Merge pull request #12 from signalsciences/FixComplexRuleConditions

Fix customer issues for v0.2. Complex rule condition fix 3 deep and expanding. fix immutable site attributes. fix site alerts, add tests for all issues
signalsciences · Oct 6, 2020 · 7a2e7cc · 7a2e7cc
2 parents d6395fc + 5e38375
commit 7a2e7cc
Show file tree

Hide file tree

Showing 11 changed files with 252 additions and 35 deletions.
diff --git a/go.mod b/go.mod
@@ -5,5 +5,5 @@ go 1.14
 require (
 	github.com/davecgh/go-spew v1.1.1
 	github.com/hashicorp/terraform-plugin-sdk v1.14.0
-	github.com/signalsciences/go-sigsci v0.1.1-0.20200908173133-5e947c11afc3
+	github.com/signalsciences/go-sigsci v0.1.1-0.20201006182813-f95ff43997bc
 )
diff --git a/go.sum b/go.sum
@@ -168,6 +168,8 @@ github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/signalsciences/go-sigsci v0.1.1-0.20200908173133-5e947c11afc3 h1:z/j8qG4eW0k26CkDmQEf/8o2pGdRVqOa0a6pQVF87+c=
 github.com/signalsciences/go-sigsci v0.1.1-0.20200908173133-5e947c11afc3/go.mod h1:QzNMfETjwm4NFuFS4K1UoLO4wWdopUv3AFyvO092Fak=
+github.com/signalsciences/go-sigsci v0.1.1-0.20201006182813-f95ff43997bc h1:6791XANMlLdHrd+vgGA2d4d/sFJYBGc8pg+2FSb0iRE=
+github.com/signalsciences/go-sigsci v0.1.1-0.20201006182813-f95ff43997bc/go.mod h1:QzNMfETjwm4NFuFS4K1UoLO4wWdopUv3AFyvO092Fak=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=

diff --git a/main.tf b/main.tf
@@ -186,3 +186,78 @@ resource "sigsci_site_redaction" "test_redaction" {
   redaction_type  = 0
 }
 
+
+resource "sigsci_site_rule" "testt" {
+  site_short_name = sigsci_site.my-site.short_name
+  type            = "request"
+  group_operator  = "all"
+  enabled         = true
+  reason          = "Example site rule update"
+  expiration      = ""
+
+  conditions {
+    type           = "multival"
+    field          = "signal"
+    group_operator = "all"
+    operator       = "exists"
+    conditions {
+      field    = "signalType"
+      operator = "equals"
+      type     = "single"
+      value    = "RESPONSESPLIT"
+    }
+  }
+
+  conditions {
+    type           = "group"
+    group_operator = "any"
+    conditions {
+      field    = "useragent"
+      operator = "like"
+      type     = "single"
+      value    = "python-requests*"
+    }
+
+    conditions {
+      type           = "multival"
+      field          = "requestHeader"
+      operator       = "doesNotExist"
+      group_operator = "all"
+      conditions {
+        field    = "name"
+        operator = "equals"
+        type     = "single"
+        value    = "cookie"
+      }
+    }
+
+    conditions {
+      type           = "multival"
+      field          = "signal"
+      operator       = "exists"
+      group_operator = "any"
+      conditions {
+        field    = "signalType"
+        operator = "equals"
+        type     = "single"
+        value    = "TORNODE"
+      }
+      conditions {
+        field    = "signalType"
+        operator = "equals"
+        type     = "single"
+        value    = "SIGSCI-IP"
+      }
+      conditions {
+        field    = "signalType"
+        operator = "equals"
+        type     = "single"
+        value    = "SCANNER"
+      }
+    }
+  }
+
+  actions {
+    type = "block"
+  }
+}
diff --git a/provider/lib.go b/provider/lib.go
@@ -377,8 +377,15 @@ func expandRuleActions(actionsResource *schema.Set) []sigsci.Action {
 	var actions []sigsci.Action
 	for _, genericElement := range actionsResource.List() {
 		castElement := genericElement.(map[string]interface{})
+		var signal string
+
+		if castElement["signal"] != nil {
+			signal = castElement["signal"].(string)
+		}
+
 		a := sigsci.Action{
-			Type: castElement["type"].(string),
+			Type:   castElement["type"].(string),
+			Signal: signal,
 		}
 		actions = append(actions, a)
 	}
@@ -431,7 +438,8 @@ func flattenRuleActions(actions []sigsci.Action) []interface{} {
 	var actionsMap = make([]interface{}, len(actions), len(actions))
 	for i, action := range actions {
 		actionMap := map[string]interface{}{
-			"type": action.Type,
+			"type":   action.Type,
+			"signal": action.Signal,
 		}
 		actionsMap[i] = actionMap
 	}

diff --git a/provider/resource_corp_rule.go b/provider/resource_corp_rule.go
@@ -60,6 +60,11 @@ func resourceCorpRule() *schema.Resource {
 							Description: "(block, allow, exclude)",
 							Required:    true,
 						},
+						"signal": {
+							Type:        schema.TypeString,
+							Description: "(block, allow, exclude)",
+							Optional:    true,
+						},
 					},
 				},
 			},
@@ -126,6 +131,40 @@ func resourceCorpRule() *schema.Resource {
 										Description: "type: single - See request fields (https://docs.signalsciences.net/using-signal-sciences/features/rules/#request-fields)",
 										Optional:    true,
 									},
+									"conditions": {
+										Type:        schema.TypeSet,
+										Description: "Conditions",
+										Optional:    true,
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"type": {
+													Type:        schema.TypeString,
+													Description: "(group, single)",
+													Required:    true,
+												},
+												"field": {
+													Type:        schema.TypeString,
+													Description: "type: single - (scheme, method, path, useragent, domain, ip, responseCode, agentname, paramname, paramvalue, country, name, valueString, valueIp, signalType)",
+													Optional:    true,
+												},
+												"operator": {
+													Type:        schema.TypeString,
+													Description: "type: single - (equals, doesNotEqual, contains, doesNotContain, like, notLike, exists, doesNotExist, inList, notInList)",
+													Optional:    true,
+												},
+												"group_operator": {
+													Type:        schema.TypeString,
+													Description: "type: group - Conditions that must be matched when evaluating the request (all, any)",
+													Optional:    true,
+												},
+												"value": {
+													Type:        schema.TypeString,
+													Description: "type: single - See request fields (https://docs.signalsciences.net/using-signal-sciences/features/rules/#request-fields)",
+													Optional:    true,
+												},
+											},
+										},
+									},
 								},
 							},
 						},

diff --git a/provider/resource_corp_rule_test.go b/provider/resource_corp_rule_test.go
@@ -44,8 +44,9 @@ func TestResourceCorpRule_basic(t *testing.T) {
 					}
 			}`, testSite),
 				Check: resource.ComposeAggregateTestCheckFunc(
+					testInspect(),
 					resource.TestCheckResourceAttr(resourceName, "actions.#", "1"),
-					resource.TestCheckResourceAttr(resourceName, "actions.1859487095.type", "excludeSignal"),
+					resource.TestCheckResourceAttr(resourceName, "actions.895671942.type", "excludeSignal"),
 					resource.TestCheckResourceAttr(resourceName, "conditions.#", "2"),
 					resource.TestCheckResourceAttr(resourceName, "conditions.2534374319.conditions.#", "0"),
 					resource.TestCheckResourceAttr(resourceName, "conditions.2534374319.field", "ip"),

diff --git a/provider/resource_site.go b/provider/resource_site.go
@@ -35,7 +35,7 @@ func resourceSite() *schema.Resource {
 				Type:        schema.TypeString,
 				Description: "Agent action level - 'block', 'log' or 'off'",
 				Optional:    true,
-				Default:     "log", // TODO not in docs, but enforced by api
+				Default:     "log",
 			},
 			"agent_anon_mode": {
 				Type:        schema.TypeString,
@@ -52,8 +52,8 @@ func resourceSite() *schema.Resource {
 			"block_http_code": {
 				Type:        schema.TypeInt,
 				Description: "HTTP response code to send when when traffic is being blocked",
-				Optional:    true,
-				Default:     406,
+				Computed:    true,
+				//Default:     406,
 			},
 		},
 	}
@@ -76,6 +76,12 @@ func createSite(d *schema.ResourceData, m interface{}) error {
 	}
 	d.SetId(site.Name)
 
+	// For whatever reason, you cannot create without default values, but you may update them later
+	// If these are not the default values, update
+	if d.Get("block_duration_seconds").(int) != 86400 || d.Get("agent_anon_mode").(string) != "" {
+		return updateSite(d, m)
+	}
+
 	return readSite(d, m)
 }
 

diff --git a/provider/resource_site_alert.go b/provider/resource_site_alert.go
@@ -39,11 +39,6 @@ func resourceSiteAlert() *schema.Resource {
 				Description: "The number of occurrences of the tag in the interval needed to trigger the alert. Min 1, Max 10000",
 				Optional:    true,
 			},
-			"block_duration_seconds": {
-				Type:        schema.TypeInt,
-				Description: "The number of seconds this alert is active.",
-				Optional:    true,
-			},
 			"enabled": {
 				Type:        schema.TypeBool,
 				Description: "A flag to toggle this alert.",

diff --git a/provider/resource_site_rule.go b/provider/resource_site_rule.go
@@ -56,6 +56,11 @@ func resourceSiteRule() *schema.Resource {
 							Description: "(block, allow, exclude)",
 							Required:    true,
 						},
+						"signal": {
+							Type:        schema.TypeString,
+							Description: "signal id to tag",
+							Optional:    true,
+						},
 					},
 				},
 			},
@@ -305,7 +310,7 @@ func resourceSiteRuleUpdate(d *schema.ResourceData, m interface{}) error {
 
 	_, err := sc.UpdateSiteRuleByID(corp, site, d.Id(), updateSiteRuleBody)
 	if err != nil {
-		return fmt.Errorf("%s. Could not update redaction with Id %s in corp %s site %s", err.Error(), d.Id(), corp, site)
+		return err
 	}
 	rule, err := sc.GetSiteRuleByID(corp, site, d.Id())
 	if err == nil && !reflect.DeepEqual(updateSiteRuleBody, rule.CreateSiteRuleBody) {