New Resource: alicloud_cloud_firewall_ips_config.

Author: ChenHanZhang

alicloud/provider.go

@@ -892,6 +892,7 @@ func Provider() terraform.ResourceProvider {
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			"alicloud_esa_https_basic_configuration":                        resourceAliCloudEsaHttpsBasicConfiguration(),
+			"alicloud_cloud_firewall_ips_config":                            resourceAliCloudCloudFirewallIPSConfig(),
 			"alicloud_vpc_ipam_ipam_resource_discovery":                     resourceAliCloudVpcIpamIpamResourceDiscovery(),
 			"alicloud_cloud_phone_image":                                    resourceAliCloudCloudPhoneImage(),
 			"alicloud_cloud_phone_key_pair":                                 resourceAliCloudCloudPhoneKeyPair(),

alicloud/resource_alicloud_cloud_firewall_ips_config.go

@@ -0,0 +1,166 @@
+// Package alicloud. This file is generated automatically. Please do not modify it manually, thank you!
+package alicloud
+
+import (
+	"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"log"
+	"time"
+)
+
+func resourceAliCloudCloudFirewallIPSConfig() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAliCloudCloudFirewallIPSConfigCreate,
+		Read:   resourceAliCloudCloudFirewallIPSConfigRead,
+		Update: resourceAliCloudCloudFirewallIPSConfigUpdate,
+		Delete: resourceAliCloudCloudFirewallIPSConfigDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(5 * time.Minute),
+			Update: schema.DefaultTimeout(5 * time.Minute),
+			Delete: schema.DefaultTimeout(5 * time.Minute),
+		},
+		Schema: map[string]*schema.Schema{
+			"basic_rules": {
+				Type:     schema.TypeInt,
+				Optional: true,
+			},
+			"cti_rules": {
+				Type:     schema.TypeInt,
+				Optional: true,
+			},
+			"lang": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"max_sdl": {
+				Type:     schema.TypeInt,
+				Optional: true,
+			},
+			"patch_rules": {
+				Type:     schema.TypeInt,
+				Optional: true,
+			},
+			"rule_class": {
+				Type:     schema.TypeInt,
+				Optional: true,
+			},
+			"run_mode": {
+				Type:     schema.TypeInt,
+				Optional: true,
+			},
+		},
+	}
+}
+
+func resourceAliCloudCloudFirewallIPSConfigCreate(d *schema.ResourceData, meta interface{}) error {
+	accountId, err := meta.(*connectivity.AliyunClient).AccountId()
+	if err != nil {
+		return err
+	}
+	d.SetId(accountId)
+	return resourceAliCloudCloudFirewallIPSConfigUpdate(d, meta)
+}
+
+func resourceAliCloudCloudFirewallIPSConfigRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*connectivity.AliyunClient)
+	cloudFirewallServiceV2 := CloudFirewallServiceV2{client}
+
+	objectRaw, err := cloudFirewallServiceV2.DescribeCloudFirewallIPSConfig(d.Id())
+	if err != nil {
+		if !d.IsNewResource() && NotFoundError(err) {
+			log.Printf("[DEBUG] Resource alicloud_cloud_firewall_ips_config DescribeCloudFirewallIPSConfig Failed!!! %s", err)
+			d.SetId("")
+			return nil
+		}
+		return WrapError(err)
+	}
+
+	d.Set("basic_rules", objectRaw["BasicRules"])
+	d.Set("cti_rules", objectRaw["CtiRules"])
+	d.Set("max_sdl", objectRaw["MaxSdl"])
+	d.Set("patch_rules", objectRaw["PatchRules"])
+	d.Set("rule_class", objectRaw["RuleClass"])
+	d.Set("run_mode", objectRaw["RunMode"])
+
+	return nil
+}
+
+func resourceAliCloudCloudFirewallIPSConfigUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*connectivity.AliyunClient)
+	var request map[string]interface{}
+	var response map[string]interface{}
+	var query map[string]interface{}
+	update := false
+
+	var err error
+	action := "ModifyDefaultIPSConfig"
+	request = make(map[string]interface{})
+	query = make(map[string]interface{})
+
+	if d.HasChange("cti_rules") {
+		update = true
+	}
+	if v, ok := d.GetOk("cti_rules"); ok || (d.IsNewResource() || d.HasChange("cti_rules")) {
+		query["CtiRules"] = v
+	}
+	if d.HasChange("patch_rules") {
+		update = true
+	}
+	if v, ok := d.GetOk("patch_rules"); ok || (d.IsNewResource() || d.HasChange("patch_rules")) {
+		query["PatchRules"] = v
+	}
+	if v, ok := d.GetOk("lang"); ok {
+		query["Lang"] = v
+	}
+	if d.HasChange("basic_rules") {
+		update = true
+	}
+	if v, ok := d.GetOk("basic_rules"); ok || (d.IsNewResource() || d.HasChange("basic_rules")) {
+		query["BasicRules"] = v
+	}
+	if d.HasChange("run_mode") {
+		update = true
+	}
+	query["RunMode"] = d.Get("run_mode")
+	if d.HasChange("max_sdl") {
+		update = true
+	}
+	if v, ok := d.GetOk("max_sdl"); ok || (d.IsNewResource() || d.HasChange("max_sdl")) {
+		query["MaxSdl"] = v
+	}
+	if d.HasChange("rule_class") {
+		update = true
+	}
+	if v, ok := d.GetOk("rule_class"); ok || (d.IsNewResource() || d.HasChange("rule_class")) {
+		query["RuleClass"] = v
+	}
+	if update {
+		wait := incrementalWait(3*time.Second, 5*time.Second)
+		err = resource.Retry(d.Timeout(schema.TimeoutUpdate), func() *resource.RetryError {
+			response, err = client.RpcGet("Cloudfw", "2017-12-07", action, query, request)
+			if err != nil {
+				if NeedRetry(err) {
+					wait()
+					return resource.RetryableError(err)
+				}
+				return resource.NonRetryableError(err)
+			}
+			return nil
+		})
+		addDebug(action, response, request)
+		if err != nil {
+			return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR)
+		}
+	}
+
+	return resourceAliCloudCloudFirewallIPSConfigRead(d, meta)
+}
+
+func resourceAliCloudCloudFirewallIPSConfigDelete(d *schema.ResourceData, meta interface{}) error {
+	log.Printf("[WARN] Cannot destroy resource AliCloud Resource I P S Config. Terraform will remove this resource from the state file, however resources may remain.")
+	return nil
+}

alicloud/resource_alicloud_cloud_firewall_ips_config_test.go

@@ -0,0 +1,77 @@
+package alicloud
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+// Test CloudFirewall IPSConfig. >>> Resource test cases, automatically generated.
+// Case 修改IPS拦截模式 10240
+func TestAccAliCloudCloudFirewallIPSConfig_basic10240(t *testing.T) {
+	var v map[string]interface{}
+	resourceId := "alicloud_cloud_firewall_ips_config.default"
+	ra := resourceAttrInit(resourceId, AlicloudCloudFirewallIPSConfigMap10240)
+	rc := resourceCheckInitWithDescribeMethod(resourceId, &v, func() interface{} {
+		return &CloudFirewallServiceV2{testAccProvider.Meta().(*connectivity.AliyunClient)}
+	}, "DescribeCloudFirewallIPSConfig")
+	rac := resourceAttrCheckInit(rc, ra)
+	testAccCheck := rac.resourceAttrMapUpdateSet()
+	rand := acctest.RandIntRange(10000, 99999)
+	name := fmt.Sprintf("tfacccloudfirewall%d", rand)
+	testAccConfig := resourceTestAccConfigFunc(resourceId, name, AlicloudCloudFirewallIPSConfigBasicDependence10240)
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		IDRefreshName: resourceId,
+		Providers:     testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccConfig(map[string]interface{}{
+					"max_sdl":     "0",
+					"basic_rules": "1",
+					"run_mode":    "1",
+					"cti_rules":   "0",
+					"patch_rules": "0",
+					"rule_class":  "1",
+					"lang":        "zh",
+				}),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheck(map[string]string{
+						"max_sdl":     "0",
+						"basic_rules": "1",
+						"run_mode":    "1",
+						"cti_rules":   "0",
+						"patch_rules": "0",
+						"rule_class":  "1",
+						"lang":        "zh",
+					}),
+				),
+			},
+			{
+				ResourceName:            resourceId,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"lang"},
+			},
+		},
+	})
+}
+
+var AlicloudCloudFirewallIPSConfigMap10240 = map[string]string{}
+
+func AlicloudCloudFirewallIPSConfigBasicDependence10240(name string) string {
+	return fmt.Sprintf(`
+variable "name" {
+    default = "%s"
+}
+
+
+`, name)
+}
+
+// Test CloudFirewall IPSConfig. <<< Resource test cases, automatically generated.

alicloud/service_alicloud_cloud_firewall_v2.go

@@ -309,3 +309,66 @@ func (s *CloudFirewallServiceV2) DescribeCloudFirewallControlPolicy(id string) (
 
 // Async Api <<< Encapsulated for CloudFirewall.
 // Async Api >>> Encapsulated.
+// DescribeCloudFirewallIPSConfig <<< Encapsulated get interface for CloudFirewall IPSConfig.
+
+func (s *CloudFirewallServiceV2) DescribeCloudFirewallIPSConfig(id string) (object map[string]interface{}, err error) {
+	client := s.client
+	var request map[string]interface{}
+	var response map[string]interface{}
+	var query map[string]interface{}
+	request = make(map[string]interface{})
+	query = make(map[string]interface{})
+
+	action := "DescribeDefaultIPSConfig"
+
+	wait := incrementalWait(3*time.Second, 5*time.Second)
+	err = resource.Retry(1*time.Minute, func() *resource.RetryError {
+		response, err = client.RpcPost("Cloudfw", "2017-12-07", action, query, request, true)
+
+		if err != nil {
+			if NeedRetry(err) {
+				wait()
+				return resource.RetryableError(err)
+			}
+			return resource.NonRetryableError(err)
+		}
+		return nil
+	})
+	addDebug(action, response, request)
+	if err != nil {
+		return object, WrapErrorf(err, DefaultErrorMsg, id, action, AlibabaCloudSdkGoERROR)
+	}
+
+	return response, nil
+}
+
+func (s *CloudFirewallServiceV2) CloudFirewallIPSConfigStateRefreshFunc(id string, field string, failStates []string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		object, err := s.DescribeCloudFirewallIPSConfig(id)
+		if err != nil {
+			if NotFoundError(err) {
+				return object, "", nil
+			}
+			return nil, "", WrapError(err)
+		}
+
+		v, err := jsonpath.Get(field, object)
+		currentStatus := fmt.Sprint(v)
+
+		if strings.HasPrefix(field, "#") {
+			v, _ := jsonpath.Get(strings.TrimPrefix(field, "#"), object)
+			if v != nil {
+				currentStatus = "#CHECKSET"
+			}
+		}
+
+		for _, failState := range failStates {
+			if currentStatus == failState {
+				return object, currentStatus, WrapError(Error(FailedToReachTargetStatus, currentStatus))
+			}
+		}
+		return object, currentStatus, nil
+	}
+}
+
+// DescribeCloudFirewallIPSConfig >>> Encapsulated.