Merge pull request #423 from cloudflare/support-changes-from-upstream…

…-rulesets generate: support remapping rulesets overrides `enabled` => `status`
cloudflare · Jun 15, 2022 · ae5bb1c · ae5bb1c
2 parents 74b3c9a + 1197671
commit ae5bb1c
Show file tree

Hide file tree

Showing 11 changed files with 419 additions and 0 deletions.
diff --git a/internal/app/cf-terraforming/cmd/generate.go b/internal/app/cf-terraforming/cmd/generate.go
@@ -459,6 +459,15 @@ func generateResources() func(cmd *cobra.Command, args []string) {
 			resourceCount = len(jsonPayload)
 			m, _ := json.Marshal(jsonPayload)
 			json.Unmarshal(m, &jsonStructData)
+
+			for i := 0; i < resourceCount; i++ {
+				// Workaround for LogpushJob.Filter being empty with a custom
+				// marshaler and returning `{"where":{}}` as the "empty" value.
+				if jsonStructData[i].(map[string]interface{})["filter"] == `{"where":{}}` {
+					jsonStructData[i].(map[string]interface{})["filter"] = nil
+				}
+			}
+
 		case "cloudflare_origin_ca_certificate":
 			jsonPayload, err := api.OriginCertificates(context.Background(), cloudflare.OriginCACertificateListOptions{ZoneID: zoneID})
 			if err != nil {
@@ -625,6 +634,7 @@ func generateResources() func(cmd *cobra.Command, args []string) {
 				jsonPayload = nonManagedRules
 				ruleHeaders := map[string][]map[string]interface{}{}
 				for i, rule := range nonManagedRules {
+
 					ruleset, _ := api.GetZoneRuleset(context.Background(), zoneID, rule.ID)
 					jsonPayload[i].Rules = ruleset.Rules
 
@@ -676,6 +686,26 @@ func generateResources() func(cmd *cobra.Command, args []string) {
 					}
 				}
 			}
+
+			for i := 0; i < resourceCount; i++ {
+				if jsonStructData[i].(map[string]interface{})["rules"] != nil {
+					for ruleCounter := range jsonStructData[i].(map[string]interface{})["rules"].([]interface{}) {
+						if jsonStructData[i].(map[string]interface{})["rules"].([]interface{})[ruleCounter].(map[string]interface{})["action_parameters"] != nil {
+							if jsonStructData[i].(map[string]interface{})["rules"].([]interface{})[ruleCounter].(map[string]interface{})["action_parameters"].(map[string]interface{})["overrides"] != nil {
+								if jsonStructData[i].(map[string]interface{})["rules"].([]interface{})[ruleCounter].(map[string]interface{})["action_parameters"].(map[string]interface{})["overrides"].(map[string]interface{})["enabled"] == true {
+									jsonStructData[i].(map[string]interface{})["rules"].([]interface{})[ruleCounter].(map[string]interface{})["action_parameters"].(map[string]interface{})["overrides"].(map[string]interface{})["status"] = "enabled"
+								}
+
+								if jsonStructData[i].(map[string]interface{})["rules"].([]interface{})[ruleCounter].(map[string]interface{})["action_parameters"].(map[string]interface{})["overrides"].(map[string]interface{})["enabled"] == false {
+									jsonStructData[i].(map[string]interface{})["rules"].([]interface{})[ruleCounter].(map[string]interface{})["action_parameters"].(map[string]interface{})["overrides"].(map[string]interface{})["status"] = "disabled"
+								}
+
+								jsonStructData[i].(map[string]interface{})["rules"].([]interface{})[ruleCounter].(map[string]interface{})["action_parameters"].(map[string]interface{})["overrides"].(map[string]interface{})["enabled"] = nil
+							}
+						}
+					}
+				}
+			}
 		case "cloudflare_spectrum_application":
 			jsonPayload, err := api.SpectrumApplications(context.Background(), zoneID)
 			if err != nil {

diff --git a/internal/app/cf-terraforming/cmd/generate_test.go b/internal/app/cf-terraforming/cmd/generate_test.go
@@ -102,6 +102,7 @@ func TestResourceGeneration(t *testing.T) {
 		"cloudflare load balancer":                           {identiferType: "zone", resourceType: "cloudflare_load_balancer", testdataFilename: "cloudflare_load_balancer"},
 		"cloudflare load balancer pool":                      {identiferType: "account", resourceType: "cloudflare_load_balancer_pool", testdataFilename: "cloudflare_load_balancer_pool"},
 		"cloudflare logpush jobs":                            {identiferType: "zone", resourceType: "cloudflare_logpush_job", testdataFilename: "cloudflare_logpush_job"},
+		"cloudflare logpush jobs with filter":                {identiferType: "zone", resourceType: "cloudflare_logpush_job", testdataFilename: "cloudflare_logpush_job_with_filter"},
 		"cloudflare origin CA certificate":                   {identiferType: "zone", resourceType: "cloudflare_origin_ca_certificate", testdataFilename: "cloudflare_origin_ca_certificate"},
 		"cloudflare page rule":                               {identiferType: "zone", resourceType: "cloudflare_page_rule", testdataFilename: "cloudflare_page_rule"},
 		"cloudflare rate limit":                              {identiferType: "zone", resourceType: "cloudflare_rate_limit", testdataFilename: "cloudflare_rate_limit"},
@@ -117,6 +118,8 @@ func TestResourceGeneration(t *testing.T) {
 		"cloudflare ruleset (ddos_l7)":                       {identiferType: "zone", resourceType: "cloudflare_ruleset", testdataFilename: "cloudflare_ruleset_zone_ddos_l7"},
 		"cloudflare ruleset (http_request_firewall_managed)": {identiferType: "zone", resourceType: "cloudflare_ruleset", testdataFilename: "cloudflare_ruleset_zone_http_request_firewall_managed"},
 		"cloudflare ruleset (http_request_late_transform)":   {identiferType: "zone", resourceType: "cloudflare_ruleset", testdataFilename: "cloudflare_ruleset_zone_http_request_late_transform"},
+		"cloudflare ruleset (override remapping = enabled)":  {identiferType: "zone", resourceType: "cloudflare_ruleset", testdataFilename: "cloudflare_ruleset_override_remapping_enabled"},
+		"cloudflare ruleset (override remapping = disabled)": {identiferType: "zone", resourceType: "cloudflare_ruleset", testdataFilename: "cloudflare_ruleset_override_remapping_disabled"},
 		"cloudflare spectrum application":                    {identiferType: "zone", resourceType: "cloudflare_spectrum_application", testdataFilename: "cloudflare_spectrum_application"},
 		"cloudflare WAF override":                            {identiferType: "zone", resourceType: "cloudflare_waf_override", testdataFilename: "cloudflare_waf_override"},
 		"cloudflare waiting room":                            {identiferType: "zone", resourceType: "cloudflare_waiting_room", testdataFilename: "cloudflare_waiting_room"},

diff --git a/testdata/cloudflare/cloudflare_logpush_job_with_filter.yaml b/testdata/cloudflare/cloudflare_logpush_job_with_filter.yaml
@@ -0,0 +1,40 @@
+---
+version: 1
+interactions:
+- request:
+    body: ""
+    form: {}
+    headers:
+      Content-Type:
+      - application/json
+    url: https://api.cloudflare.com/client/v4/zones/0da42c8d2132a9ddaf714f9e7c920711/logpush/jobs
+    method: GET
+  response:
+    body: |
+      {
+        "success": true,
+        "errors": [],
+        "messages": [],
+        "result": [
+          {
+            "id": 1,
+            "enabled": false,
+            "name": "example.com",
+            "dataset": "http_requests",
+            "filter": "{\"where\":{\"and\":[{\"key\":\"ClientRequestPath\",\"operator\":\"contains\",\"value\":\"/static\"},{\"key\":\"ClientRequestHost\",\"operator\":\"eq\",\"value\":\"example.com\"}]}}",
+            "logpull_options": "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
+            "destination_conf": "s3://mybucket/logs?region=us-west-2",
+            "last_complete": null,
+            "last_error": null,
+            "error_message": null
+          }
+        ]
+      }
+    headers:
+      Content-Type:
+      - application/json
+      Vary:
+      - Accept-Encoding
+    status: 200 OK
+    code: 200
+    duration: ""
diff --git a/testdata/cloudflare/cloudflare_ruleset_override_remapping_disabled.yaml b/testdata/cloudflare/cloudflare_ruleset_override_remapping_disabled.yaml
@@ -0,0 +1,138 @@
+---
+version: 1
+interactions:
+- request:
+    body: ""
+    form: {}
+    headers:
+      Content-Type:
+      - application/json
+    url: https://api.cloudflare.com/client/v4/zones/0da42c8d2132a9ddaf714f9e7c920711/rulesets
+    method: GET
+  response:
+    body: |
+      {
+        "result": [
+          {
+            "id": "a6905ff86d3844cebc1a88dd80c659e7",
+            "name": "Bot Fight Mode for Likely Bots",
+            "description": "",
+            "source": "firewall_managed",
+            "kind": "managed",
+            "version": "4",
+            "last_updated": "2021-07-01T16:59:14.386598Z",
+            "phase": "http_request_firewall_managed"
+          },
+          {
+            "id": "48ba18287c544bd7bdbe842a294f1ae2",
+            "name": "Bot Fight Mode for Definite Bots",
+            "description": "",
+            "source": "firewall_managed",
+            "kind": "managed",
+            "version": "4",
+            "last_updated": "2021-07-01T16:59:17.970712Z",
+            "phase": "http_request_firewall_managed"
+          },
+          {
+            "id": "4c971a697dd249939460f4520dcd7184",
+            "name": "zone",
+            "description": "",
+            "source": "firewall_managed",
+            "kind": "zone",
+            "version": "2",
+            "last_updated": "2021-09-03T06:42:41.341405Z",
+            "phase": "http_request_firewall_managed"
+          },
+          {
+            "id": "c2e184081120413c86c3ab7e14069605",
+            "name": "Cloudflare Exposed Credentials Check Ruleset",
+            "description": "Exposed credentials check rules",
+            "source": "firewall_managed",
+            "kind": "managed",
+            "version": "32",
+            "last_updated": "2021-09-06T16:39:15.601436Z",
+            "phase": "http_request_firewall_managed"
+          },
+          {
+            "id": "efb7b8c949ac4650a09736fc376e9aee",
+            "name": "Cloudflare Managed Ruleset",
+            "description": "Created by the Cloudflare security team, this ruleset is designed to provide fast and effective protection for all your applications. It is frequently updated to cover new vulnerabilities and reduce false positives.",
+            "source": "firewall_managed",
+            "kind": "managed",
+            "version": "30",
+            "last_updated": "2021-09-06T16:39:16.550214Z",
+            "phase": "http_request_firewall_managed"
+          },
+          {
+            "id": "4814384a9e5d4991b9815dcfc25d2f1f",
+            "name": "Cloudflare OWASP Core Ruleset",
+            "description": "Cloudflare's implementation of the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set. We routinely monitor for updates from OWASP based on the latest version available from the official code repository",
+            "source": "firewall_managed",
+            "kind": "managed",
+            "version": "29",
+            "last_updated": "2021-09-06T16:39:18.773224Z",
+            "phase": "http_request_firewall_managed"
+          }
+        ],
+        "success": true,
+        "errors": [],
+        "messages": []
+      }
+    headers:
+      Content-Type:
+      - application/json
+      Vary:
+      - Accept-Encoding
+    status: 200 OK
+    code: 200
+    duration: ""
+- request:
+    body: ""
+    form: {}
+    headers:
+      Content-Type:
+      - application/json
+    url: https://api.cloudflare.com/client/v4/zones/0da42c8d2132a9ddaf714f9e7c920711/rulesets/4c971a697dd249939460f4520dcd7184
+    method: GET
+  response:
+    body: |
+      {
+        "result": {
+          "id": "4c971a697dd249939460f4520dcd7184",
+          "name": "zone",
+          "description": "",
+          "source": "firewall_managed",
+          "kind": "zone",
+          "version": "2",
+          "rules": [
+            {
+              "action": "execute",
+              "action_parameters": {
+                "id": "efb7b8c949ac4650a09736fc376e9aee",
+                "version": "latest",
+                "overrides": {
+                  "action": "log",
+                  "enabled": false
+                }
+              },
+              "expression": "(http.cookie eq \"jb_testing=true\")",
+              "description": "zone",
+              "last_updated": "2021-09-03T06:42:41.341405Z",
+              "enabled": false
+            }
+          ],
+          "last_updated": "2021-09-03T06:42:41.341405Z",
+          "phase": "http_request_firewall_managed"
+        },
+        "success": true,
+        "errors": [],
+        "messages": []
+      }
+    headers:
+      Content-Type:
+      - application/json
+      Vary:
+      - Accept-Encoding
+    status: 200 OK
+    code: 200
+    duration: ""
diff --git a/testdata/cloudflare/cloudflare_ruleset_override_remapping_enabled.yaml b/testdata/cloudflare/cloudflare_ruleset_override_remapping_enabled.yaml
@@ -0,0 +1,138 @@
+---
+version: 1
+interactions:
+- request:
+    body: ""
+    form: {}
+    headers:
+      Content-Type:
+      - application/json
+    url: https://api.cloudflare.com/client/v4/zones/0da42c8d2132a9ddaf714f9e7c920711/rulesets
+    method: GET
+  response:
+    body: |
+      {
+        "result": [
+          {
+            "id": "a6905ff86d3844cebc1a88dd80c659e7",
+            "name": "Bot Fight Mode for Likely Bots",
+            "description": "",
+            "source": "firewall_managed",
+            "kind": "managed",
+            "version": "4",
+            "last_updated": "2021-07-01T16:59:14.386598Z",
+            "phase": "http_request_firewall_managed"
+          },
+          {
+            "id": "48ba18287c544bd7bdbe842a294f1ae2",
+            "name": "Bot Fight Mode for Definite Bots",
+            "description": "",
+            "source": "firewall_managed",
+            "kind": "managed",
+            "version": "4",
+            "last_updated": "2021-07-01T16:59:17.970712Z",
+            "phase": "http_request_firewall_managed"
+          },
+          {
+            "id": "4c971a697dd249939460f4520dcd7184",
+            "name": "zone",
+            "description": "",
+            "source": "firewall_managed",
+            "kind": "zone",
+            "version": "2",
+            "last_updated": "2021-09-03T06:42:41.341405Z",
+            "phase": "http_request_firewall_managed"
+          },
+          {
+            "id": "c2e184081120413c86c3ab7e14069605",
+            "name": "Cloudflare Exposed Credentials Check Ruleset",
+            "description": "Exposed credentials check rules",
+            "source": "firewall_managed",
+            "kind": "managed",
+            "version": "32",
+            "last_updated": "2021-09-06T16:39:15.601436Z",
+            "phase": "http_request_firewall_managed"
+          },
+          {
+            "id": "efb7b8c949ac4650a09736fc376e9aee",
+            "name": "Cloudflare Managed Ruleset",
+            "description": "Created by the Cloudflare security team, this ruleset is designed to provide fast and effective protection for all your applications. It is frequently updated to cover new vulnerabilities and reduce false positives.",
+            "source": "firewall_managed",
+            "kind": "managed",
+            "version": "30",
+            "last_updated": "2021-09-06T16:39:16.550214Z",
+            "phase": "http_request_firewall_managed"
+          },
+          {
+            "id": "4814384a9e5d4991b9815dcfc25d2f1f",
+            "name": "Cloudflare OWASP Core Ruleset",
+            "description": "Cloudflare's implementation of the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set. We routinely monitor for updates from OWASP based on the latest version available from the official code repository",
+            "source": "firewall_managed",
+            "kind": "managed",
+            "version": "29",
+            "last_updated": "2021-09-06T16:39:18.773224Z",
+            "phase": "http_request_firewall_managed"
+          }
+        ],
+        "success": true,
+        "errors": [],
+        "messages": []
+      }
+    headers:
+      Content-Type:
+      - application/json
+      Vary:
+      - Accept-Encoding
+    status: 200 OK
+    code: 200
+    duration: ""
+- request:
+    body: ""
+    form: {}
+    headers:
+      Content-Type:
+      - application/json
+    url: https://api.cloudflare.com/client/v4/zones/0da42c8d2132a9ddaf714f9e7c920711/rulesets/4c971a697dd249939460f4520dcd7184
+    method: GET
+  response:
+    body: |
+      {
+        "result": {
+          "id": "4c971a697dd249939460f4520dcd7184",
+          "name": "zone",
+          "description": "",
+          "source": "firewall_managed",
+          "kind": "zone",
+          "version": "2",
+          "rules": [
+            {
+              "action": "execute",
+              "action_parameters": {
+                "id": "efb7b8c949ac4650a09736fc376e9aee",
+                "version": "latest",
+                "overrides": {
+                  "action": "log",
+                  "enabled": true
+                }
+              },
+              "expression": "(http.cookie eq \"jb_testing=true\")",
+              "description": "zone",
+              "last_updated": "2021-09-03T06:42:41.341405Z",
+              "enabled": false
+            }
+          ],
+          "last_updated": "2021-09-03T06:42:41.341405Z",
+          "phase": "http_request_firewall_managed"
+        },
+        "success": true,
+        "errors": [],
+        "messages": []
+      }
+    headers:
+      Content-Type:
+      - application/json
+      Vary:
+      - Accept-Encoding
+    status: 200 OK
+    code: 200
+    duration: ""
diff --git a/testdata/terraform/cloudflare_logpush_job_with_filter/provider.tf b/testdata/terraform/cloudflare_logpush_job_with_filter/provider.tf
@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    cloudflare = {
+      source = "cloudflare/cloudflare"
+    }
+  }
+}