Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

r/aws_wafv2_web_acl: add support for captcha in rule actions #21766

Conversation

wedneyyuri
Copy link

We can now configure rules to run a CAPTCHA check against web requests and, as needed, send a CAPTCHA challenge to the client

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #21754

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccWAFV2WebACL_' PKG_NAME=internal/service/wafv2

--- PASS: TestAccWAFV2WebACL_disappears (46.59s)
--- PASS: TestAccWAFV2WebACL_minimal (64.41s)
--- PASS: TestAccWAFV2WebACL_basic (66.79s)
--- PASS: TestAccWAFV2WebACL_Operators_maxNested (87.27s)
--- PASS: TestAccWAFV2WebACL_Update_nameForceNew (95.51s)
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_basic (104.39s)
--- PASS: TestAccWAFV2WebACL_Custom_response (106.21s)
--- PASS: TestAccWAFV2WebACL_GeoMatch_basic (111.33s)
--- PASS: TestAccWAFV2WebACL_RateBased_forwardedIP (113.00s)
--- PASS: TestAccWAFV2WebACL_GeoMatch_forwardedIP (114.08s)
--- PASS: TestAccWAFV2WebACL_RateBased_basic (120.77s)
--- PASS: TestAccWAFV2WebACL_IPSetReference_basic (125.96s)
--- PASS: TestAccWAFV2WebACL_Update_rule (130.30s)
--- PASS: TestAccWAFV2WebACL_RateBased_maxNested (138.40s)
--- PASS: TestAccWAFV2WebACL_RuleGroupReference_basic (146.37s)
--- PASS: TestAccWAFV2WebACL_Update_ruleProperties (147.75s)
--- PASS: TestAccWAFV2WebACL_Custom_requestHandling (148.60s)
--- PASS: TestAccWAFV2WebACL_tags (182.04s)
--- PASS: TestAccWAFV2WebACL_IPSetReference_forwardedIP (234.00s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/wafv2	234.053s

@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. documentation Introduces or discusses updates to documentation. service/wafv2 Issues and PRs that pertain to the wafv2 service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. size/L Managed by automation to categorize the size of a PR. labels Nov 13, 2021
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Welcome @wedneyyuri 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTING guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

@wedneyyuri wedneyyuri changed the title service/wafv2: add support for captcha in rule actions r/aws_wafv2_web_acl: add support for captcha in rule actions Nov 13, 2021
We can now configure rules to run a CAPTCHA check against web requests and, as needed, send a CAPTCHA challenge to the client
@wedneyyuri wedneyyuri force-pushed the f-aws_wafv2_web_acl-add_rule_action_captcha branch from 71a229d to 8fb1370 Compare November 13, 2021 21:51
@justinretzolk justinretzolk added enhancement Requests to existing resources that expand the functionality or scope. and removed needs-triage Waiting for first response or review from a maintainer. labels Nov 15, 2021
@nouhab
Copy link

nouhab commented Jan 10, 2022

can you tell us when this pull request will be merged please ?

@flavioelawi
Copy link

Am I missing it or CaptchaConfig is not included in this PR?

@jeffery7
Copy link

jeffery7 commented Mar 2, 2022

Is it this?

func wafv2CaptchaConfigSchema() *schema.Schema {

It sure would be great to be able to configure rate_based_rules to use Captcha using TF.

@kunalsumblyavenue
Copy link

Any idea when will this get merged ? Thanks

@nodomain
Copy link

nodomain commented Apr 4, 2022

Needing this as well.

@tolidano
Copy link

does it make sense for this to also support specifying the custom rule based CAPTCHA token lifetime as noted here: https://docs.aws.amazon.com/sdk-for-go/api/service/wafv2/#CaptchaConfig.SetImmunityTimeProperty

This is the same type as used in the WebACL: https://docs.aws.amazon.com/sdk-for-go/api/service/wafv2/#WebACL
But on the Rule: https://docs.aws.amazon.com/sdk-for-go/api/service/wafv2/#WebACL

@breathingdust
Copy link
Member

Hi all 👋 Just letting you know that this is issue is featured on this quarters roadmap. If a PR exists to close the issue a maintainer will review and either make changes directly, or work with the original author to get the contribution merged. If you have written a PR to resolve the issue please ensure the "Allow edits from maintainers" box is checked. Thanks for your patience and we are looking forward to getting this merged soon!

Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccWAFV2WebACL_' PKG=wafv2 ACCTEST_PARALLELISM=2 
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/wafv2/... -v -count 1 -parallel 2  -run=TestAccWAFV2WebACL_ -timeout 180m
=== RUN   TestAccWAFV2WebACL_basic
=== PAUSE TestAccWAFV2WebACL_basic
=== RUN   TestAccWAFV2WebACL_Update_rule
=== PAUSE TestAccWAFV2WebACL_Update_rule
=== RUN   TestAccWAFV2WebACL_Update_ruleProperties
=== PAUSE TestAccWAFV2WebACL_Update_ruleProperties
=== RUN   TestAccWAFV2WebACL_Update_nameForceNew
=== PAUSE TestAccWAFV2WebACL_Update_nameForceNew
=== RUN   TestAccWAFV2WebACL_disappears
=== PAUSE TestAccWAFV2WebACL_disappears
=== RUN   TestAccWAFV2WebACL_ManagedRuleGroup_basic
=== PAUSE TestAccWAFV2WebACL_ManagedRuleGroup_basic
=== RUN   TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
=== PAUSE TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
=== RUN   TestAccWAFV2WebACL_minimal
=== PAUSE TestAccWAFV2WebACL_minimal
=== RUN   TestAccWAFV2WebACL_RateBased_basic
=== PAUSE TestAccWAFV2WebACL_RateBased_basic
=== RUN   TestAccWAFV2WebACL_GeoMatch_basic
=== PAUSE TestAccWAFV2WebACL_GeoMatch_basic
=== RUN   TestAccWAFV2WebACL_GeoMatch_forwardedIP
=== PAUSE TestAccWAFV2WebACL_GeoMatch_forwardedIP
=== RUN   TestAccWAFV2WebACL_LabelMatchStatement
=== PAUSE TestAccWAFV2WebACL_LabelMatchStatement
=== RUN   TestAccWAFV2WebACL_RuleLabels
=== PAUSE TestAccWAFV2WebACL_RuleLabels
=== RUN   TestAccWAFV2WebACL_IPSetReference_basic
=== PAUSE TestAccWAFV2WebACL_IPSetReference_basic
=== RUN   TestAccWAFV2WebACL_IPSetReference_forwardedIP
=== PAUSE TestAccWAFV2WebACL_IPSetReference_forwardedIP
=== RUN   TestAccWAFV2WebACL_RateBased_forwardedIP
=== PAUSE TestAccWAFV2WebACL_RateBased_forwardedIP
=== RUN   TestAccWAFV2WebACL_RuleGroupReference_basic
=== PAUSE TestAccWAFV2WebACL_RuleGroupReference_basic
=== RUN   TestAccWAFV2WebACL_Custom_requestHandling
=== PAUSE TestAccWAFV2WebACL_Custom_requestHandling
=== RUN   TestAccWAFV2WebACL_Custom_response
=== PAUSE TestAccWAFV2WebACL_Custom_response
=== RUN   TestAccWAFV2WebACL_tags
=== PAUSE TestAccWAFV2WebACL_tags
=== RUN   TestAccWAFV2WebACL_RateBased_maxNested
=== PAUSE TestAccWAFV2WebACL_RateBased_maxNested
=== RUN   TestAccWAFV2WebACL_Operators_maxNested
=== PAUSE TestAccWAFV2WebACL_Operators_maxNested
=== CONT  TestAccWAFV2WebACL_basic
=== CONT  TestAccWAFV2WebACL_LabelMatchStatement
--- PASS: TestAccWAFV2WebACL_basic (22.19s)
=== CONT  TestAccWAFV2WebACL_Custom_requestHandling
--- PASS: TestAccWAFV2WebACL_LabelMatchStatement (40.71s)
=== CONT  TestAccWAFV2WebACL_Operators_maxNested
--- PASS: TestAccWAFV2WebACL_Operators_maxNested (21.33s)
=== CONT  TestAccWAFV2WebACL_RateBased_maxNested
--- PASS: TestAccWAFV2WebACL_Custom_requestHandling (49.82s)
=== CONT  TestAccWAFV2WebACL_tags
--- PASS: TestAccWAFV2WebACL_RateBased_maxNested (24.19s)
=== CONT  TestAccWAFV2WebACL_Custom_response
--- PASS: TestAccWAFV2WebACL_tags (71.68s)
=== CONT  TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
--- PASS: TestAccWAFV2WebACL_Custom_response (79.73s)
=== CONT  TestAccWAFV2WebACL_GeoMatch_forwardedIP
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion (57.71s)
=== CONT  TestAccWAFV2WebACL_GeoMatch_basic
--- PASS: TestAccWAFV2WebACL_GeoMatch_forwardedIP (57.18s)
=== CONT  TestAccWAFV2WebACL_RateBased_basic
--- PASS: TestAccWAFV2WebACL_GeoMatch_basic (55.88s)
=== CONT  TestAccWAFV2WebACL_minimal
--- PASS: TestAccWAFV2WebACL_RateBased_basic (53.01s)
=== CONT  TestAccWAFV2WebACL_Update_nameForceNew
--- PASS: TestAccWAFV2WebACL_minimal (23.39s)
=== CONT  TestAccWAFV2WebACL_ManagedRuleGroup_basic
--- PASS: TestAccWAFV2WebACL_Update_nameForceNew (33.99s)
=== CONT  TestAccWAFV2WebACL_disappears
--- PASS: TestAccWAFV2WebACL_disappears (14.34s)
=== CONT  TestAccWAFV2WebACL_IPSetReference_forwardedIP
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_basic (50.68s)
=== CONT  TestAccWAFV2WebACL_RuleGroupReference_basic
--- PASS: TestAccWAFV2WebACL_RuleGroupReference_basic (43.93s)
=== CONT  TestAccWAFV2WebACL_RateBased_forwardedIP
--- PASS: TestAccWAFV2WebACL_IPSetReference_forwardedIP (77.99s)
=== CONT  TestAccWAFV2WebACL_Update_ruleProperties
--- PASS: TestAccWAFV2WebACL_RateBased_forwardedIP (37.70s)
=== CONT  TestAccWAFV2WebACL_Update_rule
--- PASS: TestAccWAFV2WebACL_Update_rule (37.81s)
=== CONT  TestAccWAFV2WebACL_RuleLabels
--- PASS: TestAccWAFV2WebACL_Update_ruleProperties (56.14s)
=== CONT  TestAccWAFV2WebACL_IPSetReference_basic
--- PASS: TestAccWAFV2WebACL_IPSetReference_basic (21.99s)
--- PASS: TestAccWAFV2WebACL_RuleLabels (36.65s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/wafv2	491.287s

@ewbankkit
Copy link
Contributor

@wedneyyuri Thanks for the contribution 🎉 👏.

@ewbankkit ewbankkit merged commit c9e05af into hashicorp:main Jun 27, 2022
@github-actions github-actions bot added this to the v4.21.0 milestone Jun 27, 2022
@github-actions
Copy link

github-actions bot commented Jul 1, 2022

This functionality has been released in v4.21.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 31, 2022
@wedneyyuri wedneyyuri deleted the f-aws_wafv2_web_acl-add_rule_action_captcha branch August 11, 2022 13:37
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
documentation Introduces or discusses updates to documentation. enhancement Requests to existing resources that expand the functionality or scope. service/wafv2 Issues and PRs that pertain to the wafv2 service. size/L Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

WAFv2: Add support of Captcha into aws_wafv2_web_acl rule action statement
10 participants