diff --git a/.changelog/3382.txt b/.changelog/3382.txt new file mode 100644 index 0000000000..895d600eb3 --- /dev/null +++ b/.changelog/3382.txt @@ -0,0 +1,7 @@ +```release-note:enhancement +resource/tencentcloud_waf_cc: support `cel_rule`, `logical_op` +``` + +```release-note:enhancement +resource/tencentcloud_waf_custom_white_rule: support `logical_op` +``` diff --git a/go.mod b/go.mod index 6c16bbf28d..32d0d19f45 100644 --- a/go.mod +++ b/go.mod @@ -46,7 +46,7 @@ require ( github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1107 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.1033 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.1148 - github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1164 + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1170 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.1153 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.762 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.1161 @@ -97,7 +97,7 @@ require ( github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tsf v1.0.674 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.860 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.1154 - github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1163 + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1170 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wedata v1.0.792 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199 github.com/tencentyun/cos-go-sdk-v5 v0.7.64 diff --git a/go.sum b/go.sum index 51e5fbe612..2466ac813f 100644 --- a/go.sum +++ b/go.sum @@ -979,6 +979,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1163 h1:RZs github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1163/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1164 h1:qEzZCZf1sgvvrZ8ngws0gZlyW+sOdY0K9VXGm4AcvTE= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1164/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1170 h1:67TIDmxXDa73+7nFuyVVxtVswf83JPXiwBy1Xicv+xQ= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1170/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/controlcenter v1.0.993 h1:WlPgXldQCxt7qi5Xrc6j6zTrsXWzN5BcOGs7Irq7fwQ= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/controlcenter v1.0.993/go.mod h1:Z9U8zNtyuyKhjS0698wqsrG/kLx1TQ5CEixXBwVe7xY= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/csip v1.0.860 h1:F3esKBIT3HW9+7Gt8cVgf8X06VdGIczpgLBUECzSEzU= @@ -1137,6 +1139,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1162 h1:gnmuUa github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1162/go.mod h1:bu3KAFeoJ1xDGQp72h9Le3FqbOcCcdomOUig3OqgcE4= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1163 h1:dR/VWftnsFH/O18MaaM4DXDkBgFMIZYSWR4/6moy78A= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1163/go.mod h1:RsiGONPLLzraDKCq1fs7bcm1OStioX7OWLXydoAmUf0= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1170 h1:kcQCWuI9zOkZgL5CK66HNAJmSWCSJxRrDxXT+j02CeE= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1170/go.mod h1:vTukVfThbBIc4lOf4eq/q51eEk78oZUJd2lAoJBOJwI= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wedata v1.0.792 h1:NLgKNOIHWa38AmW7dyfI9Jlcp2Kr9VRD94f48pPNmxM= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wedata v1.0.792/go.mod h1:Xz6vPV3gHlzPwtEcmWdWO1EUXJDgn2p7UMCXbJiVioQ= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199 h1:hMBLtiJPnZ9GvA677cTB6ELBR6B68wCR2QY1sNoGQc4= diff --git a/tencentcloud/services/waf/resource_tc_waf_bot_scene_ucb_rule.go b/tencentcloud/services/waf/resource_tc_waf_bot_scene_ucb_rule.go index 1cb9744118..419ec304b7 100644 --- a/tencentcloud/services/waf/resource_tc_waf_bot_scene_ucb_rule.go +++ b/tencentcloud/services/waf/resource_tc_waf_bot_scene_ucb_rule.go @@ -2,6 +2,7 @@ package waf import ( "context" + "encoding/base64" "fmt" "log" "strings" @@ -437,12 +438,16 @@ func resourceTencentCloudWafBotSceneUCBRuleCreate(d *schema.ResourceData, meta i for _, item := range v.([]interface{}) { if ruleMap, ok := item.(map[string]interface{}); ok && ruleMap != nil { inOutputUCBRuleEntry := waf.InOutputUCBRuleEntry{} + var base46Flag bool if v, ok := ruleMap["key"]; ok { inOutputUCBRuleEntry.Key = helper.String(v.(string)) } if v, ok := ruleMap["op"]; ok { inOutputUCBRuleEntry.Op = helper.String(v.(string)) + if v.(string) == "rematch" { + base46Flag = true + } } if valueMap, ok := helper.InterfaceToMap(ruleMap, "value"); ok { @@ -471,10 +476,20 @@ func resourceTencentCloudWafBotSceneUCBRuleCreate(d *schema.ResourceData, meta i if v, ok := valueMap["multi_value"]; ok { multiValueSet := v.(*schema.Set).List() - for i := range multiValueSet { - if multiValueSet[i] != nil { - multiValue := multiValueSet[i].(string) - uCBEntryValue.MultiValue = append(uCBEntryValue.MultiValue, &multiValue) + if base46Flag { + for i := range multiValueSet { + if multiValueSet[i] != nil { + multiValue := multiValueSet[i].(string) + bs64Str := helper.String(base64.URLEncoding.EncodeToString([]byte(multiValue))) + uCBEntryValue.MultiValue = append(uCBEntryValue.MultiValue, bs64Str) + } + } + } else { + for i := range multiValueSet { + if multiValueSet[i] != nil { + multiValue := multiValueSet[i].(string) + uCBEntryValue.MultiValue = append(uCBEntryValue.MultiValue, &multiValue) + } } } } @@ -767,12 +782,16 @@ func resourceTencentCloudWafBotSceneUCBRuleRead(d *schema.ResourceData, meta int tmpList := make([]map[string]interface{}, 0, len(respData.Rule)) for _, item := range respData.Rule { dMap := make(map[string]interface{}) + var base46Flag bool if item.Key != nil { dMap["key"] = item.Key } if item.Op != nil { dMap["op"] = item.Op + if *item.Op == "rematch" { + base46Flag = true + } } if item.Value != nil { @@ -795,7 +814,21 @@ func resourceTencentCloudWafBotSceneUCBRuleRead(d *schema.ResourceData, meta int } if item.Value.MultiValue != nil { - valueMap["multi_value"] = item.Value.MultiValue + if base46Flag { + tmpMvList := make([]string, 0, len(item.Value.MultiValue)) + for _, item := range item.Value.MultiValue { + decoded, e := base64.StdEncoding.DecodeString(*item) + if e != nil { + return fmt.Errorf("[%s] base64 decode error: %s", *item, e.Error()) + } + + tmpMvList = append(tmpMvList, string(decoded)) + } + + valueMap["multi_value"] = tmpMvList + } else { + valueMap["multi_value"] = item.Value.MultiValue + } } valueList = append(valueList, valueMap) @@ -1028,12 +1061,16 @@ func resourceTencentCloudWafBotSceneUCBRuleUpdate(d *schema.ResourceData, meta i for _, item := range v.([]interface{}) { if ruleMap, ok := item.(map[string]interface{}); ok && ruleMap != nil { inOutputUCBRuleEntry := waf.InOutputUCBRuleEntry{} + var base46Flag bool if v, ok := ruleMap["key"]; ok { inOutputUCBRuleEntry.Key = helper.String(v.(string)) } if v, ok := ruleMap["op"]; ok { inOutputUCBRuleEntry.Op = helper.String(v.(string)) + if v.(string) == "rematch" { + base46Flag = true + } } if valueMap, ok := helper.InterfaceToMap(ruleMap, "value"); ok { @@ -1062,10 +1099,20 @@ func resourceTencentCloudWafBotSceneUCBRuleUpdate(d *schema.ResourceData, meta i if v, ok := valueMap["multi_value"]; ok { multiValueSet := v.(*schema.Set).List() - for i := range multiValueSet { - if multiValueSet[i] != nil { - multiValue := multiValueSet[i].(string) - uCBEntryValue.MultiValue = append(uCBEntryValue.MultiValue, &multiValue) + if base46Flag { + for i := range multiValueSet { + if multiValueSet[i] != nil { + multiValue := multiValueSet[i].(string) + bs64Str := helper.String(base64.URLEncoding.EncodeToString([]byte(multiValue))) + uCBEntryValue.MultiValue = append(uCBEntryValue.MultiValue, bs64Str) + } + } + } else { + for i := range multiValueSet { + if multiValueSet[i] != nil { + multiValue := multiValueSet[i].(string) + uCBEntryValue.MultiValue = append(uCBEntryValue.MultiValue, &multiValue) + } } } } diff --git a/tencentcloud/services/waf/resource_tc_waf_bot_scene_ucb_rule.md b/tencentcloud/services/waf/resource_tc_waf_bot_scene_ucb_rule.md index 8c948f7a25..8ac4492d2a 100644 --- a/tencentcloud/services/waf/resource_tc_waf_bot_scene_ucb_rule.md +++ b/tencentcloud/services/waf/resource_tc_waf_bot_scene_ucb_rule.md @@ -20,6 +20,18 @@ resource "tencentcloud_waf_bot_scene_ucb_rule" "example" { } } + rule { + key = "url" + op = "rematch" + lang = "cn" + value { + multi_value = [ + "/prefix", + "/startwith" + ] + } + } + action = "monitor" on_off = "on" rule_type = 0 diff --git a/tencentcloud/services/waf/resource_tc_waf_cc.go b/tencentcloud/services/waf/resource_tc_waf_cc.go index d27a8a4b2c..c6564480e0 100644 --- a/tencentcloud/services/waf/resource_tc_waf_cc.go +++ b/tencentcloud/services/waf/resource_tc_waf_cc.go @@ -120,6 +120,17 @@ func ResourceTencentCloudWafCc() *schema.Resource { Computed: true, Description: "Frequency limiting method.", }, + "cel_rule": { + Optional: true, + Type: schema.TypeString, + Description: "Cel expression.", + }, + "logical_op": { + Optional: true, + Computed: true, + Type: schema.TypeString, + Description: "Logical operator of configuration mode, and/or.", + }, "rule_id": { Computed: true, Type: schema.TypeString, @@ -218,6 +229,14 @@ func resourceTencentCloudWafCcCreate(d *schema.ResourceData, meta interface{}) e request.LimitMethod = helper.String(v.(string)) } + if v, ok := d.GetOk("cel_rule"); ok { + request.CelRule = helper.String(v.(string)) + } + + if v, ok := d.GetOk("logical_op"); ok { + request.LogicalOp = helper.String(v.(string)) + } + request.RuleId = helper.IntInt64(0) err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError { result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseWafClient().UpsertCCRule(request) @@ -337,6 +356,14 @@ func resourceTencentCloudWafCcRead(d *schema.ResourceData, meta interface{}) err _ = d.Set("limit_method", cc.LimitMethod) } + if cc.CelRule != nil { + _ = d.Set("cel_rule", cc.CelRule) + } + + if cc.LogicalOp != nil { + _ = d.Set("logical_op", cc.LogicalOp) + } + if cc.RuleId != nil { ruleIdStr := strconv.FormatUint(*cc.RuleId, 10) _ = d.Set("rule_id", ruleIdStr) @@ -439,6 +466,14 @@ func resourceTencentCloudWafCcUpdate(d *schema.ResourceData, meta interface{}) e request.LimitMethod = helper.String(v.(string)) } + if v, ok := d.GetOk("cel_rule"); ok { + request.CelRule = helper.String(v.(string)) + } + + if v, ok := d.GetOk("logical_op"); ok { + request.LogicalOp = helper.String(v.(string)) + } + err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError { result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseWafClient().UpsertCCRule(request) if e != nil { diff --git a/tencentcloud/services/waf/resource_tc_waf_cc.md b/tencentcloud/services/waf/resource_tc_waf_cc.md index 8a19d59b49..9ff684a8b7 100644 --- a/tencentcloud/services/waf/resource_tc_waf_cc.md +++ b/tencentcloud/services/waf/resource_tc_waf_cc.md @@ -2,10 +2,12 @@ Provides a resource to create a WAF cc Example Usage +If advance is 0(IP model) + ```hcl resource "tencentcloud_waf_cc" "example" { domain = "www.demo.com" - name = "terraform" + name = "tf-example" status = 1 advance = "0" limit = "60" @@ -17,15 +19,82 @@ resource "tencentcloud_waf_cc" "example" { valid_time = 600 edition = "sparta-waf" type = 1 + logical_op = "and" options_arr = jsonencode( [ + { + "key" : "URL", + "args" : [ + "=cHJlZml4" + ], + "match" : "2", + "encodeflag" : true + }, { "key" : "Method", - "args" : ["=R0VU"], + "args" : [ + "=POST" # if encodeflag is false, parameter value needs to be prefixed with an = sign. + ], + "match" : "0", + "encodeflag" : false + }, + { + "key" : "Post", + "args" : [ + "S2V5=VmFsdWU" + ], "match" : "0", "encodeflag" : true + }, + { + "key" : "Referer", + "args" : [ + "=" + ], + "match" : "12", + "encodeflag" : true + }, + { + "key" : "Cookie", + "args" : [ + "S2V5=VmFsdWU" + ], + "match" : "3", + "encodeflag" : true + }, + { + "key" : "IPLocation", + "args" : [ + "=eyJMYW5nIjoiY24iLCJBcmVhcyI6W3siQ291bnRyeSI6IuWbveWkliJ9XX0" + ], + "match" : "13", + "encodeflag" : true } ] ) } -``` \ No newline at end of file +``` + +If advance is 1(SESSION model) + +```hcl +resource "tencentcloud_waf_cc" "example" { + domain = "news.bots.icu" + name = "tf-example" + status = 1 + advance = "1" + limit = "60" + interval = "60" + url = "/cc_demo" + match_func = 0 + action_type = "22" + priority = 50 + valid_time = 600 + edition = "sparta-waf" + type = 1 + session_applied = [0] + limit_method = "only_limit" + logical_op = "or" + cel_rule = "(has(request.url) && request.url.startsWith('/prefix')) && (has(request.method) && request.method == 'POST')" +} +``` diff --git a/tencentcloud/services/waf/resource_tc_waf_custom_rule.go b/tencentcloud/services/waf/resource_tc_waf_custom_rule.go index f00bc41f1d..fdf659706e 100644 --- a/tencentcloud/services/waf/resource_tc_waf_custom_rule.go +++ b/tencentcloud/services/waf/resource_tc_waf_custom_rule.go @@ -2,6 +2,7 @@ package waf import ( "context" + "encoding/base64" "fmt" "log" "strconv" @@ -252,16 +253,24 @@ func resourceTencentCloudWafCustomRuleCreate(d *schema.ResourceData, meta interf for _, item := range v.([]interface{}) { dMap := item.(map[string]interface{}) strategy := waf.Strategy{} + var base46Flag bool if v, ok := dMap["field"]; ok { strategy.Field = helper.String(v.(string)) } if v, ok := dMap["compare_func"]; ok { strategy.CompareFunc = helper.String(v.(string)) + if v.(string) == "rematch" { + base46Flag = true + } } if v, ok := dMap["content"]; ok { - strategy.Content = helper.String(v.(string)) + if base46Flag { + strategy.Content = helper.String(base64.URLEncoding.EncodeToString([]byte(v.(string)))) + } else { + strategy.Content = helper.String(v.(string)) + } } if v, ok := dMap["arg"]; ok { @@ -408,7 +417,7 @@ func resourceTencentCloudWafCustomRuleRead(d *schema.ResourceData, meta interfac idSplit := strings.Split(d.Id(), tccommon.FILED_SP) if len(idSplit) != 2 { - return fmt.Errorf("id is broken,%s", idSplit) + return fmt.Errorf("id is broken, %s", idSplit) } domain := idSplit[0] @@ -445,17 +454,29 @@ func resourceTencentCloudWafCustomRuleRead(d *schema.ResourceData, meta interfac strategiesList := []interface{}{} for _, strategies := range customRule.Strategies { strategiesMap := map[string]interface{}{} - + var base46Flag bool if strategies.Field != nil { strategiesMap["field"] = strategies.Field } if strategies.CompareFunc != nil { strategiesMap["compare_func"] = strategies.CompareFunc + if *strategies.CompareFunc == "rematch" { + base46Flag = true + } } if strategies.Content != nil { - strategiesMap["content"] = strategies.Content + if base46Flag { + decoded, e := base64.StdEncoding.DecodeString(*strategies.Content) + if e != nil { + return fmt.Errorf("[%s] base64 decode error: %s", *strategies.Content, e.Error()) + } + + strategiesMap["content"] = string(decoded) + } else { + strategiesMap["content"] = strategies.Content + } } if strategies.Arg != nil { @@ -609,16 +630,24 @@ func resourceTencentCloudWafCustomRuleUpdate(d *schema.ResourceData, meta interf for _, item := range v.([]interface{}) { dMap := item.(map[string]interface{}) strategy := waf.Strategy{} + var base46Flag bool if v, ok := dMap["field"]; ok { strategy.Field = helper.String(v.(string)) } if v, ok := dMap["compare_func"]; ok { strategy.CompareFunc = helper.String(v.(string)) + if v.(string) == "rematch" { + base46Flag = true + } } if v, ok := dMap["content"]; ok { - strategy.Content = helper.String(v.(string)) + if base46Flag { + strategy.Content = helper.String(base64.URLEncoding.EncodeToString([]byte(v.(string)))) + } else { + strategy.Content = helper.String(v.(string)) + } } if v, ok := dMap["arg"]; ok { diff --git a/tencentcloud/services/waf/resource_tc_waf_custom_rule.md b/tencentcloud/services/waf/resource_tc_waf_custom_rule.md index b6e15f04e4..9f49534a1e 100644 --- a/tencentcloud/services/waf/resource_tc_waf_custom_rule.md +++ b/tencentcloud/services/waf/resource_tc_waf_custom_rule.md @@ -20,6 +20,13 @@ resource "tencentcloud_waf_custom_rule" "example" { arg = "" } + strategies { + field = "QUERY_STRING" + compare_func = "rematch" + content = "need query string" + arg = "" + } + status = "1" domain = "test.com" action_type = "1" diff --git a/tencentcloud/services/waf/resource_tc_waf_custom_white_rule.go b/tencentcloud/services/waf/resource_tc_waf_custom_white_rule.go index 8018b66e19..7eef2a19b9 100644 --- a/tencentcloud/services/waf/resource_tc_waf_custom_white_rule.go +++ b/tencentcloud/services/waf/resource_tc_waf_custom_white_rule.go @@ -198,6 +198,12 @@ func ResourceTencentCloudWafCustomWhiteRule() *schema.Resource { }, }, }, + "logical_op": { + Optional: true, + Computed: true, + Type: schema.TypeString, + Description: "Logical operator of configuration mode, and/or.", + }, "rule_id": { Computed: true, Type: schema.TypeString, @@ -331,6 +337,10 @@ func resourceTencentCloudWafCustomWhiteRuleCreate(d *schema.ResourceData, meta i request.JobDateTime = &jobDateTime } + if v, ok := d.GetOk("logical_op"); ok { + request.LogicalOp = helper.String(v.(string)) + } + err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError { result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseWafClient().AddCustomWhiteRule(request) if e != nil { @@ -523,6 +533,10 @@ func resourceTencentCloudWafCustomWhiteRuleRead(d *schema.ResourceData, meta int _ = d.Set("status", customWhiteRule.Status) } + if customWhiteRule.LogicalOp != nil { + _ = d.Set("logical_op", customWhiteRule.LogicalOp) + } + if customWhiteRule.RuleId != nil { _ = d.Set("rule_id", customWhiteRule.RuleId) } @@ -668,6 +682,10 @@ func resourceTencentCloudWafCustomWhiteRuleUpdate(d *schema.ResourceData, meta i request.JobDateTime = &jobDateTime } + if v, ok := d.GetOk("logical_op"); ok { + request.LogicalOp = helper.String(v.(string)) + } + err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError { result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseWafClient().ModifyCustomWhiteRule(request) if e != nil { diff --git a/tencentcloud/services/waf/resource_tc_waf_custom_white_rule.md b/tencentcloud/services/waf/resource_tc_waf_custom_white_rule.md index 8db46e9b0b..6b25dfa770 100644 --- a/tencentcloud/services/waf/resource_tc_waf_custom_white_rule.md +++ b/tencentcloud/services/waf/resource_tc_waf_custom_white_rule.md @@ -1,4 +1,4 @@ -Provides a resource to create a waf custom white rule +Provides a resource to create a WAF custom white rule -> **NOTE:** If `job_type` is `TimedJob`, Then `expire_time` must select the maximum time value of the `end_date_time` in the parameter list `timed`. @@ -19,9 +19,24 @@ resource "tencentcloud_waf_custom_white_rule" "example" { arg = "" } - status = "1" - domain = "test.com" - bypass = "geoip,cc,owasp" + strategies { + field = "IP_GEO" + compare_func = "geo_in" + content = jsonencode( + { + "Lang" : "cn", + "Areas" : [ + { "Country" : "国外" } + ] + } + ) + arg = "" + } + + status = "1" + domain = "www.demo.com" + bypass = "geoip,cc,owasp" + logical_op = "and" } ``` @@ -49,7 +64,7 @@ resource "tencentcloud_waf_custom_white_rule" "example" { } status = "1" - domain = "test.com" + domain = "www.demo.com" bypass = "geoip,cc,owasp" job_type = "TimedJob" job_date_time { @@ -85,10 +100,11 @@ resource "tencentcloud_waf_custom_white_rule" "example" { case_not_sensitive = 1 } - status = "1" - domain = "www.tencent.com" - bypass = "geoip,cc,owasp" - job_type = "CronJob" + status = "1" + domain = "www.demo.com" + bypass = "geoip,cc,owasp" + job_type = "CronJob" + logical_op = "or" job_date_time { cron { w_days = [0, 1, 2, 3, 4, 5, 6] @@ -102,8 +118,8 @@ resource "tencentcloud_waf_custom_white_rule" "example" { Import -waf custom white rule can be imported using the id, e.g. +WAF custom white rule can be imported using the id, e.g. ``` -terraform import tencentcloud_waf_custom_white_rule.example test.com#1100310837 -``` \ No newline at end of file +terraform import tencentcloud_waf_custom_white_rule.example www.demo.com#1100310837 +``` diff --git a/tencentcloud/services/waf/service_tencentcloud_waf.go b/tencentcloud/services/waf/service_tencentcloud_waf.go index 486a2bca24..01dc1327b2 100644 --- a/tencentcloud/services/waf/service_tencentcloud_waf.go +++ b/tencentcloud/services/waf/service_tencentcloud_waf.go @@ -107,6 +107,7 @@ func (me *WafService) DescribeWafCustomWhiteRuleById(ctx context.Context, domain logId := tccommon.GetLogId(ctx) request := waf.NewDescribeCustomWhiteRuleRequest() + response := waf.NewDescribeCustomWhiteRuleResponse() request.Domain = &domain request.Offset = common.Uint64Ptr(0) request.Limit = common.Uint64Ptr(20) @@ -124,15 +125,32 @@ func (me *WafService) DescribeWafCustomWhiteRuleById(ctx context.Context, domain } }() - ratelimit.Check(request.GetAction()) + err := resource.Retry(tccommon.ReadRetryTimeout, func() *resource.RetryError { + ratelimit.Check(request.GetAction()) + result, e := me.client.UseWafClient().DescribeCustomWhiteRule(request) + if e != nil { + return tccommon.RetryError(e) + } else { + log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString()) + } + + if result == nil || result.Response == nil || result.Response.RuleList == nil { + return resource.NonRetryableError(fmt.Errorf("Response is nil.")) + } + + response = result + return nil + }) - response, err := me.client.UseWafClient().DescribeCustomWhiteRule(request) if err != nil { errRet = err return } - log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString()) + if err != nil { + errRet = err + return + } if len(response.Response.RuleList) < 1 { return @@ -156,16 +174,23 @@ func (me *WafService) DeleteWafCustomWhiteRuleById(ctx context.Context, domain, } }() - ratelimit.Check(request.GetAction()) + err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError { + ratelimit.Check(request.GetAction()) + result, e := me.client.UseWafClient().DeleteCustomWhiteRule(request) + if e != nil { + return tccommon.RetryError(e) + } else { + log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString()) + } + + return nil + }) - response, err := me.client.UseWafClient().DeleteCustomWhiteRule(request) if err != nil { errRet = err return } - log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString()) - return } diff --git a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go index 4f44500226..23650f1dba 100644 --- a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go +++ b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go @@ -265,7 +265,7 @@ func CompleteCommonParams(request Request, region string, requestClient string) params["Action"] = request.GetAction() params["Timestamp"] = strconv.FormatInt(time.Now().Unix(), 10) params["Nonce"] = strconv.Itoa(rand.Int()) - params["RequestClient"] = "SDK_GO_1.0.1164" + params["RequestClient"] = "SDK_GO_1.0.1170" if requestClient != "" { params["RequestClient"] += ": " + requestClient } diff --git a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf/v20180125/models.go b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf/v20180125/models.go index d05cea86ac..4e4f648739 100644 --- a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf/v20180125/models.go +++ b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf/v20180125/models.go @@ -702,6 +702,9 @@ type AddCustomWhiteRuleRequestParams struct { // 定时任务配置 JobDateTime *JobDateTime `json:"JobDateTime,omitnil,omitempty" name:"JobDateTime"` + + // 匹配条件的逻辑关系,支持and、or,分别表示多个逻辑匹配条件是与、或的关系 + LogicalOp *string `json:"LogicalOp,omitnil,omitempty" name:"LogicalOp"` } type AddCustomWhiteRuleRequest struct { @@ -730,6 +733,9 @@ type AddCustomWhiteRuleRequest struct { // 定时任务配置 JobDateTime *JobDateTime `json:"JobDateTime,omitnil,omitempty" name:"JobDateTime"` + + // 匹配条件的逻辑关系,支持and、or,分别表示多个逻辑匹配条件是与、或的关系 + LogicalOp *string `json:"LogicalOp,omitnil,omitempty" name:"LogicalOp"` } func (r *AddCustomWhiteRuleRequest) ToJsonString() string { @@ -752,6 +758,7 @@ func (r *AddCustomWhiteRuleRequest) FromJsonString(s string) error { delete(f, "ExpireTime") delete(f, "JobType") delete(f, "JobDateTime") + delete(f, "LogicalOp") if len(f) > 0 { return tcerr.NewTencentCloudSDKError("ClientError.BuildRequestError", "AddCustomWhiteRuleRequest has unknown keys!", "") } @@ -2093,6 +2100,12 @@ type CCRuleItems struct { // 限频方式 LimitMethod *string `json:"LimitMethod,omitnil,omitempty" name:"LimitMethod"` + + // cel表达式 + CelRule *string `json:"CelRule,omitnil,omitempty" name:"CelRule"` + + // 逻辑操作符 + LogicalOp *string `json:"LogicalOp,omitnil,omitempty" name:"LogicalOp"` } type CCRuleLists struct { @@ -3405,7 +3418,6 @@ func (r *DeleteBotSceneUCBRuleRequest) FromJsonString(s string) error { // Predefined struct for user type DeleteBotSceneUCBRuleResponseParams struct { // 正常情况下为null - // 注意:此字段可能返回 null,表示取不到有效值。 Data *string `json:"Data,omitnil,omitempty" name:"Data"` // 唯一请求 ID,由服务端生成,每次请求都会返回(若请求因其他原因未能抵达服务端,则该次请求不会获得 RequestId)。定位问题时需要提供该次请求的 RequestId。 @@ -11752,6 +11764,9 @@ type InstanceInfo struct { // 重保增强包 MajorEventsProPkg *MajorEventsProPkg `json:"MajorEventsProPkg,omitnil,omitempty" name:"MajorEventsProPkg"` + + // 1是基础2025版本;0不是 + BasicFlag *uint64 `json:"BasicFlag,omitnil,omitempty" name:"BasicFlag"` } type IpAccessControlData struct { @@ -13439,6 +13454,9 @@ type ModifyCustomWhiteRuleRequestParams struct { // 定时任务配置 JobDateTime *JobDateTime `json:"JobDateTime,omitnil,omitempty" name:"JobDateTime"` + + // 匹配条件的逻辑关系,支持and、or,分别表示多个逻辑匹配条件是与、或的关系 + LogicalOp *string `json:"LogicalOp,omitnil,omitempty" name:"LogicalOp"` } type ModifyCustomWhiteRuleRequest struct { @@ -13470,6 +13488,9 @@ type ModifyCustomWhiteRuleRequest struct { // 定时任务配置 JobDateTime *JobDateTime `json:"JobDateTime,omitnil,omitempty" name:"JobDateTime"` + + // 匹配条件的逻辑关系,支持and、or,分别表示多个逻辑匹配条件是与、或的关系 + LogicalOp *string `json:"LogicalOp,omitnil,omitempty" name:"LogicalOp"` } func (r *ModifyCustomWhiteRuleRequest) ToJsonString() string { @@ -13493,6 +13514,7 @@ func (r *ModifyCustomWhiteRuleRequest) FromJsonString(s string) error { delete(f, "Strategies") delete(f, "JobType") delete(f, "JobDateTime") + delete(f, "LogicalOp") if len(f) > 0 { return tcerr.NewTencentCloudSDKError("ClientError.BuildRequestError", "ModifyCustomWhiteRuleRequest has unknown keys!", "") } @@ -17182,12 +17204,6 @@ type UpsertCCRuleRequestParams struct { // CC检测周期 Interval *string `json:"Interval,omitnil,omitempty" name:"Interval"` - // 检测Url - Url *string `json:"Url,omitnil,omitempty" name:"Url"` - - // 匹配方法,0表示等于,1表示前缀匹配,2表示包含,3表示不等于,6表示后缀匹配,7表示不包含 - MatchFunc *int64 `json:"MatchFunc,omitnil,omitempty" name:"MatchFunc"` - // 动作,20表示观察,21表示人机识别,22表示拦截,23表示精准拦截,26表示精准人机识别,27表示JS校验 ActionType *string `json:"ActionType,omitnil,omitempty" name:"ActionType"` @@ -17197,6 +17213,12 @@ type UpsertCCRuleRequestParams struct { // 动作有效时间 ValidTime *int64 `json:"ValidTime,omitnil,omitempty" name:"ValidTime"` + // 检测Url + Url *string `json:"Url,omitnil,omitempty" name:"Url"` + + // 匹配方法,0表示等于,1表示前缀匹配,2表示包含,3表示不等于,6表示后缀匹配,7表示不包含 + MatchFunc *int64 `json:"MatchFunc,omitnil,omitempty" name:"MatchFunc"` + // CC的匹配条件JSON序列化的字符串,示例:[{\"key\":\"Method\",\"args\":[\"=R0VU\"],\"match\":\"0\",\"encodeflag\":true}] Key可选值为 Method、Post、Referer、Cookie、User-Agent、CustomHeader match可选值为,当Key为Method的时候可选值为0(等于)、3(不等于)。 Key为Post的时候可选值为0(等于)、3(不等于),Key为Cookie的时候可选值为0(等于)、2(包含),3(不等于)、7(不包含)、 当Key为Referer的时候可选值为0(等于)、3(不等于)、1(前缀匹配)、6(后缀匹配)、2(包含)、7(不包含)、12(存在)、5(不存在)、4(内容为空), 当Key为Cookie的时候可选值为0(等于)、3(不等于)、2(包含)、7(不包含)、12(存在)、5(不存在)、4(内容为空), 当Key为User-Agent的时候可选值为0(等于)、3(不等于)、1(前缀匹配)、6(后缀匹配)、2(包含)、7(不包含)、12(存在)、5(不存在)、4(内容为空), 当Key为CustomHeader的时候可选值为0(等于)、3(不等于)、2(包含)、7(不包含)、12(存在)、5(不存在)、4(内容为空)。 Key为IPLocation时,可选值为13(属于)、14(不属于)。args用来表示匹配内容,需要设置encodeflag为true,当Key为Post、Cookie、CustomHeader时,用等号=来分别串接Key和Value,并分别用Base64编码,类似YWJj=YWJj。当Key为Referer、User-Agent时,用等号=来串接Value,类似=YWJj。 OptionsArr *string `json:"OptionsArr,omitnil,omitempty" name:"OptionsArr"` @@ -17223,6 +17245,12 @@ type UpsertCCRuleRequestParams struct { // 限频方式 LimitMethod *string `json:"LimitMethod,omitnil,omitempty" name:"LimitMethod"` + + // cel表达式 + CelRule *string `json:"CelRule,omitnil,omitempty" name:"CelRule"` + + // 配置方式的逻辑操作符,and或者or + LogicalOp *string `json:"LogicalOp,omitnil,omitempty" name:"LogicalOp"` } type UpsertCCRuleRequest struct { @@ -17246,12 +17274,6 @@ type UpsertCCRuleRequest struct { // CC检测周期 Interval *string `json:"Interval,omitnil,omitempty" name:"Interval"` - // 检测Url - Url *string `json:"Url,omitnil,omitempty" name:"Url"` - - // 匹配方法,0表示等于,1表示前缀匹配,2表示包含,3表示不等于,6表示后缀匹配,7表示不包含 - MatchFunc *int64 `json:"MatchFunc,omitnil,omitempty" name:"MatchFunc"` - // 动作,20表示观察,21表示人机识别,22表示拦截,23表示精准拦截,26表示精准人机识别,27表示JS校验 ActionType *string `json:"ActionType,omitnil,omitempty" name:"ActionType"` @@ -17261,6 +17283,12 @@ type UpsertCCRuleRequest struct { // 动作有效时间 ValidTime *int64 `json:"ValidTime,omitnil,omitempty" name:"ValidTime"` + // 检测Url + Url *string `json:"Url,omitnil,omitempty" name:"Url"` + + // 匹配方法,0表示等于,1表示前缀匹配,2表示包含,3表示不等于,6表示后缀匹配,7表示不包含 + MatchFunc *int64 `json:"MatchFunc,omitnil,omitempty" name:"MatchFunc"` + // CC的匹配条件JSON序列化的字符串,示例:[{\"key\":\"Method\",\"args\":[\"=R0VU\"],\"match\":\"0\",\"encodeflag\":true}] Key可选值为 Method、Post、Referer、Cookie、User-Agent、CustomHeader match可选值为,当Key为Method的时候可选值为0(等于)、3(不等于)。 Key为Post的时候可选值为0(等于)、3(不等于),Key为Cookie的时候可选值为0(等于)、2(包含),3(不等于)、7(不包含)、 当Key为Referer的时候可选值为0(等于)、3(不等于)、1(前缀匹配)、6(后缀匹配)、2(包含)、7(不包含)、12(存在)、5(不存在)、4(内容为空), 当Key为Cookie的时候可选值为0(等于)、3(不等于)、2(包含)、7(不包含)、12(存在)、5(不存在)、4(内容为空), 当Key为User-Agent的时候可选值为0(等于)、3(不等于)、1(前缀匹配)、6(后缀匹配)、2(包含)、7(不包含)、12(存在)、5(不存在)、4(内容为空), 当Key为CustomHeader的时候可选值为0(等于)、3(不等于)、2(包含)、7(不包含)、12(存在)、5(不存在)、4(内容为空)。 Key为IPLocation时,可选值为13(属于)、14(不属于)。args用来表示匹配内容,需要设置encodeflag为true,当Key为Post、Cookie、CustomHeader时,用等号=来分别串接Key和Value,并分别用Base64编码,类似YWJj=YWJj。当Key为Referer、User-Agent时,用等号=来串接Value,类似=YWJj。 OptionsArr *string `json:"OptionsArr,omitnil,omitempty" name:"OptionsArr"` @@ -17287,6 +17315,12 @@ type UpsertCCRuleRequest struct { // 限频方式 LimitMethod *string `json:"LimitMethod,omitnil,omitempty" name:"LimitMethod"` + + // cel表达式 + CelRule *string `json:"CelRule,omitnil,omitempty" name:"CelRule"` + + // 配置方式的逻辑操作符,and或者or + LogicalOp *string `json:"LogicalOp,omitnil,omitempty" name:"LogicalOp"` } func (r *UpsertCCRuleRequest) ToJsonString() string { @@ -17307,11 +17341,11 @@ func (r *UpsertCCRuleRequest) FromJsonString(s string) error { delete(f, "Advance") delete(f, "Limit") delete(f, "Interval") - delete(f, "Url") - delete(f, "MatchFunc") delete(f, "ActionType") delete(f, "Priority") delete(f, "ValidTime") + delete(f, "Url") + delete(f, "MatchFunc") delete(f, "OptionsArr") delete(f, "Edition") delete(f, "Type") @@ -17321,6 +17355,8 @@ func (r *UpsertCCRuleRequest) FromJsonString(s string) error { delete(f, "CreateTime") delete(f, "Length") delete(f, "LimitMethod") + delete(f, "CelRule") + delete(f, "LogicalOp") if len(f) > 0 { return tcerr.NewTencentCloudSDKError("ClientError.BuildRequestError", "UpsertCCRuleRequest has unknown keys!", "") } diff --git a/vendor/modules.txt b/vendor/modules.txt index 9011749176..e9483cd569 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1166,7 +1166,7 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit/v20190319 # github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.1148 ## explicit; go 1.14 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls/v20201016 -# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1164 +# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1170 ## explicit; go 1.11 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/errors @@ -1352,7 +1352,7 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod/v20180717 # github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.1154 ## explicit; go 1.14 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc/v20170312 -# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1163 +# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.0.1170 ## explicit; go 1.14 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf/v20180125 # github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wedata v1.0.792 diff --git a/website/docs/r/waf_bot_scene_ucb_rule.html.markdown b/website/docs/r/waf_bot_scene_ucb_rule.html.markdown index a227aaeab9..560030136c 100644 --- a/website/docs/r/waf_bot_scene_ucb_rule.html.markdown +++ b/website/docs/r/waf_bot_scene_ucb_rule.html.markdown @@ -31,6 +31,18 @@ resource "tencentcloud_waf_bot_scene_ucb_rule" "example" { } } + rule { + key = "url" + op = "rematch" + lang = "cn" + value { + multi_value = [ + "/prefix", + "/startwith" + ] + } + } + action = "monitor" on_off = "on" rule_type = 0 diff --git a/website/docs/r/waf_cc.html.markdown b/website/docs/r/waf_cc.html.markdown index 41f9f549a2..174af12836 100644 --- a/website/docs/r/waf_cc.html.markdown +++ b/website/docs/r/waf_cc.html.markdown @@ -13,10 +13,12 @@ Provides a resource to create a WAF cc ## Example Usage +### If advance is 0(IP model) + ```hcl resource "tencentcloud_waf_cc" "example" { domain = "www.demo.com" - name = "terraform" + name = "tf-example" status = 1 advance = "0" limit = "60" @@ -28,19 +30,86 @@ resource "tencentcloud_waf_cc" "example" { valid_time = 600 edition = "sparta-waf" type = 1 + logical_op = "and" options_arr = jsonencode( [ + { + "key" : "URL", + "args" : [ + "=cHJlZml4" + ], + "match" : "2", + "encodeflag" : true + }, { "key" : "Method", - "args" : ["=R0VU"], + "args" : [ + "=POST" # if encodeflag is false, parameter value needs to be prefixed with an = sign. + ], + "match" : "0", + "encodeflag" : false + }, + { + "key" : "Post", + "args" : [ + "S2V5=VmFsdWU" + ], "match" : "0", "encodeflag" : true + }, + { + "key" : "Referer", + "args" : [ + "=" + ], + "match" : "12", + "encodeflag" : true + }, + { + "key" : "Cookie", + "args" : [ + "S2V5=VmFsdWU" + ], + "match" : "3", + "encodeflag" : true + }, + { + "key" : "IPLocation", + "args" : [ + "=eyJMYW5nIjoiY24iLCJBcmVhcyI6W3siQ291bnRyeSI6IuWbveWkliJ9XX0" + ], + "match" : "13", + "encodeflag" : true } ] ) } ``` +### If advance is 1(SESSION model) + +```hcl +resource "tencentcloud_waf_cc" "example" { + domain = "news.bots.icu" + name = "tf-example" + status = 1 + advance = "1" + limit = "60" + interval = "60" + url = "/cc_demo" + match_func = 0 + action_type = "22" + priority = 50 + valid_time = 600 + edition = "sparta-waf" + type = 1 + session_applied = [0] + limit_method = "only_limit" + logical_op = "or" + cel_rule = "(has(request.url) && request.url.startsWith('/prefix')) && (has(request.method) && request.method == 'POST')" +} +``` + ## Argument Reference The following arguments are supported: @@ -57,8 +126,10 @@ The following arguments are supported: * `status` - (Required, Int) Rule Status, 0 rule close, 1 rule open. * `url` - (Required, String) Detection URL. * `valid_time` - (Required, Int) Action ValidTime, minute unit. Min: 60, Max: 604800. +* `cel_rule` - (Optional, String) Cel expression. * `event_id` - (Optional, String) Event ID. * `limit_method` - (Optional, String) Frequency limiting method. +* `logical_op` - (Optional, String) Logical operator of configuration mode, and/or. * `options_arr` - (Optional, String) JSON serialized string of CC matching conditions, example:[{\"key\":\"Method\",\"args\":[\"=R0VU\"],\"match\":\"0\",\"encodeflag\":true}] Key optional values are Method, Post, Referer, Cookie, User-Agent, CustomHeader Match optional values are, when Key is Method, optional values are 0 (equal), 3 (not equal). diff --git a/website/docs/r/waf_custom_rule.html.markdown b/website/docs/r/waf_custom_rule.html.markdown index a7868ac839..77f6b1d113 100644 --- a/website/docs/r/waf_custom_rule.html.markdown +++ b/website/docs/r/waf_custom_rule.html.markdown @@ -31,6 +31,13 @@ resource "tencentcloud_waf_custom_rule" "example" { arg = "" } + strategies { + field = "QUERY_STRING" + compare_func = "rematch" + content = "need query string" + arg = "" + } + status = "1" domain = "test.com" action_type = "1" diff --git a/website/docs/r/waf_custom_white_rule.html.markdown b/website/docs/r/waf_custom_white_rule.html.markdown index b0b16519ac..8c31659164 100644 --- a/website/docs/r/waf_custom_white_rule.html.markdown +++ b/website/docs/r/waf_custom_white_rule.html.markdown @@ -4,12 +4,12 @@ layout: "tencentcloud" page_title: "TencentCloud: tencentcloud_waf_custom_white_rule" sidebar_current: "docs-tencentcloud-resource-waf_custom_white_rule" description: |- - Provides a resource to create a waf custom white rule + Provides a resource to create a WAF custom white rule --- # tencentcloud_waf_custom_white_rule -Provides a resource to create a waf custom white rule +Provides a resource to create a WAF custom white rule -> **NOTE:** If `job_type` is `TimedJob`, Then `expire_time` must select the maximum time value of the `end_date_time` in the parameter list `timed`. @@ -30,9 +30,24 @@ resource "tencentcloud_waf_custom_white_rule" "example" { arg = "" } - status = "1" - domain = "test.com" - bypass = "geoip,cc,owasp" + strategies { + field = "IP_GEO" + compare_func = "geo_in" + content = jsonencode( + { + "Lang" : "cn", + "Areas" : [ + { "Country" : "国外" } + ] + } + ) + arg = "" + } + + status = "1" + domain = "www.demo.com" + bypass = "geoip,cc,owasp" + logical_op = "and" } ``` @@ -60,7 +75,7 @@ resource "tencentcloud_waf_custom_white_rule" "example" { } status = "1" - domain = "test.com" + domain = "www.demo.com" bypass = "geoip,cc,owasp" job_type = "TimedJob" job_date_time { @@ -96,10 +111,11 @@ resource "tencentcloud_waf_custom_white_rule" "example" { case_not_sensitive = 1 } - status = "1" - domain = "www.tencent.com" - bypass = "geoip,cc,owasp" - job_type = "CronJob" + status = "1" + domain = "www.demo.com" + bypass = "geoip,cc,owasp" + job_type = "CronJob" + logical_op = "or" job_date_time { cron { w_days = [0, 1, 2, 3, 4, 5, 6] @@ -123,6 +139,7 @@ The following arguments are supported: * `strategies` - (Required, List) Strategies detail. * `job_date_time` - (Optional, List) Rule execution time. * `job_type` - (Optional, String) Rule execution mode: TimedJob indicates scheduled execution. CronJob indicates periodic execution. +* `logical_op` - (Optional, String) Logical operator of configuration mode, and/or. * `status` - (Optional, String) The status of the switch, 1 is on, 0 is off, default 1. The `cron` object of `job_date_time` supports the following: @@ -190,9 +207,9 @@ In addition to all arguments above, the following attributes are exported: ## Import -waf custom white rule can be imported using the id, e.g. +WAF custom white rule can be imported using the id, e.g. ``` -terraform import tencentcloud_waf_custom_white_rule.example test.com#1100310837 +terraform import tencentcloud_waf_custom_white_rule.example www.demo.com#1100310837 ```