Skip to content

fix(waf): [124160075] update resource #3382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
May 29, 2025
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .changelog/3382.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
```release-note:enhancement
resource/tencentcloud_waf_cc: support `cel_rule`, `logical_op`
```

```release-note:enhancement
resource/tencentcloud_waf_custom_white_rule: support `logical_op`
```
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
@@ -46,7 +46,7 @@ require (
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1107
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.1033
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.1148
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1164
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1170
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.1153
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.762
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.1161
@@ -97,7 +97,7 @@ require (
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tsf v1.0.674
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.860
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.1154
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1163
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1170
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wedata v1.0.792
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199
github.com/tencentyun/cos-go-sdk-v5 v0.7.64
4 changes: 4 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
@@ -979,6 +979,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1163 h1:RZs
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1163/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1164 h1:qEzZCZf1sgvvrZ8ngws0gZlyW+sOdY0K9VXGm4AcvTE=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1164/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1170 h1:67TIDmxXDa73+7nFuyVVxtVswf83JPXiwBy1Xicv+xQ=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1170/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/controlcenter v1.0.993 h1:WlPgXldQCxt7qi5Xrc6j6zTrsXWzN5BcOGs7Irq7fwQ=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/controlcenter v1.0.993/go.mod h1:Z9U8zNtyuyKhjS0698wqsrG/kLx1TQ5CEixXBwVe7xY=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/csip v1.0.860 h1:F3esKBIT3HW9+7Gt8cVgf8X06VdGIczpgLBUECzSEzU=
@@ -1137,6 +1139,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1162 h1:gnmuUa
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1162/go.mod h1:bu3KAFeoJ1xDGQp72h9Le3FqbOcCcdomOUig3OqgcE4=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1163 h1:dR/VWftnsFH/O18MaaM4DXDkBgFMIZYSWR4/6moy78A=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1163/go.mod h1:RsiGONPLLzraDKCq1fs7bcm1OStioX7OWLXydoAmUf0=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1170 h1:kcQCWuI9zOkZgL5CK66HNAJmSWCSJxRrDxXT+j02CeE=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1170/go.mod h1:vTukVfThbBIc4lOf4eq/q51eEk78oZUJd2lAoJBOJwI=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wedata v1.0.792 h1:NLgKNOIHWa38AmW7dyfI9Jlcp2Kr9VRD94f48pPNmxM=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wedata v1.0.792/go.mod h1:Xz6vPV3gHlzPwtEcmWdWO1EUXJDgn2p7UMCXbJiVioQ=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199 h1:hMBLtiJPnZ9GvA677cTB6ELBR6B68wCR2QY1sNoGQc4=
65 changes: 56 additions & 9 deletions tencentcloud/services/waf/resource_tc_waf_bot_scene_ucb_rule.go
Original file line number Diff line number Diff line change
@@ -2,6 +2,7 @@ package waf

import (
"context"
"encoding/base64"
"fmt"
"log"
"strings"
@@ -437,12 +438,16 @@ func resourceTencentCloudWafBotSceneUCBRuleCreate(d *schema.ResourceData, meta i
for _, item := range v.([]interface{}) {
if ruleMap, ok := item.(map[string]interface{}); ok && ruleMap != nil {
inOutputUCBRuleEntry := waf.InOutputUCBRuleEntry{}
var base46Flag bool
if v, ok := ruleMap["key"]; ok {
inOutputUCBRuleEntry.Key = helper.String(v.(string))
}

if v, ok := ruleMap["op"]; ok {
inOutputUCBRuleEntry.Op = helper.String(v.(string))
if v.(string) == "rematch" {
base46Flag = true
}
}

if valueMap, ok := helper.InterfaceToMap(ruleMap, "value"); ok {
@@ -471,10 +476,20 @@ func resourceTencentCloudWafBotSceneUCBRuleCreate(d *schema.ResourceData, meta i

if v, ok := valueMap["multi_value"]; ok {
multiValueSet := v.(*schema.Set).List()
for i := range multiValueSet {
if multiValueSet[i] != nil {
multiValue := multiValueSet[i].(string)
uCBEntryValue.MultiValue = append(uCBEntryValue.MultiValue, &multiValue)
if base46Flag {
for i := range multiValueSet {
if multiValueSet[i] != nil {
multiValue := multiValueSet[i].(string)
bs64Str := helper.String(base64.URLEncoding.EncodeToString([]byte(multiValue)))
uCBEntryValue.MultiValue = append(uCBEntryValue.MultiValue, bs64Str)
}
}
} else {
for i := range multiValueSet {
if multiValueSet[i] != nil {
multiValue := multiValueSet[i].(string)
uCBEntryValue.MultiValue = append(uCBEntryValue.MultiValue, &multiValue)
}
}
}
}
@@ -767,12 +782,16 @@ func resourceTencentCloudWafBotSceneUCBRuleRead(d *schema.ResourceData, meta int
tmpList := make([]map[string]interface{}, 0, len(respData.Rule))
for _, item := range respData.Rule {
dMap := make(map[string]interface{})
var base46Flag bool
if item.Key != nil {
dMap["key"] = item.Key
}

if item.Op != nil {
dMap["op"] = item.Op
if *item.Op == "rematch" {
base46Flag = true
}
}

if item.Value != nil {
@@ -795,7 +814,21 @@ func resourceTencentCloudWafBotSceneUCBRuleRead(d *schema.ResourceData, meta int
}

if item.Value.MultiValue != nil {
valueMap["multi_value"] = item.Value.MultiValue
if base46Flag {
tmpMvList := make([]string, 0, len(item.Value.MultiValue))
for _, item := range item.Value.MultiValue {
decoded, e := base64.StdEncoding.DecodeString(*item)
if e != nil {
return fmt.Errorf("[%s] base64 decode error: %s", *item, e.Error())
}

tmpMvList = append(tmpMvList, string(decoded))
}

valueMap["multi_value"] = tmpMvList
} else {
valueMap["multi_value"] = item.Value.MultiValue
}
}

valueList = append(valueList, valueMap)
@@ -1028,12 +1061,16 @@ func resourceTencentCloudWafBotSceneUCBRuleUpdate(d *schema.ResourceData, meta i
for _, item := range v.([]interface{}) {
if ruleMap, ok := item.(map[string]interface{}); ok && ruleMap != nil {
inOutputUCBRuleEntry := waf.InOutputUCBRuleEntry{}
var base46Flag bool
if v, ok := ruleMap["key"]; ok {
inOutputUCBRuleEntry.Key = helper.String(v.(string))
}

if v, ok := ruleMap["op"]; ok {
inOutputUCBRuleEntry.Op = helper.String(v.(string))
if v.(string) == "rematch" {
base46Flag = true
}
}

if valueMap, ok := helper.InterfaceToMap(ruleMap, "value"); ok {
@@ -1062,10 +1099,20 @@ func resourceTencentCloudWafBotSceneUCBRuleUpdate(d *schema.ResourceData, meta i

if v, ok := valueMap["multi_value"]; ok {
multiValueSet := v.(*schema.Set).List()
for i := range multiValueSet {
if multiValueSet[i] != nil {
multiValue := multiValueSet[i].(string)
uCBEntryValue.MultiValue = append(uCBEntryValue.MultiValue, &multiValue)
if base46Flag {
for i := range multiValueSet {
if multiValueSet[i] != nil {
multiValue := multiValueSet[i].(string)
bs64Str := helper.String(base64.URLEncoding.EncodeToString([]byte(multiValue)))
uCBEntryValue.MultiValue = append(uCBEntryValue.MultiValue, bs64Str)
}
}
} else {
for i := range multiValueSet {
if multiValueSet[i] != nil {
multiValue := multiValueSet[i].(string)
uCBEntryValue.MultiValue = append(uCBEntryValue.MultiValue, &multiValue)
}
}
}
}
12 changes: 12 additions & 0 deletions tencentcloud/services/waf/resource_tc_waf_bot_scene_ucb_rule.md
Original file line number Diff line number Diff line change
@@ -20,6 +20,18 @@ resource "tencentcloud_waf_bot_scene_ucb_rule" "example" {
}
}

rule {
key = "url"
op = "rematch"
lang = "cn"
value {
multi_value = [
"/prefix",
"/startwith"
]
}
}

action = "monitor"
on_off = "on"
rule_type = 0
35 changes: 35 additions & 0 deletions tencentcloud/services/waf/resource_tc_waf_cc.go
Original file line number Diff line number Diff line change
@@ -120,6 +120,17 @@ func ResourceTencentCloudWafCc() *schema.Resource {
Computed: true,
Description: "Frequency limiting method.",
},
"cel_rule": {
Optional: true,
Type: schema.TypeString,
Description: "Cel expression.",
},
"logical_op": {
Optional: true,
Computed: true,
Type: schema.TypeString,
Description: "Logical operator of configuration mode, and/or.",
},
"rule_id": {
Computed: true,
Type: schema.TypeString,
@@ -218,6 +229,14 @@ func resourceTencentCloudWafCcCreate(d *schema.ResourceData, meta interface{}) e
request.LimitMethod = helper.String(v.(string))
}

if v, ok := d.GetOk("cel_rule"); ok {
request.CelRule = helper.String(v.(string))
}

if v, ok := d.GetOk("logical_op"); ok {
request.LogicalOp = helper.String(v.(string))
}

request.RuleId = helper.IntInt64(0)
err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseWafClient().UpsertCCRule(request)
@@ -337,6 +356,14 @@ func resourceTencentCloudWafCcRead(d *schema.ResourceData, meta interface{}) err
_ = d.Set("limit_method", cc.LimitMethod)
}

if cc.CelRule != nil {
_ = d.Set("cel_rule", cc.CelRule)
}

if cc.LogicalOp != nil {
_ = d.Set("logical_op", cc.LogicalOp)
}

if cc.RuleId != nil {
ruleIdStr := strconv.FormatUint(*cc.RuleId, 10)
_ = d.Set("rule_id", ruleIdStr)
@@ -439,6 +466,14 @@ func resourceTencentCloudWafCcUpdate(d *schema.ResourceData, meta interface{}) e
request.LimitMethod = helper.String(v.(string))
}

if v, ok := d.GetOk("cel_rule"); ok {
request.CelRule = helper.String(v.(string))
}

if v, ok := d.GetOk("logical_op"); ok {
request.LogicalOp = helper.String(v.(string))
}

err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseWafClient().UpsertCCRule(request)
if e != nil {
75 changes: 72 additions & 3 deletions tencentcloud/services/waf/resource_tc_waf_cc.md
Original file line number Diff line number Diff line change
@@ -2,10 +2,12 @@ Provides a resource to create a WAF cc

Example Usage

If advance is 0(IP model)

```hcl
resource "tencentcloud_waf_cc" "example" {
domain = "www.demo.com"
name = "terraform"
name = "tf-example"
status = 1
advance = "0"
limit = "60"
@@ -17,15 +19,82 @@ resource "tencentcloud_waf_cc" "example" {
valid_time = 600
edition = "sparta-waf"
type = 1
logical_op = "and"
options_arr = jsonencode(
[
{
"key" : "URL",
"args" : [
"=cHJlZml4"
],
"match" : "2",
"encodeflag" : true
},
{
"key" : "Method",
"args" : ["=R0VU"],
"args" : [
"=POST" # if encodeflag is false, parameter value needs to be prefixed with an = sign.
],
"match" : "0",
"encodeflag" : false
},
{
"key" : "Post",
"args" : [
"S2V5=VmFsdWU"
],
"match" : "0",
"encodeflag" : true
},
{
"key" : "Referer",
"args" : [
"="
],
"match" : "12",
"encodeflag" : true
},
{
"key" : "Cookie",
"args" : [
"S2V5=VmFsdWU"
],
"match" : "3",
"encodeflag" : true
},
{
"key" : "IPLocation",
"args" : [
"=eyJMYW5nIjoiY24iLCJBcmVhcyI6W3siQ291bnRyeSI6IuWbveWkliJ9XX0"
],
"match" : "13",
"encodeflag" : true
}
]
)
}
```
```

If advance is 1(SESSION model)

```hcl
resource "tencentcloud_waf_cc" "example" {
domain = "news.bots.icu"
name = "tf-example"
status = 1
advance = "1"
limit = "60"
interval = "60"
url = "/cc_demo"
match_func = 0
action_type = "22"
priority = 50
valid_time = 600
edition = "sparta-waf"
type = 1
session_applied = [0]
limit_method = "only_limit"
logical_op = "or"
cel_rule = "(has(request.url) && request.url.startsWith('/prefix')) && (has(request.method) && request.method == 'POST')"
}
```
Loading