From 176e12b85ed7ac7e3f9e8969469b1ec51d8d55ec Mon Sep 17 00:00:00 2001
From: "alexander.miehe" <alexander.miehe@flaconi.de>
Date: Tue, 30 Jul 2024 14:38:14 +0200
Subject: [PATCH] PLT-894 - Add support for transform requests

---
 main.tf      | 20 ++++++++++++++++++++
 variables.tf | 14 +++++++++++++-
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index b6bf71e..4db0e94 100644
--- a/main.tf
+++ b/main.tf
@@ -76,6 +76,26 @@ resource "cloudflare_ruleset" "this" {
               }
             }
           }
+
+          # http_request_transform
+          dynamic "uri" {
+            for_each = rules.value.action_parameters.uri[*]
+            content {
+              dynamic "path" {
+                for_each = uri.value.path[*]
+                content {
+                  value = path.value
+                }
+              }
+
+              dynamic "query" {
+                for_each = uri.value.query[*]
+                content {
+                  value = query.value
+                }
+              }
+            }
+          }
         }
       }
       description = rules.value.description
diff --git a/variables.tf b/variables.tf
index 59a90c7..00dc3f6 100644
--- a/variables.tf
+++ b/variables.tf
@@ -98,6 +98,12 @@ variable "rules" {
           score_threshold = optional(number)
         })), [])
       }), null)
+
+      # phase: http_request_transform
+      uri = optional(object({
+        path = optional(string)
+        query = optional(string)
+      }))
     }), null)
     description = optional(string)
     enabled     = optional(bool, true)
@@ -110,7 +116,7 @@ variable "rules" {
   # Ensure we specify only the supported action values
   # https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/ruleset#action
   validation {
-    condition     = alltrue([for rule in var.rules : contains(["block", "challenge", "execute", "js_challenge", "log", "log_custom_field", "managed_challenge", "redirect", "route", "set_config", "skip"], rule.action)])
+    condition     = alltrue([for rule in var.rules : contains(["block", "challenge", "execute", "js_challenge", "log", "log_custom_field", "managed_challenge", "redirect", "route", "set_config", "skip", "rewrite"], rule.action)])
     error_message = "Only the following action elements are allowed: block, challenge, execute, js_challenge, log, managed_challenge, redirect, route, skip."
   }
 
@@ -145,4 +151,10 @@ variable "rules" {
     condition     = alltrue([for rule in var.rules : try(contains(["off", "lossless", "lossy"], rule.action_parameters.polish), true)])
     error_message = "Only the following polish elements are allowed off, lossless, lossy"
   }
+
+  # Ensure that either query or path are set for rewrite rules
+  validation {
+    condition     = alltrue([for rule in var.rules : rule.action == "rewrite" ? (can(rule.action_parameters.uri.path) || can(rule.action_parameters.uri.query)) : true])
+    error_message = "action_parameters.uri needs to have either path or query value for rewrite"
+  }
 }