fix/waf

Author: SevenEarth

go.mod

@@ -46,7 +46,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.847
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.544
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.711
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.847
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.856
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.624
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.762
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.692
@@ -97,7 +97,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tsf v1.0.674
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.845
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.833
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.856
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wedata v1.0.792
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199
 	github.com/tencentyun/cos-go-sdk-v5 v0.7.42-0.20230629101357-7edd77448a0f

go.sum

@@ -954,6 +954,9 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.845 h1:fiiV
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.845/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.847 h1:ITZmxAWfbr5yikJ4T30yVYMW3jpa/oTmNbPnw/h1Vq0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.847/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.853/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.856 h1:4PaaKxPjh0dmRzzz0CRZSZlbvzQIPcg4TE1Ibz0Cdlk=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.856/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.624 h1:nEZqsoqt1pEoaP9JjkHQy3/H00suCfzlHW1qOm2nYD8=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.624/go.mod h1:+TXSVyeKwt1IhZRqKPbTREteBcP+K07Q846/ilNzLWA=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.762 h1:2egy69SP/wPsmnfozcQVZ6tUY6F6N/TpEe/7xtXrc/8=
@@ -1062,6 +1065,10 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.845 h1:c9TSh+k
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.845/go.mod h1:sz+RI5GLDNIQMKJAR2N93fyxFv/FQo322xq/iAg2Z/g=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.833 h1:avaBlZ+Qqv7bfMg/u0jlRsbEBbE18CfqKWbfGc84PLg=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.833/go.mod h1:fUWG217b//46Oa3VXxC5mgeYeewVAbF+lc81uET89EM=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.853 h1:iq2QZqBS1DDMRy6IjQXssZKasAkSmcK7Ys1zZ/toPMg=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.853/go.mod h1:SkfcquidDu630zsDVoF2OeJrMAvNx4rsk34Quucfuwg=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.856 h1:019LsAoQz76hUYZKXfNLtmmGwp2u4Lx7PFe9Hi8ceiQ=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.856/go.mod h1:rlVASPNXcnU/AomXIqJd38UPqXRE1Q7RQqjIbErtMbg=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wedata v1.0.792 h1:NLgKNOIHWa38AmW7dyfI9Jlcp2Kr9VRD94f48pPNmxM=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wedata v1.0.792/go.mod h1:Xz6vPV3gHlzPwtEcmWdWO1EUXJDgn2p7UMCXbJiVioQ=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199 h1:hMBLtiJPnZ9GvA677cTB6ELBR6B68wCR2QY1sNoGQc4=

tencentcloud/services/waf/extension_waf.go

@@ -122,6 +122,26 @@ var API_SAFE_STATUS = []int{
 	API_SAFE_STATUS_1,
 }
 
+const (
+	POST_CLS_ACTION_0 = 0
+	POST_CLS_ACTION_1 = 1
+)
+
+var POST_CLS_ACTION = []int{
+	POST_CLS_ACTION_0,
+	POST_CLS_ACTION_1,
+}
+
+const (
+	POST_CKAFKA_ACTION_0 = 0
+	POST_CKAFKA_ACTION_1 = 1
+)
+
+var POST_CKAFKA_ACTION = []int{
+	POST_CKAFKA_ACTION_0,
+	POST_CKAFKA_ACTION_1,
+}
+
 const (
 	PROTECTION_STATUS_0 = 0
 	PROTECTION_STATUS_1 = 1

tencentcloud/services/waf/resource_tc_waf_clb_domain.go

@@ -162,6 +162,20 @@ func ResourceTencentCloudWafClbDomain() *schema.Resource {
 				ValidateFunc: tccommon.ValidateAllowedStringValue(ALB_TYPES),
 				Description:  "Load balancer type: clb, apisix or tsegw, default clb.",
 			},
+			"post_cls_action": {
+				Type:         schema.TypeInt,
+				Optional:     true,
+				Default:      POST_CLS_ACTION_0,
+				ValidateFunc: tccommon.ValidateAllowedIntValue(POST_CLS_ACTION),
+				Description:  "0-off, 1-on. default is 0.",
+			},
+			"post_ckafka_action": {
+				Type:         schema.TypeInt,
+				Optional:     true,
+				Default:      POST_CKAFKA_ACTION_0,
+				ValidateFunc: tccommon.ValidateAllowedIntValue(POST_CKAFKA_ACTION),
+				Description:  "0-off, 1-on. default is 0.",
+			},
 			"ip_headers": {
 				Type:        schema.TypeList,
 				Optional:    true,
@@ -182,20 +196,22 @@ func resourceTencentCloudWafClbDomainCreate(d *schema.ResourceData, meta interfa
 	defer tccommon.InconsistentCheck(d, meta)()
 
 	var (
-		logId         = tccommon.GetLogId(tccommon.ContextNil)
-		ctx           = context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
-		service       = WafService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
-		request       = waf.NewCreateHostRequest()
-		instanceID    string
-		domain        string
-		domainId      string
-		wafStatus     uint64
-		engine        uint64
-		botStatus     uint64
-		apiSafeStatus uint64
-		clsStatus     uint64
-		isCdn         int
-		albType       string
+		logId            = tccommon.GetLogId(tccommon.ContextNil)
+		ctx              = context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
+		service          = WafService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+		request          = waf.NewCreateHostRequest()
+		instanceID       string
+		domain           string
+		domainId         string
+		wafStatus        uint64
+		engine           uint64
+		botStatus        uint64
+		apiSafeStatus    uint64
+		clsStatus        uint64
+		postCLSAction    int
+		postCKafkaAction int
+		isCdn            int
+		albType          string
 	)
 
 	if v, ok := d.GetOk("instance_id"); ok {
@@ -503,6 +519,38 @@ func resourceTencentCloudWafClbDomainCreate(d *schema.ResourceData, meta interfa
 		}
 	}
 
+	// set domain post
+	if v, ok := d.GetOkExists("post_cls_action"); ok {
+		postCLSAction = v.(int)
+	}
+
+	if v, ok := d.GetOkExists("post_ckafka_action"); ok {
+		postCKafkaAction = v.(int)
+	}
+
+	if postCLSAction == POST_CLS_ACTION_1 || postCKafkaAction == POST_CKAFKA_ACTION_1 {
+		modifyDomainPostActionRequest := waf.NewModifyDomainPostActionRequest()
+		modifyDomainPostActionRequest.Domain = helper.String(domain)
+		modifyDomainPostActionRequest.PostCLSAction = helper.IntInt64(postCLSAction)
+		modifyDomainPostActionRequest.PostCLSAction = helper.IntInt64(postCKafkaAction)
+
+		err = resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+			result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseWafClient().ModifyDomainPostAction(modifyDomainPostActionRequest)
+			if e != nil {
+				return tccommon.RetryError(e)
+			} else {
+				log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, modifyDomainPostActionRequest.GetAction(), modifyDomainPostActionRequest.ToJsonString(), result.ToJsonString())
+			}
+
+			return nil
+		})
+
+		if err != nil {
+			log.Printf("[CRITAL]%s modify waf clbDomain post action failed, reason:%+v", logId, err)
+			return err
+		}
+	}
+
 	// set waf status
 	if v, ok := d.GetOkExists("status"); ok {
 		tmpWafStatus := v.(int)
@@ -713,6 +761,8 @@ func resourceTencentCloudWafClbDomainUpdate(d *schema.ResourceData, meta interfa
 		botStatus         uint64
 		apiSafeStatus     uint64
 		clsStatus         uint64
+		postCLSAction     int
+		postCKafkaAction  int
 	)
 
 	idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
@@ -1023,6 +1073,41 @@ func resourceTencentCloudWafClbDomainUpdate(d *schema.ResourceData, meta interfa
 		}
 	}
 
+	// set domain post
+	if d.HasChange("post_cls_action") || d.HasChange("post_ckafka_action") {
+		if v, ok := d.GetOkExists("post_cls_action"); ok {
+			postCLSAction = v.(int)
+		}
+
+		if v, ok := d.GetOkExists("post_ckafka_action"); ok {
+			postCKafkaAction = v.(int)
+		}
+
+		if postCLSAction == POST_CLS_ACTION_1 || postCKafkaAction == POST_CKAFKA_ACTION_1 {
+			modifyDomainPostActionRequest := waf.NewModifyDomainPostActionRequest()
+			modifyDomainPostActionRequest.Domain = helper.String(domain)
+			modifyDomainPostActionRequest.PostCLSAction = helper.IntInt64(postCLSAction)
+			modifyDomainPostActionRequest.PostCLSAction = helper.IntInt64(postCKafkaAction)
+
+			err = resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+				result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseWafClient().ModifyDomainPostAction(modifyDomainPostActionRequest)
+				if e != nil {
+					return tccommon.RetryError(e)
+				} else {
+					log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, modifyDomainPostActionRequest.GetAction(), modifyDomainPostActionRequest.ToJsonString(), result.ToJsonString())
+				}
+
+				return nil
+			})
+
+			if err != nil {
+				log.Printf("[CRITAL]%s modify waf clbDomain post action failed, reason:%+v", logId, err)
+				return err
+			}
+		}
+
+	}
+
 	// set waf status
 	if d.HasChange("status") {
 		if v, ok := d.GetOkExists("status"); ok {

tencentcloud/services/waf/resource_tc_waf_saas_domain.go

@@ -255,6 +255,20 @@ func ResourceTencentCloudWafSaasDomain() *schema.Resource {
 				ValidateFunc: tccommon.ValidateAllowedIntValue(CLS_STATUS),
 				Description:  "Whether to enable access logs, 1 enable, 0 disable.",
 			},
+			"post_cls_action": {
+				Type:         schema.TypeInt,
+				Optional:     true,
+				Default:      POST_CLS_ACTION_0,
+				ValidateFunc: tccommon.ValidateAllowedIntValue(POST_CLS_ACTION),
+				Description:  "0-off, 1-on. default is 0.",
+			},
+			"post_ckafka_action": {
+				Type:         schema.TypeInt,
+				Optional:     true,
+				Default:      POST_CKAFKA_ACTION_0,
+				ValidateFunc: tccommon.ValidateAllowedIntValue(POST_CKAFKA_ACTION),
+				Description:  "0-off, 1-on. default is 0.",
+			},
 			//"ipv6_status": {
 			//	Type:         schema.TypeInt,
 			//	Optional:     true,
@@ -296,6 +310,8 @@ func resourceTencentCloudWafSaasDomainCreate(d *schema.ResourceData, meta interf
 		apiSafeStatus    uint64
 		clsStatus        uint64
 		protectionStatus uint64
+		postCLSAction    int
+		postCKafkaAction int
 		isCdn            int
 		//ipv6Status    int64
 
@@ -710,6 +726,38 @@ func resourceTencentCloudWafSaasDomainCreate(d *schema.ResourceData, meta interf
 		}
 	}
 
+	// set domain post
+	if v, ok := d.GetOkExists("post_cls_action"); ok {
+		postCLSAction = v.(int)
+	}
+
+	if v, ok := d.GetOkExists("post_ckafka_action"); ok {
+		postCKafkaAction = v.(int)
+	}
+
+	if postCLSAction == POST_CLS_ACTION_1 || postCKafkaAction == POST_CKAFKA_ACTION_1 {
+		modifyDomainPostActionRequest := waf.NewModifyDomainPostActionRequest()
+		modifyDomainPostActionRequest.Domain = helper.String(domain)
+		modifyDomainPostActionRequest.PostCLSAction = helper.IntInt64(postCLSAction)
+		modifyDomainPostActionRequest.PostCLSAction = helper.IntInt64(postCKafkaAction)
+
+		err = resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+			result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseWafClient().ModifyDomainPostAction(modifyDomainPostActionRequest)
+			if e != nil {
+				return tccommon.RetryError(e)
+			} else {
+				log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, modifyDomainPostActionRequest.GetAction(), modifyDomainPostActionRequest.ToJsonString(), result.ToJsonString())
+			}
+
+			return nil
+		})
+
+		if err != nil {
+			log.Printf("[CRITAL]%s modify waf clbDomain post action failed, reason:%+v", logId, err)
+			return err
+		}
+	}
+
 	// set ipv6
 	//if v, ok := d.GetOkExists("ipv6_status"); ok {
 	//	tmpIpv6Status := v.(int)
@@ -998,13 +1046,15 @@ func resourceTencentCloudWafSaasDomainUpdate(d *schema.ResourceData, meta interf
 	defer tccommon.InconsistentCheck(d, meta)()
 
 	var (
-		logId         = tccommon.GetLogId(tccommon.ContextNil)
-		ctx           = context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
-		service       = WafService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
-		request       = waf.NewModifySpartaProtectionRequest()
-		botStatus     uint64
-		apiSafeStatus uint64
-		clsStatus     uint64
+		logId            = tccommon.GetLogId(tccommon.ContextNil)
+		ctx              = context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
+		service          = WafService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+		request          = waf.NewModifySpartaProtectionRequest()
+		botStatus        uint64
+		apiSafeStatus    uint64
+		clsStatus        uint64
+		postCLSAction    int
+		postCKafkaAction int
 		//ipv6Status    int64
 		loadBalance string
 		isCdn       int
@@ -1463,6 +1513,41 @@ func resourceTencentCloudWafSaasDomainUpdate(d *schema.ResourceData, meta interf
 		}
 	}
 
+	// set domain post
+	if d.HasChange("post_cls_action") || d.HasChange("post_ckafka_action") {
+		if v, ok := d.GetOkExists("post_cls_action"); ok {
+			postCLSAction = v.(int)
+		}
+
+		if v, ok := d.GetOkExists("post_ckafka_action"); ok {
+			postCKafkaAction = v.(int)
+		}
+
+		if postCLSAction == POST_CLS_ACTION_1 || postCKafkaAction == POST_CKAFKA_ACTION_1 {
+			modifyDomainPostActionRequest := waf.NewModifyDomainPostActionRequest()
+			modifyDomainPostActionRequest.Domain = helper.String(domain)
+			modifyDomainPostActionRequest.PostCLSAction = helper.IntInt64(postCLSAction)
+			modifyDomainPostActionRequest.PostCLSAction = helper.IntInt64(postCKafkaAction)
+
+			err = resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+				result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseWafClient().ModifyDomainPostAction(modifyDomainPostActionRequest)
+				if e != nil {
+					return tccommon.RetryError(e)
+				} else {
+					log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, modifyDomainPostActionRequest.GetAction(), modifyDomainPostActionRequest.ToJsonString(), result.ToJsonString())
+				}
+
+				return nil
+			})
+
+			if err != nil {
+				log.Printf("[CRITAL]%s modify waf clbDomain post action failed, reason:%+v", logId, err)
+				return err
+			}
+		}
+
+	}
+
 	// set ipv6
 	//if d.HasChange("ipv6_status") {
 	//	if v, ok := d.GetOkExists("ipv6_status"); ok {