Merge pull request #7363 from bosch-io/feature/7327

azurerm/internal/services/network/tests/application_gateway_resource_test.go

@@ -2064,8 +2064,11 @@ resource "azurerm_web_application_firewall_policy" "testfwp" {
   location            = azurerm_resource_group.test.location
 
   policy_settings {
-    enabled = true
-    mode    = "Prevention"
+    enabled                     = true
+    mode                        = "Prevention"
+    file_upload_limit_in_mb     = 100
+    max_request_body_size_in_kb = 100
+    request_body_check          = "true"
   }
 
   managed_rules {

azurerm/internal/services/network/tests/web_application_firewall_policy_resource_test.go

@@ -92,6 +92,9 @@ func TestAccAzureRMWebApplicationFirewallPolicy_complete(t *testing.T) {
 					resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.#", "1"),
 					resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.enabled", "true"),
 					resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.mode", "Prevention"),
+					resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.request_body_check", "true"),
+					resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.file_upload_limit_in_mb", "100"),
+					resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.max_request_body_size_in_kb", "128"),
 				),
 			},
 			data.ImportStep(),
@@ -167,6 +170,9 @@ func TestAccAzureRMWebApplicationFirewallPolicy_update(t *testing.T) {
 					resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.#", "1"),
 					resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.enabled", "true"),
 					resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.mode", "Prevention"),
+					resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.request_body_check", "true"),
+					resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.file_upload_limit_in_mb", "100"),
+					resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.0.max_request_body_size_in_kb", "128"),
 				),
 			},
 			data.ImportStep(),

azurerm/internal/services/network/web_application_firewall_policy_resource.go

@@ -262,6 +262,23 @@ func resourceArmWebApplicationFirewallPolicy() *schema.Resource {
 							}, false),
 							Default: string(network.Prevention),
 						},
+						"request_body_check": {
+							Type:     schema.TypeBool,
+							Optional: true,
+							Default:  true,
+						},
+						"file_upload_limit_in_mb": {
+							Type:         schema.TypeInt,
+							Optional:     true,
+							ValidateFunc: validation.IntBetween(1, 750),
+							Default:      100,
+						},
+						"max_request_body_size_in_kb": {
+							Type:         schema.TypeInt,
+							Optional:     true,
+							ValidateFunc: validation.IntBetween(8, 128),
+							Default:      128,
+						},
 					},
 				},
 			},
@@ -431,10 +448,16 @@ func expandArmWebApplicationFirewallPolicyPolicySettings(input []interface{}) *n
 		enabled = network.WebApplicationFirewallEnabledStateEnabled
 	}
 	mode := v["mode"].(string)
+	requestBodyCheck := v["request_body_check"].(bool)
+	maxRequestBodySizeInKb := v["max_request_body_size_in_kb"].(int)
+	fileUploadLimitInMb := v["file_upload_limit_in_mb"].(int)
 
 	result := network.PolicySettings{
-		State: enabled,
-		Mode:  network.WebApplicationFirewallMode(mode),
+		State:                  enabled,
+		Mode:                   network.WebApplicationFirewallMode(mode),
+		RequestBodyCheck:       utils.Bool(requestBodyCheck),
+		MaxRequestBodySizeInKb: utils.Int32(int32(maxRequestBodySizeInKb)),
+		FileUploadLimitInMb:    utils.Int32(int32(fileUploadLimitInMb)),
 	}
 	return &result
 }
@@ -607,6 +630,9 @@ func flattenArmWebApplicationFirewallPolicyPolicySettings(input *network.PolicyS
 
 	result["enabled"] = input.State == network.WebApplicationFirewallEnabledStateEnabled
 	result["mode"] = string(input.Mode)
+	result["request_body_check"] = input.RequestBodyCheck
+	result["max_request_body_size_in_kb"] = int(*input.MaxRequestBodySizeInKb)
+	result["file_upload_limit_in_mb"] = int(*input.FileUploadLimitInMb)
 
 	return []interface{}{result}
 }

website/docs/r/web_application_firewall_policy.html.markdown

@@ -71,8 +71,11 @@ resource "azurerm_web_application_firewall_policy" "example" {
   }
 
   policy_settings {
-    enabled = true
-    mode    = "Prevention"
+    enabled                     = true
+    mode                        = "Prevention"
+    request_body_check          = true
+    file_upload_limit_in_mb     = 100
+    max_request_body_size_in_kb = 128
   }
 
   managed_rules {
@@ -161,9 +164,15 @@ The `match_variables` block supports the following:
 
 The `policy_settings` block supports the following:
 
-* `enabled` - (Optional) Describes if the policy is in enabled state or disabled state Defaults to `Enabled`.
+* `enabled` - (Optional) Describes if the policy is in enabled state or disabled state. Defaults to `Enabled`.
 
-* `mode` - (Optional) Describes if it is in detection mode  or prevention mode at the policy level Defaults to `Prevention`.
+* `mode` - (Optional) Describes if it is in detection mode or prevention mode at the policy level. Defaults to `Prevention`.
+
+* `file_upload_limit_mb` - (Optional) The File Upload Limit in MB. Accepted values are in the range `1` to `750`. Defaults to `100`.
+
+* `request_body_check` - (Optional) Is Request Body Inspection enabled? Defaults to `true`.
+
+* `max_request_body_size_kb` - (Optional) The Maximum Request Body Size in KB.  Accepted values are in the range `8` to `128`. Defaults to `128`.
 
 ---