tests

wallarm · Dec 5, 2024 · db75bdc · db75bdc
1 parent c3fd1c8
commit db75bdc
Show file tree

Hide file tree

Showing 20 changed files with 46 additions and 207 deletions.
diff --git a/docs/resources/rules_settings.md b/docs/resources/rules_settings.md
@@ -96,7 +96,6 @@ resource "wallarm_rules_settings" "rules_settings" {
 	open_vulns_weight = 9
 	serialized_data_weight = 6
 	risk_score_algo = "maximum"
-	pii_fallback = false
 }
 ```
 
@@ -119,7 +118,6 @@ resource "wallarm_rules_settings" "rules_settings" {
 * `open_vulns_weight` - (optional) [risk score][1] weight of active vulnerabilities. Active vulnerabilities may result in unauthorized data access or corruption.
 * `serialized_data_weight` - (optional) [risk score][1] weight of accepting XML / JSON objects. XML / JSON objects are often used to transfer malicious payloads to attack servers.
 * `risk_score_algo` - (optional) method of [risk score][1] calculation. Specify how the risk score calculation should be performed. Available values: maximum, average.
-* `pii_fallback` - (optional) defines whether fallback mechanism for PII detection is active.
 
 [1]: https://docs.wallarm.com/api-discovery/overview/#endpoint-risk-score
 [2]: https://docs.wallarm.com/user-guides/rules/rules/
diff --git a/examples/wallarm_rules_settings.tf b/examples/wallarm_rules_settings.tf
@@ -16,5 +16,4 @@ resource "wallarm_rules_settings" "rules_settings" {
 	open_vulns_weight = 9
 	serialized_data_weight = 6
 	risk_score_algo = "maximum"
-	pii_fallback = false
 }
diff --git a/wallarm/resource_rule_binary_data.go b/wallarm/resource_rule_binary_data.go
@@ -266,7 +266,7 @@ func resourceWallarmBinaryDataRead(d *schema.ResourceData, m interface{}) error
 		OrderDesc: true,
 		Filter: &wallarm.HintFilter{
 			Clientid: []int{clientID},
-			ActionID: []int{actionID},
+			ID:       []int{ruleID},
 			Type:     []string{"binary_data"},
 		},
 	}

diff --git a/wallarm/resource_rule_bola_counter_test.go b/wallarm/resource_rule_bola_counter_test.go
@@ -2,6 +2,7 @@ package wallarm
 
 import (
 	"fmt"
+	"os"
 	"regexp"
 	"strconv"
 	"testing"
@@ -13,6 +14,9 @@ import (
 )
 
 func TestAccRuleBolaCounterCreate(t *testing.T) {
+	if os.Getenv("WALLARM_EXTRA_PERMISSIONS") == "" {
+		t.Skip("Skipping not test as it requires WALLARM_EXTRA_PERMISSIONS set")
+	}
 	rnd := generateRandomResourceName(5)
 	name := "wallarm_rule_bola_counter." + rnd
 	resource.Test(t, resource.TestCase{
@@ -24,7 +28,7 @@ func TestAccRuleBolaCounterCreate(t *testing.T) {
 				Config: testAccRuleBolaCounterCreate(rnd),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(name, "action.#", "3"),
-					resource.TestMatchResourceAttr(name, "counter", regexp.MustCompile("^d:.+")),
+					resource.TestMatchResourceAttr(name, "counter", regexp.MustCompile("^i:.+")),
 				),
 				ExpectNonEmptyPlan: true,
 			},

diff --git a/wallarm/resource_rule_brute_counter_test.go b/wallarm/resource_rule_brute_counter_test.go
@@ -2,13 +2,17 @@ package wallarm
 
 import (
 	"fmt"
+	"os"
 	"regexp"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 )
 
 func TestAccRuleBruteForceCounterCreate(t *testing.T) {
+	if os.Getenv("WALLARM_EXTRA_PERMISSIONS") == "" {
+		t.Skip("Skipping not test as it requires WALLARM_EXTRA_PERMISSIONS set")
+	}
 	rnd := generateRandomResourceName(5)
 	name := "wallarm_rule_bruteforce_counter." + rnd
 	resource.Test(t, resource.TestCase{

diff --git a/wallarm/resource_rule_dirbust_counter_test.go b/wallarm/resource_rule_dirbust_counter_test.go
@@ -2,6 +2,7 @@ package wallarm
 
 import (
 	"fmt"
+	"os"
 	"regexp"
 	"strconv"
 	"testing"
@@ -13,6 +14,9 @@ import (
 )
 
 func TestAccRuleDirbustCounterCreate(t *testing.T) {
+	if os.Getenv("WALLARM_EXTRA_PERMISSIONS") == "" {
+		t.Skip("Skipping not test as it requires WALLARM_EXTRA_PERMISSIONS set")
+	}
 	rnd := generateRandomResourceName(5)
 	name := "wallarm_rule_dirbust_counter." + rnd
 	resource.Test(t, resource.TestCase{

diff --git a/wallarm/resource_rule_disable_attack_type_test.go b/wallarm/resource_rule_disable_attack_type_test.go
@@ -2,7 +2,6 @@ package wallarm
 
 import (
 	"fmt"
-	"regexp"
 	"strconv"
 	"testing"
 
@@ -34,20 +33,6 @@ func TestAccRuleDisableAttackTypeCreate_Basic(t *testing.T) {
 	})
 }
 
-func TestAccRuleDisableAttackTypeCreate_IncorrectAttackType(t *testing.T) {
-	rnd := generateRandomResourceName(5)
-	resource.Test(t, resource.TestCase{
-		PreCheck:  func() { testAccPreCheck(t) },
-		Providers: testAccProviders,
-		Steps: []resource.TestStep{
-			{
-				Config:      testWallarmRuleDisableAttackTypeBasicConfig(rnd, "incorrect", "iequal", "attack-types.wallarm.com", "HOST", `["post"],["form_urlencoded","query"]`),
-				ExpectError: regexp.MustCompile(`config is invalid: expected attack_type to be one of \[sqli xss rce ptrav crlf nosqli xxe ldapi scanner ssti ssi mail_injection vpatch\], got incorrect`),
-			},
-		},
-	})
-}
-
 func TestAccRuleDisableAttackTypeCreateRecreate(t *testing.T) {
 	rnd := generateRandomResourceName(5)
 	name := "wallarm_rule_disable_attack_type." + rnd

diff --git a/wallarm/resource_rule_ignore_regex.go b/wallarm/resource_rule_ignore_regex.go
@@ -275,7 +275,7 @@ func resourceWallarmIgnoreRegexRead(d *schema.ResourceData, m interface{}) error
 		OrderDesc: true,
 		Filter: &wallarm.HintFilter{
 			Clientid: []int{clientID},
-			ActionID: []int{actionID},
+			ID:       []int{ruleID},
 		},
 	}
 	actionHints, err := client.HintRead(hint)

diff --git a/wallarm/resource_rule_overlimit_res_settings.go b/wallarm/resource_rule_overlimit_res_settings.go
@@ -360,7 +360,7 @@ func resourceWallarmOverlimitResSettingsImport(d *schema.ResourceData, m interfa
 		}
 		d.Set("action_id", actionID)
 		d.Set("rule_id", ruleID)
-		d.Set("rule_type", "rate_limit")
+		d.Set("rule_type", "overlimit_res_settings")
 
 		hint := &wallarm.HintRead{
 			Limit:     1000,
@@ -370,7 +370,7 @@ func resourceWallarmOverlimitResSettingsImport(d *schema.ResourceData, m interfa
 			Filter: &wallarm.HintFilter{
 				Clientid: []int{clientID},
 				ID:       []int{ruleID},
-				Type:     []string{"rate_limit"},
+				Type:     []string{"overlimit_res_settings"},
 			},
 		}
 		actionHints, err := client.HintRead(hint)

diff --git a/wallarm/resource_rule_overlimit_res_settings_test.go b/wallarm/resource_rule_overlimit_res_settings_test.go
@@ -21,7 +21,7 @@ func TestAccOverlimitResSettings(t *testing.T) {
 			{
 				Config: testAccRuleOverlimitResSettings(resourceName),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr(resourceAddress, "overlimit_time", "2000"),
+					resource.TestCheckResourceAttr(resourceAddress, "overlimit_time", "1000"),
 					resource.TestCheckResourceAttr(resourceAddress, "mode", "monitoring"),
 				),
 			},
@@ -33,7 +33,7 @@ func testAccRuleOverlimitResSettings(resourceName string) string {
 	return fmt.Sprintf(`
 resource "wallarm_rule_overlimit_res_settings" %[1]q {
 
-	mode = "blocking"
+	mode = "monitoring"
 	overlimit_time = 1000
 	action {
 		type = "iequal"

diff --git a/wallarm/resource_rule_parser_state_test.go b/wallarm/resource_rule_parser_state_test.go
@@ -49,20 +49,6 @@ func TestAccRuleParserStateCreate_IncorrectState(t *testing.T) {
 	})
 }
 
-func TestAccRuleParserStateCreate_IncorrectParser(t *testing.T) {
-	rnd := generateRandomResourceName(5)
-	resource.Test(t, resource.TestCase{
-		PreCheck:  func() { testAccPreCheck(t) },
-		Providers: testAccProviders,
-		Steps: []resource.TestStep{
-			{
-				Config:      testWallarmRuleParserStateBasicConfig(rnd, "incorrect", "enabled", "iequal", "parsers.wallarm.com", "HOST", `["post"],["form_urlencoded","query"]`),
-				ExpectError: regexp.MustCompile(`config is invalid: expected parser to be one of \[base64 cookie form_urlencoded gzip grpc json_doc multipart percent protobuf htmljs viewstate xml\], got incorrect`),
-			},
-		},
-	})
-}
-
 func TestAccRuleParserStateCreateRecreate(t *testing.T) {
 	rnd := generateRandomResourceName(5)
 	name := "wallarm_rule_parser_state." + rnd

diff --git a/wallarm/resource_rule_rate_limit.go b/wallarm/resource_rule_rate_limit.go
@@ -188,7 +188,7 @@ func resourceWallarmRateLimit() *schema.Resource {
 			"delay": {
 				Type:         schema.TypeInt,
 				ForceNew:     true,
-				Required:     true,
+				Optional:     true,
 				ValidateFunc: validation.IntBetween(0, 1000),
 			},
 

diff --git a/wallarm/resource_rule_rate_limit_test.go b/wallarm/resource_rule_rate_limit_test.go
@@ -35,7 +35,6 @@ func testAccRuleRateLimit(resourceName string) string {
 resource "wallarm_rule_rate_limit" %[1]q {
 	point = [["header", "HOST"]]
 
-	cred_stuff_type = "custom"
 	action {
 		type = "iequal"
 		value = "example.com"
@@ -45,7 +44,7 @@ resource "wallarm_rule_rate_limit" %[1]q {
 	}
 
   comment = "My TF Rate Limit 5"
-  delay = 50
+  delay = 100
   burst = 20
   rate = 300
   rsp_status = 500

diff --git a/wallarm/resource_rule_regex.go b/wallarm/resource_rule_regex.go
@@ -68,8 +68,6 @@ func resourceWallarmRegex() *schema.Resource {
 				Type:     schema.TypeString,
 				Required: true,
 				ForceNew: true,
-				ValidateFunc: validation.StringInSlice([]string{"any", "sqli", "rce", "crlf", "nosqli", "ptrav",
-					"xxe", "ptrav", "xss", "scanner", "redir", "ldapi", "vpatch"}, false),
 			},
 
 			"action": {

diff --git a/wallarm/resource_rule_set_response_header.go b/wallarm/resource_rule_set_response_header.go
@@ -63,17 +63,20 @@ func resourceWallarmSetResponseHeader() *schema.Resource {
 			"mode": {
 				Type:         schema.TypeString,
 				Required:     true,
+				ForceNew:     true,
 				ValidateFunc: validation.StringInSlice([]string{"append", "replace"}, false),
 			},
 
 			"name": {
 				Type:     schema.TypeString,
 				Required: true,
+				ForceNew: true,
 			},
 
 			"values": {
 				Type:     schema.TypeList,
 				Required: true,
+				ForceNew: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
 

diff --git a/wallarm/resource_rule_variative_keys_test.go b/wallarm/resource_rule_variative_keys_test.go
@@ -2,6 +2,7 @@ package wallarm
 
 import (
 	"fmt"
+	"os"
 	"strconv"
 	"testing"
 
@@ -12,6 +13,9 @@ import (
 )
 
 func TestAccRuleVariativeKeysCreate_Basic(t *testing.T) {
+	if os.Getenv("WALLARM_EXTRA_PERMISSIONS") == "" {
+		t.Skip("Skipping not test as it requires WALLARM_EXTRA_PERMISSIONS set")
+	}
 	rnd := generateRandomResourceName(5)
 	name := "wallarm_rule_variative_keys." + rnd
 	resource.Test(t, resource.TestCase{
@@ -32,6 +36,9 @@ func TestAccRuleVariativeKeysCreate_Basic(t *testing.T) {
 }
 
 func TestAccRuleVariativeKeysCreateRecreate(t *testing.T) {
+	if os.Getenv("WALLARM_EXTRA_PERMISSIONS") == "" {
+		t.Skip("Skipping not test as it requires WALLARM_EXTRA_PERMISSIONS set")
+	}
 	rnd := generateRandomResourceName(5)
 	name := "wallarm_rule_variative_keys." + rnd
 	resource.Test(t, resource.TestCase{

diff --git a/wallarm/resource_rule_variative_values_test.go b/wallarm/resource_rule_variative_values_test.go
@@ -2,6 +2,7 @@ package wallarm
 
 import (
 	"fmt"
+	"os"
 	"strconv"
 	"testing"
 
@@ -11,6 +12,9 @@ import (
 )
 
 func TestAccRuleVariativeValuesCreate_Basic(t *testing.T) {
+	if os.Getenv("WALLARM_EXTRA_PERMISSIONS") == "" {
+		t.Skip("Skipping not test as it requires WALLARM_EXTRA_PERMISSIONS set")
+	}
 	rnd := generateRandomResourceName(5)
 	name := "wallarm_rule_variative_values." + rnd
 	resource.Test(t, resource.TestCase{
@@ -31,6 +35,9 @@ func TestAccRuleVariativeValuesCreate_Basic(t *testing.T) {
 }
 
 func TestAccRuleVariativeValuesCreateRecreate(t *testing.T) {
+	if os.Getenv("WALLARM_EXTRA_PERMISSIONS") == "" {
+		t.Skip("Skipping not test as it requires WALLARM_EXTRA_PERMISSIONS set")
+	}
 	rnd := generateRandomResourceName(5)
 	name := "wallarm_rule_variative_values." + rnd
 	resource.Test(t, resource.TestCase{