Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

web_application_firewall_policy - Adds support for requestBodyEnforcement #27094

Merged
merged 9 commits into from
Aug 20, 2024
Original file line number Diff line number Diff line change
Expand Up @@ -390,6 +390,12 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource {
Default: 100,
},

"request_body_enforcement": {
Type: pluginsdk.TypeBool,
Optional: true,
Default: true,
},

"max_request_body_size_in_kb": {
Type: pluginsdk.TypeInt,
Optional: true,
Expand Down Expand Up @@ -720,13 +726,15 @@ func expandWebApplicationFirewallPolicyPolicySettings(input []interface{}) *weba
}
mode := v["mode"].(string)
requestBodyCheck := v["request_body_check"].(bool)
requestBodyEnforcement := v["request_body_enforcement"].(bool)
maxRequestBodySizeInKb := v["max_request_body_size_in_kb"].(int)
fileUploadLimitInMb := v["file_upload_limit_in_mb"].(int)

result := webapplicationfirewallpolicies.PolicySettings{
State: pointer.To(enabled),
Mode: pointer.To(webapplicationfirewallpolicies.WebApplicationFirewallMode(mode)),
RequestBodyCheck: pointer.To(requestBodyCheck),
RequestBodyEnforcement: pointer.To(requestBodyEnforcement),
MaxRequestBodySizeInKb: pointer.To(int64(maxRequestBodySizeInKb)),
FileUploadLimitInMb: pointer.To(int64(fileUploadLimitInMb)),
LogScrubbing: expandWebApplicationFirewallPolicyLogScrubbing(v["log_scrubbing"].([]interface{})),
Expand Down Expand Up @@ -1079,6 +1087,7 @@ func flattenWebApplicationFirewallPolicyPolicySettings(input *webapplicationfire
result["enabled"] = pointer.From(input.State) == webapplicationfirewallpolicies.WebApplicationFirewallEnabledStateEnabled
result["mode"] = string(pointer.From(input.Mode))
result["request_body_check"] = input.RequestBodyCheck
result["request_body_enforcement"] = input.RequestBodyEnforcement
result["max_request_body_size_in_kb"] = int(pointer.From(input.MaxRequestBodySizeInKb))
result["file_upload_limit_in_mb"] = int(pointer.From(input.FileUploadLimitInMb))
result["log_scrubbing"] = flattenWebApplicationFirewallPolicyLogScrubbing(input.LogScrubbing)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,7 @@ func TestAccWebApplicationFirewallPolicy_complete(t *testing.T) {
check.That(data.ResourceName).Key("policy_settings.0.enabled").HasValue("true"),
check.That(data.ResourceName).Key("policy_settings.0.mode").HasValue("Prevention"),
check.That(data.ResourceName).Key("policy_settings.0.request_body_check").HasValue("true"),
check.That(data.ResourceName).Key("policy_settings.0.request_body_enforcement").HasValue("true"),
lcssanches marked this conversation as resolved.
Show resolved Hide resolved
check.That(data.ResourceName).Key("policy_settings.0.file_upload_limit_in_mb").HasValue("100"),
check.That(data.ResourceName).Key("policy_settings.0.max_request_body_size_in_kb").HasValue("128"),
),
Expand Down Expand Up @@ -189,6 +190,7 @@ func TestAccWebApplicationFirewallPolicy_update(t *testing.T) {
check.That(data.ResourceName).Key("policy_settings.0.enabled").HasValue("true"),
check.That(data.ResourceName).Key("policy_settings.0.mode").HasValue("Prevention"),
check.That(data.ResourceName).Key("policy_settings.0.request_body_check").HasValue("true"),
check.That(data.ResourceName).Key("policy_settings.0.request_body_enforcement").HasValue("true"),
lcssanches marked this conversation as resolved.
Show resolved Hide resolved
check.That(data.ResourceName).Key("policy_settings.0.file_upload_limit_in_mb").HasValue("100"),
check.That(data.ResourceName).Key("policy_settings.0.max_request_body_size_in_kb").HasValue("128"),
),
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions website/docs/d/application_gateway.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -507,6 +507,8 @@ A `waf_configuration` block exports the following:

* `request_body_check` - Is Request Body Inspection enabled?

* `request_body_enforcement` - Is Request Body limit enabled?

* `max_request_body_size_kb` - The Maximum Request Body Size in KB.

* `exclusion` - One or more `exclusion` blocks as defined below.
Expand Down
2 changes: 2 additions & 0 deletions website/docs/r/application_gateway.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -553,6 +553,8 @@ A `waf_configuration` block supports the following:

* `request_body_check` - (Optional) Is Request Body Inspection enabled? Defaults to `true`.

* `request_body_enforcement` - (Optional) Whether the firewall should block request with body size greater then `max_request_body_size_kb`. Defaults to `true`.
lcssanches marked this conversation as resolved.
Show resolved Hide resolved

* `max_request_body_size_kb` - (Optional) The Maximum Request Body Size in KB. Accepted values are in the range `1`KB to `128`KB. Defaults to `128`KB.

* `exclusion` - (Optional) One or more `exclusion` blocks as defined below.
Expand Down
Loading