block supports:
+
+* `methods` - (Optional) HTTP Methods, can be a subset ['POST','PUT'] or all ['_ALL_']. Default: ['_ALL_'].
+* `schemes` - (Optional) HTTP Schemes, can be one ['HTTPS'], both ['HTTP','HTTPS'] or all ['_ALL_'].  Default: ['_ALL_'].
+* `url_pattern` - (Optional) The URL pattern to match comprised of the host and path, i.e. example.org/path. Wildcard are expanded to match applicable traffic, query strings are not matched. Use * for all traffic to your zone. Default: '*'.
+
+The **match.response** block supports:
+
+* `status` - (Optional) HTTP Status codes, can be one [403], many [401,403] or indicate all by not providing this value.
+* `origin_traffic` - (Optional) Only count traffic that has come from your origin servers. If true, cached items that Cloudflare serve will not count towards rate limiting. Default: `true`.
+
+The **action** block supports:
+
+* `mode` - (Required) The type of action to perform. Allowable values are 'simulate' and 'ban'.
+* `timeout` - (Required) The time in seconds as an integer to perform the mitigation action. Must be the same or greater than the period (min: 1, max:86,400).
+* `response` - (Optional) Custom content-type and body to return, this overrides the custom error for the zone. This field is not required. Omission will result in default HTML error page. Definition below.
+
+The **action.response** block supports:
+
+* `content_type` - (Required) The content-type of the body, must be one of: 'text/plain', 'text/xml', 'application/json'.
+* `body` - (Required) The body to return, the content here should conform to the content_type.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - Composite of zone name and rate limit ID - formatted as `${zone}_${rate_limit_id}`.
+* `zone_id` - The DNS zone ID.
+* `rate_limit_id` - Rate limit ID.
+
+## Import
+
+Rate limits can be imported using the composite ID formed of zone name and rate limit ID, e.g.
+
+```
+$ terraform import cloudflare_rate_limit.default example.com_ch8374ftwdghsif43
+```
\ No newline at end of file