[PLUTO-7020] Fixes for rule import

CHANGELOG.md

@@ -1,3 +1,13 @@
+
+# v1.6.0 (December 6, 2024)
+
+## NOTES:
+
+* Added import support
+* Changed rule vpatch resource according to api
+* Changed rule set response header resource according to api
+* Fixed some api methods
+
 # v1.5.0 (September 1, 2024)
 
 ## NOTES:

docs/resources/rule_set_response_header.md

@@ -17,21 +17,22 @@ This is because Terraform is designed to keep its configurations stable and not
 
 ```hcl
 # Append the "Server" header with the "Wallarm solution" value
-# and the "Blocked" header with the "Blocked by Wallarm" value
+# and the "Server" header with the "Blocked by Wallarm" value
 # to the requests sent to the application with ID 3
 
 resource "wallarm_rule_set_response_header" "resp_headers" {
   mode = "append"
+  name = "Server"
 
   action {
     point = {
       instance = 3
     }
   }
-
-  headers = {
-    Server = "Wallarm solution"
-    Blocked = "Blocked by Wallarm"
+  
+  values = {
+    "Wallarm solution"
+    "Blocked by Wallarm"
   }
 
 }
@@ -43,9 +44,10 @@ resource "wallarm_rule_set_response_header" "resp_headers" {
 
 resource "wallarm_rule_set_response_header" "delete_header" {
   mode = "replace"
+  name =  "Wallarm component"
 
-  headers = {
-    Wallarm component = " "
+  values = {
+    " "
   }
 }
 
@@ -54,7 +56,8 @@ resource "wallarm_rule_set_response_header" "delete_header" {
 ## Argument Reference
 
 * `mode` - (**required**) mode of header processing. Valid options: `append`, `replace`
-* `headers` - (**required**) the associative array of key/value headers. Might be defined as much headers as need at once.
+* `name` - (**required**) description.
+* `values` - (**required**) array of headers. Might be defined as much headers as need at once.
 * `action` - (optional) a series of conditions, see below for a
   a full list .
 

docs/resources/rule_vpatch.md

@@ -20,21 +20,12 @@ This is because Terraform is designed to keep its configurations stable and not
 ## Example Usage
 
 ```hcl
-# Creates the rule to block incoming requests
-# containing the SQL Injection
-# in the "query" GET parameter
-
-resource "wallarm_rule_vpatch" "default" {
-  attack_type =  ["sqli"]
-  point = [["get", "query"]]
-}
-
 # Creates the rule to block incoming requests with the "HOST" header
-# containing the SQL Injection or NoSQL Injection
+# containing the SQL Injection
 # in any GET parameter
 
 resource "wallarm_rule_vpatch" "splunk" {
-  attack_type =  ["sqli", "nosqli"]
+  attack_type =  "sqli"
 
   action {
     type = "iequal"

docs/resources/rules_settings.md

@@ -96,7 +96,6 @@ resource "wallarm_rules_settings" "rules_settings" {
 	open_vulns_weight = 9
 	serialized_data_weight = 6
 	risk_score_algo = "maximum"
-	pii_fallback = false
 }
 ```
 
@@ -119,7 +118,6 @@ resource "wallarm_rules_settings" "rules_settings" {
 * `open_vulns_weight` - (optional) [risk score][1] weight of active vulnerabilities. Active vulnerabilities may result in unauthorized data access or corruption.
 * `serialized_data_weight` - (optional) [risk score][1] weight of accepting XML / JSON objects. XML / JSON objects are often used to transfer malicious payloads to attack servers.
 * `risk_score_algo` - (optional) method of [risk score][1] calculation. Specify how the risk score calculation should be performed. Available values: maximum, average.
-* `pii_fallback` - (optional) defines whether fallback mechanism for PII detection is active.
 
 [1]: https://docs.wallarm.com/api-discovery/overview/#endpoint-risk-score
 [2]: https://docs.wallarm.com/user-guides/rules/rules/

examples/wallarm_rules_settings.tf

@@ -16,5 +16,4 @@ resource "wallarm_rules_settings" "rules_settings" {
 	open_vulns_weight = 9
 	serialized_data_weight = 6
 	risk_score_algo = "maximum"
-	pii_fallback = false
 }

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/hashicorp/go-cleanhttp v0.5.1
 	github.com/hashicorp/terraform-plugin-sdk v1.16.0
 	github.com/pkg/errors v0.9.1
-	github.com/wallarm/wallarm-go v0.5.3
+	github.com/wallarm/wallarm-go v0.5.6
 	golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985 // indirect
 	golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c // indirect
 	golang.org/x/tools v0.1.5 // indirect

go.sum

@@ -292,8 +292,8 @@ github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oW
 github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/vmihailenco/msgpack v4.0.1+incompatible h1:RMF1enSPeKTlXrXdOcqjFUElywVZjjC6pqse21bKbEU=
 github.com/vmihailenco/msgpack v4.0.1+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
-github.com/wallarm/wallarm-go v0.5.3 h1:oqOODhIBHKwmsq9XmNgN+cZ5PXKAyX9ch6xhTGanhn8=
-github.com/wallarm/wallarm-go v0.5.3/go.mod h1:KQxO+EBaGpIgOqBoByKW4KNMEJFgkxR64FSiA4U/52I=
+github.com/wallarm/wallarm-go v0.5.6 h1:6Blpy71RJUDNNZGYrQowusp4vW3p9pF/abXFE81PDV0=
+github.com/wallarm/wallarm-go v0.5.6/go.mod h1:KQxO+EBaGpIgOqBoByKW4KNMEJFgkxR64FSiA4U/52I=
 github.com/xanzy/ssh-agent v0.2.1 h1:TCbipTQL2JiiCprBWx9frJ2eJlCYT00NmctrHxVAr70=
 github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=

wallarm/resource_rule_attack_rechecker.go

@@ -3,6 +3,8 @@ package wallarm
 import (
 	"fmt"
 	"log"
+	"strconv"
+	"strings"
 
 	wallarm "github.com/wallarm/wallarm-go"
 
@@ -16,6 +18,9 @@ func resourceWallarmAttackRechecker() *schema.Resource {
 		Create: resourceWallarmAttackRecheckerCreate,
 		Read:   resourceWallarmAttackRecheckerRead,
 		Delete: resourceWallarmAttackRecheckerDelete,
+		Importer: &schema.ResourceImporter{
+			State: resourceWallarmAttackRecheckerImport,
+		},
 
 		Schema: map[string]*schema.Schema{
 
@@ -238,7 +243,7 @@ func resourceWallarmAttackRecheckerRead(d *schema.ResourceData, m interface{}) e
 		OrderDesc: true,
 		Filter: &wallarm.HintFilter{
 			Clientid: []int{clientID},
-			ActionID: []int{actionID},
+			ID:       []int{ruleID},
 		},
 	}
 	actionHints, err := client.HintRead(hint)
@@ -312,3 +317,70 @@ func resourceWallarmAttackRecheckerDelete(d *schema.ResourceData, m interface{})
 	d.SetId("")
 	return nil
 }
+
+func resourceWallarmAttackRecheckerImport(d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) {
+	client := m.(wallarm.API)
+	idAttr := strings.SplitN(d.Id(), "/", 3)
+	if len(idAttr) == 3 {
+		clientID, err := strconv.Atoi(idAttr[0])
+		if err != nil {
+			return nil, err
+		}
+		actionID, err := strconv.Atoi(idAttr[1])
+		if err != nil {
+			return nil, err
+		}
+		ruleID, err := strconv.Atoi(idAttr[2])
+		if err != nil {
+			return nil, err
+		}
+		d.Set("action_id", actionID)
+		d.Set("rule_id", ruleID)
+		d.Set("rule_type", "attack_rechecker")
+
+		hint := &wallarm.HintRead{
+			Limit:     1000,
+			Offset:    0,
+			OrderBy:   "updated_at",
+			OrderDesc: true,
+			Filter: &wallarm.HintFilter{
+				Clientid: []int{clientID},
+				ID:       []int{ruleID},
+				Type:     []string{"attack_rechecker"},
+			},
+		}
+		actionHints, err := client.HintRead(hint)
+		if err != nil {
+			return nil, err
+		}
+		actionsSet := schema.Set{
+			F: hashResponseActionDetails,
+		}
+		var actsSlice []map[string]interface{}
+		if len((*actionHints.Body)) != 0 && len((*actionHints.Body)[0].Action) != 0 {
+			for _, a := range (*actionHints.Body)[0].Action {
+				acts, err := actionDetailsToMap(a)
+				if err != nil {
+					return nil, err
+				}
+				actsSlice = append(actsSlice, acts)
+				actionsSet.Add(acts)
+			}
+			if err := d.Set("action", &actionsSet); err != nil {
+				return nil, err
+			}
+		}
+
+		d.Set("enabled", (*actionHints.Body)[0].Enabled)
+
+		existingID := fmt.Sprintf("%d/%d/%d", clientID, actionID, ruleID)
+		d.SetId(existingID)
+
+	} else {
+		return nil, fmt.Errorf("invalid id (%q) specified, should be in format \"{clientID}/{actionID}/{ruleID}\"", d.Id())
+	}
+
+	resourceWallarmAttackRecheckerRead(d, m)
+
+	return []*schema.ResourceData{d}, nil
+}

wallarm/resource_rule_attack_rechecker_rewrite.go

@@ -3,6 +3,8 @@ package wallarm
 import (
 	"fmt"
 	"log"
+	"strconv"
+	"strings"
 
 	wallarm "github.com/wallarm/wallarm-go"
 
@@ -17,6 +19,9 @@ func resourceWallarmAttackRecheckerRewrite() *schema.Resource {
 		Read:   resourceWallarmAttackRecheckerRewriteRead,
 		Update: resourceWallarmAttackRecheckerRewriteUpdate,
 		Delete: resourceWallarmAttackRecheckerRewriteDelete,
+		Importer: &schema.ResourceImporter{
+			State: resourceWallarmAttackRecheckerRewriteImport,
+		},
 
 		Schema: map[string]*schema.Schema{
 
@@ -174,6 +179,7 @@ func resourceWallarmAttackRecheckerRewrite() *schema.Resource {
 			"point": {
 				Type:     schema.TypeList,
 				Required: true,
+				ForceNew: true,
 				Elem: &schema.Schema{
 					Type: schema.TypeList,
 					Elem: &schema.Schema{Type: schema.TypeString}},
@@ -182,6 +188,7 @@ func resourceWallarmAttackRecheckerRewrite() *schema.Resource {
 			"rules": {
 				Type:     schema.TypeList,
 				Required: true,
+				ForceNew: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
 		},
@@ -264,7 +271,7 @@ func resourceWallarmAttackRecheckerRewriteRead(d *schema.ResourceData, m interfa
 		OrderDesc: true,
 		Filter: &wallarm.HintFilter{
 			Clientid: []int{clientID},
-			ActionID: []int{actionID},
+			ID:       []int{ruleID},
 		},
 	}
 	actionHints, err := client.HintRead(hint)
@@ -349,3 +356,70 @@ func resourceWallarmAttackRecheckerRewriteUpdate(d *schema.ResourceData, m inter
 	}
 	return resourceWallarmAttackRecheckerRewriteCreate(d, m)
 }
+
+func resourceWallarmAttackRecheckerRewriteImport(d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) {
+	client := m.(wallarm.API)
+	idAttr := strings.SplitN(d.Id(), "/", 3)
+	if len(idAttr) == 3 {
+		clientID, err := strconv.Atoi(idAttr[0])
+		if err != nil {
+			return nil, err
+		}
+		actionID, err := strconv.Atoi(idAttr[1])
+		if err != nil {
+			return nil, err
+		}
+		ruleID, err := strconv.Atoi(idAttr[2])
+		if err != nil {
+			return nil, err
+		}
+		d.Set("action_id", actionID)
+		d.Set("rule_id", ruleID)
+		d.Set("rule_type", "attack_rechecker_rewrite")
+
+		hint := &wallarm.HintRead{
+			Limit:     1000,
+			Offset:    0,
+			OrderBy:   "updated_at",
+			OrderDesc: true,
+			Filter: &wallarm.HintFilter{
+				Clientid: []int{clientID},
+				ID:       []int{ruleID},
+				Type:     []string{"attack_rechecker_rewrite"},
+			},
+		}
+		actionHints, err := client.HintRead(hint)
+		if err != nil {
+			return nil, err
+		}
+		actionsSet := schema.Set{
+			F: hashResponseActionDetails,
+		}
+		var actsSlice []map[string]interface{}
+		if len((*actionHints.Body)) != 0 && len((*actionHints.Body)[0].Action) != 0 {
+			for _, a := range (*actionHints.Body)[0].Action {
+				acts, err := actionDetailsToMap(a)
+				if err != nil {
+					return nil, err
+				}
+				actsSlice = append(actsSlice, acts)
+				actionsSet.Add(acts)
+			}
+			if err := d.Set("action", &actionsSet); err != nil {
+				return nil, err
+			}
+		}
+
+		d.Set("rules", (*actionHints.Body)[0].Rules)
+
+		existingID := fmt.Sprintf("%d/%d/%d", clientID, actionID, ruleID)
+		d.SetId(existingID)
+
+	} else {
+		return nil, fmt.Errorf("invalid id (%q) specified, should be in format \"{clientID}/{actionID}/{ruleID}\"", d.Id())
+	}
+
+	resourceWallarmAttackRecheckerRewriteRead(d, m)
+
+	return []*schema.ResourceData{d}, nil
+}

wallarm/resource_rule_binary_data.go

@@ -266,7 +266,7 @@ func resourceWallarmBinaryDataRead(d *schema.ResourceData, m interface{}) error
 		OrderDesc: true,
 		Filter: &wallarm.HintFilter{
 			Clientid: []int{clientID},
-			ActionID: []int{actionID},
+			ID:       []int{ruleID},
 			Type:     []string{"binary_data"},
 		},
 	}
@@ -426,6 +426,10 @@ func resourceWallarmBinaryDataImport(d *schema.ResourceData, m interface{}) ([]*
 			}
 		}
 
+		pointInterface := (*actionHints.Body)[0].Point
+		point := wrapPointElements(pointInterface)
+		d.Set("point", point)
+
 		existingID := fmt.Sprintf("%d/%d/%d", clientID, actionID, ruleID)
 		d.SetId(existingID)
 

wallarm/resource_rule_bola_counter.go

@@ -241,7 +241,7 @@ func resourceWallarmBolaCounterRead(d *schema.ResourceData, m interface{}) error
 		OrderDesc: true,
 		Filter: &wallarm.HintFilter{
 			Clientid: []int{clientID},
-			ActionID: []int{actionID},
+			ID:       []int{ruleID},
 			Type:     []string{"bola_counter"},
 		},
 	}