cf-terraforming

cf-terraforming copied to clipboard

Some managed firewall rules are failing to clone for HTTP Apps, because of the cf-tf generated tf resource is missing action_paramters.

The problematic part of the rulesets API response: { "id": "062a7840e0cb47f7b36acd2d507ce584", "version": "2", "action": "skip", "expression": "(http.request.uri.path contains \"/filters\")", "description": "firewall rule", "last_updated": "2021-09-03T06:42:41.341405Z", "ref": "062a7840e0cb47f7b36acd2d507ce584", "enabled": true, "logging": { "enabled": true }, "action_parameters": { "rules":{ "efb7b8c949ac4650a09736fc376e9aee": [ "062a7840e0cb47f7b36acd2d507ce584", "5cLhGXtTafjwPkdy8fmW5QvPiokBuZhi" ] } } }

This was generated into rules { action = "skip" description = "firewall rule" enabled = true expression = "(http.request.uri.path contains \"/filters\")" logging { enabled = true } }

cf-tf were emitting action_parameters completely, as it wasn't supporting nested rules in the format above.

Based on https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/ruleset#rules action_parameters can have nested rules in the following format: [rules](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/ruleset#rules) (Map of String) Map of managed WAF rule ID to comma-delimited string of ruleset rule IDs. Example: rules = { "efb7b8c949ac4650a09736fc376e9aee" = "5de7edfa648c4d6891dc3e7f84534ffa,e3a567afc347477d9702d9047e97d760" }.

This PR aims to transform these API responses.

Note, that I had to add support for Map type in nested block writer: https://github.com/cloudflare/cf-terraforming/commit/e0ef72733f60e714f4196dc0463e771f007e4298#diff-b4f8717358ea5838cb85f485f02a2960bfea7b5e9b13b4cb273289147d855da1