resource/cloudflare_ruleset: send ERE payload as one

We don't need to restrict the entrypoint calls to "execute" calls; send it all as one payload.
cloudflare · Aug 29, 2021 · f5f4f13 · f5f4f13
1 parent f052274
commit f5f4f13
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 20 deletions.
diff --git a/cloudflare/resource_cloudflare_ruleset.go b/cloudflare/resource_cloudflare_ruleset.go
@@ -264,23 +264,19 @@ func resourceCloudflareRulesetCreate(d *schema.ResourceData, meta interface{}) e
 		return errors.Wrap(err, fmt.Sprintf("error creating ruleset %s", d.Get("name").(string)))
 	}
 
-	for i, rule := range rules {
-		if rule.Action == string(cloudflare.RulesetRuleActionExecute) {
-			rulesetEntryPoint := cloudflare.Ruleset{
-				Description: d.Get("description").(string),
-				Rules:       []cloudflare.RulesetRule{rules[i]},
-			}
+	rulesetEntryPoint := cloudflare.Ruleset{
+		Description: d.Get("description").(string),
+		Rules:       rules,
+	}
 
-			if accountID != "" {
-				_, err = client.UpdateAccountRulesetPhase(context.Background(), accountID, rs.Phase, rulesetEntryPoint)
-			} else {
-				_, err = client.UpdateZoneRulesetPhase(context.Background(), zoneID, rs.Phase, rulesetEntryPoint)
-			}
+	if accountID != "" {
+		_, err = client.UpdateAccountRulesetPhase(context.Background(), accountID, rs.Phase, rulesetEntryPoint)
+	} else {
+		_, err = client.UpdateZoneRulesetPhase(context.Background(), zoneID, rs.Phase, rulesetEntryPoint)
+	}
 
-			if err != nil {
-				return errors.Wrap(err, fmt.Sprintf("error updating ruleset phase entrypoint %s", d.Get("name").(string)))
-			}
-		}
+	if err != nil {
+		return errors.Wrap(err, fmt.Sprintf("error updating ruleset phase entrypoint %s", d.Get("name").(string)))
 	}
 
 	d.SetId(ruleset.ID)

diff --git a/cloudflare/resource_cloudflare_ruleset_test.go b/cloudflare/resource_cloudflare_ruleset_test.go
@@ -21,24 +21,24 @@ func TestAccCloudflareRuleset_WAFBasic(t *testing.T) {
 
 	t.Parallel()
 	rnd := generateRandomResourceName()
-	accountID := os.Getenv("CLOUDFLARE_ACCOUNT_ID")
+	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")
 	resourceName := "cloudflare_ruleset." + rnd
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:  func() { testAccPreCheck(t) },
 		Providers: testAccProviders,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccCheckCloudflareRulesetCustomWAFBasic(rnd, "my basic WAF ruleset", accountID),
+				Config: testAccCheckCloudflareRulesetCustomWAFBasic(rnd, "my basic WAF ruleset", zoneID),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(resourceName, "name", "my basic WAF ruleset"),
 					resource.TestCheckResourceAttr(resourceName, "description", rnd+" ruleset description"),
-					resource.TestCheckResourceAttr(resourceName, "kind", "custom"),
+					resource.TestCheckResourceAttr(resourceName, "kind", "zone"),
 					resource.TestCheckResourceAttr(resourceName, "phase", "http_request_firewall_custom"),
 
 					resource.TestCheckResourceAttr(resourceName, "rules.#", "1"),
-					resource.TestCheckResourceAttr(resourceName, "rules.0.action", "log"),
-					resource.TestCheckResourceAttr(resourceName, "rules.0.expression", "true"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action", "challenge"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.expression", "(ip.geoip.country eq \"GB\" or ip.geoip.country eq \"FR\") or cf.threat_score > 0"),
 					resource.TestCheckResourceAttr(resourceName, "rules.0.description", rnd+" ruleset rule description"),
 				),
 			},