diff --git a/go.mod b/go.mod index 48cd072bf0..4eaf34aaed 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/mitchellh/go-homedir v1.1.0 github.com/mozillazg/go-httpheader v0.3.0 // indirect github.com/pkg/errors v0.9.1 - github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos v1.0.353 + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos v1.0.358 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/api v1.0.285 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/apigateway v1.0.199 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/as v1.0.199 @@ -30,7 +30,7 @@ require ( github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.283 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.199 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.291 - github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.357 + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.358 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.351 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.199 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dayu v1.0.335 diff --git a/go.sum b/go.sum index 3b822d2137..aba134a1be 100644 --- a/go.sum +++ b/go.sum @@ -450,6 +450,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos v1.0.334 h1:wQ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos v1.0.334/go.mod h1:6ficOD4j2/gwkkXUrSlInWqKIAuWrIid1u4UvMiC41A= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos v1.0.353 h1:96xJ0rJ6x8P+2GkuCKDfUS83E5Blnvdxi/FmKdelX+Q= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos v1.0.353/go.mod h1:E/Y+Rga/DOO+ZpBRQKSigaRnw6h1uJbIURKXI+6ozz4= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos v1.0.358 h1:U/3fxCDsKPEFRM7uYtSiIuR/PxeuuY4w2VkP892G+5Q= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos v1.0.358/go.mod h1:oTPWRp1MbE4umgAHAUCogWxTdE6Uu50rL4b8HKIO1d8= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/api v1.0.285 h1:gFmukRGLtYiXVBVvg/5DP/0fM1+dKpwDjT+khtDVLmc= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/api v1.0.285/go.mod h1:aGlXSWjtSnE6kuqcaRy/NKj1CLiB8NlMSHGsDn+k7Ag= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/apigateway v1.0.199 h1:e9M5HSIq2xw61Oz9whoaq+QT95rZtowkY/2zhdzx9v4= @@ -491,8 +493,9 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.351 h1:BpVJ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.351/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.353 h1:rFkcKuLFxt2xolSWbyeznetTBw9Cyhe1ycILmEkE1Pk= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.353/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y= -github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.357 h1:uaMtRfV/OYPolAldcOuChMPAnmYnG+CONdDAFcaOQGU= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.357/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.358 h1:RYuj1gziHnMubqjsq6Be7+mv8QhSboD4FKYauEXWheI= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.358/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.199 h1:ajgJogYSIQ5u1PIbiV5nsvr5K0fYpm1/T7Dy+mxEM6U= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.199/go.mod h1:AqyM/ZZMD7q5mHBqNY9YImbSpEpoEe7E/vrTbUWX+po= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.351 h1:zqJsH5pxGT57La7NAOOyMQxsuM11pupNBwV1dzXcT24= diff --git a/tencentcloud/provider.go b/tencentcloud/provider.go index 458e2b8f0c..ff43eb005d 100644 --- a/tencentcloud/provider.go +++ b/tencentcloud/provider.go @@ -55,6 +55,7 @@ Anti-DDoS(DayuV2) tencentcloud_dayu_l4_rule tencentcloud_dayu_l7_rule_v2 tencentcloud_dayu_ddos_policy_v2 + tencentcloud_dayu_cc_policy_v2 Anti-DDoS(Dayu) Data Source @@ -962,6 +963,7 @@ func Provider() terraform.ResourceProvider { "tencentcloud_dayu_cc_http_policy": resourceTencentCloudDayuCCHttpPolicy(), "tencentcloud_dayu_cc_https_policy": resourceTencentCloudDayuCCHttpsPolicy(), "tencentcloud_dayu_ddos_policy": resourceTencentCloudDayuDdosPolicy(), + "tencentcloud_dayu_cc_policy_v2": resourceTencentCloudDayuCCPolicyV2(), "tencentcloud_dayu_ddos_policy_v2": resourceTencentCloudDayuDdosPolicyV2(), "tencentcloud_dayu_ddos_policy_case": resourceTencentCloudDayuDdosPolicyCase(), "tencentcloud_dayu_ddos_policy_attachment": resourceTencentCloudDayuDdosPolicyAttachment(), diff --git a/tencentcloud/resource_tc_dayu_cc_policy_v2.go b/tencentcloud/resource_tc_dayu_cc_policy_v2.go new file mode 100644 index 0000000000..5497684f00 --- /dev/null +++ b/tencentcloud/resource_tc_dayu_cc_policy_v2.go @@ -0,0 +1,1067 @@ +/* +Use this resource to create a dayu CC policy + +Example Usage + +```hcl +resource "tencentcloud_dayu_cc_policy_v2" "demo" { + resource_id="bgpip-000004xf" + business="bgpip" + thresholds { + domain="12.com" + threshold=0 + } + cc_geo_ip_policys { + action="drop" + region_type="china" + domain="12.com" + protocol="http" + } + + cc_black_white_ips { + protocol="http" + domain="12.com" + black_white_ip="1.2.3.4" + type="black" + } + cc_precision_policys{ + policy_action="drop" + domain="1.com" + protocol="http" + ip="162.62.163.34" + policys { + field_name="cgi" + field_type="value" + value="12123.com" + value_operator="equal" + } + } + cc_precision_req_limits { + domain="11.com" + protocol="http" + level="loose" + policys { + action="alg" + execute_duration=2 + mode="equal" + period=5 + request_num=12 + uri="15.com" + } + } +} +``` +*/ +package tencentcloud + +import ( + "context" + "fmt" + "strings" + + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + antiddos "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos/v20200309" + "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper" +) + +func resourceTencentCloudDayuCCPolicyV2() *schema.Resource { + return &schema.Resource{ + Create: resourceTencentCloudDayuCCPolicyV2Create, + Read: resourceTencentCloudDayuCCPolicyV2Read, + Update: resourceTencentCloudDayuCCPolicyV2Update, + Delete: resourceTencentCloudDayuCCPolicyV2Delete, + + Schema: map[string]*schema.Schema{ + "resource_id": { + Type: schema.TypeString, + Required: true, + Description: "The ID of the resource instance.", + }, + "business": { + Type: schema.TypeString, + Required: true, + Description: "Bussiness of resource instance. bgpip indicates anti-anti-ip ip; bgp means exclusive package; bgp-multip means shared packet; net indicates anti-anti-ip pro version.", + }, + "thresholds": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "threshold": { + Type: schema.TypeInt, + Required: true, + Description: "Cleaning threshold, -1 indicates that the `default` mode is turned on.", + }, + "domain": { + Type: schema.TypeString, + Required: true, + Description: "domain.", + }, + }, + }, + Description: "List of protection threshold configurations.", + }, + "cc_geo_ip_policys": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "action": { + Type: schema.TypeString, + Required: true, + Description: "User action, drop or arg.", + }, + "area_list": { + Type: schema.TypeList, + Elem: &schema.Schema{Type: schema.TypeInt}, + Optional: true, + Computed: true, + Description: "The list of region IDs that the user selects to block.", + }, + "region_type": { + Type: schema.TypeString, + Required: true, + Description: "Regional types, divided into china, oversea and customized.", + }, + "create_time": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Create time.", + }, + "modify_time": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Modify time.", + }, + "domain": { + Type: schema.TypeString, + Required: true, + Description: "domain.", + }, + "protocol": { + Type: schema.TypeString, + Required: true, + Description: "Protocol, preferably HTTP, HTTPS.", + }, + }, + }, + Description: "Details of the CC region blocking policy list.", + }, + "cc_black_white_ips": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "black_white_ip": { + Type: schema.TypeString, + Required: true, + Description: "Blacklist and whitelist IP addresses.", + }, + "domain": { + Type: schema.TypeString, + Required: true, + Description: "Domain.", + }, + "protocol": { + Type: schema.TypeString, + Required: true, + Description: "Protocol.", + }, + "type": { + Type: schema.TypeString, + Required: true, + Description: "IP type, value [black(blacklist IP), white (whitelist IP)].", + }, + "create_time": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Create time.", + }, + "modify_time": { + Type: schema.TypeString, + Computed: true, + Optional: true, + Description: "Modify time.", + }, + }, + }, + Description: "Blacklist and whitelist.", + }, + "cc_precision_policys": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "policy_action": { + Type: schema.TypeString, + Required: true, + Description: "Policy mode (discard or captcha).", + }, + "domain": { + Type: schema.TypeString, + Required: true, + Description: "Domain.", + }, + "protocol": { + Type: schema.TypeString, + Required: true, + Description: "Protocol.", + }, + "ip": { + Type: schema.TypeString, + Required: true, + Description: "Ip address.", + }, + "policy_id": { + Type: schema.TypeString, + Computed: true, + Description: "Policy Id.", + }, + "policys": { + Type: schema.TypeList, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "field_name": { + Type: schema.TypeString, + Required: true, + Description: "Configuration item types, currently only support value.", + }, + "field_type": { + Type: schema.TypeString, + Required: true, + Description: "Configuration fields with the desirable values cgi, ua, cookie, referer, accept, srcip.", + }, + "value": { + Type: schema.TypeString, + Required: true, + Description: "Configure the value.", + }, + "value_operator": { + Type: schema.TypeString, + Required: true, + Description: "Configure the item-value comparison mode, which can be taken as the value of evaluate, not_equal, include.", + }, + }, + }, + Required: true, + Description: "A list of policies.", + }, + }, + }, + Description: "CC Precision Protection List.", + }, + "cc_precision_req_limits": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "domain": { + Type: schema.TypeString, + Required: true, + Description: "Domain.", + }, + "protocol": { + Type: schema.TypeString, + Required: true, + Description: "Protocol, preferably HTTP, HTTPS.", + }, + "ip": { + Type: schema.TypeString, + Computed: true, + Description: "IP address.", + }, + "level": { + Type: schema.TypeString, + Required: true, + Description: "Protection rating, the optional value of default means default policy, loose means loose, and strict means strict.", + }, + "instance_id": { + Type: schema.TypeString, + Computed: true, + Description: "Instance id.", + }, + "policys": { + Type: schema.TypeList, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "action": { + Type: schema.TypeString, + Required: true, + Description: "The frequency limit policy mode, the optional value of arg indicates the verification code, and drop indicates the discard.", + }, + "cookie": { + Type: schema.TypeString, + Optional: true, + Default: "", + Description: "Cookies, one of the three policy entries can only be filled in.", + }, + "execute_duration": { + Type: schema.TypeInt, + Required: true, + Description: "The duration of the frequency limit policy can be taken from 1 to 86400 per second.", + }, + "mode": { + Type: schema.TypeString, + Required: true, + Description: "The policy item is compared, and the optional value include indicates inclusion, and equal means equal.", + }, + "period": { + Type: schema.TypeInt, + Required: true, + Description: "Statistical period, take values 1, 10, 30, 60, in seconds.", + }, + "request_num": { + Type: schema.TypeInt, + Required: true, + Description: "The number of requests, the value is 1 to 20000.", + }, + "uri": { + Type: schema.TypeString, + Optional: true, + Default: "", + Description: "Uri, one of the three policy entries can only be filled in.", + }, + "user_agent": { + Type: schema.TypeString, + Optional: true, + Default: "", + Description: "User-Agent, only one of the three policy entries can be filled in.", + }, + }, + }, + Required: true, + Description: "The CC Frequency Limit Policy Item field.", + }, + }, + }, + Description: "CC frequency throttling policy.", + }, + }, + } +} + +func resourceTencentCloudDayuCCPolicyV2Create(d *schema.ResourceData, meta interface{}) error { + defer logElapsed("resource.tencentcloud_dayu_cc_policy_v2.create")() + + logId := getLogId(contextNil) + ctx := context.WithValue(context.TODO(), logIdKey, logId) + antiddosService := AntiddosService{client: meta.(*TencentCloudClient).apiV3Conn} + resourceId := d.Get("resource_id").(string) + business := d.Get("business").(string) + protectThresholdConfig, err := antiddosService.DescribeListProtectThresholdConfig(ctx, resourceId) + if err != nil { + return err + } + instanceDetailList := protectThresholdConfig.InstanceDetailList + if len(instanceDetailList) != 1 { + return fmt.Errorf("Can not fetch Eip.") + } + ip := *instanceDetailList[0].EipList[0] + if v, ok := d.GetOk("thresholds"); ok { + thresholds := v.([]interface{}) + for _, threshold := range thresholds { + thresholdMap := threshold.(map[string]interface{}) + domain := thresholdMap["domain"].(string) + threshold := thresholdMap["threshold"].(int) + err := antiddosService.ModifyCCThresholdPolicy(ctx, resourceId, "http", ip, domain, threshold) + if err != nil { + return err + } + } + } + + if v, ok := d.GetOk("cc_black_white_ips"); ok { + ccBlackWhiteIps := v.([]interface{}) + for _, ccBlackWhiteIp := range ccBlackWhiteIps { + ccBlackWhiteIpMap := ccBlackWhiteIp.(map[string]interface{}) + protocol := ccBlackWhiteIpMap["protocol"].(string) + domain := ccBlackWhiteIpMap["domain"].(string) + blackWhiteIp := ccBlackWhiteIpMap["black_white_ip"].(string) + blackWhiteType := ccBlackWhiteIpMap["type"].(string) + err := antiddosService.CreateCcBlackWhiteIpList(ctx, resourceId, protocol, ip, domain, blackWhiteType, []string{blackWhiteIp}) + if err != nil { + return err + } + } + } + + if v, ok := d.GetOk("cc_geo_ip_policys"); ok { + ccGeoIpPolicys := v.([]interface{}) + for _, ccGeoIpPolicy := range ccGeoIpPolicys { + ccGeoIpPolicyMap := ccGeoIpPolicy.(map[string]interface{}) + action := ccGeoIpPolicyMap["action"].(string) + regionType := ccGeoIpPolicyMap["region_type"].(string) + domain := ccGeoIpPolicyMap["domain"].(string) + protocol := ccGeoIpPolicyMap["protocol"].(string) + ccGeoIPBlockConfig := antiddos.CcGeoIPBlockConfig{ + Action: &action, + RegionType: ®ionType, + } + err := antiddosService.CreateCcGeoIPBlockConfig(ctx, resourceId, protocol, ip, domain, ccGeoIPBlockConfig) + if err != nil { + return err + } + } + } + + if v, ok := d.GetOk("cc_precision_policys"); ok { + ccPrecisionPolicys := v.([]interface{}) + for _, ccPrecisionPolicy := range ccPrecisionPolicys { + ccPrecisionPolicyMap := ccPrecisionPolicy.(map[string]interface{}) + policyAction := ccPrecisionPolicyMap["policy_action"].(string) + domain := ccPrecisionPolicyMap["domain"].(string) + protocol := ccPrecisionPolicyMap["protocol"].(string) + ip := ccPrecisionPolicyMap["ip"].(string) + ccPrecisionPlyRecords := make([]*antiddos.CCPrecisionPlyRecord, 0) + policys := ccPrecisionPolicyMap["policys"].([]interface{}) + for _, policy := range policys { + policyMap := policy.(map[string]interface{}) + fieldName := policyMap["field_name"].(string) + fieldType := policyMap["field_type"].(string) + value := policyMap["value"].(string) + valueOperator := policyMap["value_operator"].(string) + tmpCCPrecisionPlyRecord := antiddos.CCPrecisionPlyRecord{} + tmpCCPrecisionPlyRecord.FieldName = &fieldName + tmpCCPrecisionPlyRecord.FieldType = &fieldType + tmpCCPrecisionPlyRecord.Value = &value + tmpCCPrecisionPlyRecord.ValueOperator = &valueOperator + ccPrecisionPlyRecords = append(ccPrecisionPlyRecords, &tmpCCPrecisionPlyRecord) + } + err := antiddosService.CreateCCPrecisionPolicy(ctx, resourceId, protocol, ip, domain, policyAction, ccPrecisionPlyRecords) + if err != nil { + return err + } + } + } + + if v, ok := d.GetOk("cc_precision_req_limits"); ok { + ccPrecisionReqLimits := v.([]interface{}) + for _, ccPrecisionReqLimit := range ccPrecisionReqLimits { + ccPrecisionReqLimitMap := ccPrecisionReqLimit.(map[string]interface{}) + domain := ccPrecisionReqLimitMap["domain"].(string) + protocol := ccPrecisionReqLimitMap["protocol"].(string) + level := ccPrecisionReqLimitMap["level"].(string) + err := antiddosService.ModifyCCLevelPolicy(ctx, resourceId, ip, domain, protocol, level) + if err != nil { + return err + } + policys := ccPrecisionReqLimitMap["policys"].([]interface{}) + for _, policy := range policys { + policyMap := policy.(map[string]interface{}) + action := policyMap["action"].(string) + executeDuration := policyMap["execute_duration"].(int) + mode := policyMap["mode"].(string) + period := policyMap["period"].(int) + requestNum := policyMap["request_num"].(int) + uri := policyMap["uri"].(string) + cookie := policyMap["cookie"].(string) + userAgent := policyMap["user_agent"].(string) + ccPolicyRecord := antiddos.CCReqLimitPolicyRecord{ + Action: &action, + ExecuteDuration: helper.IntUint64(executeDuration), + Mode: &mode, + Period: helper.IntUint64(period), + RequestNum: helper.IntUint64(requestNum), + } + if uri != "" { + ccPolicyRecord.Uri = &uri + } else if cookie != "" { + ccPolicyRecord.Cookie = &cookie + } else if userAgent != "" { + ccPolicyRecord.UserAgent = &userAgent + } + err := antiddosService.CreateCCReqLimitPolicy(ctx, resourceId, protocol, ip, domain, ccPolicyRecord) + if err != nil { + return err + } + } + + } + } + d.SetId(resourceId + FILED_SP + business) + return resourceTencentCloudDayuCCPolicyV2Read(d, meta) +} + +func resourceTencentCloudDayuCCPolicyV2Read(d *schema.ResourceData, meta interface{}) error { + defer logElapsed("resource.tencentcloud_dayu_cc_policy_v2.read")() + logId := getLogId(contextNil) + ctx := context.WithValue(context.TODO(), logIdKey, logId) + items := strings.Split(d.Id(), FILED_SP) + if len(items) < 2 { + return fmt.Errorf("broken ID of DDoS policy") + } + instanceId := items[0] + business := items[1] + antiddosService := AntiddosService{client: meta.(*TencentCloudClient).apiV3Conn} + + thresholdList, err := antiddosService.DescribeCCThresholdList(ctx, business, instanceId) + if err != nil { + return err + } + resultThresholds := make([]map[string]interface{}, 0) + for _, threshold := range thresholdList { + tmpThreshold := make(map[string]interface{}) + tmpThreshold["threshold"] = threshold.Threshold + tmpThreshold["domain"] = threshold.Domain + resultThresholds = append(resultThresholds, tmpThreshold) + } + d.Set("thresholds", resultThresholds) + + ccGeoIpPolicys, err := antiddosService.DescribeCcGeoIPBlockConfigList(ctx, business, instanceId) + if err != nil { + return err + } + resultCCGeoIpPolicys := make([]map[string]interface{}, 0) + for _, ccGeoIpPolicy := range ccGeoIpPolicys { + tmpResultCCGeoIpPolicy := make(map[string]interface{}) + tmpResultCCGeoIpPolicy["action"] = *ccGeoIpPolicy.Action + tmpResultCCGeoIpPolicy["area_list"] = ccGeoIpPolicy.AreaList + tmpResultCCGeoIpPolicy["create_time"] = *ccGeoIpPolicy.CreateTime + tmpResultCCGeoIpPolicy["modify_time"] = *ccGeoIpPolicy.ModifyTime + tmpResultCCGeoIpPolicy["domain"] = *ccGeoIpPolicy.Domain + tmpResultCCGeoIpPolicy["protocol"] = *ccGeoIpPolicy.Protocol + tmpResultCCGeoIpPolicy["region_type"] = *ccGeoIpPolicy.RegionType + resultCCGeoIpPolicys = append(resultCCGeoIpPolicys, tmpResultCCGeoIpPolicy) + } + d.Set("cc_geo_ip_policys", resultCCGeoIpPolicys) + + ccBlackWhiteIpList, err := antiddosService.DescribeCcBlackWhiteIpList(ctx, business, instanceId) + if err != nil { + return err + } + resultCCBlackWhiteIpList := make([]map[string]interface{}, 0) + for _, ccBlackWhiteIp := range ccBlackWhiteIpList { + tmpResultCCBlackWhiteIp := make(map[string]interface{}) + tmpResultCCBlackWhiteIp["black_white_ip"] = *ccBlackWhiteIp.BlackWhiteIp + tmpResultCCBlackWhiteIp["create_time"] = *ccBlackWhiteIp.CreateTime + tmpResultCCBlackWhiteIp["modify_time"] = *ccBlackWhiteIp.ModifyTime + tmpResultCCBlackWhiteIp["domain"] = *ccBlackWhiteIp.Domain + tmpResultCCBlackWhiteIp["protocol"] = *ccBlackWhiteIp.Protocol + tmpResultCCBlackWhiteIp["type"] = *ccBlackWhiteIp.Type + resultCCBlackWhiteIpList = append(resultCCBlackWhiteIpList, tmpResultCCBlackWhiteIp) + } + d.Set("cc_black_white_ips", resultCCBlackWhiteIpList) + + ccPrecisionPlyList, err := antiddosService.DescribeCCPrecisionPlyList(ctx, business, instanceId) + if err != nil { + return err + } + resultCCPrecisionPlyList := make([]map[string]interface{}, 0) + for _, ccPrecisionPly := range ccPrecisionPlyList { + tmpResultCCPrecisionPly := make(map[string]interface{}) + tmpResultCCPrecisionPly["policy_action"] = *ccPrecisionPly.PolicyAction + tmpResultCCPrecisionPly["policy_id"] = *ccPrecisionPly.PolicyId + tmpResultCCPrecisionPly["domain"] = *ccPrecisionPly.Domain + tmpResultCCPrecisionPly["ip"] = *ccPrecisionPly.Ip + tmpResultCCPrecisionPly["protocol"] = *ccPrecisionPly.Protocol + policys := make([]map[string]interface{}, 0) + for _, policy := range ccPrecisionPly.PolicyList { + tmpPolicy := make(map[string]interface{}) + tmpPolicy["field_name"] = *policy.FieldName + tmpPolicy["field_type"] = *policy.FieldType + tmpPolicy["value"] = *policy.Value + tmpPolicy["value_operator"] = *policy.ValueOperator + policys = append(policys, tmpPolicy) + } + tmpResultCCPrecisionPly["policys"] = policys + resultCCPrecisionPlyList = append(resultCCPrecisionPlyList, tmpResultCCPrecisionPly) + } + d.Set("cc_precision_policys", resultCCPrecisionPlyList) + + ccLevelList, err := antiddosService.DescribeCCLevelList(ctx, business, instanceId) + if err != nil { + return err + } + + resultCCReqLimitList := make([]map[string]interface{}, 0) + for _, ccLevelItem := range ccLevelList { + ccLevelIp := *ccLevelItem.Ip + ccLevelProtocol := *ccLevelItem.Protocol + ccLevel := *ccLevelItem.Level + ccLevelDomain := *ccLevelItem.Domain + ccLevelInstanceId := *ccLevelItem.InstanceId + tmpResultCCReqLimitList := make(map[string]interface{}) + tmpResultCCReqLimitList["ip"] = ccLevelIp + tmpResultCCReqLimitList["protocol"] = ccLevelProtocol + tmpResultCCReqLimitList["level"] = ccLevel + tmpResultCCReqLimitList["domain"] = ccLevelDomain + tmpResultCCReqLimitList["instance_id"] = ccLevelInstanceId + ccReqLimitPolicyList, err := antiddosService.DescribeCCReqLimitPolicyList(ctx, business, instanceId) + if err != nil { + return err + } + resultCCReqLimitPolicyList := make([]map[string]interface{}, 0) + for _, ccReqLimitPolicy := range ccReqLimitPolicyList { + if ccLevelDomain != *ccReqLimitPolicy.Domain { + continue + } + policyRecord := make(map[string]interface{}) + policyRecord["action"] = *ccReqLimitPolicy.PolicyRecord.Action + policyRecord["cookie"] = *ccReqLimitPolicy.PolicyRecord.Cookie + policyRecord["execute_duration"] = *ccReqLimitPolicy.PolicyRecord.ExecuteDuration + policyRecord["mode"] = *ccReqLimitPolicy.PolicyRecord.Mode + policyRecord["period"] = *ccReqLimitPolicy.PolicyRecord.Period + policyRecord["request_num"] = *ccReqLimitPolicy.PolicyRecord.RequestNum + policyRecord["uri"] = *ccReqLimitPolicy.PolicyRecord.Uri + policyRecord["user_agent"] = *ccReqLimitPolicy.PolicyRecord.UserAgent + resultCCReqLimitPolicyList = append(resultCCReqLimitPolicyList, policyRecord) + } + tmpResultCCReqLimitList["policys"] = resultCCReqLimitPolicyList + resultCCReqLimitList = append(resultCCReqLimitList, tmpResultCCReqLimitList) + } + + d.Set("cc_precision_req_limits", resultCCReqLimitList) + return nil +} + +func resourceTencentCloudDayuCCPolicyV2Update(d *schema.ResourceData, meta interface{}) error { + defer logElapsed("resource.tencentcloud_dayu_cc_policy_v2.update")() + + logId := getLogId(contextNil) + ctx := context.WithValue(context.TODO(), logIdKey, logId) + items := strings.Split(d.Id(), FILED_SP) + if len(items) < 2 { + return fmt.Errorf("broken ID of DDoS policy") + } + instanceId := items[0] + business := items[1] + antiddosService := AntiddosService{client: meta.(*TencentCloudClient).apiV3Conn} + protectThresholdConfig, err := antiddosService.DescribeListProtectThresholdConfig(ctx, instanceId) + if err != nil { + return err + } + instanceDetailList := protectThresholdConfig.InstanceDetailList + if len(instanceDetailList) != 1 { + return fmt.Errorf("Can not fetch Eip.") + } + ip := *instanceDetailList[0].EipList[0] + if d.HasChange("thresholds") { + oldthresholdMap := make(map[string]int) + newthresholdMap := make(map[string]int) + thresholdList, err := antiddosService.DescribeCCThresholdList(ctx, business, instanceId) + if err != nil { + return err + } + for _, threshold := range thresholdList { + key := *threshold.Domain + "_" + fmt.Sprint(*threshold.Threshold) + oldthresholdMap[key] = 1 + } + thresholds := d.Get("thresholds").([]interface{}) + for _, threshold := range thresholds { + thresholdMap := threshold.(map[string]interface{}) + subDomain := thresholdMap["domain"].(string) + subThreshold := thresholdMap["threshold"].(int) + key := subDomain + "_" + fmt.Sprint(subThreshold) + newthresholdMap[key] = 1 + if oldthresholdMap[key] == 0 { + err := antiddosService.ModifyCCThresholdPolicy(ctx, instanceId, "http", ip, subDomain, subThreshold) + if err != nil { + return err + } + } + } + for _, threshold := range thresholdList { + key := *threshold.Domain + "_" + fmt.Sprint(*threshold.Threshold) + if newthresholdMap[key] == 0 { + err := antiddosService.DeleteCCLevelPolicy(ctx, instanceId, ip, *threshold.Domain) + if err != nil { + return err + } + err = antiddosService.DeleteCCThresholdPolicy(ctx, instanceId, ip, *threshold.Domain) + if err != nil { + return err + } + } + } + } + + if d.HasChange("cc_geo_ip_policys") { + newCCGeoIpPolicys := d.Get("cc_geo_ip_policys").([]interface{}) + oldCCGeoIpPolicys, err := antiddosService.DescribeCcGeoIPBlockConfigList(ctx, business, instanceId) + if err != nil { + return err + } + oldCCGeoIpPolicyMap := make(map[string]int) + newCCGeoIpPolicyMap := make(map[string]int) + + for _, oldCCGeoIpPolicy := range oldCCGeoIpPolicys { + action := *oldCCGeoIpPolicy.Action + regionType := *oldCCGeoIpPolicy.RegionType + domain := *oldCCGeoIpPolicy.Domain + protocol := *oldCCGeoIpPolicy.Protocol + key := action + "_" + regionType + "_" + domain + "_" + protocol + oldCCGeoIpPolicyMap[key] = 1 + + } + for _, newCCGeoIpPolicyItem := range newCCGeoIpPolicys { + newCCGeoIpPolicyItemMap := newCCGeoIpPolicyItem.(map[string]interface{}) + action := newCCGeoIpPolicyItemMap["action"].(string) + regionType := newCCGeoIpPolicyItemMap["region_type"].(string) + domain := newCCGeoIpPolicyItemMap["domain"].(string) + protocol := newCCGeoIpPolicyItemMap["protocol"].(string) + key := action + "_" + regionType + "_" + domain + "_" + protocol + newCCGeoIpPolicyMap[key] = 1 + if oldCCGeoIpPolicyMap[key] == 0 { + ccGeoIPBlockConfig := antiddos.CcGeoIPBlockConfig{ + Action: &action, + RegionType: ®ionType, + } + err := antiddosService.CreateCcGeoIPBlockConfig(ctx, instanceId, protocol, ip, domain, ccGeoIPBlockConfig) + if err != nil { + return err + } + } + } + for _, oldCCGeoIpPolicy := range oldCCGeoIpPolicys { + action := *oldCCGeoIpPolicy.Action + regionType := *oldCCGeoIpPolicy.RegionType + domain := *oldCCGeoIpPolicy.Domain + protocol := *oldCCGeoIpPolicy.Protocol + key := action + "_" + regionType + "_" + domain + "_" + protocol + if newCCGeoIpPolicyMap[key] == 0 { + areaInt64List := make([]*int64, 0) + for _, area := range oldCCGeoIpPolicy.AreaList { + ateaInt64 := int64(*area) + areaInt64List = append(areaInt64List, &ateaInt64) + } + ccGeoIPBlockConfig := antiddos.CcGeoIPBlockConfig{ + Action: oldCCGeoIpPolicy.Action, + AreaList: areaInt64List, + Id: oldCCGeoIpPolicy.PolicyId, + RegionType: oldCCGeoIpPolicy.RegionType, + } + antiddosService.DeleteCcGeoIPBlockConfig(ctx, instanceId, ccGeoIPBlockConfig) + } + } + + } + + if d.HasChange("cc_black_white_ips") { + newCCBlackWhiteIps := d.Get("cc_black_white_ips").([]interface{}) + oldCCBlackWhiteIps, err := antiddosService.DescribeCcBlackWhiteIpList(ctx, business, instanceId) + if err != nil { + return err + } + oldCCBlackWhiteIpMap := make(map[string]int) + newCCBlackWhiteIpMap := make(map[string]int) + oldCCBlackWhiteIpPolicyIdMap := make(map[string]string) + + for _, oldCCBlackWhiteIp := range oldCCBlackWhiteIps { + blackWhiteIp := *oldCCBlackWhiteIp.BlackWhiteIp + blackWhiteIpType := *oldCCBlackWhiteIp.Type + domain := *oldCCBlackWhiteIp.Domain + protocol := *oldCCBlackWhiteIp.Protocol + key := blackWhiteIpType + "_" + blackWhiteIp + "_" + domain + "_" + protocol + oldCCBlackWhiteIpMap[key] = 1 + oldCCBlackWhiteIpPolicyIdMap[key] = *oldCCBlackWhiteIp.PolicyId + + } + for _, newCCBlackWhiteIpItem := range newCCBlackWhiteIps { + newCCBlackWhiteIpItemMap := newCCBlackWhiteIpItem.(map[string]interface{}) + blackWhiteIp := newCCBlackWhiteIpItemMap["black_white_ip"].(string) + blackWhiteIpType := newCCBlackWhiteIpItemMap["type"].(string) + domain := newCCBlackWhiteIpItemMap["domain"].(string) + protocol := newCCBlackWhiteIpItemMap["protocol"].(string) + key := blackWhiteIpType + "_" + blackWhiteIp + "_" + domain + "_" + protocol + newCCBlackWhiteIpMap[key] = 1 + if oldCCBlackWhiteIpMap[key] == 0 { + err := antiddosService.CreateCcBlackWhiteIpList(ctx, instanceId, protocol, ip, domain, blackWhiteIpType, []string{blackWhiteIp}) + if err != nil { + return err + } + } + } + for _, oldCCBlackWhiteIp := range oldCCBlackWhiteIps { + blackWhiteIp := *oldCCBlackWhiteIp.BlackWhiteIp + blackWhiteIpType := *oldCCBlackWhiteIp.Type + domain := *oldCCBlackWhiteIp.Domain + protocol := *oldCCBlackWhiteIp.Protocol + key := blackWhiteIpType + "_" + blackWhiteIp + "_" + domain + "_" + protocol + if newCCBlackWhiteIpMap[key] == 0 { + err := antiddosService.DeleteCcBlackWhiteIpList(ctx, instanceId, oldCCBlackWhiteIpPolicyIdMap[key]) + if err != nil { + return err + } + } + } + } + + if d.HasChange("cc_precision_policys") { + newccPrecisionPolicys := d.Get("cc_precision_policys").([]interface{}) + oldCCPrecisionPolicys, err := antiddosService.DescribeCCPrecisionPlyList(ctx, business, instanceId) + if err != nil { + return err + } + oldCCPrecisionPolicyMap := make(map[string]int) + newCCPrecisionPolicyMap := make(map[string]int) + oldCCPrecisionPolicyPolicyIdMap := make(map[string]string) + + for _, oldCCPrecisionPolicy := range oldCCPrecisionPolicys { + domain := *oldCCPrecisionPolicy.Domain + protocol := *oldCCPrecisionPolicy.Protocol + policyAction := *oldCCPrecisionPolicy.PolicyAction + policyList := oldCCPrecisionPolicy.PolicyList + policyId := oldCCPrecisionPolicy.PolicyId + for _, policy := range policyList { + fieldName := *policy.FieldName + fieldType := *policy.FieldType + value := *policy.Value + valueOperator := *policy.ValueOperator + key := domain + "_" + protocol + "+" + policyAction + "_" + fieldName + "_" + fieldType + "_" + value + "_" + valueOperator + oldCCPrecisionPolicyMap[key] = 1 + oldCCPrecisionPolicyPolicyIdMap[key] = *policyId + } + + } + for _, newccPrecisionPolicyItem := range newccPrecisionPolicys { + newccPrecisionPolicyItemMap := newccPrecisionPolicyItem.(map[string]interface{}) + policyAction := newccPrecisionPolicyItemMap["policy_action"].(string) + protocol := newccPrecisionPolicyItemMap["protocol"].(string) + domain := newccPrecisionPolicyItemMap["domain"].(string) + + policys := newccPrecisionPolicyItemMap["policys"].([]interface{}) + for _, policy := range policys { + policyItemMap := policy.(map[string]interface{}) + fieldName := policyItemMap["field_name"].(string) + fieldType := policyItemMap["field_type"].(string) + value := policyItemMap["value"].(string) + valueOperator := policyItemMap["value_operator"].(string) + key := domain + "_" + protocol + "+" + policyAction + "_" + fieldName + "_" + fieldType + "_" + value + "_" + valueOperator + newCCPrecisionPolicyMap[key] = 1 + if oldCCPrecisionPolicyMap[key] == 0 { + tmpCCPrecisionPlyRecord := antiddos.CCPrecisionPlyRecord{} + tmpCCPrecisionPlyRecord.FieldName = &fieldName + tmpCCPrecisionPlyRecord.FieldType = &fieldType + tmpCCPrecisionPlyRecord.Value = &value + tmpCCPrecisionPlyRecord.ValueOperator = &valueOperator + err := antiddosService.CreateCCPrecisionPolicy(ctx, instanceId, protocol, ip, domain, policyAction, []*antiddos.CCPrecisionPlyRecord{&tmpCCPrecisionPlyRecord}) + if err != nil { + return err + } + } + } + + } + for _, oldCCPrecisionPolicy := range oldCCPrecisionPolicys { + policyAction := *oldCCPrecisionPolicy.PolicyAction + policyId := *oldCCPrecisionPolicy.PolicyId + policyList := oldCCPrecisionPolicy.PolicyList + domain := *oldCCPrecisionPolicy.Domain + protocol := *oldCCPrecisionPolicy.Protocol + for _, policy := range policyList { + fieldName := *policy.FieldName + fieldType := *policy.FieldType + value := *policy.Value + valueOperator := *policy.ValueOperator + key := domain + "_" + protocol + "+" + policyAction + "_" + fieldName + "_" + fieldType + "_" + value + "_" + valueOperator + if newCCPrecisionPolicyMap[key] == 0 { + err := antiddosService.DeleteCCPrecisionPolicy(ctx, instanceId, policyId) + if err != nil { + return err + } + } + } + + } + } + + if d.HasChange("cc_precision_req_limits") { + newCCPrecisionReqLimits := d.Get("cc_precision_req_limits").([]interface{}) + oldCCPrecisionReqLimitPolicyMap := make(map[string]int) + newCCPrecisionReqLimitPolicyMap := make(map[string]int) + newDomainSetMap := make(map[string]int) + + ccReqLimitPolicyList, err := antiddosService.DescribeCCReqLimitPolicyList(ctx, business, instanceId) + if err != nil { + return err + } + for _, ccReqLimitPolicy := range ccReqLimitPolicyList { + action := *ccReqLimitPolicy.PolicyRecord.Action + executeDuration := *ccReqLimitPolicy.PolicyRecord.ExecuteDuration + mode := *ccReqLimitPolicy.PolicyRecord.Mode + period := *ccReqLimitPolicy.PolicyRecord.Period + requestNum := *ccReqLimitPolicy.PolicyRecord.RequestNum + uri := *ccReqLimitPolicy.PolicyRecord.Uri + cookie := *ccReqLimitPolicy.PolicyRecord.Cookie + userAgent := *ccReqLimitPolicy.PolicyRecord.UserAgent + domain := *ccReqLimitPolicy.Domain + protocol := *ccReqLimitPolicy.Protocol + key := domain + "_" + protocol + "_" + action + "_" + fmt.Sprint(executeDuration) + "_" + fmt.Sprint(mode) + "_" + fmt.Sprint(period) + "_" + fmt.Sprint(requestNum) + "_" + uri + "_" + cookie + "_" + userAgent + oldCCPrecisionReqLimitPolicyMap[key] = 1 + } + + for _, newCCPrecisionReqLimit := range newCCPrecisionReqLimits { + newCCPrecisionReqLimitMap := newCCPrecisionReqLimit.(map[string]interface{}) + domain := newCCPrecisionReqLimitMap["domain"].(string) + protocol := newCCPrecisionReqLimitMap["protocol"].(string) + newCCLevel := newCCPrecisionReqLimitMap["level"].(string) + newDomainSetMap[domain] = 1 + policys := newCCPrecisionReqLimitMap["policys"].([]interface{}) + for _, policy := range policys { + policyItemMap := policy.(map[string]interface{}) + action := policyItemMap["action"].(string) + executeDuration := policyItemMap["execute_duration"].(int) + mode := policyItemMap["mode"].(string) + period := policyItemMap["period"].(int) + requestNum := policyItemMap["request_num"].(int) + uri := policyItemMap["uri"].(string) + cookie := policyItemMap["cookie"].(string) + userAgent := policyItemMap["user_agent"].(string) + key := domain + "_" + protocol + "_" + action + "_" + fmt.Sprint(executeDuration) + "_" + fmt.Sprint(mode) + "_" + fmt.Sprint(period) + "_" + fmt.Sprint(requestNum) + "_" + uri + "_" + cookie + "_" + userAgent + newCCPrecisionReqLimitPolicyMap[key] = 1 + if oldCCPrecisionReqLimitPolicyMap[key] == 0 { + ccPolicyRecord := antiddos.CCReqLimitPolicyRecord{ + Action: &action, + ExecuteDuration: helper.IntUint64(executeDuration), + Mode: &mode, + Period: helper.IntUint64(period), + RequestNum: helper.IntUint64(requestNum), + } + if uri != "" { + ccPolicyRecord.Uri = &uri + } else if cookie != "" { + ccPolicyRecord.Cookie = &cookie + } else if userAgent != "" { + ccPolicyRecord.UserAgent = &userAgent + } + err := antiddosService.CreateCCReqLimitPolicy(ctx, instanceId, protocol, ip, domain, ccPolicyRecord) + if err != nil { + return err + } + } + } + err = antiddosService.ModifyCCLevelPolicy(ctx, instanceId, ip, domain, protocol, newCCLevel) + if err != nil { + return err + } + + } + + for _, ccReqLimitPolicy := range ccReqLimitPolicyList { + protocol := *ccReqLimitPolicy.Protocol + domain := *ccReqLimitPolicy.Domain + action := *ccReqLimitPolicy.PolicyRecord.Action + executeDuration := *ccReqLimitPolicy.PolicyRecord.ExecuteDuration + mode := *ccReqLimitPolicy.PolicyRecord.Mode + period := *ccReqLimitPolicy.PolicyRecord.Period + requestNum := *ccReqLimitPolicy.PolicyRecord.RequestNum + uri := *ccReqLimitPolicy.PolicyRecord.Uri + cookie := *ccReqLimitPolicy.PolicyRecord.Cookie + userAgent := *ccReqLimitPolicy.PolicyRecord.UserAgent + key := domain + "_" + protocol + "_" + action + "_" + fmt.Sprint(executeDuration) + "_" + fmt.Sprint(mode) + "_" + fmt.Sprint(period) + "_" + fmt.Sprint(requestNum) + "_" + uri + "_" + cookie + "_" + userAgent + if newCCPrecisionReqLimitPolicyMap[key] == 0 { + err := antiddosService.DeleteCCRequestLimitPolicy(ctx, instanceId, *ccReqLimitPolicy.PolicyId) + if err != nil { + return err + } + } + if newDomainSetMap[domain] == 0 { + err := antiddosService.DeleteCCLevelPolicy(ctx, instanceId, ip, domain) + if err != nil { + return err + } + } + } + } + + return resourceTencentCloudDayuCCPolicyV2Read(d, meta) +} + +func resourceTencentCloudDayuCCPolicyV2Delete(d *schema.ResourceData, meta interface{}) error { + defer logElapsed("resource.tencentcloud_dayu_cc_policy_v2.delete")() + + logId := getLogId(contextNil) + ctx := context.WithValue(context.TODO(), logIdKey, logId) + items := strings.Split(d.Id(), FILED_SP) + if len(items) < 2 { + return fmt.Errorf("broken ID of DDoS policy") + } + instanceId := items[0] + business := items[1] + antiddosService := AntiddosService{client: meta.(*TencentCloudClient).apiV3Conn} + thresholdList, err := antiddosService.DescribeCCThresholdList(ctx, business, instanceId) + if err != nil { + return err + } + for _, threshold := range thresholdList { + err := antiddosService.DeleteCCLevelPolicy(ctx, instanceId, *threshold.Ip, *threshold.Domain) + if err != nil { + return err + } + err = antiddosService.DeleteCCThresholdPolicy(ctx, instanceId, *threshold.Ip, *threshold.Domain) + if err != nil { + return err + } + } + + ccGeoIpPolicys, err := antiddosService.DescribeCcGeoIPBlockConfigList(ctx, business, instanceId) + if err != nil { + return err + } + for _, ccGeoIpPolicy := range ccGeoIpPolicys { + areaInt64List := make([]*int64, 0) + for _, area := range ccGeoIpPolicy.AreaList { + ateaInt64 := int64(*area) + areaInt64List = append(areaInt64List, &ateaInt64) + } + ccGeoIPBlockConfig := antiddos.CcGeoIPBlockConfig{ + Action: ccGeoIpPolicy.Action, + AreaList: areaInt64List, + Id: ccGeoIpPolicy.PolicyId, + RegionType: ccGeoIpPolicy.RegionType, + } + antiddosService.DeleteCcGeoIPBlockConfig(ctx, instanceId, ccGeoIPBlockConfig) + } + + ccBlackWhiteIpList, err := antiddosService.DescribeCcBlackWhiteIpList(ctx, business, instanceId) + if err != nil { + return err + } + for _, ccBlackWhiteIp := range ccBlackWhiteIpList { + err := antiddosService.DeleteCcBlackWhiteIpList(ctx, instanceId, *ccBlackWhiteIp.PolicyId) + if err != nil { + return err + } + } + + ccPrecisionPlyList, err := antiddosService.DescribeCCPrecisionPlyList(ctx, business, instanceId) + if err != nil { + return err + } + for _, ccPrecisionPly := range ccPrecisionPlyList { + err := antiddosService.DeleteCCPrecisionPolicy(ctx, instanceId, *ccPrecisionPly.PolicyId) + if err != nil { + return err + } + } + ccLevelPolicyDomainMap := make(map[string]interface{}) + ccLevelList, err := antiddosService.DescribeCCLevelList(ctx, business, instanceId) + if err != nil { + return err + } + for _, ccLevel := range ccLevelList { + key := *ccLevel.Ip + "_" + *ccLevel.Domain + ccLevelPolicyDomainMap[key] = 1 + + } + ccReqLimitPolicyList, err := antiddosService.DescribeCCReqLimitPolicyList(ctx, business, instanceId) + if err != nil { + return err + } + for _, ccReqLimitPolicy := range ccReqLimitPolicyList { + key := *ccReqLimitPolicy.Ip + "_" + *ccReqLimitPolicy.Domain + ccLevelPolicyDomainMap[key] = 1 + } + for item := range ccLevelPolicyDomainMap { + itemList := strings.Split(item, "_") + err := antiddosService.DeleteCCLevelPolicy(ctx, instanceId, itemList[0], itemList[1]) + if err != nil { + return err + } + } + + return nil +} diff --git a/tencentcloud/resource_tc_dayu_cc_policy_v2_test.go b/tencentcloud/resource_tc_dayu_cc_policy_v2_test.go new file mode 100644 index 0000000000..8dea242322 --- /dev/null +++ b/tencentcloud/resource_tc_dayu_cc_policy_v2_test.go @@ -0,0 +1,156 @@ +package tencentcloud + +import ( + "context" + "fmt" + "strings" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" +) + +func TestAccTencentCloudDayuCCPolicyV2Resource(t *testing.T) { + t.Parallel() + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheckCommon(t, ACCOUNT_TYPE_INTERNATION) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckDayuCCPolicyV2Destroy, + Steps: []resource.TestStep{ + { + Config: testAccDayuCCPolicyV2, + Check: resource.ComposeTestCheckFunc( + testAccCheckDayuDdosPolicyV2Exists("tencentcloud_dayu_cc_policy_v2.demo"), + resource.TestCheckResourceAttr("tencentcloud_dayu_cc_policy_v2.demo", "cc_black_white_ips.#", "1"), + resource.TestCheckResourceAttr("tencentcloud_dayu_cc_policy_v2.demo", "cc_geo_ip_policys.#", "1"), + resource.TestCheckResourceAttr("tencentcloud_dayu_cc_policy_v2.demo", "cc_precision_policys.#", "1"), + resource.TestCheckResourceAttr("tencentcloud_dayu_cc_policy_v2.demo", "cc_precision_req_limits.#", "1"), + resource.TestCheckResourceAttr("tencentcloud_dayu_cc_policy_v2.demo", "thresholds.#", "1"), + ), + }, + }, + }) +} + +func testAccCheckDayuCCPolicyV2Destroy(s *terraform.State) error { + for _, rs := range s.RootModule().Resources { + if rs.Type != "tencentcloud_dayu_cc_policy_v2" { + continue + } + logId := getLogId(contextNil) + ctx := context.WithValue(context.TODO(), logIdKey, logId) + + items := strings.Split(rs.Primary.ID, FILED_SP) + if len(items) < 2 { + return fmt.Errorf("broken ID of DDoS policy") + } + instanceId := items[0] + business := items[1] + antiddosService := AntiddosService{client: testAccProvider.Meta().(*TencentCloudClient).apiV3Conn} + thresholdList, err := antiddosService.DescribeCCThresholdList(ctx, business, instanceId) + if err != nil { + return err + } + if len(thresholdList) != 0 { + return fmt.Errorf("delete cc policy %s fail, still on server", rs.Primary.ID) + } + + ccGeoIpPolicys, err := antiddosService.DescribeCcGeoIPBlockConfigList(ctx, business, instanceId) + if err != nil { + return err + } + if len(ccGeoIpPolicys) != 0 { + return fmt.Errorf("delete cc policy %s fail, still on server", rs.Primary.ID) + } + + ccBlackWhiteIpList, err := antiddosService.DescribeCcBlackWhiteIpList(ctx, business, instanceId) + if err != nil { + return err + } + if len(ccBlackWhiteIpList) != 0 { + return fmt.Errorf("delete cc policy %s fail, still on server", rs.Primary.ID) + } + + ccPrecisionPlyList, err := antiddosService.DescribeCCPrecisionPlyList(ctx, business, instanceId) + if err != nil { + return err + } + if len(ccPrecisionPlyList) != 0 { + return fmt.Errorf("delete cc policy %s fail, still on server", rs.Primary.ID) + } + + ccLevelList, err := antiddosService.DescribeCCLevelList(ctx, business, instanceId) + if err != nil { + return err + } + if len(ccLevelList) != 0 { + return fmt.Errorf("delete cc policy %s fail, still on server", rs.Primary.ID) + } + ccReqLimitPolicyList, err := antiddosService.DescribeCCReqLimitPolicyList(ctx, business, instanceId) + if err != nil { + return err + } + if len(ccReqLimitPolicyList) != 0 { + return fmt.Errorf("delete cc policy %s fail, still on server", rs.Primary.ID) + } + } + return nil +} + +func testAccCheckDayuCCPolicyV2Exists(n string) resource.TestCheckFunc { + return func(s *terraform.State) error { + _, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("resource %s is not found", n) + } + return nil + } +} + +const testAccDayuCCPolicyV2 string = ` +resource "tencentcloud_dayu_cc_policy_v2" "demo" { + resource_id="bgpip-000004xf" + business="bgpip" + thresholds { + domain="12.com" + threshold=0 + } + cc_geo_ip_policys { + action="drop" + region_type="china" + domain="12.com" + protocol="http" + } + + cc_black_white_ips { + protocol="http" + domain="12.com" + black_white_ip="1.2.3.4" + type="black" + } + cc_precision_policys{ + policy_action="drop" + domain="1.com" + protocol="http" + ip="162.62.163.34" + policys { + field_name="cgi" + field_type="value" + value="12123.com" + value_operator="equal" + } + } + cc_precision_req_limits { + domain="11.com" + protocol="http" + level="loose" + policys { + action="alg" + execute_duration=2 + mode="equal" + period=5 + request_num=12 + uri="15.com" + } + } + }` diff --git a/tencentcloud/service_tencentcloud_antiddos.go b/tencentcloud/service_tencentcloud_antiddos.go index 2341baef2b..5429c0f7bd 100644 --- a/tencentcloud/service_tencentcloud_antiddos.go +++ b/tencentcloud/service_tencentcloud_antiddos.go @@ -331,7 +331,6 @@ func (me *AntiddosService) DescribeListDDoSGeoIPBlockConfig(ctx context.Context, } offset += limit } - return } func (me *AntiddosService) DescribeListDDoSSpeedLimitConfig(ctx context.Context, instanceId string) (result []*antiddos.DDoSSpeedLimitConfigRelation, err error) { @@ -359,7 +358,6 @@ func (me *AntiddosService) DescribeListDDoSSpeedLimitConfig(ctx context.Context, offset += limit } - return } func (me *AntiddosService) DescribeListPacketFilterConfig(ctx context.Context, instanceId string) (result []*antiddos.PacketFilterRelation, err error) { @@ -882,3 +880,513 @@ func (me *AntiddosService) DeleteyDDoSLevel(ctx context.Context, business, insta } return } + +func (me *AntiddosService) DescribeCCThresholdList(ctx context.Context, business, instanceId string) (result []*antiddos.CCThresholdPolicy, err error) { + request := antiddos.NewDescribeCCThresholdListRequest() + request.Business = &business + request.InstanceId = &instanceId + var limit uint64 = 10 + var offset uint64 = 0 + request.Limit = &limit + request.Offset = &offset + + for { + ratelimit.Check(request.GetAction()) + response, e := me.client.UseAntiddosClient().DescribeCCThresholdList(request) + if e != nil { + err = e + return + } + thresholdList := response.Response.ThresholdList + if len(thresholdList) > 0 { + result = append(result, thresholdList...) + } + if len(thresholdList) < int(limit) { + return + } + offset += limit + } +} + +func (me *AntiddosService) ModifyCCThresholdPolicy(ctx context.Context, instanceId, protocol, ip, domain string, threshold int) (err error) { + logId := getLogId(ctx) + request := antiddos.NewModifyCCThresholdPolicyRequest() + request.Domain = &domain + request.InstanceId = &instanceId + request.Ip = &ip + request.Protocol = &protocol + request.Threshold = helper.IntInt64(threshold) + err = resource.Retry(writeRetryTimeout, func() *resource.RetryError { + _, err := me.client.UseAntiddosClient().ModifyCCThresholdPolicy(request) + if err != nil { + if sdkError, ok := err.(*sdkErrors.TencentCloudSDKError); ok { + if sdkError.Code == "ResourceUnavailable" { + return nil + } + } + return resource.RetryableError(err) + } + return nil + }) + if err != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", + logId, request.GetAction(), request.ToJsonString(), err.Error()) + return + } + return +} + +func (me *AntiddosService) DescribeCcGeoIPBlockConfigList(ctx context.Context, business, instanceId string) (result []*antiddos.CcGeoIpPolicyNew, err error) { + request := antiddos.NewDescribeCcGeoIPBlockConfigListRequest() + request.Business = &business + request.InstanceId = &instanceId + var limit uint64 = 10 + var offset uint64 = 0 + request.Limit = &limit + request.Offset = &offset + + for { + ratelimit.Check(request.GetAction()) + response, e := me.client.UseAntiddosClient().DescribeCcGeoIPBlockConfigList(request) + if e != nil { + err = e + return + } + ccGeoIpPolicyNew := response.Response.CcGeoIpPolicyList + if len(ccGeoIpPolicyNew) > 0 { + result = append(result, ccGeoIpPolicyNew...) + } + if len(ccGeoIpPolicyNew) < int(limit) { + return + } + offset += limit + } +} + +func (me *AntiddosService) CreateCcGeoIPBlockConfig(ctx context.Context, instanceId, protocol, ip, domain string, ccGeoIPBlockConfig antiddos.CcGeoIPBlockConfig) (err error) { + logId := getLogId(ctx) + request := antiddos.NewCreateCcGeoIPBlockConfigRequest() + request.Domain = &domain + request.InstanceId = &instanceId + request.IP = &ip + request.Protocol = &protocol + request.CcGeoIPBlockConfig = &ccGeoIPBlockConfig + err = resource.Retry(writeRetryTimeout, func() *resource.RetryError { + _, err := me.client.UseAntiddosClient().CreateCcGeoIPBlockConfig(request) + if err != nil { + return resource.RetryableError(err) + } + return nil + }) + if err != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", + logId, request.GetAction(), request.ToJsonString(), err.Error()) + return + } + return +} + +func (me *AntiddosService) DeleteCcGeoIPBlockConfig(ctx context.Context, instanceId string, ccGeoIPBlockConfig antiddos.CcGeoIPBlockConfig) (err error) { + logId := getLogId(ctx) + request := antiddos.NewDeleteCcGeoIPBlockConfigRequest() + request.InstanceId = &instanceId + request.CcGeoIPBlockConfig = &ccGeoIPBlockConfig + err = resource.Retry(writeRetryTimeout, func() *resource.RetryError { + _, err := me.client.UseAntiddosClient().DeleteCcGeoIPBlockConfig(request) + if err != nil { + return resource.RetryableError(err) + } + return nil + }) + if err != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", + logId, request.GetAction(), request.ToJsonString(), err.Error()) + return + } + return +} + +func (me *AntiddosService) DescribeCcBlackWhiteIpList(ctx context.Context, business, instanceId string) (result []*antiddos.CcBlackWhiteIpPolicy, err error) { + request := antiddos.NewDescribeCcBlackWhiteIpListRequest() + request.Business = &business + request.InstanceId = &instanceId + var limit uint64 = 10 + var offset uint64 = 0 + request.Limit = &limit + request.Offset = &offset + + for { + ratelimit.Check(request.GetAction()) + response, e := me.client.UseAntiddosClient().DescribeCcBlackWhiteIpList(request) + if e != nil { + err = e + return + } + ccBlackWhiteIpList := response.Response.CcBlackWhiteIpList + if len(ccBlackWhiteIpList) > 0 { + result = append(result, ccBlackWhiteIpList...) + } + if len(ccBlackWhiteIpList) < int(limit) { + return + } + offset += limit + } +} + +func (me *AntiddosService) CreateCcBlackWhiteIpList(ctx context.Context, instanceId, protocol, ip, domain, ipType string, posIps []string) (err error) { + logId := getLogId(ctx) + request := antiddos.NewCreateCcBlackWhiteIpListRequest() + request.Domain = &domain + request.InstanceId = &instanceId + request.Ip = &ip + request.Protocol = &protocol + request.Type = &ipType + ipLists := make([]*antiddos.IpSegment, 0) + for _, posIp := range posIps { + ipLists = append(ipLists, &antiddos.IpSegment{ + Ip: &posIp, + Mask: helper.IntUint64(0), + }) + } + request.IpList = ipLists + err = resource.Retry(writeRetryTimeout, func() *resource.RetryError { + _, err := me.client.UseAntiddosClient().CreateCcBlackWhiteIpList(request) + if err != nil { + return resource.RetryableError(err) + } + return nil + }) + if err != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", + logId, request.GetAction(), request.ToJsonString(), err.Error()) + return + } + return +} + +func (me *AntiddosService) DeleteCcBlackWhiteIpList(ctx context.Context, instanceId, policyId string) (err error) { + logId := getLogId(ctx) + request := antiddos.NewDeleteCcBlackWhiteIpListRequest() + request.InstanceId = &instanceId + request.PolicyId = &policyId + err = resource.Retry(writeRetryTimeout, func() *resource.RetryError { + _, err := me.client.UseAntiddosClient().DeleteCcBlackWhiteIpList(request) + if err != nil { + return resource.RetryableError(err) + } + return nil + }) + if err != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", + logId, request.GetAction(), request.ToJsonString(), err.Error()) + return + } + return +} + +func (me *AntiddosService) DescribeCCPrecisionPlyList(ctx context.Context, business, instanceId string) (result []*antiddos.CCPrecisionPolicy, err error) { + request := antiddos.NewDescribeCCPrecisionPlyListRequest() + request.Business = &business + request.InstanceId = &instanceId + var limit uint64 = 10 + var offset uint64 = 0 + request.Limit = &limit + request.Offset = &offset + + for { + ratelimit.Check(request.GetAction()) + response, e := me.client.UseAntiddosClient().DescribeCCPrecisionPlyList(request) + if e != nil { + err = e + return + } + precisionPolicyList := response.Response.PrecisionPolicyList + if len(precisionPolicyList) > 0 { + result = append(result, precisionPolicyList...) + } + if len(precisionPolicyList) < int(limit) { + return + } + offset += limit + } +} + +func (me *AntiddosService) CreateCCPrecisionPolicy(ctx context.Context, instanceId, protocol, ip, domain, policyAction string, policyList []*antiddos.CCPrecisionPlyRecord) (err error) { + logId := getLogId(ctx) + request := antiddos.NewCreateCCPrecisionPolicyRequest() + request.Domain = &domain + request.InstanceId = &instanceId + request.Ip = &ip + request.Protocol = &protocol + request.PolicyAction = &policyAction + request.PolicyList = policyList + err = resource.Retry(writeRetryTimeout, func() *resource.RetryError { + _, err := me.client.UseAntiddosClient().CreateCCPrecisionPolicy(request) + if err != nil { + return resource.RetryableError(err) + } + return nil + }) + if err != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", + logId, request.GetAction(), request.ToJsonString(), err.Error()) + return + } + return +} + +func (me *AntiddosService) DeleteCCPrecisionPolicy(ctx context.Context, instanceId, policyId string) (err error) { + logId := getLogId(ctx) + request := antiddos.NewDeleteCCPrecisionPolicyRequest() + request.InstanceId = &instanceId + request.PolicyId = &policyId + err = resource.Retry(writeRetryTimeout, func() *resource.RetryError { + _, err := me.client.UseAntiddosClient().DeleteCCPrecisionPolicy(request) + if err != nil { + return resource.RetryableError(err) + } + return nil + }) + if err != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", + logId, request.GetAction(), request.ToJsonString(), err.Error()) + return + } + return +} + +func (me *AntiddosService) ModifyCCLevelPolicy(ctx context.Context, instanceId, ip, domain, protocol, level string) (err error) { + logId := getLogId(ctx) + request := antiddos.NewModifyCCLevelPolicyRequest() + request.InstanceId = &instanceId + request.Ip = &ip + request.Domain = &domain + request.Protocol = &protocol + request.Level = &level + err = resource.Retry(writeRetryTimeout, func() *resource.RetryError { + _, err := me.client.UseAntiddosClient().ModifyCCLevelPolicy(request) + if err != nil { + return resource.RetryableError(err) + } + return nil + }) + if err != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", + logId, request.GetAction(), request.ToJsonString(), err.Error()) + return + } + return +} + +func (me *AntiddosService) DescribeCCReqLimitPolicyList(ctx context.Context, business, instanceId string) (result []*antiddos.CCReqLimitPolicy, err error) { + request := antiddos.NewDescribeCCReqLimitPolicyListRequest() + request.Business = &business + request.InstanceId = &instanceId + var limit uint64 = 10 + var offset uint64 = 0 + request.Limit = &limit + request.Offset = &offset + + for { + ratelimit.Check(request.GetAction()) + response, e := me.client.UseAntiddosClient().DescribeCCReqLimitPolicyList(request) + if e != nil { + err = e + return + } + requestLimitPolicyList := response.Response.RequestLimitPolicyList + if len(requestLimitPolicyList) > 0 { + result = append(result, requestLimitPolicyList...) + } + if len(requestLimitPolicyList) < int(limit) { + return + } + offset += limit + } +} + +func (me *AntiddosService) CreateCCReqLimitPolicy(ctx context.Context, instanceId, protocol, ip, domain string, ccReqLimitPolicyRecord antiddos.CCReqLimitPolicyRecord) (err error) { + logId := getLogId(ctx) + request := antiddos.NewCreateCCReqLimitPolicyRequest() + request.Domain = &domain + request.InstanceId = &instanceId + request.Ip = &ip + request.Protocol = &protocol + request.Policy = &ccReqLimitPolicyRecord + err = resource.Retry(writeRetryTimeout, func() *resource.RetryError { + _, err := me.client.UseAntiddosClient().CreateCCReqLimitPolicy(request) + if err != nil { + return resource.RetryableError(err) + } + return nil + }) + if err != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", + logId, request.GetAction(), request.ToJsonString(), err.Error()) + return + } + return +} + +func (me *AntiddosService) DeleteCCRequestLimitPolicy(ctx context.Context, instanceId, policyId string) (err error) { + logId := getLogId(ctx) + request := antiddos.NewDeleteCCRequestLimitPolicyRequest() + request.InstanceId = &instanceId + request.PolicyId = &policyId + err = resource.Retry(writeRetryTimeout, func() *resource.RetryError { + _, err := me.client.UseAntiddosClient().DeleteCCRequestLimitPolicy(request) + if err != nil { + return resource.RetryableError(err) + } + return nil + }) + if err != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", + logId, request.GetAction(), request.ToJsonString(), err.Error()) + return + } + return +} + +func (me *AntiddosService) DescribeCCLevelPolicy(ctx context.Context, domain, instanceId, ip, protocol string) (level string, err error) { + request := antiddos.NewDescribeCCLevelPolicyRequest() + request.Domain = &domain + request.InstanceId = &instanceId + request.Ip = &ip + request.Protocol = &protocol + + ratelimit.Check(request.GetAction()) + response, e := me.client.UseAntiddosClient().DescribeCCLevelPolicy(request) + if e != nil { + err = e + return + } + level = *response.Response.Level + return +} + +func (me *AntiddosService) DescribeListBGPIPInstanceById(ctx context.Context, business, instanceId string) (result []*antiddos.BGPIPInstance, err error) { + + var limit uint64 = 10 + var offset uint64 = 0 + request := antiddos.NewDescribeListBGPIPInstancesRequest() + request.Limit = &limit + request.Offset = &offset + request.FilterInstanceId = &instanceId + + for { + ratelimit.Check(request.GetAction()) + response, e := me.client.UseAntiddosClient().DescribeListBGPIPInstances(request) + if e != nil { + err = e + return + } + bgpipInstanceList := response.Response.InstanceList + if len(bgpipInstanceList) > 0 { + result = append(result, bgpipInstanceList...) + } + if len(bgpipInstanceList) < int(limit) { + return + } + offset += limit + } +} + +func (me *AntiddosService) DescribeListBGPInstanceById(ctx context.Context, business, instanceId string) (result []*antiddos.BGPInstance, err error) { + + var limit uint64 = 10 + var offset uint64 = 0 + request := antiddos.NewDescribeListBGPInstancesRequest() + request.Limit = &limit + request.Offset = &offset + request.FilterInstanceId = &instanceId + + for { + ratelimit.Check(request.GetAction()) + response, e := me.client.UseAntiddosClient().DescribeListBGPInstances(request) + if e != nil { + err = e + return + } + bgpipInstanceList := response.Response.InstanceList + if len(bgpipInstanceList) > 0 { + result = append(result, bgpipInstanceList...) + } + if len(bgpipInstanceList) < int(limit) { + return + } + offset += limit + } +} + +func (me *AntiddosService) DescribeCCLevelList(ctx context.Context, business, instanceId string) (result []*antiddos.CCLevelPolicy, err error) { + + var limit uint64 = 10 + var offset uint64 = 0 + request := antiddos.NewDescribeCCLevelListRequest() + request.Limit = &limit + request.Offset = &offset + request.InstanceId = &instanceId + request.Business = &business + + for { + ratelimit.Check(request.GetAction()) + response, e := me.client.UseAntiddosClient().DescribeCCLevelList(request) + if e != nil { + err = e + return + } + bgpipInstanceList := response.Response.LevelList + if len(bgpipInstanceList) > 0 { + result = append(result, bgpipInstanceList...) + } + if len(bgpipInstanceList) < int(limit) { + return + } + offset += limit + } +} + +func (me *AntiddosService) DeleteCCLevelPolicy(ctx context.Context, instanceId, ip, domain string) (err error) { + logId := getLogId(ctx) + request := antiddos.NewDeleteCCLevelPolicyRequest() + request.InstanceId = &instanceId + request.Ip = &ip + request.Domain = &domain + request.Protocol = common.StringPtr("http") + err = resource.Retry(writeRetryTimeout, func() *resource.RetryError { + _, err := me.client.UseAntiddosClient().DeleteCCLevelPolicy(request) + if err != nil { + return resource.RetryableError(err) + } + return nil + }) + if err != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", + logId, request.GetAction(), request.ToJsonString(), err.Error()) + return + } + return +} + +func (me *AntiddosService) DeleteCCThresholdPolicy(ctx context.Context, instanceId, ip, domain string) (err error) { + logId := getLogId(ctx) + request := antiddos.NewDeleteCCThresholdPolicyRequest() + request.InstanceId = &instanceId + request.Ip = &ip + request.Domain = &domain + request.Protocol = common.StringPtr("http") + err = resource.Retry(writeRetryTimeout, func() *resource.RetryError { + _, err := me.client.UseAntiddosClient().DeleteCCThresholdPolicy(request) + if err != nil { + return resource.RetryableError(err) + } + return nil + }) + if err != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", + logId, request.GetAction(), request.ToJsonString(), err.Error()) + return + } + return +} diff --git a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos/v20200309/client.go b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos/v20200309/client.go index 76e97f0d3a..9ae4f89987 100644 --- a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos/v20200309/client.go +++ b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos/v20200309/client.go @@ -472,6 +472,58 @@ func (c *Client) CreateCCReqLimitPolicyWithContext(ctx context.Context, request return } +func NewCreateCcBlackWhiteIpListRequest() (request *CreateCcBlackWhiteIpListRequest) { + request = &CreateCcBlackWhiteIpListRequest{ + BaseRequest: &tchttp.BaseRequest{}, + } + request.Init().WithApiInfo("antiddos", APIVersion, "CreateCcBlackWhiteIpList") + + + return +} + +func NewCreateCcBlackWhiteIpListResponse() (response *CreateCcBlackWhiteIpListResponse) { + response = &CreateCcBlackWhiteIpListResponse{ + BaseResponse: &tchttp.BaseResponse{}, + } + return +} + +// CreateCcBlackWhiteIpList +// 新建CC四层黑白名单 +// +// 可能返回的错误码: +// LIMITEXCEEDED = "LimitExceeded" +// RESOURCENOTFOUND = "ResourceNotFound" +// UNSUPPORTEDOPERATION = "UnsupportedOperation" +func (c *Client) CreateCcBlackWhiteIpList(request *CreateCcBlackWhiteIpListRequest) (response *CreateCcBlackWhiteIpListResponse, err error) { + if request == nil { + request = NewCreateCcBlackWhiteIpListRequest() + } + + response = NewCreateCcBlackWhiteIpListResponse() + err = c.Send(request, response) + return +} + +// CreateCcBlackWhiteIpList +// 新建CC四层黑白名单 +// +// 可能返回的错误码: +// LIMITEXCEEDED = "LimitExceeded" +// RESOURCENOTFOUND = "ResourceNotFound" +// UNSUPPORTEDOPERATION = "UnsupportedOperation" +func (c *Client) CreateCcBlackWhiteIpListWithContext(ctx context.Context, request *CreateCcBlackWhiteIpListRequest) (response *CreateCcBlackWhiteIpListResponse, err error) { + if request == nil { + request = NewCreateCcBlackWhiteIpListRequest() + } + request.SetContext(ctx) + + response = NewCreateCcBlackWhiteIpListResponse() + err = c.Send(request, response) + return +} + func NewCreateCcGeoIPBlockConfigRequest() (request *CreateCcGeoIPBlockConfigRequest) { request = &CreateCcGeoIPBlockConfigRequest{ BaseRequest: &tchttp.BaseRequest{}, @@ -1318,6 +1370,7 @@ func NewCreateWaterPrintConfigResponse() (response *CreateWaterPrintConfigRespon // // 可能返回的错误码: // LIMITEXCEEDED = "LimitExceeded" +// RESOURCEINUSE = "ResourceInUse" // RESOURCENOTFOUND = "ResourceNotFound" // UNSUPPORTEDOPERATION = "UnsupportedOperation" func (c *Client) CreateWaterPrintConfig(request *CreateWaterPrintConfigRequest) (response *CreateWaterPrintConfigResponse, err error) { @@ -1335,6 +1388,7 @@ func (c *Client) CreateWaterPrintConfig(request *CreateWaterPrintConfigRequest) // // 可能返回的错误码: // LIMITEXCEEDED = "LimitExceeded" +// RESOURCEINUSE = "ResourceInUse" // RESOURCENOTFOUND = "ResourceNotFound" // UNSUPPORTEDOPERATION = "UnsupportedOperation" func (c *Client) CreateWaterPrintConfigWithContext(ctx context.Context, request *CreateWaterPrintConfigRequest) (response *CreateWaterPrintConfigResponse, err error) { @@ -1452,6 +1506,86 @@ func (c *Client) DeleteBlackWhiteIpListWithContext(ctx context.Context, request return } +func NewDeleteCCLevelPolicyRequest() (request *DeleteCCLevelPolicyRequest) { + request = &DeleteCCLevelPolicyRequest{ + BaseRequest: &tchttp.BaseRequest{}, + } + request.Init().WithApiInfo("antiddos", APIVersion, "DeleteCCLevelPolicy") + + + return +} + +func NewDeleteCCLevelPolicyResponse() (response *DeleteCCLevelPolicyResponse) { + response = &DeleteCCLevelPolicyResponse{ + BaseResponse: &tchttp.BaseResponse{}, + } + return +} + +// DeleteCCLevelPolicy +// 删除CC分级策略 +// +// 可能返回的错误码: +// AUTHFAILURE = "AuthFailure" +// DRYRUNOPERATION = "DryRunOperation" +// FAILEDOPERATION = "FailedOperation" +// INTERNALERROR = "InternalError" +// INVALIDPARAMETER = "InvalidParameter" +// INVALIDPARAMETERVALUE = "InvalidParameterValue" +// LIMITEXCEEDED = "LimitExceeded" +// MISSINGPARAMETER = "MissingParameter" +// OPERATIONDENIED = "OperationDenied" +// RESOURCEINUSE = "ResourceInUse" +// RESOURCEINSUFFICIENT = "ResourceInsufficient" +// RESOURCENOTFOUND = "ResourceNotFound" +// RESOURCEUNAVAILABLE = "ResourceUnavailable" +// RESOURCESSOLDOUT = "ResourcesSoldOut" +// UNAUTHORIZEDOPERATION = "UnauthorizedOperation" +// UNKNOWNPARAMETER = "UnknownParameter" +// UNSUPPORTEDOPERATION = "UnsupportedOperation" +func (c *Client) DeleteCCLevelPolicy(request *DeleteCCLevelPolicyRequest) (response *DeleteCCLevelPolicyResponse, err error) { + if request == nil { + request = NewDeleteCCLevelPolicyRequest() + } + + response = NewDeleteCCLevelPolicyResponse() + err = c.Send(request, response) + return +} + +// DeleteCCLevelPolicy +// 删除CC分级策略 +// +// 可能返回的错误码: +// AUTHFAILURE = "AuthFailure" +// DRYRUNOPERATION = "DryRunOperation" +// FAILEDOPERATION = "FailedOperation" +// INTERNALERROR = "InternalError" +// INVALIDPARAMETER = "InvalidParameter" +// INVALIDPARAMETERVALUE = "InvalidParameterValue" +// LIMITEXCEEDED = "LimitExceeded" +// MISSINGPARAMETER = "MissingParameter" +// OPERATIONDENIED = "OperationDenied" +// RESOURCEINUSE = "ResourceInUse" +// RESOURCEINSUFFICIENT = "ResourceInsufficient" +// RESOURCENOTFOUND = "ResourceNotFound" +// RESOURCEUNAVAILABLE = "ResourceUnavailable" +// RESOURCESSOLDOUT = "ResourcesSoldOut" +// UNAUTHORIZEDOPERATION = "UnauthorizedOperation" +// UNKNOWNPARAMETER = "UnknownParameter" +// UNSUPPORTEDOPERATION = "UnsupportedOperation" +func (c *Client) DeleteCCLevelPolicyWithContext(ctx context.Context, request *DeleteCCLevelPolicyRequest) (response *DeleteCCLevelPolicyResponse, err error) { + if request == nil { + request = NewDeleteCCLevelPolicyRequest() + } + request.SetContext(ctx) + + response = NewDeleteCCLevelPolicyResponse() + err = c.Send(request, response) + return +} + func NewDeleteCCPrecisionPolicyRequest() (request *DeleteCCPrecisionPolicyRequest) { request = &DeleteCCPrecisionPolicyRequest{ BaseRequest: &tchttp.BaseRequest{}, @@ -1612,6 +1746,86 @@ func (c *Client) DeleteCCRequestLimitPolicyWithContext(ctx context.Context, requ return } +func NewDeleteCCThresholdPolicyRequest() (request *DeleteCCThresholdPolicyRequest) { + request = &DeleteCCThresholdPolicyRequest{ + BaseRequest: &tchttp.BaseRequest{}, + } + request.Init().WithApiInfo("antiddos", APIVersion, "DeleteCCThresholdPolicy") + + + return +} + +func NewDeleteCCThresholdPolicyResponse() (response *DeleteCCThresholdPolicyResponse) { + response = &DeleteCCThresholdPolicyResponse{ + BaseResponse: &tchttp.BaseResponse{}, + } + return +} + +// DeleteCCThresholdPolicy +// 删除CC清洗阈值策略 +// +// 可能返回的错误码: +// AUTHFAILURE = "AuthFailure" +// DRYRUNOPERATION = "DryRunOperation" +// FAILEDOPERATION = "FailedOperation" +// INTERNALERROR = "InternalError" +// INVALIDPARAMETER = "InvalidParameter" +// INVALIDPARAMETERVALUE = "InvalidParameterValue" +// LIMITEXCEEDED = "LimitExceeded" +// MISSINGPARAMETER = "MissingParameter" +// OPERATIONDENIED = "OperationDenied" +// RESOURCEINUSE = "ResourceInUse" +// RESOURCEINSUFFICIENT = "ResourceInsufficient" +// RESOURCENOTFOUND = "ResourceNotFound" +// RESOURCEUNAVAILABLE = "ResourceUnavailable" +// RESOURCESSOLDOUT = "ResourcesSoldOut" +// UNAUTHORIZEDOPERATION = "UnauthorizedOperation" +// UNKNOWNPARAMETER = "UnknownParameter" +// UNSUPPORTEDOPERATION = "UnsupportedOperation" +func (c *Client) DeleteCCThresholdPolicy(request *DeleteCCThresholdPolicyRequest) (response *DeleteCCThresholdPolicyResponse, err error) { + if request == nil { + request = NewDeleteCCThresholdPolicyRequest() + } + + response = NewDeleteCCThresholdPolicyResponse() + err = c.Send(request, response) + return +} + +// DeleteCCThresholdPolicy +// 删除CC清洗阈值策略 +// +// 可能返回的错误码: +// AUTHFAILURE = "AuthFailure" +// DRYRUNOPERATION = "DryRunOperation" +// FAILEDOPERATION = "FailedOperation" +// INTERNALERROR = "InternalError" +// INVALIDPARAMETER = "InvalidParameter" +// INVALIDPARAMETERVALUE = "InvalidParameterValue" +// LIMITEXCEEDED = "LimitExceeded" +// MISSINGPARAMETER = "MissingParameter" +// OPERATIONDENIED = "OperationDenied" +// RESOURCEINUSE = "ResourceInUse" +// RESOURCEINSUFFICIENT = "ResourceInsufficient" +// RESOURCENOTFOUND = "ResourceNotFound" +// RESOURCEUNAVAILABLE = "ResourceUnavailable" +// RESOURCESSOLDOUT = "ResourcesSoldOut" +// UNAUTHORIZEDOPERATION = "UnauthorizedOperation" +// UNKNOWNPARAMETER = "UnknownParameter" +// UNSUPPORTEDOPERATION = "UnsupportedOperation" +func (c *Client) DeleteCCThresholdPolicyWithContext(ctx context.Context, request *DeleteCCThresholdPolicyRequest) (response *DeleteCCThresholdPolicyResponse, err error) { + if request == nil { + request = NewDeleteCCThresholdPolicyRequest() + } + request.SetContext(ctx) + + response = NewDeleteCCThresholdPolicyResponse() + err = c.Send(request, response) + return +} + func NewDeleteCcBlackWhiteIpListRequest() (request *DeleteCcBlackWhiteIpListRequest) { request = &DeleteCcBlackWhiteIpListRequest{ BaseRequest: &tchttp.BaseRequest{}, @@ -2282,6 +2496,166 @@ func (c *Client) DescribeBlackWhiteIpListWithContext(ctx context.Context, reques return } +func NewDescribeCCLevelListRequest() (request *DescribeCCLevelListRequest) { + request = &DescribeCCLevelListRequest{ + BaseRequest: &tchttp.BaseRequest{}, + } + request.Init().WithApiInfo("antiddos", APIVersion, "DescribeCCLevelList") + + + return +} + +func NewDescribeCCLevelListResponse() (response *DescribeCCLevelListResponse) { + response = &DescribeCCLevelListResponse{ + BaseResponse: &tchttp.BaseResponse{}, + } + return +} + +// DescribeCCLevelList +// 获取CC防护等级列表 +// +// 可能返回的错误码: +// AUTHFAILURE = "AuthFailure" +// DRYRUNOPERATION = "DryRunOperation" +// FAILEDOPERATION = "FailedOperation" +// INTERNALERROR = "InternalError" +// INVALIDPARAMETER = "InvalidParameter" +// INVALIDPARAMETERVALUE = "InvalidParameterValue" +// LIMITEXCEEDED = "LimitExceeded" +// MISSINGPARAMETER = "MissingParameter" +// OPERATIONDENIED = "OperationDenied" +// RESOURCEINUSE = "ResourceInUse" +// RESOURCEINSUFFICIENT = "ResourceInsufficient" +// RESOURCENOTFOUND = "ResourceNotFound" +// RESOURCEUNAVAILABLE = "ResourceUnavailable" +// RESOURCESSOLDOUT = "ResourcesSoldOut" +// UNAUTHORIZEDOPERATION = "UnauthorizedOperation" +// UNKNOWNPARAMETER = "UnknownParameter" +// UNSUPPORTEDOPERATION = "UnsupportedOperation" +func (c *Client) DescribeCCLevelList(request *DescribeCCLevelListRequest) (response *DescribeCCLevelListResponse, err error) { + if request == nil { + request = NewDescribeCCLevelListRequest() + } + + response = NewDescribeCCLevelListResponse() + err = c.Send(request, response) + return +} + +// DescribeCCLevelList +// 获取CC防护等级列表 +// +// 可能返回的错误码: +// AUTHFAILURE = "AuthFailure" +// DRYRUNOPERATION = "DryRunOperation" +// FAILEDOPERATION = "FailedOperation" +// INTERNALERROR = "InternalError" +// INVALIDPARAMETER = "InvalidParameter" +// INVALIDPARAMETERVALUE = "InvalidParameterValue" +// LIMITEXCEEDED = "LimitExceeded" +// MISSINGPARAMETER = "MissingParameter" +// OPERATIONDENIED = "OperationDenied" +// RESOURCEINUSE = "ResourceInUse" +// RESOURCEINSUFFICIENT = "ResourceInsufficient" +// RESOURCENOTFOUND = "ResourceNotFound" +// RESOURCEUNAVAILABLE = "ResourceUnavailable" +// RESOURCESSOLDOUT = "ResourcesSoldOut" +// UNAUTHORIZEDOPERATION = "UnauthorizedOperation" +// UNKNOWNPARAMETER = "UnknownParameter" +// UNSUPPORTEDOPERATION = "UnsupportedOperation" +func (c *Client) DescribeCCLevelListWithContext(ctx context.Context, request *DescribeCCLevelListRequest) (response *DescribeCCLevelListResponse, err error) { + if request == nil { + request = NewDescribeCCLevelListRequest() + } + request.SetContext(ctx) + + response = NewDescribeCCLevelListResponse() + err = c.Send(request, response) + return +} + +func NewDescribeCCLevelPolicyRequest() (request *DescribeCCLevelPolicyRequest) { + request = &DescribeCCLevelPolicyRequest{ + BaseRequest: &tchttp.BaseRequest{}, + } + request.Init().WithApiInfo("antiddos", APIVersion, "DescribeCCLevelPolicy") + + + return +} + +func NewDescribeCCLevelPolicyResponse() (response *DescribeCCLevelPolicyResponse) { + response = &DescribeCCLevelPolicyResponse{ + BaseResponse: &tchttp.BaseResponse{}, + } + return +} + +// DescribeCCLevelPolicy +// 获取CC分级策略 +// +// 可能返回的错误码: +// AUTHFAILURE = "AuthFailure" +// DRYRUNOPERATION = "DryRunOperation" +// FAILEDOPERATION = "FailedOperation" +// INTERNALERROR = "InternalError" +// INVALIDPARAMETER = "InvalidParameter" +// INVALIDPARAMETERVALUE = "InvalidParameterValue" +// LIMITEXCEEDED = "LimitExceeded" +// MISSINGPARAMETER = "MissingParameter" +// OPERATIONDENIED = "OperationDenied" +// RESOURCEINUSE = "ResourceInUse" +// RESOURCEINSUFFICIENT = "ResourceInsufficient" +// RESOURCENOTFOUND = "ResourceNotFound" +// RESOURCEUNAVAILABLE = "ResourceUnavailable" +// RESOURCESSOLDOUT = "ResourcesSoldOut" +// UNAUTHORIZEDOPERATION = "UnauthorizedOperation" +// UNKNOWNPARAMETER = "UnknownParameter" +// UNSUPPORTEDOPERATION = "UnsupportedOperation" +func (c *Client) DescribeCCLevelPolicy(request *DescribeCCLevelPolicyRequest) (response *DescribeCCLevelPolicyResponse, err error) { + if request == nil { + request = NewDescribeCCLevelPolicyRequest() + } + + response = NewDescribeCCLevelPolicyResponse() + err = c.Send(request, response) + return +} + +// DescribeCCLevelPolicy +// 获取CC分级策略 +// +// 可能返回的错误码: +// AUTHFAILURE = "AuthFailure" +// DRYRUNOPERATION = "DryRunOperation" +// FAILEDOPERATION = "FailedOperation" +// INTERNALERROR = "InternalError" +// INVALIDPARAMETER = "InvalidParameter" +// INVALIDPARAMETERVALUE = "InvalidParameterValue" +// LIMITEXCEEDED = "LimitExceeded" +// MISSINGPARAMETER = "MissingParameter" +// OPERATIONDENIED = "OperationDenied" +// RESOURCEINUSE = "ResourceInUse" +// RESOURCEINSUFFICIENT = "ResourceInsufficient" +// RESOURCENOTFOUND = "ResourceNotFound" +// RESOURCEUNAVAILABLE = "ResourceUnavailable" +// RESOURCESSOLDOUT = "ResourcesSoldOut" +// UNAUTHORIZEDOPERATION = "UnauthorizedOperation" +// UNKNOWNPARAMETER = "UnknownParameter" +// UNSUPPORTEDOPERATION = "UnsupportedOperation" +func (c *Client) DescribeCCLevelPolicyWithContext(ctx context.Context, request *DescribeCCLevelPolicyRequest) (response *DescribeCCLevelPolicyResponse, err error) { + if request == nil { + request = NewDescribeCCLevelPolicyRequest() + } + request.SetContext(ctx) + + response = NewDescribeCCLevelPolicyResponse() + err = c.Send(request, response) + return +} + func NewDescribeCCPrecisionPlyListRequest() (request *DescribeCCPrecisionPlyListRequest) { request = &DescribeCCPrecisionPlyListRequest{ BaseRequest: &tchttp.BaseRequest{}, @@ -2442,6 +2816,86 @@ func (c *Client) DescribeCCReqLimitPolicyListWithContext(ctx context.Context, re return } +func NewDescribeCCThresholdListRequest() (request *DescribeCCThresholdListRequest) { + request = &DescribeCCThresholdListRequest{ + BaseRequest: &tchttp.BaseRequest{}, + } + request.Init().WithApiInfo("antiddos", APIVersion, "DescribeCCThresholdList") + + + return +} + +func NewDescribeCCThresholdListResponse() (response *DescribeCCThresholdListResponse) { + response = &DescribeCCThresholdListResponse{ + BaseResponse: &tchttp.BaseResponse{}, + } + return +} + +// DescribeCCThresholdList +// 获取CC清洗阈值列表 +// +// 可能返回的错误码: +// AUTHFAILURE = "AuthFailure" +// DRYRUNOPERATION = "DryRunOperation" +// FAILEDOPERATION = "FailedOperation" +// INTERNALERROR = "InternalError" +// INVALIDPARAMETER = "InvalidParameter" +// INVALIDPARAMETERVALUE = "InvalidParameterValue" +// LIMITEXCEEDED = "LimitExceeded" +// MISSINGPARAMETER = "MissingParameter" +// OPERATIONDENIED = "OperationDenied" +// RESOURCEINUSE = "ResourceInUse" +// RESOURCEINSUFFICIENT = "ResourceInsufficient" +// RESOURCENOTFOUND = "ResourceNotFound" +// RESOURCEUNAVAILABLE = "ResourceUnavailable" +// RESOURCESSOLDOUT = "ResourcesSoldOut" +// UNAUTHORIZEDOPERATION = "UnauthorizedOperation" +// UNKNOWNPARAMETER = "UnknownParameter" +// UNSUPPORTEDOPERATION = "UnsupportedOperation" +func (c *Client) DescribeCCThresholdList(request *DescribeCCThresholdListRequest) (response *DescribeCCThresholdListResponse, err error) { + if request == nil { + request = NewDescribeCCThresholdListRequest() + } + + response = NewDescribeCCThresholdListResponse() + err = c.Send(request, response) + return +} + +// DescribeCCThresholdList +// 获取CC清洗阈值列表 +// +// 可能返回的错误码: +// AUTHFAILURE = "AuthFailure" +// DRYRUNOPERATION = "DryRunOperation" +// FAILEDOPERATION = "FailedOperation" +// INTERNALERROR = "InternalError" +// INVALIDPARAMETER = "InvalidParameter" +// INVALIDPARAMETERVALUE = "InvalidParameterValue" +// LIMITEXCEEDED = "LimitExceeded" +// MISSINGPARAMETER = "MissingParameter" +// OPERATIONDENIED = "OperationDenied" +// RESOURCEINUSE = "ResourceInUse" +// RESOURCEINSUFFICIENT = "ResourceInsufficient" +// RESOURCENOTFOUND = "ResourceNotFound" +// RESOURCEUNAVAILABLE = "ResourceUnavailable" +// RESOURCESSOLDOUT = "ResourcesSoldOut" +// UNAUTHORIZEDOPERATION = "UnauthorizedOperation" +// UNKNOWNPARAMETER = "UnknownParameter" +// UNSUPPORTEDOPERATION = "UnsupportedOperation" +func (c *Client) DescribeCCThresholdListWithContext(ctx context.Context, request *DescribeCCThresholdListRequest) (response *DescribeCCThresholdListResponse, err error) { + if request == nil { + request = NewDescribeCCThresholdListRequest() + } + request.SetContext(ctx) + + response = NewDescribeCCThresholdListResponse() + err = c.Send(request, response) + return +} + func NewDescribeCCTrendRequest() (request *DescribeCCTrendRequest) { request = &DescribeCCTrendRequest{ BaseRequest: &tchttp.BaseRequest{}, @@ -4980,6 +5434,7 @@ func NewSwitchWaterPrintConfigResponse() (response *SwitchWaterPrintConfigRespon // // 可能返回的错误码: // INTERNALERROR = "InternalError" +// RESOURCEINUSE = "ResourceInUse" // UNSUPPORTEDOPERATION = "UnsupportedOperation" func (c *Client) SwitchWaterPrintConfig(request *SwitchWaterPrintConfigRequest) (response *SwitchWaterPrintConfigResponse, err error) { if request == nil { @@ -4996,6 +5451,7 @@ func (c *Client) SwitchWaterPrintConfig(request *SwitchWaterPrintConfigRequest) // // 可能返回的错误码: // INTERNALERROR = "InternalError" +// RESOURCEINUSE = "ResourceInUse" // UNSUPPORTEDOPERATION = "UnsupportedOperation" func (c *Client) SwitchWaterPrintConfigWithContext(ctx context.Context, request *SwitchWaterPrintConfigRequest) (response *SwitchWaterPrintConfigResponse, err error) { if request == nil { diff --git a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos/v20200309/models.go b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos/v20200309/models.go index ed971e6fea..5f1dac91cb 100644 --- a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos/v20200309/models.go +++ b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos/v20200309/models.go @@ -124,8 +124,11 @@ type AssociateDDoSEipLoadBalancerRequest struct { // 要绑定的负载均衡ID。负载均衡 ID 形如:lb-0000002i。可通过登录控制台查询,也可通过 DescribeLoadBalancers 接口返回值中的LoadBalancerId获取。 LoadBalancerID *string `json:"LoadBalancerID,omitempty" name:"LoadBalancerID"` - // Clb所在地域,例如:ap-hongkong。 + // CLB所在地域,例如:ap-hongkong。 LoadBalancerRegion *string `json:"LoadBalancerRegion,omitempty" name:"LoadBalancerRegion"` + + // CLB内网IP + Vip *string `json:"Vip,omitempty" name:"Vip"` } func (r *AssociateDDoSEipLoadBalancerRequest) ToJsonString() string { @@ -144,6 +147,7 @@ func (r *AssociateDDoSEipLoadBalancerRequest) FromJsonString(s string) error { delete(f, "Eip") delete(f, "LoadBalancerID") delete(f, "LoadBalancerRegion") + delete(f, "Vip") if len(f) > 0 { return tcerr.NewTencentCloudSDKError("ClientError.BuildRequestError", "AssociateDDoSEipLoadBalancerRequest has unknown keys!", "") } @@ -412,6 +416,30 @@ type BoundIpInfo struct { IspCode *uint64 `json:"IspCode,omitempty" name:"IspCode"` } +type CCLevelPolicy struct { + + // 实例Id + InstanceId *string `json:"InstanceId,omitempty" name:"InstanceId"` + + // Ip + Ip *string `json:"Ip,omitempty" name:"Ip"` + + // 协议 + Protocol *string `json:"Protocol,omitempty" name:"Protocol"` + + // 域名 + Domain *string `json:"Domain,omitempty" name:"Domain"` + + // 防护等级,可取值default表示默认策略,loose表示宽松,strict表示严格 + Level *string `json:"Level,omitempty" name:"Level"` + + // 创建时间 + CreateTime *string `json:"CreateTime,omitempty" name:"CreateTime"` + + // 修改时间 + ModifyTime *string `json:"ModifyTime,omitempty" name:"ModifyTime"` +} + type CCPrecisionPlyRecord struct { // 配置项类型,当前仅支持value @@ -511,6 +539,30 @@ type CCReqLimitPolicyRecord struct { Cookie *string `json:"Cookie,omitempty" name:"Cookie"` } +type CCThresholdPolicy struct { + + // 实例Id + InstanceId *string `json:"InstanceId,omitempty" name:"InstanceId"` + + // Ip地址 + Ip *string `json:"Ip,omitempty" name:"Ip"` + + // 协议 + Protocol *string `json:"Protocol,omitempty" name:"Protocol"` + + // 域名 + Domain *string `json:"Domain,omitempty" name:"Domain"` + + // 清洗阈值 + Threshold *int64 `json:"Threshold,omitempty" name:"Threshold"` + + // 创建时间 + CreateTime *string `json:"CreateTime,omitempty" name:"CreateTime"` + + // 修改时间 + ModifyTime *string `json:"ModifyTime,omitempty" name:"ModifyTime"` +} + type CcBlackWhiteIpPolicy struct { // 策略Id @@ -894,6 +946,72 @@ func (r *CreateCCReqLimitPolicyResponse) FromJsonString(s string) error { return json.Unmarshal([]byte(s), &r) } +type CreateCcBlackWhiteIpListRequest struct { + *tchttp.BaseRequest + + // 资源实例ID + InstanceId *string `json:"InstanceId,omitempty" name:"InstanceId"` + + // IP列表 + IpList []*IpSegment `json:"IpList,omitempty" name:"IpList"` + + // IP类型,取值[black(黑名单IP), white(白名单IP)] + Type *string `json:"Type,omitempty" name:"Type"` + + // Ip地址 + Ip *string `json:"Ip,omitempty" name:"Ip"` + + // 域名 + Domain *string `json:"Domain,omitempty" name:"Domain"` + + // 协议 + Protocol *string `json:"Protocol,omitempty" name:"Protocol"` +} + +func (r *CreateCcBlackWhiteIpListRequest) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +// FromJsonString It is highly **NOT** recommended to use this function +// because it has no param check, nor strict type check +func (r *CreateCcBlackWhiteIpListRequest) FromJsonString(s string) error { + f := make(map[string]interface{}) + if err := json.Unmarshal([]byte(s), &f); err != nil { + return err + } + delete(f, "InstanceId") + delete(f, "IpList") + delete(f, "Type") + delete(f, "Ip") + delete(f, "Domain") + delete(f, "Protocol") + if len(f) > 0 { + return tcerr.NewTencentCloudSDKError("ClientError.BuildRequestError", "CreateCcBlackWhiteIpListRequest has unknown keys!", "") + } + return json.Unmarshal([]byte(s), &r) +} + +type CreateCcBlackWhiteIpListResponse struct { + *tchttp.BaseResponse + Response *struct { + + // 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。 + RequestId *string `json:"RequestId,omitempty" name:"RequestId"` + } `json:"Response"` +} + +func (r *CreateCcBlackWhiteIpListResponse) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +// FromJsonString It is highly **NOT** recommended to use this function +// because it has no param check, nor strict type check +func (r *CreateCcBlackWhiteIpListResponse) FromJsonString(s string) error { + return json.Unmarshal([]byte(s), &r) +} + type CreateCcGeoIPBlockConfigRequest struct { *tchttp.BaseRequest @@ -1855,6 +1973,64 @@ func (r *DeleteBlackWhiteIpListResponse) FromJsonString(s string) error { return json.Unmarshal([]byte(s), &r) } +type DeleteCCLevelPolicyRequest struct { + *tchttp.BaseRequest + + // 实例Id + InstanceId *string `json:"InstanceId,omitempty" name:"InstanceId"` + + // 配置策略的IP + Ip *string `json:"Ip,omitempty" name:"Ip"` + + // 域名 + Domain *string `json:"Domain,omitempty" name:"Domain"` + + // 协议,可取值http + Protocol *string `json:"Protocol,omitempty" name:"Protocol"` +} + +func (r *DeleteCCLevelPolicyRequest) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +// FromJsonString It is highly **NOT** recommended to use this function +// because it has no param check, nor strict type check +func (r *DeleteCCLevelPolicyRequest) FromJsonString(s string) error { + f := make(map[string]interface{}) + if err := json.Unmarshal([]byte(s), &f); err != nil { + return err + } + delete(f, "InstanceId") + delete(f, "Ip") + delete(f, "Domain") + delete(f, "Protocol") + if len(f) > 0 { + return tcerr.NewTencentCloudSDKError("ClientError.BuildRequestError", "DeleteCCLevelPolicyRequest has unknown keys!", "") + } + return json.Unmarshal([]byte(s), &r) +} + +type DeleteCCLevelPolicyResponse struct { + *tchttp.BaseResponse + Response *struct { + + // 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。 + RequestId *string `json:"RequestId,omitempty" name:"RequestId"` + } `json:"Response"` +} + +func (r *DeleteCCLevelPolicyResponse) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +// FromJsonString It is highly **NOT** recommended to use this function +// because it has no param check, nor strict type check +func (r *DeleteCCLevelPolicyResponse) FromJsonString(s string) error { + return json.Unmarshal([]byte(s), &r) +} + type DeleteCCPrecisionPolicyRequest struct { *tchttp.BaseRequest @@ -1955,6 +2131,64 @@ func (r *DeleteCCRequestLimitPolicyResponse) FromJsonString(s string) error { return json.Unmarshal([]byte(s), &r) } +type DeleteCCThresholdPolicyRequest struct { + *tchttp.BaseRequest + + // 实例Id + InstanceId *string `json:"InstanceId,omitempty" name:"InstanceId"` + + // 配置策略的IP + Ip *string `json:"Ip,omitempty" name:"Ip"` + + // 域名 + Domain *string `json:"Domain,omitempty" name:"Domain"` + + // 协议,可取值http + Protocol *string `json:"Protocol,omitempty" name:"Protocol"` +} + +func (r *DeleteCCThresholdPolicyRequest) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +// FromJsonString It is highly **NOT** recommended to use this function +// because it has no param check, nor strict type check +func (r *DeleteCCThresholdPolicyRequest) FromJsonString(s string) error { + f := make(map[string]interface{}) + if err := json.Unmarshal([]byte(s), &f); err != nil { + return err + } + delete(f, "InstanceId") + delete(f, "Ip") + delete(f, "Domain") + delete(f, "Protocol") + if len(f) > 0 { + return tcerr.NewTencentCloudSDKError("ClientError.BuildRequestError", "DeleteCCThresholdPolicyRequest has unknown keys!", "") + } + return json.Unmarshal([]byte(s), &r) +} + +type DeleteCCThresholdPolicyResponse struct { + *tchttp.BaseResponse + Response *struct { + + // 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。 + RequestId *string `json:"RequestId,omitempty" name:"RequestId"` + } `json:"Response"` +} + +func (r *DeleteCCThresholdPolicyResponse) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +// FromJsonString It is highly **NOT** recommended to use this function +// because it has no param check, nor strict type check +func (r *DeleteCCThresholdPolicyResponse) FromJsonString(s string) error { + return json.Unmarshal([]byte(s), &r) +} + type DeleteCcBlackWhiteIpListRequest struct { *tchttp.BaseRequest @@ -2593,6 +2827,131 @@ func (r *DescribeBlackWhiteIpListResponse) FromJsonString(s string) error { return json.Unmarshal([]byte(s), &r) } +type DescribeCCLevelListRequest struct { + *tchttp.BaseRequest + + // 大禹子产品代号(bgp-multip表示高防包) + Business *string `json:"Business,omitempty" name:"Business"` + + // 页起始偏移,取值为(页码-1)*一页条数 + Offset *uint64 `json:"Offset,omitempty" name:"Offset"` + + // 一页条数 + Limit *uint64 `json:"Limit,omitempty" name:"Limit"` + + // 指定实例Id + InstanceId *string `json:"InstanceId,omitempty" name:"InstanceId"` +} + +func (r *DescribeCCLevelListRequest) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +// FromJsonString It is highly **NOT** recommended to use this function +// because it has no param check, nor strict type check +func (r *DescribeCCLevelListRequest) FromJsonString(s string) error { + f := make(map[string]interface{}) + if err := json.Unmarshal([]byte(s), &f); err != nil { + return err + } + delete(f, "Business") + delete(f, "Offset") + delete(f, "Limit") + delete(f, "InstanceId") + if len(f) > 0 { + return tcerr.NewTencentCloudSDKError("ClientError.BuildRequestError", "DescribeCCLevelListRequest has unknown keys!", "") + } + return json.Unmarshal([]byte(s), &r) +} + +type DescribeCCLevelListResponse struct { + *tchttp.BaseResponse + Response *struct { + + // 分级策略列表总数 + Total *uint64 `json:"Total,omitempty" name:"Total"` + + // 分级策略列表详情 + LevelList []*CCLevelPolicy `json:"LevelList,omitempty" name:"LevelList"` + + // 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。 + RequestId *string `json:"RequestId,omitempty" name:"RequestId"` + } `json:"Response"` +} + +func (r *DescribeCCLevelListResponse) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +// FromJsonString It is highly **NOT** recommended to use this function +// because it has no param check, nor strict type check +func (r *DescribeCCLevelListResponse) FromJsonString(s string) error { + return json.Unmarshal([]byte(s), &r) +} + +type DescribeCCLevelPolicyRequest struct { + *tchttp.BaseRequest + + // 实例Id + InstanceId *string `json:"InstanceId,omitempty" name:"InstanceId"` + + // IP值 + Ip *string `json:"Ip,omitempty" name:"Ip"` + + // 域名 + Domain *string `json:"Domain,omitempty" name:"Domain"` + + // 协议,可取值HTTP,HTTPS + Protocol *string `json:"Protocol,omitempty" name:"Protocol"` +} + +func (r *DescribeCCLevelPolicyRequest) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +// FromJsonString It is highly **NOT** recommended to use this function +// because it has no param check, nor strict type check +func (r *DescribeCCLevelPolicyRequest) FromJsonString(s string) error { + f := make(map[string]interface{}) + if err := json.Unmarshal([]byte(s), &f); err != nil { + return err + } + delete(f, "InstanceId") + delete(f, "Ip") + delete(f, "Domain") + delete(f, "Protocol") + if len(f) > 0 { + return tcerr.NewTencentCloudSDKError("ClientError.BuildRequestError", "DescribeCCLevelPolicyRequest has unknown keys!", "") + } + return json.Unmarshal([]byte(s), &r) +} + +type DescribeCCLevelPolicyResponse struct { + *tchttp.BaseResponse + Response *struct { + + // CC防护等级,可取值loose表示宽松,strict表示严格,normal表示适中, emergency表示攻击紧急, sup_loose表示超级宽松,default表示默认策略(无频控配置下发),customized表示自定义策略 + Level *string `json:"Level,omitempty" name:"Level"` + + // 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。 + RequestId *string `json:"RequestId,omitempty" name:"RequestId"` + } `json:"Response"` +} + +func (r *DescribeCCLevelPolicyResponse) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +// FromJsonString It is highly **NOT** recommended to use this function +// because it has no param check, nor strict type check +func (r *DescribeCCLevelPolicyResponse) FromJsonString(s string) error { + return json.Unmarshal([]byte(s), &r) +} + type DescribeCCPrecisionPlyListRequest struct { *tchttp.BaseRequest @@ -2745,6 +3104,70 @@ func (r *DescribeCCReqLimitPolicyListResponse) FromJsonString(s string) error { return json.Unmarshal([]byte(s), &r) } +type DescribeCCThresholdListRequest struct { + *tchttp.BaseRequest + + // 大禹子产品代号(bgp-multip表示高防包) + Business *string `json:"Business,omitempty" name:"Business"` + + // 页起始偏移,取值为(页码-1)*一页条数 + Offset *uint64 `json:"Offset,omitempty" name:"Offset"` + + // 一页条数 + Limit *uint64 `json:"Limit,omitempty" name:"Limit"` + + // 指定实例Id + InstanceId *string `json:"InstanceId,omitempty" name:"InstanceId"` +} + +func (r *DescribeCCThresholdListRequest) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +// FromJsonString It is highly **NOT** recommended to use this function +// because it has no param check, nor strict type check +func (r *DescribeCCThresholdListRequest) FromJsonString(s string) error { + f := make(map[string]interface{}) + if err := json.Unmarshal([]byte(s), &f); err != nil { + return err + } + delete(f, "Business") + delete(f, "Offset") + delete(f, "Limit") + delete(f, "InstanceId") + if len(f) > 0 { + return tcerr.NewTencentCloudSDKError("ClientError.BuildRequestError", "DescribeCCThresholdListRequest has unknown keys!", "") + } + return json.Unmarshal([]byte(s), &r) +} + +type DescribeCCThresholdListResponse struct { + *tchttp.BaseResponse + Response *struct { + + // 清洗阈值策略列表总数 + Total *uint64 `json:"Total,omitempty" name:"Total"` + + // 清洗阈值策略列表详情 + ThresholdList []*CCThresholdPolicy `json:"ThresholdList,omitempty" name:"ThresholdList"` + + // 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。 + RequestId *string `json:"RequestId,omitempty" name:"RequestId"` + } `json:"Response"` +} + +func (r *DescribeCCThresholdListResponse) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +// FromJsonString It is highly **NOT** recommended to use this function +// because it has no param check, nor strict type check +func (r *DescribeCCThresholdListResponse) FromJsonString(s string) error { + return json.Unmarshal([]byte(s), &r) +} + type DescribeCCTrendRequest struct { *tchttp.BaseRequest diff --git a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go index f77929bfd1..4c223e16a8 100644 --- a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go +++ b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go @@ -240,7 +240,7 @@ func CompleteCommonParams(request Request, region string) { params["Action"] = request.GetAction() params["Timestamp"] = strconv.FormatInt(time.Now().Unix(), 10) params["Nonce"] = strconv.Itoa(rand.Int()) - params["RequestClient"] = "SDK_GO_1.0.357" + params["RequestClient"] = "SDK_GO_1.0.358" } func ConstructParams(req Request) (err error) { diff --git a/vendor/modules.txt b/vendor/modules.txt index 4aac515f60..b18fe38ba7 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -529,7 +529,7 @@ github.com/stretchr/testify/mock github.com/subosito/gotenv # github.com/tdakkota/asciicheck v0.0.0-20200416190851-d7f85be797a2 github.com/tdakkota/asciicheck -# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos v1.0.353 +# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos v1.0.358 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos/v20200309 # github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/api v1.0.285 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/api/v20201106 @@ -555,7 +555,7 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb/v20180317 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit/v20190319 # github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.291 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls/v20201016 -# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.357 +# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.358 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/errors github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http diff --git a/website/docs/r/dayu_cc_policy_v2.html.markdown b/website/docs/r/dayu_cc_policy_v2.html.markdown new file mode 100644 index 0000000000..59155ed141 --- /dev/null +++ b/website/docs/r/dayu_cc_policy_v2.html.markdown @@ -0,0 +1,141 @@ +--- +subcategory: "Anti-DDoS(DayuV2)" +layout: "tencentcloud" +page_title: "TencentCloud: tencentcloud_dayu_cc_policy_v2" +sidebar_current: "docs-tencentcloud-resource-dayu_cc_policy_v2" +description: |- + Use this resource to create a dayu CC policy +--- + +# tencentcloud_dayu_cc_policy_v2 + +Use this resource to create a dayu CC policy + +## Example Usage + +```hcl +resource "tencentcloud_dayu_cc_policy_v2" "demo" { + resource_id = "bgpip-000004xf" + business = "bgpip" + thresholds { + domain = "12.com" + threshold = 0 + } + cc_geo_ip_policys { + action = "drop" + region_type = "china" + domain = "12.com" + protocol = "http" + } + + cc_black_white_ips { + protocol = "http" + domain = "12.com" + black_white_ip = "1.2.3.4" + type = "black" + } + cc_precision_policys { + policy_action = "drop" + domain = "1.com" + protocol = "http" + ip = "162.62.163.34" + policys { + field_name = "cgi" + field_type = "value" + value = "12123.com" + value_operator = "equal" + } + } + cc_precision_req_limits { + domain = "11.com" + protocol = "http" + level = "loose" + policys { + action = "alg" + execute_duration = 2 + mode = "equal" + period = 5 + request_num = 12 + uri = "15.com" + } + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `business` - (Required) Bussiness of resource instance. bgpip indicates anti-anti-ip ip; bgp means exclusive package; bgp-multip means shared packet; net indicates anti-anti-ip pro version. +* `resource_id` - (Required) The ID of the resource instance. +* `cc_black_white_ips` - (Optional) Blacklist and whitelist. +* `cc_geo_ip_policys` - (Optional) Details of the CC region blocking policy list. +* `cc_precision_policys` - (Optional) CC Precision Protection List. +* `cc_precision_req_limits` - (Optional) CC frequency throttling policy. +* `thresholds` - (Optional) List of protection threshold configurations. + +The `cc_black_white_ips` object supports the following: + +* `black_white_ip` - (Required) Blacklist and whitelist IP addresses. +* `domain` - (Required) Domain. +* `protocol` - (Required) Protocol. +* `type` - (Required) IP type, value [black(blacklist IP), white (whitelist IP)]. +* `create_time` - (Optional) Create time. +* `modify_time` - (Optional) Modify time. + +The `cc_geo_ip_policys` object supports the following: + +* `action` - (Required) User action, drop or arg. +* `domain` - (Required) domain. +* `protocol` - (Required) Protocol, preferably HTTP, HTTPS. +* `region_type` - (Required) Regional types, divided into china, oversea and customized. +* `area_list` - (Optional) The list of region IDs that the user selects to block. +* `create_time` - (Optional) Create time. +* `modify_time` - (Optional) Modify time. + +The `cc_precision_policys` object supports the following: + +* `domain` - (Required) Domain. +* `ip` - (Required) Ip address. +* `policy_action` - (Required) Policy mode (discard or captcha). +* `policys` - (Required) A list of policies. +* `protocol` - (Required) Protocol. + +The `cc_precision_req_limits` object supports the following: + +* `domain` - (Required) Domain. +* `level` - (Required) Protection rating, the optional value of default means default policy, loose means loose, and strict means strict. +* `policys` - (Required) The CC Frequency Limit Policy Item field. +* `protocol` - (Required) Protocol, preferably HTTP, HTTPS. + +The `policys` object supports the following: + +* `action` - (Required) The frequency limit policy mode, the optional value of arg indicates the verification code, and drop indicates the discard. +* `execute_duration` - (Required) The duration of the frequency limit policy can be taken from 1 to 86400 per second. +* `mode` - (Required) The policy item is compared, and the optional value include indicates inclusion, and equal means equal. +* `period` - (Required) Statistical period, take values 1, 10, 30, 60, in seconds. +* `request_num` - (Required) The number of requests, the value is 1 to 20000. +* `cookie` - (Optional) Cookies, one of the three policy entries can only be filled in. +* `uri` - (Optional) Uri, one of the three policy entries can only be filled in. +* `user_agent` - (Optional) User-Agent, only one of the three policy entries can be filled in. + +The `policys` object supports the following: + +* `field_name` - (Required) Configuration item types, currently only support value. +* `field_type` - (Required) Configuration fields with the desirable values cgi, ua, cookie, referer, accept, srcip. +* `value_operator` - (Required) Configure the item-value comparison mode, which can be taken as the value of evaluate, not_equal, include. +* `value` - (Required) Configure the value. + +The `thresholds` object supports the following: + +* `domain` - (Required) domain. +* `threshold` - (Required) Cleaning threshold, -1 indicates that the `default` mode is turned on. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +* `id` - ID of the resource. + + + diff --git a/website/tencentcloud.erb b/website/tencentcloud.erb index 3fab9aa31a..cd4e168639 100644 --- a/website/tencentcloud.erb +++ b/website/tencentcloud.erb @@ -173,6 +173,9 @@
  • Resources