[WAF] advanced settings update in `resource/opentelekomcloud_waf_dedi…

…cated_alarm_masking_rule_v1` (#2582) [WAF] advanced settings update in `resource/opentelekomcloud_waf_dedicated_alarm_masking_rule_v1` Summary of the Pull Request PR Checklist Refers to: #2570 Tests added/passed. Documentation updated. Schema updated. Release notes added. Acceptance Steps Performed === RUN TestAccWafDedicatedAlarmMaskingRuleV1_basic --- PASS: TestAccWafDedicatedAlarmMaskingRuleV1_basic (63.14s) PASS Process finished with exit code 0 Reviewed-by: Artem Lifshits
opentelekomcloud · Jul 10, 2024 · 5951f05 · 5951f05
1 parent a97485c
commit 5951f05
Show file tree

Hide file tree

Showing 6 changed files with 94 additions and 22 deletions.
diff --git a/go.mod b/go.mod
@@ -16,7 +16,7 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0
 	github.com/keybase/go-crypto v0.0.0-20200123153347-de78d2cb44f4
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20240704110702-f16d978e7095
+	github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20240708122908-1b7bf66887e2
 	github.com/unknwon/com v1.0.1
 	golang.org/x/crypto v0.21.0
 	golang.org/x/sync v0.1.0

diff --git a/go.sum b/go.sum
@@ -158,6 +158,8 @@ github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
 github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20240704110702-f16d978e7095 h1:RYnv8uu7/Zdx3MTpAVJYkD/qsVDgIAKPde4avYKAENA=
 github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20240704110702-f16d978e7095/go.mod h1:M1F6OfSRZRzAmAFKQqSLClX952at5hx5rHe4UTEykgg=
+github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20240708122908-1b7bf66887e2 h1:4/m8eOG1UIe0+QL6/dBt7ptXM6s7aFzMUIN7WsttFKg=
+github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20240708122908-1b7bf66887e2/go.mod h1:M1F6OfSRZRzAmAFKQqSLClX952at5hx5rHe4UTEykgg=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=

diff --git a/...loud/acceptance/waf/resource_opentelekomcloud_waf_dedicated_alarm_masking_rule_v1_test.go b/...loud/acceptance/waf/resource_opentelekomcloud_waf_dedicated_alarm_masking_rule_v1_test.go
@@ -33,13 +33,29 @@ func TestAccWafDedicatedAlarmMaskingRuleV1_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "description", "description"),
 					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "conditions.#", "1"),
 					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "conditions.0.category", "url"),
+					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "advanced_settings.0.index", "header"),
+					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "advanced_settings.0.contents.0", "content-type"),
 				),
 			},
 			{
-				ResourceName:      wafdAlarmMaskingRuleName,
-				ImportState:       true,
-				ImportStateVerify: true,
-				ImportStateIdFunc: dedicatedRuleImportStateIDFunc(wafdAlarmMaskingRuleName, wafdPolicyResourceName),
+				Config: testAccWafDedicatedAlarmMaskingRuleV1AdvIndex,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckWafDedicatedAlarmMaskingRuleV1Exists(wafdAlarmMaskingRuleName, &rule),
+					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "domains.#", "1"),
+					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "domains.0", "www.example.com"),
+					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "rule", "all"),
+					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "description", "description"),
+					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "conditions.#", "1"),
+					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "conditions.0.category", "url"),
+					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "advanced_settings.0.index", "header"),
+				),
+			},
+			{
+				ResourceName:            wafdAlarmMaskingRuleName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateIdFunc:       dedicatedRuleImportStateIDFunc(wafdAlarmMaskingRuleName, wafdPolicyResourceName),
+				ImportStateVerifyIgnore: []string{"advanced_settings.0.contents"},
 			},
 		},
 	})
@@ -114,5 +130,31 @@ resource "opentelekomcloud_waf_dedicated_alarm_masking_rule_v1" "rule_1" {
     contents        = ["/login"]
     logic_operation = "equal"
   }
+  advanced_settings {
+    index    = "header"
+    contents = ["content-type"]
+  }
+}
+`
+
+const testAccWafDedicatedAlarmMaskingRuleV1AdvIndex = `
+resource "opentelekomcloud_waf_dedicated_policy_v1" "policy_1" {
+  name = "policy_am"
+}
+
+resource "opentelekomcloud_waf_dedicated_alarm_masking_rule_v1" "rule_1" {
+  policy_id   = opentelekomcloud_waf_dedicated_policy_v1.policy_1.id
+  domains     = ["www.example.com"]
+  rule        = "all"
+  description = "description"
+
+  conditions {
+    category        = "url"
+    contents        = ["/login"]
+    logic_operation = "equal"
+  }
+  advanced_settings {
+    index = "header"
+  }
 }
 `
diff --git a/opentelekomcloud/common/utils.go b/opentelekomcloud/common/utils.go
@@ -497,3 +497,17 @@ func ExpandToIntList(v []interface{}) []int {
 	}
 	return s
 }
+
+// ValueIgnoreEmpty returns to the string value. if v is empty, return nil
+func ValueIgnoreEmpty(v interface{}) interface{} {
+	vl := reflect.ValueOf(v)
+	if (vl.Kind() != reflect.Bool) && vl.IsZero() {
+		return nil
+	}
+
+	if (vl.Kind() == reflect.Array || vl.Kind() == reflect.Slice) && vl.Len() == 0 {
+		return nil
+	}
+
+	return v
+}
diff --git a/...elekomcloud/services/waf/resource_opentelekomcloud_waf_dedicated_alarm_masking_rule_v1.go b/...elekomcloud/services/waf/resource_opentelekomcloud_waf_dedicated_alarm_masking_rule_v1.go
@@ -86,6 +86,7 @@ func ResourceWafDedicatedAlarmMaskingRuleV1() *schema.Resource {
 			"advanced_settings": {
 				Type:     schema.TypeList,
 				Optional: true,
+				MaxItems: 1,
 				ForceNew: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
@@ -159,25 +160,27 @@ func getAmConditions(d *schema.ResourceData) []rules.IgnoreCondition {
 	return conditionList
 }
 
-func getAmAdvancedSettings(d *schema.ResourceData) []rules.AdvancedIgnoreObject {
-	var advancedList []rules.AdvancedIgnoreObject
+func getAmAdvancedSettings(d *schema.ResourceData) rules.AdvancedIgnoreObject {
+	var advancedObj rules.AdvancedIgnoreObject
 	advanced := d.Get("advanced_settings").([]interface{})
 	for _, a := range advanced {
 		adv := a.(map[string]interface{})
 		contentsRaw := adv["contents"].([]interface{})
-		contents := make([]string, len(contentsRaw))
-
-		for i, content := range contentsRaw {
-			contents[i] = content.(string)
+		var contents []string
+		if len(contentsRaw) == 0 {
+			contents = append(contents, "all")
 		}
-
-		advancedObj := rules.AdvancedIgnoreObject{
+		for _, content := range contentsRaw {
+			if content := common.ValueIgnoreEmpty(content.(string)); content != nil {
+				contents = append(contents, content.(string))
+			}
+		}
+		advancedObj = rules.AdvancedIgnoreObject{
 			Index:    adv["index"].(string),
 			Contents: contents,
 		}
-		advancedList = append(advancedList, advancedObj)
 	}
-	return advancedList
+	return advancedObj
 }
 
 func resourceWafDedicatedAlarmMaskingRuleV1Create(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
@@ -235,7 +238,6 @@ func resourceWafDedicatedAlarmMaskingRuleV1Read(ctx context.Context, d *schema.R
 	mErr := multierror.Append(
 		d.Set("policy_id", rule.PolicyId),
 		d.Set("rule", rule.Rule),
-		d.Set("advanced_settings", rule.Advanced),
 		d.Set("domains", rule.Domains),
 		d.Set("description", rule.Description),
 		d.Set("status", rule.Status),
@@ -253,14 +255,21 @@ func resourceWafDedicatedAlarmMaskingRuleV1Read(ctx context.Context, d *schema.R
 		conditions = append(conditions, condition)
 	}
 
-	var advanced []map[string]interface{}
-	for _, advancedObj := range rule.Advanced {
-		adv := map[string]interface{}{
-			"index":    advancedObj.Index,
-			"contents": advancedObj.Contents,
+	var advanced = []map[string]interface{}{
+		{
+			"index":    rule.Advanced.Index,
+			"contents": rule.Advanced.Contents,
+		},
+	}
+	adv := d.Get("advanced_settings").([]interface{})
+	for _, a := range adv {
+		adv := a.(map[string]interface{})
+		contentsRaw := adv["contents"].([]interface{})
+		if len(contentsRaw) == 0 {
+			advanced[0]["contents"] = nil
 		}
-		advanced = append(advanced, adv)
 	}
+
 	mErr = multierror.Append(mErr,
 		d.Set("conditions", conditions),
 		d.Set("advanced_settings", advanced),

diff --git a/releasenotes/notes/wafd-alarm-masking-rule-avd-sett-9d4aa3079dc5806e.yaml b/releasenotes/notes/wafd-alarm-masking-rule-avd-sett-9d4aa3079dc5806e.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    **[WAF]** Fix setting of `advanced_settings` in ``resource/opentelekomcloud_waf_dedicated_alarm_masking_rule_v1``
+    (`#2582 <https://github.com/opentelekomcloud/terraform-provider-opentelekomcloud/pull/2582>`_)