Skip to content

feat/waf #2234

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 23, 2023
Merged

feat/waf #2234

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c917d1c
feat/waf
SevenEarth Oct 19, 2023
ca3cb6f
feat/waf
SevenEarth Oct 20, 2023
afcb46e
Merge branch 'master' of github.com:tencentcloudstack/terraform-provi…
SevenEarth Oct 23, 2023
8995432
feat/waf
SevenEarth Oct 23, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .changelog/2234.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
```release-note:enhancement
resource/tencentcloud_waf_clb_instance: support set `qps_limit`
```

```release-note:enhancement
resource/tencentcloud_waf_saas_instance: support set `qps_limit`
```
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ require (
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tsf v1.0.674
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.755
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.759
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.770
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wedata v1.0.725
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199
github.com/tencentyun/cos-go-sdk-v5 v0.7.42-0.20230629101357-7edd77448a0f
Expand Down
2 changes: 2 additions & 0 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -986,6 +986,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.755 h1:3u79chv
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.755/go.mod h1:sOWUQj3GQHdkTqZc1b+mAFqWmhUv2Pg4EZoOjqDprzY=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.759 h1:elaQECRbdePWEJXh3EMRWUkd5GIu5C+u9HrQZRML/3A=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.759/go.mod h1:MDjcWvTd6A+6JFVbyw1jsLfq2tNDTkbiVKvgb7wb5uE=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.770 h1:6CrSnLhg6rEO+4nmwD7fVixn5zzB4IeCO2TuzYyrkEU=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.770/go.mod h1:XT2vvXZwjKyxaS2ahRs+Pxss5IbjKnqbqd/NE5B2XHw=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wedata v1.0.725 h1:ETqP+erlPnDK1zafCmyDYNkZLcY+dAG3143Ihk5vFHk=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wedata v1.0.725/go.mod h1:YPB08jHrJ3GJJ09ZTEBLnMvI+lqQEtu17jJjyfq8+sU=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199 h1:hMBLtiJPnZ9GvA677cTB6ELBR6B68wCR2QY1sNoGQc4=
Expand Down
4 changes: 2 additions & 2 deletions tencentcloud/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1842,7 +1842,7 @@ WeData
Resource
tencentcloud_wedata_rule_template

Waf
Web Application Firewall(WAF)
Data Source
tencentcloud_waf_ciphers
tencentcloud_waf_tls_versions
Expand All @@ -1867,7 +1867,7 @@ Waf
tencentcloud_waf_anti_fake
tencentcloud_waf_anti_info_leak

Cfw
Cloud Firewall(CFW)
Data Source
tencentcloud_cfw_nat_fw_switches
tencentcloud_cfw_vpc_fw_switches
Expand Down
99 changes: 93 additions & 6 deletions tencentcloud/resource_tc_waf_clb_instance.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,26 @@ Create a complete waf ultimate_clb instance

```hcl
resource "tencentcloud_waf_clb_instance" "example" {
goods_category = "ultimate_clb"
instance_name = "tf-example-clb-waf"
time_span = 1
time_unit = "m"
auto_renew_flag = 1
elastic_mode = 1
goods_category = "ultimate_clb"
instance_name = "tf-example-clb-waf"
time_span = 1
time_unit = "m"
auto_renew_flag = 1
elastic_mode = 1
}
```

Set waf ultimate_clb instance qps limit

```hcl
resource "tencentcloud_waf_clb_instance" "example" {
goods_category = "ultimate_clb"
instance_name = "tf-example-clb-waf"
time_span = 1
time_unit = "m"
auto_renew_flag = 1
elastic_mode = 1
qps_limit = 200000
}
```
*/
Expand Down Expand Up @@ -88,6 +102,13 @@ func resourceTencentCloudWafClbInstance() *schema.Resource {
ValidateFunc: validateAllowedIntValue(ELASTIC_MODE),
Description: "Is elastic billing enabled, 1: enable, 0: disable.",
},
"qps_limit": {
Optional: true,
Computed: true,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这里为啥加 Computed 呢

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

因为这个值 不轮传入还是不传 都有值返回,所以增加computed

Type: schema.TypeInt,
ValidateFunc: validateIntegerMin(10000),
Description: "QPS Limit, Minimum setting 10000. Only `elastic_mode` is 1, can be set.",
},
//"domain_pkg_count": {
// Optional: true,
// Type: schema.TypeInt,
Expand Down Expand Up @@ -304,6 +325,33 @@ func resourceTencentCloudWafClbInstanceCreate(d *schema.ResourceData, meta inter
log.Printf("[CRITAL]%s update waf clb instance elastic mode failed, reason:%+v", logId, err)
return err
}

// set qpsLimit
if v, ok = d.GetOkExists("qps_limit"); ok {
qpsLimit := v.(int)
modifyInstanceQpsLimitRequest := waf.NewModifyInstanceQpsLimitRequest()
modifyInstanceQpsLimitRequest.InstanceId = &instanceId
modifyInstanceQpsLimitRequest.QpsLimit = helper.IntInt64(qpsLimit)
err = resource.Retry(writeRetryTimeout, func() *resource.RetryError {
result, e := meta.(*TencentCloudClient).apiV3Conn.UseWafClient().ModifyInstanceQpsLimit(modifyInstanceQpsLimitRequest)
if e != nil {
return retryError(e)
} else {
log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, modifyInstanceQpsLimitRequest.GetAction(), modifyInstanceQpsLimitRequest.ToJsonString(), result.ToJsonString())
}

return nil
})

if err != nil {
log.Printf("[CRITAL]%s update waf clb instance qpsLimit failed, reason:%+v", logId, err)
return err
}
}
} else {
if _, ok = d.GetOkExists("qps_limit"); ok {
return fmt.Errorf("If `elastic_mode` is 0, not support set `qps_limit`.")
}
}
}

Expand Down Expand Up @@ -348,6 +396,10 @@ func resourceTencentCloudWafClbInstanceRead(d *schema.ResourceData, meta interfa
_ = d.Set("elastic_mode", instanceInfo.Mode)
}

if instanceInfo.ElasticBilling != nil {
_ = d.Set("qps_limit", instanceInfo.ElasticBilling)
}

//if instanceInfo.DomainPkg != nil {
// _ = d.Set("domain_pkg_count", instanceInfo.DomainPkg.Count)
//}
Expand Down Expand Up @@ -390,6 +442,7 @@ func resourceTencentCloudWafClbInstanceUpdate(d *schema.ResourceData, meta inter
modifyInstanceRenewFlagRequest = waf.NewModifyInstanceRenewFlagRequest()
newSwitchElasticModeRequest = waf.NewSwitchElasticModeRequest()
instanceId = d.Id()
elasticMode int
)

immutableArgs := []string{"goods_category", "time_span", "time_unit", "domain_pkg_count", "qps_pkg_count"}
Expand Down Expand Up @@ -468,6 +521,40 @@ func resourceTencentCloudWafClbInstanceUpdate(d *schema.ResourceData, meta inter
}
}

if v, ok := d.GetOkExists("elastic_mode"); ok {
elasticMode = v.(int)
}

if elasticMode == ELASTIC_MODE_1 {
if d.HasChange("qps_limit") {
if v, ok := d.GetOkExists("qps_limit"); ok {
qpsLimit := v.(int)
modifyInstanceQpsLimitRequest := waf.NewModifyInstanceQpsLimitRequest()
modifyInstanceQpsLimitRequest.InstanceId = &instanceId
modifyInstanceQpsLimitRequest.QpsLimit = helper.IntInt64(qpsLimit)
err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
result, e := meta.(*TencentCloudClient).apiV3Conn.UseWafClient().ModifyInstanceQpsLimit(modifyInstanceQpsLimitRequest)
if e != nil {
return retryError(e)
} else {
log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, modifyInstanceQpsLimitRequest.GetAction(), modifyInstanceQpsLimitRequest.ToJsonString(), result.ToJsonString())
}

return nil
})

if err != nil {
log.Printf("[CRITAL]%s update waf clb instance qpsLimit failed, reason:%+v", logId, err)
return err
}
}
}
} else {
if _, ok := d.GetOkExists("qps_limit"); ok {
return fmt.Errorf("If `elastic_mode` is 0, not support set `qps_limit`.")
}
}

return resourceTencentCloudWafClbInstanceRead(d, meta)
}

Expand Down
106 changes: 97 additions & 9 deletions tencentcloud/resource_tc_waf_saas_instance.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,22 +9,37 @@ Create a basic waf premium saas instance

```hcl
resource "tencentcloud_waf_saas_instance" "example" {
goods_category = "premium_saas"
instance_name = "tf-example-saas-waf"
goods_category = "premium_saas"
instance_name = "tf-example-saas-waf"
}
```

Create a complete waf ultimate_saas instance

```hcl
resource "tencentcloud_waf_saas_instance" "example" {
goods_category = "ultimate_saas"
instance_name = "tf-example-saas-waf"
time_span = 1
time_unit = "m"
auto_renew_flag = 1
elastic_mode = 1
real_region = "gz"
goods_category = "ultimate_saas"
instance_name = "tf-example-saas-waf"
time_span = 1
time_unit = "m"
auto_renew_flag = 1
elastic_mode = 1
real_region = "gz"
}
```

Set waf ultimate_saas instance qps limit

```hcl
resource "tencentcloud_waf_saas_instance" "example" {
goods_category = "ultimate_saas"
instance_name = "tf-example-saas-waf"
time_span = 1
time_unit = "m"
auto_renew_flag = 1
elastic_mode = 1
real_region = "gz"
qps_limit = 200000
}
```
*/
Expand Down Expand Up @@ -89,6 +104,13 @@ func resourceTencentCloudWafSaasInstance() *schema.Resource {
ValidateFunc: validateAllowedIntValue(ELASTIC_MODE),
Description: "Is elastic billing enabled, 1: enable, 0: disable.",
},
"qps_limit": {
Optional: true,
Computed: true,
Type: schema.TypeInt,
ValidateFunc: validateIntegerMin(10000),
Description: "QPS Limit, Minimum setting 10000. Only `elastic_mode` is 1, can be set.",
},
"real_region": {
Optional: true,
Type: schema.TypeString,
Expand Down Expand Up @@ -338,6 +360,33 @@ func resourceTencentCloudWafSaasInstanceCreate(d *schema.ResourceData, meta inte
log.Printf("[CRITAL]%s update waf saas instance elastic mode failed, reason:%+v", logId, err)
return err
}

// set qpsLimit
if v, ok = d.GetOkExists("qps_limit"); ok {
qpsLimit := v.(int)
modifyInstanceQpsLimitRequest := waf.NewModifyInstanceQpsLimitRequest()
modifyInstanceQpsLimitRequest.InstanceId = &instanceId
modifyInstanceQpsLimitRequest.QpsLimit = helper.IntInt64(qpsLimit)
err = resource.Retry(writeRetryTimeout, func() *resource.RetryError {
result, e := meta.(*TencentCloudClient).apiV3Conn.UseWafClient().ModifyInstanceQpsLimit(modifyInstanceQpsLimitRequest)
if e != nil {
return retryError(e)
} else {
log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, modifyInstanceQpsLimitRequest.GetAction(), modifyInstanceQpsLimitRequest.ToJsonString(), result.ToJsonString())
}

return nil
})

if err != nil {
log.Printf("[CRITAL]%s update waf clb instance qpsLimit failed, reason:%+v", logId, err)
return err
}
}
} else {
if _, ok = d.GetOkExists("qps_limit"); ok {
return fmt.Errorf("If `elastic_mode` is 0, not support set `qps_limit`.")
}
}
}

Expand Down Expand Up @@ -382,6 +431,10 @@ func resourceTencentCloudWafSaasInstanceRead(d *schema.ResourceData, meta interf
_ = d.Set("elastic_mode", instanceInfo.Mode)
}

if instanceInfo.ElasticBilling != nil {
_ = d.Set("qps_limit", instanceInfo.ElasticBilling)
}

if instanceInfo.Region != nil {
_ = d.Set("real_region", instanceInfo.Region)
}
Expand Down Expand Up @@ -428,6 +481,7 @@ func resourceTencentCloudWafSaasInstanceUpdate(d *schema.ResourceData, meta inte
modifyInstanceRenewFlagRequest = waf.NewModifyInstanceRenewFlagRequest()
newSwitchElasticModeRequest = waf.NewSwitchElasticModeRequest()
instanceId = d.Id()
elasticMode int
)

immutableArgs := []string{"goods_category", "time_span", "time_unit", "domain_pkg_count", "qps_pkg_count"}
Expand Down Expand Up @@ -506,6 +560,40 @@ func resourceTencentCloudWafSaasInstanceUpdate(d *schema.ResourceData, meta inte
}
}

if v, ok := d.GetOkExists("elastic_mode"); ok {
elasticMode = v.(int)
}

if elasticMode == ELASTIC_MODE_1 {
if d.HasChange("qps_limit") {
if v, ok := d.GetOkExists("qps_limit"); ok {
qpsLimit := v.(int)
modifyInstanceQpsLimitRequest := waf.NewModifyInstanceQpsLimitRequest()
modifyInstanceQpsLimitRequest.InstanceId = &instanceId
modifyInstanceQpsLimitRequest.QpsLimit = helper.IntInt64(qpsLimit)
err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
result, e := meta.(*TencentCloudClient).apiV3Conn.UseWafClient().ModifyInstanceQpsLimit(modifyInstanceQpsLimitRequest)
if e != nil {
return retryError(e)
} else {
log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, modifyInstanceQpsLimitRequest.GetAction(), modifyInstanceQpsLimitRequest.ToJsonString(), result.ToJsonString())
}

return nil
})

if err != nil {
log.Printf("[CRITAL]%s update waf clb instance qpsLimit failed, reason:%+v", logId, err)
return err
}
}
}
} else {
if _, ok := d.GetOkExists("qps_limit"); ok {
return fmt.Errorf("If `elastic_mode` is 0, not support set `qps_limit`.")
}
}

return resourceTencentCloudWafSaasInstanceRead(d, meta)
}

Expand Down
Loading