vercel · sueplex · Jan 17, 2025 · Jan 14, 2025 · Jan 16, 2025 · Jan 16, 2025
@@ -0,0 +1,99 @@
+package client
+
+import (
+	"context"
+	"fmt"
+)
+
+type FirewallBypassRule struct {
+	Domain       string `json:"domain,omitempty"`
+	SourceIp     string `json:"sourceIp"`
+	ProjectScope bool   `json:"projectScope,omitempty"`
+}
+
+type FirewallBypass struct {
+	OwnerId       string `json:"OwnerId"`
+	Id            string `json:"Id"`
+	Domain        string `json:"Domain"`
+	Ip            string `json:"Ip"`
+	IsProjectRule bool   `json:"IsProjectRule"`
+}
+
+func (c *Client) GetFirewallBypass(ctx context.Context, teamID, projectID string, request FirewallBypassRule) (a FirewallBypass, err error) {
+	url := fmt.Sprintf("%s/v1/security/firewall/bypass?projectId=%s", c.baseURL, projectID)
+	if tid := c.teamID(teamID); tid != "" {
+		url = fmt.Sprintf("%s&teamId=%s", url, tid)
+	}
+	url = fmt.Sprintf("%s&sourceIp=%s", url, request.SourceIp)
+	if request.Domain == "*" {
+		url = fmt.Sprintf("%s&projectScope=true", url)
+	} else {
+		url = fmt.Sprintf("%s&domain=%s", url, request.Domain)
+	}
+
+	var res struct {
+		Result []FirewallBypass `json:"result"`
+	}
+	err = c.doRequest(clientRequest{
+		ctx:    ctx,
+		method: "GET",
+		url:    url,
+	}, &res)
+	if err != nil || len(res.Result) == 0 {
+		return FirewallBypass{}, err
+	}
+	return res.Result[0], err
+}
+
+func (c *Client) CreateFirewallBypass(ctx context.Context, teamID, projectID string, request FirewallBypassRule) (a FirewallBypass, err error) {
+	url := fmt.Sprintf("%s/v1/security/firewall/bypass?projectId=%s", c.baseURL, projectID)
+	if tid := c.teamID(teamID); tid != "" {
+		url = fmt.Sprintf("%s&teamId=%s", url, tid)
+	}
+	if request.Domain == "*" {
+		request.Domain = ""
+		request.ProjectScope = true
+	}
+
+	payload := string(mustMarshal(request))
+	var res struct {
+		Result []FirewallBypass `json:"result"`
+	}
+	err = c.doRequest(clientRequest{
+		ctx:    ctx,
+		method: "POST",
+		url:    url,
+		body:   payload,
+	}, &res)
+	if err != nil {
+		return FirewallBypass{}, err
+	}
+	if len(res.Result) == 0 {
+		return FirewallBypass{}, fmt.Errorf("no result returned")
+	}
+	return res.Result[0], err
+}
+
+func (c *Client) RemoveFirewallBypass(ctx context.Context, teamID, projectID string, request FirewallBypassRule) (a FirewallBypass, err error) {
+	url := fmt.Sprintf("%s/v1/security/firewall/bypass?projectId=%s", c.baseURL, projectID)
+	if tid := c.teamID(teamID); tid != "" {
+		url = fmt.Sprintf("%s&teamId=%s", url, tid)
+	}
+	if request.Domain == "*" {
+		request.Domain = ""
+		request.ProjectScope = true
+	}
+
+	payload := string(mustMarshal(request))
+	var res FirewallBypass
+	err = c.doRequest(clientRequest{
+		ctx:    ctx,
+		method: "DELETE",
+		url:    url,
+		body:   payload,
+	}, &res)
+	if err != nil {
+		return a, err
+	}
+	return FirewallBypass{}, err
+}
@@ -0,0 +1,75 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "vercel_firewall_bypass Resource - terraform-provider-vercel"
+subcategory: ""
+description: |-
+  Provides a Firewall Bypass Rule
+  Firewall Bypass Rules configure sets of domains and ip address to prevent bypass Vercel's system mitigations for.  The hosts used in a bypass rule must be a production domain assigned to the associated project.  Requests that bypass system mitigations will incur usage.
+---
+
+# vercel_firewall_bypass (Resource)
+
+Provides a Firewall Bypass Rule
+
+Firewall Bypass Rules configure sets of domains and ip address to prevent bypass Vercel's system mitigations for.  The hosts used in a bypass rule must be a production domain assigned to the associated project.  Requests that bypass system mitigations will incur usage.
+
+## Example Usage
+
+```terraform
+resource "vercel_project" "example" {
+  name = "firewall-bypass-example"
+}
+
+resource "vercel_firewall_bypass" "bypass_targeted" {
+  project_id = vercel_project.example.id
+
+  source_ip = "5.6.7.8"
+  # Any project domain assigned to the project can be used
+  domain = "my-production-domain.com"
+}
+
+resource "vercel_firewall_bypass" "bypass_cidr" {
+  project_id = vercel_project.example.id
+
+  # CIDR ranges can be used as the source in bypass rules
+  source_ip = "52.33.44.0/24"
+  domain = "my-production-domain.com"
+}
+
+resource "vercel_firewall_bypass" "bypass_all" {
+  project_id = vercel_project.example.id
+
+  source_ip = "52.33.44.0/24"
+  # the wildcard only domain can be used to apply a bypass
+  # for all the _production_ domains assigned to the project.
+  domain = "*"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `domain` (String) The domain to configure the bypass rule for.
+- `project_id` (String) The ID of the Project to assign the bypass rule to
+- `source_ip` (String) The source IP address to configure the bypass rule for.
+
+### Optional
+
+- `team_id` (String) The ID of the team the Project exists under. Required when configuring a team resource if a default team has not been set in the provider.
+
+### Read-Only
+
+- `id` (String) The identifier for the firewall bypass rule.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import vercel_firewall_bypass.example team_xxxxxxxxxxxxxxxxxxxxxxxx/prj_xxxxxxxxxxxxxxxxxxxxxxxxxxxx#mybypasshost.com#3.4.5.0/24
+
+
+terraform import vercel_firewall_bypass.example team_xxxxxxxxxxxxxxxxxxxxxxxx/prj_xxxxxxxxxxxxxxxxxxxxxxxxxxxx#3.4.5.0/24
+```
@@ -0,0 +1,4 @@
+terraform import vercel_firewall_bypass.example team_xxxxxxxxxxxxxxxxxxxxxxxx/prj_xxxxxxxxxxxxxxxxxxxxxxxxxxxx#mybypasshost.com#3.4.5.0/24
+
+
+terraform import vercel_firewall_bypass.example team_xxxxxxxxxxxxxxxxxxxxxxxx/prj_xxxxxxxxxxxxxxxxxxxxxxxxxxxx#3.4.5.0/24
@@ -0,0 +1,28 @@
+resource "vercel_project" "example" {
+  name = "firewall-bypass-example"
+}
+
+resource "vercel_firewall_bypass" "bypass_targeted" {
+  project_id = vercel_project.example.id
+
+  source_ip = "5.6.7.8"
+  # Any project domain assigned to the project can be used
+  domain = "my-production-domain.com"
+}
+
+resource "vercel_firewall_bypass" "bypass_cidr" {
+  project_id = vercel_project.example.id
+
+  # CIDR ranges can be used as the source in bypass rules
+  source_ip = "52.33.44.0/24"
+  domain = "my-production-domain.com"
+}
+
+resource "vercel_firewall_bypass" "bypass_all" {
+  project_id = vercel_project.example.id
+
+  source_ip = "52.33.44.0/24"
+  # the wildcard only domain can be used to apply a bypass
+  # for all the _production_ domains assigned to the project.
+  domain = "*"
+}
@@ -62,6 +62,7 @@ func (p *vercelProvider) Resources(_ context.Context) []func() resource.Resource
 		newEdgeConfigSchemaResource,
 		newEdgeConfigTokenResource,
 		newFirewallConfigResource,
+		newFirewallBypassResource,
 		newLogDrainResource,
 		newProjectDeploymentRetentionResource,
 		newProjectDomainResource,
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,4 @@
		terraform import vercel_firewall_bypass.example team_xxxxxxxxxxxxxxxxxxxxxxxx/prj_xxxxxxxxxxxxxxxxxxxxxxxxxxxx#mybypasshost.com#3.4.5.0/24


		terraform import vercel_firewall_bypass.example team_xxxxxxxxxxxxxxxxxxxxxxxx/prj_xxxxxxxxxxxxxxxxxxxxxxxxxxxx#3.4.5.0/24