diff --git a/README.md b/README.md index 69bedf54..f05cde4c 100644 --- a/README.md +++ b/README.md @@ -83,6 +83,9 @@ $ task test -- -run 'TestAcc_Project*' ## Building The Documentation +```sh +$ task docs +``` The documentation is autogenerated from Description fields within the provider, and the `examples` directory. Building the documentation generates markdown in the `docs` folder, ready for deployment to Hashicorp. diff --git a/docs/resources/firewall_config.md b/docs/resources/firewall_config.md index 9f1fad79..0891e48c 100644 --- a/docs/resources/firewall_config.md +++ b/docs/resources/firewall_config.md @@ -22,23 +22,23 @@ resource "vercel_firewall_config" "example" { rules { rule { - name = "Bypass Known request" + name = "Bypass Known request" description = "Bypass requests using internal bearer tokens" # individual condition groups are evaluated as ORs condition_group = [ { conditions = [{ - type = "header" - key = "Authorization" - op = "eq" + type = "header" + key = "Authorization" + op = "eq" value = "Bearer internaltoken" }] }, { conditions = [{ - type = "header" - key = "Authorization" - op = "eq" + type = "header" + key = "Authorization" + op = "eq" value = "Bearer internaltoken2" }] } @@ -49,12 +49,12 @@ resource "vercel_firewall_config" "example" { } rule { - name = "Challenge curl" + name = "Challenge curl" description = "Challenge user agents containing 'curl'" condition_group = [{ conditions = [{ - type = "user_agent" - op = "sub" + type = "user_agent" + op = "sub" value = "curl" }] }] @@ -64,20 +64,20 @@ resource "vercel_firewall_config" "example" { } rule { - name = "Deny cookieless requests" + name = "Deny cookieless requests" description = "requests to /api that are missing a session cookie" # multiple conditions in a single condition group are evaluated as ANDs condition_group = [{ conditions = [{ - type = "path" - op = "eq" + type = "path" + op = "eq" value = "/api" - }, - { - type = "cookie" - key = "_session" - neg = true - op = "ex" + }, + { + type = "cookie" + key = "_session" + neg = true + op = "ex" }] }] action = { @@ -86,12 +86,12 @@ resource "vercel_firewall_config" "example" { } rule { - name = "Rate limit API" + name = "Rate limit API" description = "apply ratelimit to requests under /api" condition_group = [{ conditions = [{ - type = "path" - op = "pre" + type = "path" + op = "pre" value = "/api" }] }] @@ -99,10 +99,10 @@ resource "vercel_firewall_config" "example" { action = { action = "rate_limit" rate_limit = { - limit = 100 + limit = 100 window = 300 - keys = ["ip", "ja4"] - algo = "fixed_window" + keys = ["ip", "ja4"] + algo = "fixed_window" action = "deny" } action_duration = "5m" @@ -110,13 +110,13 @@ resource "vercel_firewall_config" "example" { } rule { - name = "Known clients" - description = "Match known keys in header + name = "Known clients" + description = "Match known keys in header" condition_group = [{ conditions = [{ type = "header" - key = "Authorization" - op = "inc" + key = "Authorization" + op = "inc" values = [ "key1", "key2", @@ -127,10 +127,10 @@ resource "vercel_firewall_config" "example" { action = { action = "rate_limit" rate_limit = { - limit = 100 + limit = 100 window = 300 - keys = ["ip", "ja4"] - algo = "fixed_window" + keys = ["ip", "ja4"] + algo = "fixed_window" action = "deny" } action_duration = "5m" @@ -149,13 +149,13 @@ resource "vercel_firewall_config" "managed" { managed_rulesets { owasp { xss = { action = "deny" } - sqli = { action = "deny" } - rce = { action = "deny" } - php = { action = "deny" } + sqli = { action = "deny" } + rce = { action = "deny" } + php = { action = "deny" } java = { action = "deny" } - lfi = { action = "deny" } - rfi = { action = "deny" } - gen = { action = "deny" } + lfi = { action = "deny" } + rfi = { action = "deny" } + gen = { action = "deny" } } } } @@ -170,14 +170,14 @@ resource "vercel_firewall_config" "ip-blocking" { ip_rules { # deny this subnet for all my hosts rule { - action = "deny" - ip = "51.85.0.0/16" - hostname ="*" + action = "deny" + ip = "51.85.0.0/16" + hostname = "*" } rule { - action = "challenge" - ip = "1.2.3.4" + action = "challenge" + ip = "1.2.3.4" hostname = "example.com" } } diff --git a/examples/resources/vercel_firewall_config/resource.tf b/examples/resources/vercel_firewall_config/resource.tf index f695ae66..4fff6455 100644 --- a/examples/resources/vercel_firewall_config/resource.tf +++ b/examples/resources/vercel_firewall_config/resource.tf @@ -7,23 +7,23 @@ resource "vercel_firewall_config" "example" { rules { rule { - name = "Bypass Known request" + name = "Bypass Known request" description = "Bypass requests using internal bearer tokens" # individual condition groups are evaluated as ORs condition_group = [ { conditions = [{ - type = "header" - key = "Authorization" - op = "eq" + type = "header" + key = "Authorization" + op = "eq" value = "Bearer internaltoken" }] }, { conditions = [{ - type = "header" - key = "Authorization" - op = "eq" + type = "header" + key = "Authorization" + op = "eq" value = "Bearer internaltoken2" }] } @@ -34,12 +34,12 @@ resource "vercel_firewall_config" "example" { } rule { - name = "Challenge curl" + name = "Challenge curl" description = "Challenge user agents containing 'curl'" condition_group = [{ conditions = [{ - type = "user_agent" - op = "sub" + type = "user_agent" + op = "sub" value = "curl" }] }] @@ -49,20 +49,20 @@ resource "vercel_firewall_config" "example" { } rule { - name = "Deny cookieless requests" + name = "Deny cookieless requests" description = "requests to /api that are missing a session cookie" # multiple conditions in a single condition group are evaluated as ANDs condition_group = [{ conditions = [{ - type = "path" - op = "eq" + type = "path" + op = "eq" value = "/api" - }, - { - type = "cookie" - key = "_session" - neg = true - op = "ex" + }, + { + type = "cookie" + key = "_session" + neg = true + op = "ex" }] }] action = { @@ -71,12 +71,12 @@ resource "vercel_firewall_config" "example" { } rule { - name = "Rate limit API" + name = "Rate limit API" description = "apply ratelimit to requests under /api" condition_group = [{ conditions = [{ - type = "path" - op = "pre" + type = "path" + op = "pre" value = "/api" }] }] @@ -84,10 +84,10 @@ resource "vercel_firewall_config" "example" { action = { action = "rate_limit" rate_limit = { - limit = 100 + limit = 100 window = 300 - keys = ["ip", "ja4"] - algo = "fixed_window" + keys = ["ip", "ja4"] + algo = "fixed_window" action = "deny" } action_duration = "5m" @@ -95,13 +95,13 @@ resource "vercel_firewall_config" "example" { } rule { - name = "Known clients" - description = "Match known keys in header + name = "Known clients" + description = "Match known keys in header" condition_group = [{ conditions = [{ type = "header" - key = "Authorization" - op = "inc" + key = "Authorization" + op = "inc" values = [ "key1", "key2", @@ -112,10 +112,10 @@ resource "vercel_firewall_config" "example" { action = { action = "rate_limit" rate_limit = { - limit = 100 + limit = 100 window = 300 - keys = ["ip", "ja4"] - algo = "fixed_window" + keys = ["ip", "ja4"] + algo = "fixed_window" action = "deny" } action_duration = "5m" @@ -134,13 +134,13 @@ resource "vercel_firewall_config" "managed" { managed_rulesets { owasp { xss = { action = "deny" } - sqli = { action = "deny" } - rce = { action = "deny" } - php = { action = "deny" } + sqli = { action = "deny" } + rce = { action = "deny" } + php = { action = "deny" } java = { action = "deny" } - lfi = { action = "deny" } - rfi = { action = "deny" } - gen = { action = "deny" } + lfi = { action = "deny" } + rfi = { action = "deny" } + gen = { action = "deny" } } } } @@ -155,14 +155,14 @@ resource "vercel_firewall_config" "ip-blocking" { ip_rules { # deny this subnet for all my hosts rule { - action = "deny" - ip = "51.85.0.0/16" - hostname ="*" + action = "deny" + ip = "51.85.0.0/16" + hostname = "*" } rule { - action = "challenge" - ip = "1.2.3.4" + action = "challenge" + ip = "1.2.3.4" hostname = "example.com" } }