Skip to content

Commit 9543d71

Browse files
SevenEarthSevenEarth
committed
add
1 parent 9aa8f52 commit 9543d71

File tree

3 files changed

+345
-39
lines changed

3 files changed

+345
-39
lines changed

tencentcloud/services/teo/resource_tc_teo_security_policy_config.go

Lines changed: 298 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,7 @@ func ResourceTencentCloudTeoSecurityPolicyConfig() *schema.Resource {
4848
"rules": {
4949
Type: schema.TypeList,
5050
Optional: true,
51+
Deprecated: "It has been deprecated from version 1.81.184. Please use `precise_match_rules` or `basic_access_rules` instead.",
5152
Description: "List of custom rule definitions. <br>when modifying the Web protection configuration using ModifySecurityPolicy: <br> - if the Rules parameter is not specified or the parameter length of Rules is zero: clear all custom rule configurations. <br> - if the parameter value of CustomRules in the SecurityPolicy parameter is not specified: keep the existing custom rule configuration without modification.",
5253
Elem: &schema.Resource{
5354
Schema: map[string]*schema.Schema{
@@ -150,6 +151,214 @@ func ResourceTencentCloudTeoSecurityPolicyConfig() *schema.Resource {
150151
},
151152
},
152153
},
154+
"precise_match_rules": {
155+
Type: schema.TypeList,
156+
Optional: true,
157+
Description: "List of custom rule definitions. <br>when modifying the Web protection configuration using ModifySecurityPolicy: <br> - if the Rules parameter is not specified or the parameter length of Rules is zero: clear all custom rule configurations. <br> - if the parameter value of CustomRules in the SecurityPolicy parameter is not specified: keep the existing custom rule configuration without modification.",
158+
Elem: &schema.Resource{
159+
Schema: map[string]*schema.Schema{
160+
"name": {
161+
Type: schema.TypeString,
162+
Required: true,
163+
Description: "The name of the custom rule.",
164+
},
165+
"condition": {
166+
Type: schema.TypeString,
167+
Required: true,
168+
Description: "The specific content of the custom rule must comply with the expression grammar. please refer to the product document for detailed specifications.",
169+
},
170+
"action": {
171+
Type: schema.TypeList,
172+
Required: true,
173+
MaxItems: 1,
174+
Description: "Execution actions for custom rules. the Name parameter value of SecurityAction supports: <li>Deny: block;</li> <li>Monitor: observe;</li> <li>ReturnCustomPage: block using a specified page;</li> <li>Redirect: Redirect to URL;</li> <li>BlockIP: IP blocking;</li> <li>JSChallenge: JavaScript challenge;</li> <li>ManagedChallenge: managed challenge;</li> <li>Allow: Allow.</li>.",
175+
Elem: &schema.Resource{
176+
Schema: map[string]*schema.Schema{
177+
"name": {
178+
Type: schema.TypeString,
179+
Required: true,
180+
Description: "Specific actions for safe execution. valid values:.\n<li>Deny: block</li> <li>Monitor: Monitor</li> <li>ReturnCustomPage: use specified page to block</li> <li>Redirect: Redirect to URL</li> <li>BlockIP: IP block</li> <li>JSChallenge: JavaScript challenge</li> <li>ManagedChallenge: managed challenge</li> <li>Disabled: Disabled</li> <li>Allow: Allow</li>.",
181+
},
182+
"block_ip_action_parameters": {
183+
Type: schema.TypeList,
184+
Optional: true,
185+
MaxItems: 1,
186+
Description: "Additional parameter when Name is BlockIP.",
187+
Elem: &schema.Resource{
188+
Schema: map[string]*schema.Schema{
189+
"duration": {
190+
Type: schema.TypeString,
191+
Required: true,
192+
Description: "Penalty duration for blocking ips. supported units: <li>s: second, value range 1-120;</li> <li>m: minute, value range 1-120;</li> <li>h: hour, value range 1-48.</li>.",
193+
},
194+
},
195+
},
196+
},
197+
"return_custom_page_action_parameters": {
198+
Type: schema.TypeList,
199+
Optional: true,
200+
MaxItems: 1,
201+
Description: "Additional parameter when Name is ReturnCustomPage.",
202+
Elem: &schema.Resource{
203+
Schema: map[string]*schema.Schema{
204+
"response_code": {
205+
Type: schema.TypeString,
206+
Required: true,
207+
Description: "Response status code.",
208+
},
209+
"error_page_id": {
210+
Type: schema.TypeString,
211+
Required: true,
212+
Description: "Response custom page ID.",
213+
},
214+
},
215+
},
216+
},
217+
"redirect_action_parameters": {
218+
Type: schema.TypeList,
219+
Optional: true,
220+
MaxItems: 1,
221+
Description: "Additional parameter when Name is Redirect.",
222+
Elem: &schema.Resource{
223+
Schema: map[string]*schema.Schema{
224+
"url": {
225+
Type: schema.TypeString,
226+
Required: true,
227+
Description: "Redirect URL.",
228+
},
229+
},
230+
},
231+
},
232+
},
233+
},
234+
},
235+
"enabled": {
236+
Type: schema.TypeString,
237+
Required: true,
238+
Description: "Indicates whether the custom rule is enabled. valid values: <li>on: enabled</li> <li>off: disabled</li>.",
239+
},
240+
"id": {
241+
Type: schema.TypeString,
242+
Computed: true,
243+
Description: "The ID of a custom rule. <br> the rule ID supports different rule configuration operations: <br> - add a new rule: ID is empty or the ID parameter is not specified; <br> - modify an existing rule: specify the rule ID that needs to be updated/modified; <br> - delete an existing rule: existing Rules not included in the Rules list of the CustomRules parameter will be deleted.",
244+
},
245+
"rule_type": {
246+
Type: schema.TypeString,
247+
Computed: true,
248+
Description: "Type of custom rule. valid values: <li>BasicAccessRule: basic access control;</li> <li>PreciseMatchRule: exact matching rule, default;</li> <li>ManagedAccessRule: expert customized rule, for output only.</li> the default value is PreciseMatchRule.",
249+
},
250+
"priority": {
251+
Type: schema.TypeInt,
252+
Optional: true,
253+
Description: "Customizes the priority of rules. value range: 0-100. it defaults to 0. only supports `rule_type` is `PreciseMatchRule`.",
254+
},
255+
},
256+
},
257+
},
258+
"basic_access_rules": {
259+
Type: schema.TypeList,
260+
Optional: true,
261+
Description: "List of custom rule definitions. <br>when modifying the Web protection configuration using ModifySecurityPolicy: <br> - if the Rules parameter is not specified or the parameter length of Rules is zero: clear all custom rule configurations. <br> - if the parameter value of CustomRules in the SecurityPolicy parameter is not specified: keep the existing custom rule configuration without modification.",
262+
Elem: &schema.Resource{
263+
Schema: map[string]*schema.Schema{
264+
"name": {
265+
Type: schema.TypeString,
266+
Required: true,
267+
Description: "The name of the custom rule.",
268+
},
269+
"condition": {
270+
Type: schema.TypeString,
271+
Required: true,
272+
Description: "The specific content of the custom rule must comply with the expression grammar. please refer to the product document for detailed specifications.",
273+
},
274+
"action": {
275+
Type: schema.TypeList,
276+
Required: true,
277+
MaxItems: 1,
278+
Description: "Execution actions for custom rules. the Name parameter value of SecurityAction supports: <li>Deny: block;</li> <li>Monitor: observe;</li> <li>ReturnCustomPage: block using a specified page;</li> <li>Redirect: Redirect to URL;</li> <li>BlockIP: IP blocking;</li> <li>JSChallenge: JavaScript challenge;</li> <li>ManagedChallenge: managed challenge;</li> <li>Allow: Allow.</li>.",
279+
Elem: &schema.Resource{
280+
Schema: map[string]*schema.Schema{
281+
"name": {
282+
Type: schema.TypeString,
283+
Required: true,
284+
Description: "Specific actions for safe execution. valid values:.\n<li>Deny: block</li> <li>Monitor: Monitor</li> <li>ReturnCustomPage: use specified page to block</li> <li>Redirect: Redirect to URL</li> <li>BlockIP: IP block</li> <li>JSChallenge: JavaScript challenge</li> <li>ManagedChallenge: managed challenge</li> <li>Disabled: Disabled</li> <li>Allow: Allow</li>.",
285+
},
286+
"block_ip_action_parameters": {
287+
Type: schema.TypeList,
288+
Optional: true,
289+
MaxItems: 1,
290+
Description: "Additional parameter when Name is BlockIP.",
291+
Elem: &schema.Resource{
292+
Schema: map[string]*schema.Schema{
293+
"duration": {
294+
Type: schema.TypeString,
295+
Required: true,
296+
Description: "Penalty duration for blocking ips. supported units: <li>s: second, value range 1-120;</li> <li>m: minute, value range 1-120;</li> <li>h: hour, value range 1-48.</li>.",
297+
},
298+
},
299+
},
300+
},
301+
"return_custom_page_action_parameters": {
302+
Type: schema.TypeList,
303+
Optional: true,
304+
MaxItems: 1,
305+
Description: "Additional parameter when Name is ReturnCustomPage.",
306+
Elem: &schema.Resource{
307+
Schema: map[string]*schema.Schema{
308+
"response_code": {
309+
Type: schema.TypeString,
310+
Required: true,
311+
Description: "Response status code.",
312+
},
313+
"error_page_id": {
314+
Type: schema.TypeString,
315+
Required: true,
316+
Description: "Response custom page ID.",
317+
},
318+
},
319+
},
320+
},
321+
"redirect_action_parameters": {
322+
Type: schema.TypeList,
323+
Optional: true,
324+
MaxItems: 1,
325+
Description: "Additional parameter when Name is Redirect.",
326+
Elem: &schema.Resource{
327+
Schema: map[string]*schema.Schema{
328+
"url": {
329+
Type: schema.TypeString,
330+
Required: true,
331+
Description: "Redirect URL.",
332+
},
333+
},
334+
},
335+
},
336+
},
337+
},
338+
},
339+
"enabled": {
340+
Type: schema.TypeString,
341+
Required: true,
342+
Description: "Indicates whether the custom rule is enabled. valid values: <li>on: enabled</li> <li>off: disabled</li>.",
343+
},
344+
"id": {
345+
Type: schema.TypeString,
346+
Computed: true,
347+
Description: "The ID of a custom rule. <br> the rule ID supports different rule configuration operations: <br> - add a new rule: ID is empty or the ID parameter is not specified; <br> - modify an existing rule: specify the rule ID that needs to be updated/modified; <br> - delete an existing rule: existing Rules not included in the Rules list of the CustomRules parameter will be deleted.",
348+
},
349+
"rule_type": {
350+
Type: schema.TypeString,
351+
Computed: true,
352+
Description: "Type of custom rule. valid values: <li>BasicAccessRule: basic access control;</li> <li>PreciseMatchRule: exact matching rule, default;</li> <li>ManagedAccessRule: expert customized rule, for output only.</li> the default value is PreciseMatchRule.",
353+
},
354+
"priority": {
355+
Type: schema.TypeInt,
356+
Optional: true,
357+
Description: "Customizes the priority of rules. value range: 0-100. it defaults to 0. only supports `rule_type` is `PreciseMatchRule`.",
358+
},
359+
},
360+
},
361+
},
153362
},
154363
},
155364
},
@@ -539,10 +748,12 @@ func resourceTencentCloudTeoSecurityPolicyConfigRead(d *schema.ResourceData, met
539748
securityPolicyMap := map[string]interface{}{}
540749
if respData.CustomRules != nil {
541750
customRulesMap := map[string]interface{}{}
542-
rulesList := make([]map[string]interface{}, 0, len(respData.CustomRules.Rules))
751+
preciseMatchRulesList := make([]map[string]interface{}, 0, len(respData.CustomRules.Rules))
752+
basicAccessRulesList := make([]map[string]interface{}, 0, len(respData.CustomRules.Rules))
543753
if respData.CustomRules.Rules != nil {
544754
for _, rules := range respData.CustomRules.Rules {
545755
rulesMap := map[string]interface{}{}
756+
ruleType := ""
546757
if rules.Name != nil {
547758
rulesMap["name"] = rules.Name
548759
}
@@ -601,20 +812,25 @@ func resourceTencentCloudTeoSecurityPolicyConfigRead(d *schema.ResourceData, met
601812

602813
if rules.RuleType != nil {
603814
rulesMap["rule_type"] = rules.RuleType
815+
ruleType = *rules.RuleType
604816
}
605817

606818
if rules.Priority != nil {
607819
rulesMap["priority"] = rules.Priority
608820
}
609821

610-
rulesList = append(rulesList, rulesMap)
822+
if ruleType == "PreciseMatchRule" {
823+
preciseMatchRulesList = append(preciseMatchRulesList, rulesMap)
824+
} else if ruleType == "BasicAccessRule" {
825+
basicAccessRulesList = append(basicAccessRulesList, rulesMap)
826+
} else {
827+
continue
828+
}
611829
}
612-
613-
customRulesMap["rules"] = rulesList
614-
} else {
615-
customRulesMap["rules"] = rulesList
616830
}
617831

832+
customRulesMap["precise_match_rules"] = preciseMatchRulesList
833+
customRulesMap["basic_access_rules"] = basicAccessRulesList
618834
securityPolicyMap["custom_rules"] = []interface{}{customRulesMap}
619835
}
620836

@@ -849,6 +1065,12 @@ func resourceTencentCloudTeoSecurityPolicyConfigUpdate(d *schema.ResourceData, m
8491065
if customRulesMap, ok := helper.ConvertInterfacesHeadToMap(securityPolicyMap["custom_rules"]); ok {
8501066
customRules := teov20220901.CustomRules{}
8511067
if v, ok := customRulesMap["rules"]; ok {
1068+
if len(v.([]interface{})) > 0 {
1069+
return fmt.Errorf("`rules` has been deprecated from version 1.81.184. Please use `precise_match_rules` or `basic_access_rules` instead.")
1070+
}
1071+
}
1072+
1073+
if v, ok := customRulesMap["precise_match_rules"]; ok {
8521074
for _, item := range v.([]interface{}) {
8531075
rulesMap := item.(map[string]interface{})
8541076
customRule := teov20220901.CustomRule{}
@@ -908,10 +1130,78 @@ func resourceTencentCloudTeoSecurityPolicyConfigUpdate(d *schema.ResourceData, m
9081130
customRule.Id = helper.String(v)
9091131
}
9101132

911-
if v, ok := rulesMap["rule_type"].(string); ok && v != "" {
912-
customRule.RuleType = helper.String(v)
1133+
customRule.RuleType = helper.String("PreciseMatchRule")
1134+
1135+
if v, ok := rulesMap["priority"].(int); ok {
1136+
customRule.Priority = helper.IntInt64(v)
1137+
}
1138+
1139+
customRules.Rules = append(customRules.Rules, &customRule)
1140+
}
1141+
}
1142+
1143+
if v, ok := customRulesMap["basic_access_rules"]; ok {
1144+
for _, item := range v.([]interface{}) {
1145+
rulesMap := item.(map[string]interface{})
1146+
customRule := teov20220901.CustomRule{}
1147+
if v, ok := rulesMap["name"].(string); ok && v != "" {
1148+
customRule.Name = helper.String(v)
9131149
}
9141150

1151+
if v, ok := rulesMap["condition"].(string); ok && v != "" {
1152+
customRule.Condition = helper.String(v)
1153+
}
1154+
1155+
if actionMap, ok := helper.ConvertInterfacesHeadToMap(rulesMap["action"]); ok {
1156+
securityAction := teov20220901.SecurityAction{}
1157+
if v, ok := actionMap["name"].(string); ok && v != "" {
1158+
securityAction.Name = helper.String(v)
1159+
}
1160+
1161+
if blockIPActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["block_ip_action_parameters"]); ok {
1162+
blockIPActionParameters := teov20220901.BlockIPActionParameters{}
1163+
if v, ok := blockIPActionParametersMap["duration"].(string); ok && v != "" {
1164+
blockIPActionParameters.Duration = helper.String(v)
1165+
}
1166+
1167+
securityAction.BlockIPActionParameters = &blockIPActionParameters
1168+
}
1169+
1170+
if returnCustomPageActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["return_custom_page_action_parameters"]); ok {
1171+
returnCustomPageActionParameters := teov20220901.ReturnCustomPageActionParameters{}
1172+
if v, ok := returnCustomPageActionParametersMap["response_code"].(string); ok && v != "" {
1173+
returnCustomPageActionParameters.ResponseCode = helper.String(v)
1174+
}
1175+
1176+
if v, ok := returnCustomPageActionParametersMap["error_page_id"].(string); ok && v != "" {
1177+
returnCustomPageActionParameters.ErrorPageId = helper.String(v)
1178+
}
1179+
1180+
securityAction.ReturnCustomPageActionParameters = &returnCustomPageActionParameters
1181+
}
1182+
1183+
if redirectActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["redirect_action_parameters"]); ok {
1184+
redirectActionParameters := teov20220901.RedirectActionParameters{}
1185+
if v, ok := redirectActionParametersMap["url"].(string); ok && v != "" {
1186+
redirectActionParameters.URL = helper.String(v)
1187+
}
1188+
1189+
securityAction.RedirectActionParameters = &redirectActionParameters
1190+
}
1191+
1192+
customRule.Action = &securityAction
1193+
}
1194+
1195+
if v, ok := rulesMap["enabled"].(string); ok && v != "" {
1196+
customRule.Enabled = helper.String(v)
1197+
}
1198+
1199+
if v, ok := rulesMap["id"].(string); ok && v != "" {
1200+
customRule.Id = helper.String(v)
1201+
}
1202+
1203+
customRule.RuleType = helper.String("BasicAccessRule")
1204+
9151205
if v, ok := rulesMap["priority"].(int); ok {
9161206
customRule.Priority = helper.IntInt64(v)
9171207
}

0 commit comments

Comments
 (0)