[cloudflare_ruleset] allow overriding ruleset sensitivity #1853

peterbppb · 2022-08-24T07:12:50Z

Current Terraform and Cloudflare provider version

3.20.0

Description

Currently setting Ruleset sensitivity is not supported at the ruleset level.
Only setting individual rules sensitivity is supported.
I would like to be able to override ruleset sensitivity, same as ruleset Action:

Use cases

Having the ability to set sensitivity_level for the whole ruleset, making sure new rules added to the ddos_l7 ruleset will inherit this sensitivity level.

Potential Terraform configuration

terraform {
  required_providers {
    cloudflare = {
      source  = "cloudflare/cloudflare"
      version = "~> 3.0"
    }
  }

  required_version = ">= 1.0"
}

variable "zone_id" {
  type        = string
  description = "Cloudflare Zone ID"
}

variable "ruleset_id" {
  type        = string
  description = "Cloudflare Zone Ruleset ID"
}
/*
"{rule_id}" = {
  description       = ""
  sensitivity_level = "medium"
  action            = "log"
}
*/
variable "rules" {
  type = map(object({
    description       = string
    sensitivity_level = string
    action            = string
  }))
  description = "List of L7 DDOS rules to override"

}

resource "cloudflare_ruleset" "zone_level_ddos_config" {
  zone_id     = var.zone_id
  name        = "HTTP DDoS Attack Protection entry point ruleset"
  description = ""
  kind        = "zone"
  phase       = "ddos_l7"

  rules {
    action = "execute"
    action_parameters {
      id = var.ruleset_id
      overrides {
        action            = "log"
        sensitivity_level = "eoff"
        dynamic "rules" {
          for_each = var.rules
          content {
            id                = rules.key
            sensitivity_level = rules.value.sensitivity_level
            action            = rules.value.action
            description       = rules.value.description
          }
        }
      }
    }
    expression  = "true"
    description = "Override the HTTP DDoS Attack Protection Managed Ruleset"
    enabled     = true
  }
}

References

No response

…ule sensitivity levels Closes #1853

github-actions · 2022-10-18T23:51:57Z

This functionality has been released in v3.26.0 of the Terraform Cloudflare Provider.

Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

peterbppb added kind/enhancement Categorizes issue or PR as related to improving an existing feature. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Aug 24, 2022

jacobbednarz mentioned this issue Sep 29, 2022

rulesets: add support for overridding all rule sensitivity on a rule cloudflare/cloudflare-go#1093

Merged

jacobbednarz added a commit that referenced this issue Oct 13, 2022

resource/cloudflare_ruleset: add support for overriding all ruleset r…

eb49433

…ule sensitivity levels Closes #1853

jacobbednarz mentioned this issue Oct 13, 2022

resource/cloudflare_ruleset: add support for overriding all ruleset rule sensitivity levels #1965

Merged

jacobbednarz closed this as completed in #1965 Oct 17, 2022

github-actions bot added this to the v3.26.0 milestone Oct 17, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[cloudflare_ruleset] allow overriding ruleset sensitivity #1853

[cloudflare_ruleset] allow overriding ruleset sensitivity #1853

peterbppb commented Aug 24, 2022 •

edited

github-actions bot commented Oct 18, 2022

[cloudflare_ruleset] allow overriding ruleset sensitivity #1853

[cloudflare_ruleset] allow overriding ruleset sensitivity #1853

Comments

peterbppb commented Aug 24, 2022 • edited

Current Terraform and Cloudflare provider version

Description

Use cases

Potential Terraform configuration

References

github-actions bot commented Oct 18, 2022

peterbppb commented Aug 24, 2022 •

edited