feat/waf (#2234)

* feat/waf

* feat/waf

* feat/waf

Author: SevenEarth

.changelog/2234.txt

@@ -0,0 +1,7 @@
+```release-note:enhancement
+resource/tencentcloud_waf_clb_instance: support set `qps_limit`
+```
+
+```release-note:enhancement
+resource/tencentcloud_waf_saas_instance: support set `qps_limit`
+```

go.mod

@@ -96,7 +96,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tsf v1.0.674
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.755
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.759
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.770
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wedata v1.0.725
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199
 	github.com/tencentyun/cos-go-sdk-v5 v0.7.42-0.20230629101357-7edd77448a0f

go.sum

@@ -986,6 +986,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.755 h1:3u79chv
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.755/go.mod h1:sOWUQj3GQHdkTqZc1b+mAFqWmhUv2Pg4EZoOjqDprzY=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.759 h1:elaQECRbdePWEJXh3EMRWUkd5GIu5C+u9HrQZRML/3A=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.759/go.mod h1:MDjcWvTd6A+6JFVbyw1jsLfq2tNDTkbiVKvgb7wb5uE=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.770 h1:6CrSnLhg6rEO+4nmwD7fVixn5zzB4IeCO2TuzYyrkEU=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.770/go.mod h1:XT2vvXZwjKyxaS2ahRs+Pxss5IbjKnqbqd/NE5B2XHw=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wedata v1.0.725 h1:ETqP+erlPnDK1zafCmyDYNkZLcY+dAG3143Ihk5vFHk=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wedata v1.0.725/go.mod h1:YPB08jHrJ3GJJ09ZTEBLnMvI+lqQEtu17jJjyfq8+sU=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199 h1:hMBLtiJPnZ9GvA677cTB6ELBR6B68wCR2QY1sNoGQc4=

tencentcloud/provider.go

@@ -1842,7 +1842,7 @@ WeData
   Resource
 	tencentcloud_wedata_rule_template
 
-Waf
+Web Application Firewall(WAF)
   Data Source
     tencentcloud_waf_ciphers
     tencentcloud_waf_tls_versions
@@ -1867,7 +1867,7 @@ Waf
     tencentcloud_waf_anti_fake
     tencentcloud_waf_anti_info_leak
 
-Cfw
+Cloud Firewall(CFW)
   Data Source
 	tencentcloud_cfw_nat_fw_switches
 	tencentcloud_cfw_vpc_fw_switches

tencentcloud/resource_tc_waf_clb_instance.go

@@ -18,12 +18,26 @@ Create a complete waf ultimate_clb instance
 
 ```hcl
 resource "tencentcloud_waf_clb_instance" "example" {
-  goods_category   = "ultimate_clb"
-  instance_name    = "tf-example-clb-waf"
-  time_span        = 1
-  time_unit        = "m"
-  auto_renew_flag  = 1
-  elastic_mode     = 1
+  goods_category  = "ultimate_clb"
+  instance_name   = "tf-example-clb-waf"
+  time_span       = 1
+  time_unit       = "m"
+  auto_renew_flag = 1
+  elastic_mode    = 1
+}
+```
+
+Set waf ultimate_clb instance qps limit
+
+```hcl
+resource "tencentcloud_waf_clb_instance" "example" {
+  goods_category  = "ultimate_clb"
+  instance_name   = "tf-example-clb-waf"
+  time_span       = 1
+  time_unit       = "m"
+  auto_renew_flag = 1
+  elastic_mode    = 1
+  qps_limit       = 200000
 }
 ```
 */
@@ -88,6 +102,13 @@ func resourceTencentCloudWafClbInstance() *schema.Resource {
 				ValidateFunc: validateAllowedIntValue(ELASTIC_MODE),
 				Description:  "Is elastic billing enabled, 1: enable, 0: disable.",
 			},
+			"qps_limit": {
+				Optional:     true,
+				Computed:     true,
+				Type:         schema.TypeInt,
+				ValidateFunc: validateIntegerMin(10000),
+				Description:  "QPS Limit, Minimum setting 10000. Only `elastic_mode` is 1, can be set.",
+			},
 			//"domain_pkg_count": {
 			//	Optional:     true,
 			//	Type:         schema.TypeInt,
@@ -304,6 +325,33 @@ func resourceTencentCloudWafClbInstanceCreate(d *schema.ResourceData, meta inter
 				log.Printf("[CRITAL]%s update waf clb instance elastic mode failed, reason:%+v", logId, err)
 				return err
 			}
+
+			// set qpsLimit
+			if v, ok = d.GetOkExists("qps_limit"); ok {
+				qpsLimit := v.(int)
+				modifyInstanceQpsLimitRequest := waf.NewModifyInstanceQpsLimitRequest()
+				modifyInstanceQpsLimitRequest.InstanceId = &instanceId
+				modifyInstanceQpsLimitRequest.QpsLimit = helper.IntInt64(qpsLimit)
+				err = resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+					result, e := meta.(*TencentCloudClient).apiV3Conn.UseWafClient().ModifyInstanceQpsLimit(modifyInstanceQpsLimitRequest)
+					if e != nil {
+						return retryError(e)
+					} else {
+						log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, modifyInstanceQpsLimitRequest.GetAction(), modifyInstanceQpsLimitRequest.ToJsonString(), result.ToJsonString())
+					}
+
+					return nil
+				})
+
+				if err != nil {
+					log.Printf("[CRITAL]%s update waf clb instance qpsLimit failed, reason:%+v", logId, err)
+					return err
+				}
+			}
+		} else {
+			if _, ok = d.GetOkExists("qps_limit"); ok {
+				return fmt.Errorf("If `elastic_mode` is 0, not support set `qps_limit`.")
+			}
 		}
 	}
 
@@ -348,6 +396,10 @@ func resourceTencentCloudWafClbInstanceRead(d *schema.ResourceData, meta interfa
 		_ = d.Set("elastic_mode", instanceInfo.Mode)
 	}
 
+	if instanceInfo.ElasticBilling != nil {
+		_ = d.Set("qps_limit", instanceInfo.ElasticBilling)
+	}
+
 	//if instanceInfo.DomainPkg != nil {
 	//	_ = d.Set("domain_pkg_count", instanceInfo.DomainPkg.Count)
 	//}
@@ -390,6 +442,7 @@ func resourceTencentCloudWafClbInstanceUpdate(d *schema.ResourceData, meta inter
 		modifyInstanceRenewFlagRequest = waf.NewModifyInstanceRenewFlagRequest()
 		newSwitchElasticModeRequest    = waf.NewSwitchElasticModeRequest()
 		instanceId                     = d.Id()
+		elasticMode                    int
 	)
 
 	immutableArgs := []string{"goods_category", "time_span", "time_unit", "domain_pkg_count", "qps_pkg_count"}
@@ -468,6 +521,40 @@ func resourceTencentCloudWafClbInstanceUpdate(d *schema.ResourceData, meta inter
 		}
 	}
 
+	if v, ok := d.GetOkExists("elastic_mode"); ok {
+		elasticMode = v.(int)
+	}
+
+	if elasticMode == ELASTIC_MODE_1 {
+		if d.HasChange("qps_limit") {
+			if v, ok := d.GetOkExists("qps_limit"); ok {
+				qpsLimit := v.(int)
+				modifyInstanceQpsLimitRequest := waf.NewModifyInstanceQpsLimitRequest()
+				modifyInstanceQpsLimitRequest.InstanceId = &instanceId
+				modifyInstanceQpsLimitRequest.QpsLimit = helper.IntInt64(qpsLimit)
+				err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+					result, e := meta.(*TencentCloudClient).apiV3Conn.UseWafClient().ModifyInstanceQpsLimit(modifyInstanceQpsLimitRequest)
+					if e != nil {
+						return retryError(e)
+					} else {
+						log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, modifyInstanceQpsLimitRequest.GetAction(), modifyInstanceQpsLimitRequest.ToJsonString(), result.ToJsonString())
+					}
+
+					return nil
+				})
+
+				if err != nil {
+					log.Printf("[CRITAL]%s update waf clb instance qpsLimit failed, reason:%+v", logId, err)
+					return err
+				}
+			}
+		}
+	} else {
+		if _, ok := d.GetOkExists("qps_limit"); ok {
+			return fmt.Errorf("If `elastic_mode` is 0, not support set `qps_limit`.")
+		}
+	}
+
 	return resourceTencentCloudWafClbInstanceRead(d, meta)
 }
 

tencentcloud/resource_tc_waf_saas_instance.go

@@ -9,22 +9,37 @@ Create a basic waf premium saas instance
 
 ```hcl
 resource "tencentcloud_waf_saas_instance" "example" {
-  goods_category   = "premium_saas"
-  instance_name    = "tf-example-saas-waf"
+  goods_category = "premium_saas"
+  instance_name  = "tf-example-saas-waf"
 }
 ```
 
 Create a complete waf ultimate_saas instance
 
 ```hcl
 resource "tencentcloud_waf_saas_instance" "example" {
-  goods_category   = "ultimate_saas"
-  instance_name    = "tf-example-saas-waf"
-  time_span        = 1
-  time_unit        = "m"
-  auto_renew_flag  = 1
-  elastic_mode     = 1
-  real_region      = "gz"
+  goods_category  = "ultimate_saas"
+  instance_name   = "tf-example-saas-waf"
+  time_span       = 1
+  time_unit       = "m"
+  auto_renew_flag = 1
+  elastic_mode    = 1
+  real_region     = "gz"
+}
+```
+
+Set waf ultimate_saas instance qps limit
+
+```hcl
+resource "tencentcloud_waf_saas_instance" "example" {
+  goods_category  = "ultimate_saas"
+  instance_name   = "tf-example-saas-waf"
+  time_span       = 1
+  time_unit       = "m"
+  auto_renew_flag = 1
+  elastic_mode    = 1
+  real_region     = "gz"
+  qps_limit       = 200000
 }
 ```
 */
@@ -89,6 +104,13 @@ func resourceTencentCloudWafSaasInstance() *schema.Resource {
 				ValidateFunc: validateAllowedIntValue(ELASTIC_MODE),
 				Description:  "Is elastic billing enabled, 1: enable, 0: disable.",
 			},
+			"qps_limit": {
+				Optional:     true,
+				Computed:     true,
+				Type:         schema.TypeInt,
+				ValidateFunc: validateIntegerMin(10000),
+				Description:  "QPS Limit, Minimum setting 10000. Only `elastic_mode` is 1, can be set.",
+			},
 			"real_region": {
 				Optional:     true,
 				Type:         schema.TypeString,
@@ -338,6 +360,33 @@ func resourceTencentCloudWafSaasInstanceCreate(d *schema.ResourceData, meta inte
 				log.Printf("[CRITAL]%s update waf saas instance elastic mode failed, reason:%+v", logId, err)
 				return err
 			}
+
+			// set qpsLimit
+			if v, ok = d.GetOkExists("qps_limit"); ok {
+				qpsLimit := v.(int)
+				modifyInstanceQpsLimitRequest := waf.NewModifyInstanceQpsLimitRequest()
+				modifyInstanceQpsLimitRequest.InstanceId = &instanceId
+				modifyInstanceQpsLimitRequest.QpsLimit = helper.IntInt64(qpsLimit)
+				err = resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+					result, e := meta.(*TencentCloudClient).apiV3Conn.UseWafClient().ModifyInstanceQpsLimit(modifyInstanceQpsLimitRequest)
+					if e != nil {
+						return retryError(e)
+					} else {
+						log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, modifyInstanceQpsLimitRequest.GetAction(), modifyInstanceQpsLimitRequest.ToJsonString(), result.ToJsonString())
+					}
+
+					return nil
+				})
+
+				if err != nil {
+					log.Printf("[CRITAL]%s update waf clb instance qpsLimit failed, reason:%+v", logId, err)
+					return err
+				}
+			}
+		} else {
+			if _, ok = d.GetOkExists("qps_limit"); ok {
+				return fmt.Errorf("If `elastic_mode` is 0, not support set `qps_limit`.")
+			}
 		}
 	}
 
@@ -382,6 +431,10 @@ func resourceTencentCloudWafSaasInstanceRead(d *schema.ResourceData, meta interf
 		_ = d.Set("elastic_mode", instanceInfo.Mode)
 	}
 
+	if instanceInfo.ElasticBilling != nil {
+		_ = d.Set("qps_limit", instanceInfo.ElasticBilling)
+	}
+
 	if instanceInfo.Region != nil {
 		_ = d.Set("real_region", instanceInfo.Region)
 	}
@@ -428,6 +481,7 @@ func resourceTencentCloudWafSaasInstanceUpdate(d *schema.ResourceData, meta inte
 		modifyInstanceRenewFlagRequest = waf.NewModifyInstanceRenewFlagRequest()
 		newSwitchElasticModeRequest    = waf.NewSwitchElasticModeRequest()
 		instanceId                     = d.Id()
+		elasticMode                    int
 	)
 
 	immutableArgs := []string{"goods_category", "time_span", "time_unit", "domain_pkg_count", "qps_pkg_count"}
@@ -506,6 +560,40 @@ func resourceTencentCloudWafSaasInstanceUpdate(d *schema.ResourceData, meta inte
 		}
 	}
 
+	if v, ok := d.GetOkExists("elastic_mode"); ok {
+		elasticMode = v.(int)
+	}
+
+	if elasticMode == ELASTIC_MODE_1 {
+		if d.HasChange("qps_limit") {
+			if v, ok := d.GetOkExists("qps_limit"); ok {
+				qpsLimit := v.(int)
+				modifyInstanceQpsLimitRequest := waf.NewModifyInstanceQpsLimitRequest()
+				modifyInstanceQpsLimitRequest.InstanceId = &instanceId
+				modifyInstanceQpsLimitRequest.QpsLimit = helper.IntInt64(qpsLimit)
+				err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+					result, e := meta.(*TencentCloudClient).apiV3Conn.UseWafClient().ModifyInstanceQpsLimit(modifyInstanceQpsLimitRequest)
+					if e != nil {
+						return retryError(e)
+					} else {
+						log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, modifyInstanceQpsLimitRequest.GetAction(), modifyInstanceQpsLimitRequest.ToJsonString(), result.ToJsonString())
+					}
+
+					return nil
+				})
+
+				if err != nil {
+					log.Printf("[CRITAL]%s update waf clb instance qpsLimit failed, reason:%+v", logId, err)
+					return err
+				}
+			}
+		}
+	} else {
+		if _, ok := d.GetOkExists("qps_limit"); ok {
+			return fmt.Errorf("If `elastic_mode` is 0, not support set `qps_limit`.")
+		}
+	}
+
 	return resourceTencentCloudWafSaasInstanceRead(d, meta)
 }