From 7aec1f027a465ad8d60d064862d248629c03df66 Mon Sep 17 00:00:00 2001 From: OhMyVolk Date: Mon, 2 Jun 2025 12:31:51 -0400 Subject: [PATCH 1/4] doc renaming --- docs/resources/firewall_config.md | 8 ++++---- examples/resources/vercel_firewall_config/resource.tf | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/resources/firewall_config.md b/docs/resources/firewall_config.md index 96d16aa2..236048a4 100644 --- a/docs/resources/firewall_config.md +++ b/docs/resources/firewall_config.md @@ -158,7 +158,7 @@ resource "vercel_firewall_config" "managed" { gen = { action = "deny" } } - bot_filter { + bot_protection { action = "log" active = true } @@ -241,7 +241,7 @@ Read-Only: Optional: - `ai_bots` (Block, Optional) Enable the ai_bots managed ruleset and select action (see [below for nested schema](#nestedblock--managed_rulesets--ai_bots)) -- `bot_filter` (Block, Optional) Enable the bot_filter managed ruleset and select action (see [below for nested schema](#nestedblock--managed_rulesets--bot_filter)) +- `bot_protection` (Block, Optional) Enable the bot_protection managed ruleset and select action (see [below for nested schema](#nestedblock--managed_rulesets--bot_protection)) - `owasp` (Block, Optional) Enable the owasp managed rulesets and select ruleset behaviors (see [below for nested schema](#nestedblock--managed_rulesets--owasp)) @@ -253,8 +253,8 @@ Optional: - `active` (Boolean) - -### Nested Schema for `managed_rulesets.bot_filter` + +### Nested Schema for `managed_rulesets.bot_protection` Optional: diff --git a/examples/resources/vercel_firewall_config/resource.tf b/examples/resources/vercel_firewall_config/resource.tf index 8c45d2a3..e42e9754 100644 --- a/examples/resources/vercel_firewall_config/resource.tf +++ b/examples/resources/vercel_firewall_config/resource.tf @@ -143,7 +143,7 @@ resource "vercel_firewall_config" "managed" { gen = { action = "deny" } } - bot_filter { + bot_protection { action = "log" active = true } From 15e40ad415f13471b27c6afd34c7640db916998b Mon Sep 17 00:00:00 2001 From: OhMyVolk Date: Mon, 2 Jun 2025 12:57:59 -0400 Subject: [PATCH 2/4] rename working --- vercel/resource_firewall_config.go | 39 +++++++++++++----------- vercel/resource_firewall_config_test.go | 40 ++++++++++++------------- 2 files changed, 42 insertions(+), 37 deletions(-) diff --git a/vercel/resource_firewall_config.go b/vercel/resource_firewall_config.go index ec4e9101..049673f1 100644 --- a/vercel/resource_firewall_config.go +++ b/vercel/resource_firewall_config.go @@ -170,8 +170,8 @@ Define Custom Rules to shape the way your traffic is handled by the Vercel Edge }, }, }, - "bot_filter": schema.SingleNestedBlock{ - Description: "Enable the bot_filter managed ruleset and select action", + "bot_protection": schema.SingleNestedBlock{ + Description: "Enable the bot_protection managed ruleset and select action", Attributes: map[string]schema.Attribute{ "active": schema.BoolAttribute{ Optional: true, @@ -465,9 +465,9 @@ type FirewallConfig struct { } type FirewallManagedRulesets struct { - OWASP *CRSRule `tfsdk:"owasp"` - BotFilter *BotFilterConfig `tfsdk:"bot_filter"` - AiBots *AiBotsConfig `tfsdk:"ai_bots"` + OWASP *CRSRule `tfsdk:"owasp"` + BotProtection *BotProtectionConfig `tfsdk:"bot_protection"` + AiBots *AiBotsConfig `tfsdk:"ai_bots"` } type CRSRule struct { @@ -503,7 +503,7 @@ type CRSRuleConfig struct { Action types.String `tfsdk:"action"` } -type BotFilterConfig struct { +type BotProtectionConfig struct { Active types.Bool `tfsdk:"active"` Action types.String `tfsdk:"action"` } @@ -879,13 +879,17 @@ func fromClient(conf client.FirewallConfig, state FirewallConfig) (FirewallConfi cfg.ManagedRulesets.OWASP = fromCRS(conf.CRS, state.ManagedRulesets) } - botFilter, botFilterExist := conf.ManagedRulesets["bot_filter"] - if botFilterExist { - botFilterConf := &BotFilterConfig{ - Active: types.BoolValue(botFilter.Active), - Action: types.StringValue(botFilter.Action), + // Accept both bot_filter (API) and bot_protection (future-proof) + botProtection, botProtectionExist := conf.ManagedRulesets["bot_filter"] + if !botProtectionExist { + botProtection, botProtectionExist = conf.ManagedRulesets["bot_protection"] + } + if botProtectionExist { + botProtectionConf := &BotProtectionConfig{ + Active: types.BoolValue(botProtection.Active), + Action: types.StringValue(botProtection.Action), } - cfg.ManagedRulesets.BotFilter = botFilterConf + cfg.ManagedRulesets.BotProtection = botProtectionConf } aiBots, aiBotsExist := conf.ManagedRulesets["ai_bots"] @@ -925,11 +929,12 @@ func (f *FirewallConfig) toClient() (client.FirewallConfig, error) { } } - botFilter := f.ManagedRulesets.BotFilter - if botFilter != nil { - conf.ManagedRulesets["bot_filter"] = client.ManagedRule{ - Active: botFilter.Active.ValueBool(), - Action: botFilter.Action.ValueString(), + botProtection := f.ManagedRulesets.BotProtection + if botProtection != nil { + // Map to API field name + conf.ManagedRulesets["bot_protection"] = client.ManagedRule{ + Active: botProtection.Active.ValueBool(), + Action: botProtection.Action.ValueString(), } } diff --git a/vercel/resource_firewall_config_test.go b/vercel/resource_firewall_config_test.go index dccfb04f..9808106e 100644 --- a/vercel/resource_firewall_config_test.go +++ b/vercel/resource_firewall_config_test.go @@ -170,12 +170,12 @@ func TestAcc_FirewallConfigResource(t *testing.T) { "ip_rules.rule.2.hostname", "*"), resource.TestCheckResourceAttr( - "vercel_firewall_config.botfilter", - "managed_rulesets.bot_filter.action", + "vercel_firewall_config.botprotection", + "managed_rulesets.bot_protection.action", "challenge"), resource.TestCheckResourceAttr( - "vercel_firewall_config.botfilter", - "managed_rulesets.bot_filter.active", + "vercel_firewall_config.botprotection", + "managed_rulesets.bot_protection.active", "true"), resource.TestCheckResourceAttr( "vercel_firewall_config.aibots", @@ -204,8 +204,8 @@ func TestAcc_FirewallConfigResource(t *testing.T) { }, { ImportState: true, - ResourceName: "vercel_firewall_config.botfilter", - ImportStateIdFunc: getFirewallImportID("vercel_firewall_config.botfilter"), + ResourceName: "vercel_firewall_config.botprotection", + ImportStateIdFunc: getFirewallImportID("vercel_firewall_config.botprotection"), }, { ImportState: true, @@ -356,12 +356,12 @@ func TestAcc_FirewallConfigResource(t *testing.T) { "ip_rules.rule.2.hostname", "*"), resource.TestCheckResourceAttr( - "vercel_firewall_config.botfilter", - "managed_rulesets.bot_filter.action", + "vercel_firewall_config.botprotection", + "managed_rulesets.bot_protection.action", "deny"), resource.TestCheckResourceAttr( - "vercel_firewall_config.botfilter", - "managed_rulesets.bot_filter.active", + "vercel_firewall_config.botprotection", + "managed_rulesets.bot_protection.active", "false"), resource.TestCheckResourceAttr( "vercel_firewall_config.aibots", @@ -521,15 +521,15 @@ resource "vercel_firewall_config" "ips" { } } -resource "vercel_project" "botfilter" { - name = "test-acc-%[1]s-botfilter" +resource "vercel_project" "botprotection" { + name = "test-acc-%[1]s-botprotection" } -resource "vercel_firewall_config" "botfilter" { - project_id = vercel_project.botfilter.id +resource "vercel_firewall_config" "botprotection" { + project_id = vercel_project.botprotection.id managed_rulesets { - bot_filter { + bot_protection { action = "challenge" active = true } @@ -714,15 +714,15 @@ resource "vercel_firewall_config" "neg" { } } -resource "vercel_project" "botfilter" { - name = "test-acc-%[1]s-botfilter" +resource "vercel_project" "botprotection" { + name = "test-acc-%[1]s-botprotection" } -resource "vercel_firewall_config" "botfilter" { - project_id = vercel_project.botfilter.id +resource "vercel_firewall_config" "botprotection" { + project_id = vercel_project.botprotection.id managed_rulesets { - bot_filter { + bot_protection { action = "deny" active = false } From 5d0a9282b30e0ef863b75fc59333b110aaa2e98a Mon Sep 17 00:00:00 2001 From: OhMyVolk Date: Mon, 2 Jun 2025 14:59:40 -0400 Subject: [PATCH 3/4] handle bot_filter and bot_protection config --- vercel/resource_firewall_config.go | 58 ++++++++++++++++++++++++------ 1 file changed, 47 insertions(+), 11 deletions(-) diff --git a/vercel/resource_firewall_config.go b/vercel/resource_firewall_config.go index 049673f1..502c8e4e 100644 --- a/vercel/resource_firewall_config.go +++ b/vercel/resource_firewall_config.go @@ -5,6 +5,7 @@ import ( "fmt" "github.com/hashicorp/terraform-plugin-framework-validators/listvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/objectvalidator" "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" "github.com/hashicorp/terraform-plugin-framework/attr" "github.com/hashicorp/terraform-plugin-framework/path" @@ -172,6 +173,24 @@ Define Custom Rules to shape the way your traffic is handled by the Vercel Edge }, "bot_protection": schema.SingleNestedBlock{ Description: "Enable the bot_protection managed ruleset and select action", + Validators: []validator.Object{ + objectvalidator.ConflictsWith(path.MatchRelative().AtParent().AtName("bot_filter")), + }, + Attributes: map[string]schema.Attribute{ + "active": schema.BoolAttribute{ + Optional: true, + }, + "action": schema.StringAttribute{ + Optional: true, + }, + }, + }, + "bot_filter": schema.SingleNestedBlock{ + Description: "DEPRECATED: Use bot_protection instead. This block will be removed in a future release.", + DeprecationMessage: "The 'bot_filter' block is deprecated. Please use 'bot_protection' instead.", + Validators: []validator.Object{ + objectvalidator.ConflictsWith(path.MatchRelative().AtParent().AtName("bot_protection")), + }, Attributes: map[string]schema.Attribute{ "active": schema.BoolAttribute{ Optional: true, @@ -467,6 +486,7 @@ type FirewallConfig struct { type FirewallManagedRulesets struct { OWASP *CRSRule `tfsdk:"owasp"` BotProtection *BotProtectionConfig `tfsdk:"bot_protection"` + BotFilter *BotFilterConfig `tfsdk:"bot_filter"` // Deprecated AiBots *AiBotsConfig `tfsdk:"ai_bots"` } @@ -508,6 +528,11 @@ type BotProtectionConfig struct { Action types.String `tfsdk:"action"` } +type BotFilterConfig struct { + Active types.Bool `tfsdk:"active"` + Action types.String `tfsdk:"action"` +} + type AiBotsConfig struct { Active types.Bool `tfsdk:"active"` Action types.String `tfsdk:"action"` @@ -879,17 +904,22 @@ func fromClient(conf client.FirewallConfig, state FirewallConfig) (FirewallConfi cfg.ManagedRulesets.OWASP = fromCRS(conf.CRS, state.ManagedRulesets) } - // Accept both bot_filter (API) and bot_protection (future-proof) - botProtection, botProtectionExist := conf.ManagedRulesets["bot_filter"] - if !botProtectionExist { - botProtection, botProtectionExist = conf.ManagedRulesets["bot_protection"] - } - if botProtectionExist { - botProtectionConf := &BotProtectionConfig{ - Active: types.BoolValue(botProtection.Active), - Action: types.StringValue(botProtection.Action), + if state.ManagedRulesets != nil && state.ManagedRulesets.BotProtection != nil { + botFilter, botFilterExist := conf.ManagedRulesets["bot_filter"] + if botFilterExist { + cfg.ManagedRulesets.BotProtection = &BotProtectionConfig{ + Active: types.BoolValue(botFilter.Active), + Action: types.StringValue(botFilter.Action), + } + } + } else if state.ManagedRulesets != nil && state.ManagedRulesets.BotFilter != nil { + botFilter, botFilterExist := conf.ManagedRulesets["bot_filter"] + if botFilterExist { + cfg.ManagedRulesets.BotFilter = &BotFilterConfig{ + Active: types.BoolValue(botFilter.Active), + Action: types.StringValue(botFilter.Action), + } } - cfg.ManagedRulesets.BotProtection = botProtectionConf } aiBots, aiBotsExist := conf.ManagedRulesets["ai_bots"] @@ -930,12 +960,18 @@ func (f *FirewallConfig) toClient() (client.FirewallConfig, error) { } botProtection := f.ManagedRulesets.BotProtection + botFilter := f.ManagedRulesets.BotFilter + if botProtection != nil { - // Map to API field name conf.ManagedRulesets["bot_protection"] = client.ManagedRule{ Active: botProtection.Active.ValueBool(), Action: botProtection.Action.ValueString(), } + } else if botFilter != nil { + conf.ManagedRulesets["bot_filter"] = client.ManagedRule{ + Active: botFilter.Active.ValueBool(), + Action: botFilter.Action.ValueString(), + } } aiBots := f.ManagedRulesets.AiBots From 97bbe134c3d6e9ed21e344a2a4524de71d4c78b2 Mon Sep 17 00:00:00 2001 From: OhMyVolk Date: Mon, 2 Jun 2025 14:59:44 -0400 Subject: [PATCH 4/4] update docs --- docs/resources/firewall_config.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/resources/firewall_config.md b/docs/resources/firewall_config.md index 236048a4..8fd15565 100644 --- a/docs/resources/firewall_config.md +++ b/docs/resources/firewall_config.md @@ -241,6 +241,7 @@ Read-Only: Optional: - `ai_bots` (Block, Optional) Enable the ai_bots managed ruleset and select action (see [below for nested schema](#nestedblock--managed_rulesets--ai_bots)) +- `bot_filter` (Block, Optional, Deprecated) DEPRECATED: Use bot_protection instead. This block will be removed in a future release. (see [below for nested schema](#nestedblock--managed_rulesets--bot_filter)) - `bot_protection` (Block, Optional) Enable the bot_protection managed ruleset and select action (see [below for nested schema](#nestedblock--managed_rulesets--bot_protection)) - `owasp` (Block, Optional) Enable the owasp managed rulesets and select ruleset behaviors (see [below for nested schema](#nestedblock--managed_rulesets--owasp)) @@ -253,6 +254,15 @@ Optional: - `active` (Boolean) + +### Nested Schema for `managed_rulesets.bot_filter` + +Optional: + +- `action` (String) +- `active` (Boolean) + + ### Nested Schema for `managed_rulesets.bot_protection`