[WAF] new resource/opentelekomcloud_waf_dedicated_blacklist_rule_v1 and resource/opentelekomcloud_waf_dedicated_precise_protection_rule_v1

docs/resources/waf_dedicated_alarm_masking_rule_v1.md

@@ -3,7 +3,7 @@ subcategory: "Dedicated Web Application Firewall (WAFD)"
 ---
 
 Up-to-date reference of API arguments for WAF dedicated Global Protection Whitelist (formerly False Alarm Masking) rule you can get at
-`https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_an_information_leakage_protection_rule.html`.
+[Official Docs Portal](https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_an_information_leakage_protection_rule.html).
 
 # opentelekomcloud_waf_dedicated_anti_leakage_rule_v1
 

docs/resources/waf_dedicated_anti_crawler_rule_v1.md

@@ -3,7 +3,7 @@ subcategory: "Dedicated Web Application Firewall (WAFD)"
 ---
 
 Up-to-date reference of API arguments for WAF dedicated Anti Crawler rule you can get at
-`https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_a_javascript_anti-crawler_rule.html`.
+[Official Docs Portal](https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_a_javascript_anti-crawler_rule.html).
 
 # opentelekomcloud_waf_dedicated_anti_crawler_rule_v1
 

docs/resources/waf_dedicated_anti_leakage_rule_v1.md

@@ -3,7 +3,7 @@ subcategory: "Dedicated Web Application Firewall (WAFD)"
 ---
 
 Up-to-date reference of API arguments for WAF dedicated Information Leakage Protection rule you can get at
-`https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_an_information_leakage_protection_rule.html`.
+[Official Docs Portal](https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_an_information_leakage_protection_rule.html).
 
 # opentelekomcloud_waf_dedicated_anti_leakage_rule_v1
 

docs/resources/waf_dedicated_blacklist_rule_v1.md

@@ -0,0 +1,68 @@
+---
+subcategory: "Dedicated Web Application Firewall (WAFD)"
+---
+
+Up-to-date reference of API arguments for WAF dedicated Blacklist rule you can get at
+[Official Docs Portal](https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_a_blacklist_or_whitelist_rule.html).
+
+# opentelekomcloud_waf_dedicated_blacklist_rule_v1
+
+Manages a WAF Dedicated Blacklist Rule resource within OpenTelekomCloud.
+
+## Example Usage
+
+```hcl
+resource "opentelekomcloud_waf_dedicated_policy_v1" "policy_1" {
+  name = "policy_black"
+}
+
+resource "opentelekomcloud_waf_dedicated_blacklist_rule_v1" "rule_1" {
+  policy_id   = opentelekomcloud_waf_dedicated_policy_v1.policy_1.id
+  name        = "my_blacklist"
+  ip_address  = "192.168.1.0/24"
+  action      = 0
+  description = "test description"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `policy_id` - (Required, ForceNew, String) The WAF policy ID. Changing this creates a new rule. Changing this creates a new rule.
+
+* `name` - (Required, ForceNew, String) Rule name. Changing this creates a new rule.
+
+* `ip_address` - (Required, ForceNew, String) IP addresses or an IP address range to be added to the blacklist or whitelist. Changing this creates a new rule.
+  For example, `192.x.x.3` or `10.x.x.0/24`
+
+* `action` - (Required, ForceNew, Int) Protective action. Changing this creates a new rule.
+  The value can be:
+    + `0`: WAF blocks the requests that hit the rule.
+    + `1`: WAF allows the requests that hit the rule.
+    + `2`: WAF only logs the requests that hit the rule.
+
+* `followed_action_id` - (Optional, ForceNew, String) ID of a known attack source rule. Changing this creates a new rule.
+  This parameter can be configured only when `action` is set to `0`.
+
+* `description` - (Optional, ForceNew, String) Rule description. Changing this creates a new rule.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` -  ID of the rule.
+
+* `status` - Rule status. The value can be:
+  + `0`: The rule is disabled.
+  + `1`: The rule is enabled.
+
+* `created_at` - Timestamp the rule is created.
+
+## Import
+
+Dedicated WAF Blacklist Rules can be imported using `policy_id/id`, e.g.
+
+```sh
+terraform import opentelekomcloud_waf_dedicated_blacklist_rule_v1.rule_1 ff95e71c8ae74eba9887193ab22c5757/b39f3a5a1b4f447a8030f0b0703f47f5
+```

docs/resources/waf_dedicated_cc_rule_v1.md

@@ -3,7 +3,7 @@ subcategory: "Dedicated Web Application Firewall (WAFD)"
 ---
 
 Up-to-date reference of API arguments for WAF dedicated CC rule you can get at
-`https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_a_cc_attack_protection_rule.html`.
+[Official Docs Portal](https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_a_cc_attack_protection_rule.html).
 
 # opentelekomcloud_waf_dedicated_cc_rule_v1
 

docs/resources/waf_dedicated_certificate_v1.md

@@ -3,7 +3,7 @@ subcategory: "Dedicated Web Application Firewall (WAFD)"
 ---
 
 Up-to-date reference of API arguments for WAF dedicated certificate you can get at
-`https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/certificate_management/index.html`.
+[Official Docs Portal](https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/certificate_management/index.html).
 
 # opentelekomcloud_waf_dedicated_certificate_v1
 

docs/resources/waf_dedicated_data_masking_rule_v1.md

@@ -3,7 +3,7 @@ subcategory: "Dedicated Web Application Firewall (WAFD)"
 ---
 
 Up-to-date reference of API arguments for WAF dedicated Data Masking rule you can get at
-`https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_a_data_masking_rule.html`.
+[Official Docs Portal](https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_a_data_masking_rule.html).
 
 # opentelekomcloud_waf_dedicated_data_masking_rule_v1
 

docs/resources/waf_dedicated_domain_v1.md

@@ -3,7 +3,7 @@ subcategory: "Dedicated Web Application Firewall (WAFD)"
 ---
 
 Up-to-date reference of API arguments for WAF dedicated domain you can get at
-`https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/managing_websites_protected_in_dedicated_mode/index.html`.
+[Official Docs Portal](https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/managing_websites_protected_in_dedicated_mode/index.html).
 
 # opentelekomcloud_waf_dedicated_domain_v1
 

docs/resources/waf_dedicated_geo_ip_rule_v1.md

@@ -3,7 +3,7 @@ subcategory: "Dedicated Web Application Firewall (WAFD)"
 ---
 
 Up-to-date reference of API arguments for WAF dedicated Geolocation Access Control rule you can get at
-`https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_a_geolocation_access_control_rule.html`.
+[Official Docs Portal](https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_a_geolocation_access_control_rule.html).
 
 # opentelekomcloud_waf_dedicated_geo_ip_rule_v1
 

docs/resources/waf_dedicated_instance_v1.md

@@ -3,7 +3,7 @@ subcategory: "Dedicated Web Application Firewall (WAFD)"
 ---
 
 Up-to-date reference of API arguments for WAF dedicated instance you can get at
-`https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/dedicated_instance_management/index.html`.
+[Official Docs Portal](https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/dedicated_instance_management/index.html).
 
 # opentelekomcloud_waf_dedicated_instance_v1
 

docs/resources/waf_dedicated_known_attack_source_rule_v1.md

@@ -3,7 +3,7 @@ subcategory: "Dedicated Web Application Firewall (WAFD)"
 ---
 
 Up-to-date reference of API arguments for WAF dedicated Known Attack Source rule you can get at
-`https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_a_known_attack_source_rule.html`.
+[Official Docs Portal](https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_a_known_attack_source_rule.html).
 
 # opentelekomcloud_waf_dedicated_known_attack_source_rule_v1
 

docs/resources/waf_dedicated_policy_v1.md

@@ -3,7 +3,7 @@ subcategory: "Dedicated Web Application Firewall (WAFD)"
 ---
 
 Up-to-date reference of API arguments for WAF policy you can get at
-https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/policy_management/index.html.
+[Official Docs Portal](https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/policy_management/index.html).
 
 # opentelekomcloud_waf_dedicated_policy_v1
 

docs/resources/waf_dedicated_precise_protection_rule_v1.md

@@ -0,0 +1,103 @@
+---
+subcategory: "Dedicated Web Application Firewall (WAFD)"
+---
+
+Up-to-date reference of API arguments for WAF dedicated Precise Protection rule you can get at
+[Official Docs Portal](https://docs.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_a_precise_protection_rule.html).
+
+# opentelekomcloud_waf_dedicated_precise_protection_rule_v1
+
+Manages a WAF Dedicated Precise Protection Rule resource within OpenTelekomCloud.
+
+## Example Usage
+
+```hcl
+resource "opentelekomcloud_waf_dedicated_policy_v1" "policy_1" {
+  name = "policy_pp"
+}
+
+resource "opentelekomcloud_waf_dedicated_precise_protection_rule_v1" "rule_1" {
+  policy_id   = opentelekomcloud_waf_dedicated_policy_v1.policy_1.id
+  time        = false
+  description = "desc"
+  priority    = 50
+
+  conditions {
+    category        = "url"
+    contents        = ["test"]
+    logic_operation = "contain"
+  }
+  action {
+    category = "block"
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `policy_id` - (Required, ForceNew, String) The WAF policy ID. Changing this creates a new rule.
+
+* `time` - (Required, ForceNew, Bool) Time the precise protection rule takes effect. Changing this creates a new rule.
+  Values:
+  + `false`: The rule takes effect immediately.
+  + `true`: The effective time is customized.
+
+* `start` - (Required, ForceNew, Int) Timestamp (ms) when the precise protection rule takes effect. This parameter is returned only when time is true. Changing this creates a new rule.
+
+* `terminal` - (Required, ForceNew, Int) Timestamp (ms) when the precise protection rule expires. This parameter is returned only when time is true. Changing this creates a new rule.
+
+* `description` - (Optional, ForceNew, String) Rule description. Changing this creates a new rule.
+
+* `conditions` - (Optional, ForceNew, List) Match condition List. Changing this creates a new rule.
+  The `conditions` block supports:
+
+  + `category` - (Optional, ForceNew, String) Field type. The options are `url`, `user-agent`, `ip`, `params`, `cookie`, `referer`, `header`, `request_line`, `method`, and `request`.
+
+  + `logic_operation` - (Optional, ForceNew, String) Logic for matching the condition. Changing this creates a new rule.
+    + If the category is `url`, `user-agent` or `referer` , the optional operations are `contain`, `not_contain`, `equal`, `not_equal`, `prefix`, `not_prefix`, `suffix`, `not_suffix`, `contain_any`, `not_contain_all`, `equal_any`, `not_equal_all`, `equal_any`, `not_equal_all`, `prefix_any`, `not_prefix_all`, `suffix_any`, `not_suffix_all`, `len_greater`, `len_less`, `len_equal` and `len_not_equal`
+    + If the category is `ip`, the optional operations are: `equal`, `not_equal`, `equal_any` and `not_equal_all`
+    + If the category is `method`, the optional operations are: `equal` and `not_equal`
+    + If the category is `request_line` and `request`, the optional operations are: `len_greater`, `len_less`, `len_equal` and `len_not_equal`
+    + If the category is `params`, `header`, and `cookie`, the optional operations are: `contain`, `not_contain`, `equal`, `not_equal`, `prefix`, `not_prefix`, `suffix`, `not_suffix`, `contain_any`, `not_contain_all`, `equal_any`, `not_equal_all`, `equal_any`, `not_equal_all`, `prefix_any`, `not_prefix_all`, `suffix_any`, `not_suffix_all`, `len_greater`, `len_less`, `len_equal`, `len_not_equal`, `num_greater`, `num_less`, `num_equal`, `num_not_equal`, `exist` and `not_exist`
+
+  + `contents` - (Optional, ForceNew, List) Content of the conditions. This parameter is mandatory when the suffix of `logic_operation` is not `any` or `all`. This parameter is mandatory when the suffix of `logic_operation` is not `any` or `all`. Changing this creates a new rule.
+
+  + `value_list_id` - (Optional, ForceNew, String) Reference table ID. This parameter is mandatory when the suffix of `logic_operation` is `any` or `all`. The reference table type must be the same as the category type. Changing this creates a new rule.
+
+  + `index` - (Optional, ForceNew, String) Subfield. Changing this creates a new rule.
+    + When the field type is `url`, `user-agent`, `ip`, `refer`, `request_line`, `method`, or `request`, index is not required.
+    + When the field type is `params`, `header`, or `cookie`, and the subfield is customized, the value of index is the customized subfield.
+
+* `action` - (Required, ForceNew, Set) Protection action to take if the number of requests reaches the upper limit. Changing this creates a new rule.
+  The `conditions` block supports:
+
+  + `category` - (Required, ForceNew, String) Action type. Changing this creates a new rule.
+    + `block`: WAF blocks attacks.
+    + `pass`: WAF allows requests.
+    + `log`: WAF only logs detected attacks.
+
+  + `followed_action_id` - (Optional, ForceNew, String) ID of a known attack source rule. This parameter can be configured only when category is set to block. Changing this creates a new rule.
+
+* `priority` - (Optional, ForceNew, Int) Priority of a rule. A small value indicates a high priority. If two rules are assigned with the same priority, the rule added earlier has higher priority. Value range: `0` to `1000`. Changing this creates a new rule.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` -  ID of the rule.
+
+* `status` - Rule status. The value can be:
+  + `0`: The rule is disabled.
+  + `1`: The rule is enabled.
+
+* `created_at` - Timestamp the rule is created.
+
+## Import
+
+Dedicated WAF Precise Protection Rules can be imported using `policy_id/id`, e.g.
+
+```sh
+terraform import opentelekomcloud_waf_dedicated_precise_protection_rule_v1.rule_1 ff95e71c8ae74eba9887193ab22c5757/b39f3a5a1b4f447a8030f0b0703f47f5
+```

docs/resources/waf_dedicated_web_tamper_rule_v1.md

@@ -3,7 +3,7 @@ subcategory: "Dedicated Web Application Firewall (WAFD)"
 ---
 
 Up-to-date reference of API arguments for WAF dedicated Web Tamper rule you can get at
-`https://docs-beta.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_a_web_tamper_protection_rule.html`.
+[Official Docs Portal](https://docs-beta.otc.t-systems.com/web-application-firewall-dedicated/api-ref/apis/rule_management/creating_a_web_tamper_protection_rule.html).
 
 # opentelekomcloud_waf_dedicated_web_tamper_rule_v1
 

go.mod

@@ -5,6 +5,7 @@ go 1.20
 require (
 	github.com/apparentlymart/go-cidr v1.1.0
 	github.com/aws/aws-sdk-go v1.37.0
+	github.com/go-sql-driver/mysql v1.7.1
 	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-cty v1.4.1-0.20200723130312-85980079f637
 	github.com/hashicorp/go-multierror v1.1.1
@@ -14,7 +15,7 @@ require (
 	github.com/jinzhu/copier v0.3.5
 	github.com/keybase/go-crypto v0.0.0-20200123153347-de78d2cb44f4
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/opentelekomcloud/gophertelekomcloud v0.8.0
+	github.com/opentelekomcloud/gophertelekomcloud v0.8.1-0.20230919120330-a995298c32fa
 	github.com/unknwon/com v1.0.1
 	golang.org/x/crypto v0.1.0
 	golang.org/x/sync v0.1.0
@@ -26,7 +27,6 @@ require (
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/fatih/color v1.13.0 // indirect
-	github.com/go-sql-driver/mysql v1.7.1 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect

go.sum

@@ -156,8 +156,8 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLA
 github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce h1:RPclfga2SEJmgMmz2k+Mg7cowZ8yv4Trqw9UsJby758=
 github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
-github.com/opentelekomcloud/gophertelekomcloud v0.8.0 h1:07sfUY2U4PROM5eYcAjGZsWT1AVUC3Rv7y87o5JWOSQ=
-github.com/opentelekomcloud/gophertelekomcloud v0.8.0/go.mod h1:9Deb3q2gJvq5dExV+aX+iO+G+mD9Zr9uFt+YY9ONmq0=
+github.com/opentelekomcloud/gophertelekomcloud v0.8.1-0.20230919120330-a995298c32fa h1:qN0hR0evVwIGYSj7ILl9vS5g4ZsYjquIptCTZBe+VGQ=
+github.com/opentelekomcloud/gophertelekomcloud v0.8.1-0.20230919120330-a995298c32fa/go.mod h1:9Deb3q2gJvq5dExV+aX+iO+G+mD9Zr9uFt+YY9ONmq0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=

opentelekomcloud/acceptance/waf/resource_opentelekomcloud_waf_dedicated_alarm_masking_rule_v1_test.go

@@ -29,7 +29,7 @@ func TestAccWafDedicatedAlarmMaskingRuleV1_basic(t *testing.T) {
 					testAccCheckWafDedicatedAlarmMaskingRuleV1Exists(wafdAlarmMaskingRuleName, &rule),
 					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "domains.#", "1"),
 					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "domains.0", "www.example.com"),
-					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "rule", "091004"),
+					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "rule", "all"),
 					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "description", "description"),
 					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "conditions.#", "1"),
 					resource.TestCheckResourceAttr(wafdAlarmMaskingRuleName, "conditions.0.category", "url"),

opentelekomcloud/acceptance/waf/resource_opentelekomcloud_waf_dedicated_anti_leakage_rule_v1_test.go

@@ -32,6 +32,7 @@ func TestAccWafDedicatedAntiLeakageRuleV1_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(wafdAntiLeakageRuleName, "contents.0", "id_card"),
 					resource.TestCheckResourceAttr(wafdAntiLeakageRuleName, "category", "sensitive"),
 					resource.TestCheckResourceAttr(wafdAntiLeakageRuleName, "description", "test description"),
+					resource.TestCheckResourceAttr(wafdAntiLeakageRuleName, "status", "1"),
 				),
 			},
 			{
@@ -43,6 +44,7 @@ func TestAccWafDedicatedAntiLeakageRuleV1_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(wafdAntiLeakageRuleName, "contents.0", "id_card"),
 					resource.TestCheckResourceAttr(wafdAntiLeakageRuleName, "category", "sensitive"),
 					resource.TestCheckResourceAttr(wafdAntiLeakageRuleName, "description", "test description updated"),
+					resource.TestCheckResourceAttr(wafdAntiLeakageRuleName, "status", "1"),
 				),
 			},
 			{