nest status within web_application_firewall

hashicorp · Nov 21, 2024 · 714e6b6 · 714e6b6
1 parent bd06e95
commit 714e6b6
Show file tree

Hide file tree

Showing 6 changed files with 88 additions and 96 deletions.
diff --git a/internal/services/nginx/nginx_deployment_data_source.go b/internal/services/nginx/nginx_deployment_data_source.go
@@ -19,26 +19,25 @@ import (
 )
 
 type DeploymentDataSourceModel struct {
-	ResourceGroupName              string                                     `tfschema:"resource_group_name"`
-	Name                           string                                     `tfschema:"name"`
-	NginxVersion                   string                                     `tfschema:"nginx_version"`
-	Identity                       []identity.ModelSystemAssignedUserAssigned `tfschema:"identity"`
-	Sku                            string                                     `tfschema:"sku"`
-	ManagedResourceGroup           string                                     `tfschema:"managed_resource_group"`
-	Location                       string                                     `tfschema:"location"`
-	Capacity                       int64                                      `tfschema:"capacity"`
-	AutoScaleProfile               []AutoScaleProfile                         `tfschema:"auto_scale_profile"`
-	DiagnoseSupportEnabled         bool                                       `tfschema:"diagnose_support_enabled"`
-	Email                          string                                     `tfschema:"email"`
-	IpAddress                      string                                     `tfschema:"ip_address"`
-	LoggingStorageAccount          []LoggingStorageAccount                    `tfschema:"logging_storage_account"`
-	FrontendPublic                 []FrontendPublic                           `tfschema:"frontend_public"`
-	FrontendPrivate                []FrontendPrivate                          `tfschema:"frontend_private"`
-	NetworkInterface               []NetworkInterface                         `tfschema:"network_interface"`
-	UpgradeChannel                 string                                     `tfschema:"automatic_upgrade_channel"`
-	WebApplicationFirewallSettings []WebApplicationFirewallSettings           `tfschema:"web_application_firewall_settings"`
-	WebApplicationFirewallStatus   []WebApplicationFirewallStatus             `tfschema:"web_application_firewall_status"`
-	Tags                           map[string]string                          `tfschema:"tags"`
+	ResourceGroupName      string                                     `tfschema:"resource_group_name"`
+	Name                   string                                     `tfschema:"name"`
+	NginxVersion           string                                     `tfschema:"nginx_version"`
+	Identity               []identity.ModelSystemAssignedUserAssigned `tfschema:"identity"`
+	Sku                    string                                     `tfschema:"sku"`
+	ManagedResourceGroup   string                                     `tfschema:"managed_resource_group"`
+	Location               string                                     `tfschema:"location"`
+	Capacity               int64                                      `tfschema:"capacity"`
+	AutoScaleProfile       []AutoScaleProfile                         `tfschema:"auto_scale_profile"`
+	DiagnoseSupportEnabled bool                                       `tfschema:"diagnose_support_enabled"`
+	Email                  string                                     `tfschema:"email"`
+	IpAddress              string                                     `tfschema:"ip_address"`
+	LoggingStorageAccount  []LoggingStorageAccount                    `tfschema:"logging_storage_account"`
+	FrontendPublic         []FrontendPublic                           `tfschema:"frontend_public"`
+	FrontendPrivate        []FrontendPrivate                          `tfschema:"frontend_private"`
+	NetworkInterface       []NetworkInterface                         `tfschema:"network_interface"`
+	UpgradeChannel         string                                     `tfschema:"automatic_upgrade_channel"`
+	WebApplicationFirewall []WebApplicationFirewall                   `tfschema:"web_application_firewall"`
+	Tags                   map[string]string                          `tfschema:"tags"`
 }
 
 type DeploymentDataSource struct{}
@@ -196,7 +195,7 @@ func (m DeploymentDataSource) Attributes() map[string]*pluginsdk.Schema {
 			Computed: true,
 		},
 
-		"web_application_firewall_settings": {
+		"web_application_firewall": {
 			Type:     pluginsdk.TypeList,
 			Computed: true,
 			Elem: &pluginsdk.Resource{
@@ -205,19 +204,18 @@ func (m DeploymentDataSource) Attributes() map[string]*pluginsdk.Schema {
 						Type:     pluginsdk.TypeString,
 						Computed: true,
 					},
-				},
-			},
-		},
-
-		"web_application_firewall_status": {
-			Type:     pluginsdk.TypeList,
-			Computed: true,
-			Elem: &pluginsdk.Resource{
-				Schema: map[string]*pluginsdk.Schema{
-					"attack_signatures_package": webApplicationFirewallPackageComputed(),
-					"bot_signatures_package":    webApplicationFirewallPackageComputed(),
-					"threat_campaigns_package":  webApplicationFirewallPackageComputed(),
-					"component_versions":        webApplicationFirewallComponentVersionsComputed(),
+					"status": {
+						Type:     pluginsdk.TypeList,
+						Computed: true,
+						Elem: &pluginsdk.Resource{
+							Schema: map[string]*pluginsdk.Schema{
+								"attack_signatures_package": webApplicationFirewallPackageComputed(),
+								"bot_signatures_package":    webApplicationFirewallPackageComputed(),
+								"threat_campaigns_package":  webApplicationFirewallPackageComputed(),
+								"component_versions":        webApplicationFirewallComponentVersionsComputed(),
+							},
+						},
+					},
 				},
 			},
 		},
@@ -381,12 +379,9 @@ func (m DeploymentDataSource) Read() sdk.ResourceFunc {
 					}
 
 					if nap := props.NginxAppProtect; nap != nil {
+						waf := WebApplicationFirewall{}
 						if state := nap.WebApplicationFirewallSettings.ActivationState; state != nil {
-							output.WebApplicationFirewallSettings = []WebApplicationFirewallSettings{
-								{
-									string(*state),
-								},
-							}
+							waf.ActivationState = string(*state)
 						}
 						if status := nap.WebApplicationFirewallStatus; status != nil {
 							wafStatus := WebApplicationFirewallStatus{}
@@ -422,7 +417,8 @@ func (m DeploymentDataSource) Read() sdk.ResourceFunc {
 									},
 								}
 							}
-							output.WebApplicationFirewallStatus = []WebApplicationFirewallStatus{wafStatus}
+							waf.Status = []WebApplicationFirewallStatus{wafStatus}
+							output.WebApplicationFirewall = []WebApplicationFirewall{waf}
 						}
 					}
 

diff --git a/internal/services/nginx/nginx_deployment_data_source_test.go b/internal/services/nginx/nginx_deployment_data_source_test.go
@@ -88,7 +88,7 @@ func TestAccNginxDeploymentDataSource_nginxappprotect(t *testing.T) {
 		{
 			Config: r.basicNginxAppProtect(data),
 			Check: acceptance.ComposeTestCheckFunc(
-				check.That(data.ResourceName).Key("web_application_firewall_settings.0.activation_state").HasValue("Enabled"),
+				check.That(data.ResourceName).Key("web_application_firewall.0.activation_state").HasValue("Enabled"),
 			),
 		},
 	})

diff --git a/internal/services/nginx/nginx_deployment_resource.go b/internal/services/nginx/nginx_deployment_resource.go
@@ -62,8 +62,9 @@ type AutoScaleProfile struct {
 	Max  int64  `tfschema:"max_capacity"`
 }
 
-type WebApplicationFirewallSettings struct {
-	ActivationState string `tfschema:"activation_state"`
+type WebApplicationFirewall struct {
+	ActivationState string                         `tfschema:"activation_state"`
+	Status          []WebApplicationFirewallStatus `tfschema:"status"`
 }
 
 type WebApplicationFirewallPackage struct {
@@ -84,25 +85,24 @@ type WebApplicationFirewallStatus struct {
 }
 
 type DeploymentModel struct {
-	ResourceGroupName              string                                     `tfschema:"resource_group_name"`
-	Name                           string                                     `tfschema:"name"`
-	NginxVersion                   string                                     `tfschema:"nginx_version"`
-	Identity                       []identity.ModelSystemAssignedUserAssigned `tfschema:"identity"`
-	Sku                            string                                     `tfschema:"sku"`
-	ManagedResourceGroup           string                                     `tfschema:"managed_resource_group"`
-	Location                       string                                     `tfschema:"location"`
-	Capacity                       int64                                      `tfschema:"capacity"`
-	AutoScaleProfile               []AutoScaleProfile                         `tfschema:"auto_scale_profile"`
-	DiagnoseSupportEnabled         bool                                       `tfschema:"diagnose_support_enabled"`
-	Email                          string                                     `tfschema:"email"`
-	IpAddress                      string                                     `tfschema:"ip_address"`
-	LoggingStorageAccount          []LoggingStorageAccount                    `tfschema:"logging_storage_account"`
-	FrontendPublic                 []FrontendPublic                           `tfschema:"frontend_public"`
-	FrontendPrivate                []FrontendPrivate                          `tfschema:"frontend_private"`
-	NetworkInterface               []NetworkInterface                         `tfschema:"network_interface"`
-	UpgradeChannel                 string                                     `tfschema:"automatic_upgrade_channel"`
-	WebApplicationFirewallSettings []WebApplicationFirewallSettings           `tfschema:"web_application_firewall_settings"`
-	WebApplicationFirewallStatus   []WebApplicationFirewallStatus             `tfschema:"web_application_firewall_status"`
+	ResourceGroupName      string                                     `tfschema:"resource_group_name"`
+	Name                   string                                     `tfschema:"name"`
+	NginxVersion           string                                     `tfschema:"nginx_version"`
+	Identity               []identity.ModelSystemAssignedUserAssigned `tfschema:"identity"`
+	Sku                    string                                     `tfschema:"sku"`
+	ManagedResourceGroup   string                                     `tfschema:"managed_resource_group"`
+	Location               string                                     `tfschema:"location"`
+	Capacity               int64                                      `tfschema:"capacity"`
+	AutoScaleProfile       []AutoScaleProfile                         `tfschema:"auto_scale_profile"`
+	DiagnoseSupportEnabled bool                                       `tfschema:"diagnose_support_enabled"`
+	Email                  string                                     `tfschema:"email"`
+	IpAddress              string                                     `tfschema:"ip_address"`
+	LoggingStorageAccount  []LoggingStorageAccount                    `tfschema:"logging_storage_account"`
+	FrontendPublic         []FrontendPublic                           `tfschema:"frontend_public"`
+	FrontendPrivate        []FrontendPrivate                          `tfschema:"frontend_private"`
+	NetworkInterface       []NetworkInterface                         `tfschema:"network_interface"`
+	UpgradeChannel         string                                     `tfschema:"automatic_upgrade_channel"`
+	WebApplicationFirewall []WebApplicationFirewall                   `tfschema:"web_application_firewall"`
 	// Deprecated: remove in next major version
 	Configuration []Configuration   `tfschema:"configuration,removedInNextMajorVersion"`
 	Tags          map[string]string `tfschema:"tags"`
@@ -285,7 +285,7 @@ func (m DeploymentResource) Arguments() map[string]*pluginsdk.Schema {
 				}, false),
 		},
 
-		"web_application_firewall_settings": {
+		"web_application_firewall": {
 			Type:     pluginsdk.TypeList,
 			Optional: true,
 			MaxItems: 1,
@@ -300,6 +300,18 @@ func (m DeploymentResource) Arguments() map[string]*pluginsdk.Schema {
 								"Disabled",
 							}, false),
 					},
+					"status": {
+						Type:     pluginsdk.TypeList,
+						Computed: true,
+						Elem: &pluginsdk.Resource{
+							Schema: map[string]*pluginsdk.Schema{
+								"attack_signatures_package": webApplicationFirewallPackageComputed(),
+								"bot_signatures_package":    webApplicationFirewallPackageComputed(),
+								"threat_campaigns_package":  webApplicationFirewallPackageComputed(),
+								"component_versions":        webApplicationFirewallComponentVersionsComputed(),
+							},
+						},
+					},
 				},
 			},
 		},
@@ -393,19 +405,6 @@ func (m DeploymentResource) Attributes() map[string]*pluginsdk.Schema {
 			Type:     pluginsdk.TypeString,
 			Computed: true,
 		},
-
-		"web_application_firewall_status": {
-			Type:     pluginsdk.TypeList,
-			Computed: true,
-			Elem: &pluginsdk.Resource{
-				Schema: map[string]*pluginsdk.Schema{
-					"attack_signatures_package": webApplicationFirewallPackageComputed(),
-					"bot_signatures_package":    webApplicationFirewallPackageComputed(),
-					"threat_campaigns_package":  webApplicationFirewallPackageComputed(),
-					"component_versions":        webApplicationFirewallComponentVersionsComputed(),
-				},
-			},
-		},
 	}
 }
 
@@ -551,8 +550,8 @@ func (m DeploymentResource) Create() sdk.ResourceFunc {
 				}
 			}
 
-			if len(model.WebApplicationFirewallSettings) > 0 {
-				activationState := nginxdeployment.ActivationState(model.WebApplicationFirewallSettings[0].ActivationState)
+			if len(model.WebApplicationFirewall) > 0 {
+				activationState := nginxdeployment.ActivationState(model.WebApplicationFirewall[0].ActivationState)
 				prop.NginxAppProtect = &nginxdeployment.NginxDeploymentPropertiesNginxAppProtect{
 					WebApplicationFirewallSettings: nginxdeployment.WebApplicationFirewallSettings{
 						ActivationState: &activationState,
@@ -692,12 +691,9 @@ func (m DeploymentResource) Read() sdk.ResourceFunc {
 					}
 
 					if nap := props.NginxAppProtect; nap != nil {
+						waf := WebApplicationFirewall{}
 						if state := nap.WebApplicationFirewallSettings.ActivationState; state != nil {
-							output.WebApplicationFirewallSettings = []WebApplicationFirewallSettings{
-								{
-									string(*state),
-								},
-							}
+							waf.ActivationState = string(*state)
 						}
 						if status := nap.WebApplicationFirewallStatus; status != nil {
 							wafStatus := WebApplicationFirewallStatus{}
@@ -733,7 +729,8 @@ func (m DeploymentResource) Read() sdk.ResourceFunc {
 									},
 								}
 							}
-							output.WebApplicationFirewallStatus = []WebApplicationFirewallStatus{wafStatus}
+							waf.Status = []WebApplicationFirewallStatus{wafStatus}
+							output.WebApplicationFirewall = []WebApplicationFirewall{waf}
 						}
 					}
 
@@ -876,8 +873,8 @@ func (m DeploymentResource) Update() sdk.ResourceFunc {
 				return fmt.Errorf("basic SKUs are incompatible with `capacity` or `auto_scale_profiles`")
 			}
 
-			if meta.ResourceData.HasChange("web_application_firewall_settings") {
-				activationState := nginxdeployment.ActivationState(model.WebApplicationFirewallSettings[0].ActivationState)
+			if meta.ResourceData.HasChange("web_application_firewall") {
+				activationState := nginxdeployment.ActivationState(model.WebApplicationFirewall[0].ActivationState)
 				req.Properties.NginxAppProtect = &nginxdeployment.NginxDeploymentUpdatePropertiesNginxAppProtect{
 					WebApplicationFirewallSettings: &nginxdeployment.WebApplicationFirewallSettings{
 						ActivationState: &activationState,

diff --git a/internal/services/nginx/nginx_deployment_resource_test.go b/internal/services/nginx/nginx_deployment_resource_test.go
@@ -335,7 +335,7 @@ resource "azurerm_nginx_deployment" "test" {
     subnet_id = azurerm_subnet.test.id
   }
 
-  web_application_firewall_settings {
+  web_application_firewall {
     activation_state = "Enabled"
   }
 

diff --git a/website/docs/d/nginx_deployment.html.markdown b/website/docs/d/nginx_deployment.html.markdown
@@ -67,9 +67,7 @@ In addition to the Arguments listed above - the following Attributes are exporte
 
 * `automatic_upgrade_channel` - The automatic upgrade channel for this NGINX deployment.
 
-* `web_application_firewall_settings` - A `web_application_firewall_settings` block as defined below.
-
-* `web_application_firewall_status` - A `web_application_firewall_status` block as defined below.
+* `web_application_firewall` - A `web_application_firewall` block as defined below.
 
 * `tags` - A mapping of tags assigned to the NGINX Deployment.
 
@@ -123,13 +121,14 @@ An `auto_scale_profile` block exports the following:
 
 ---
 
-A `web_application_firewall_settings` block exports the following:
+A `web_application_firewall` block exports the following:
 
 * `activation_state` - Whether WAF is enabled/disabled for this NGINX Deployment. Use 'Enabled' to enable WAF and 'Disabled' to disable it.
+* `status` - A `status` block as defined below.
 
 ---
 
-A `web_application_firewall_status` block exports the following:
+A `web_application_firewall.status` block exports the following:
 
 * `attack_signatures_package` - Indicates the version of the attack signatures package used by NGINX App Protect.
 

diff --git a/website/docs/r/nginx_deployment.html.markdown b/website/docs/r/nginx_deployment.html.markdown
@@ -116,7 +116,7 @@ The following arguments are supported:
 
 * `automatic_upgrade_channel` - (Optional) Specify the automatic upgrade channel for the NGINX deployment. Defaults to `stable`. The possible values are `stable` and `preview`.
 
-* `web_application_firewall_settings` - (Optional) A `web_application_firewall_settings` blocks as defined below.
+* `web_application_firewall` - (Optional) A `web_application_firewall` blocks as defined below.
 
 * `tags` - (Optional) A mapping of tags which should be assigned to the NGINX Deployment.
 
@@ -174,7 +174,7 @@ An `auto_scale_profile` block supports the following:
 
 ---
 
-A `web_application_firewall_settings` - block supports the following:
+A `web_application_firewall` - block supports the following:
 
 * `activation_state` - (Required) Whether WAF is enabled/disabled for this NGINX Deployment. Use 'Enabled' to enable WAF and 'Disabled' to disable it.
 
@@ -188,11 +188,11 @@ In addition to the Arguments listed above - the following Attributes are exporte
 
 * `nginx_version` - The version of deployed NGINX.
 
-* `web_application_firewall_status` - A `web_application_firewall_status` block as defined below:
+* `web_application_firewall.status` - A `web_application_firewall.status` block as defined below:
 
 ---
 
-A `web_application_firewall_status` - block supports the following:
+A `web_application_firewall.status` - block supports the following:
 
 * `attack_signatures_package` - Indicates the version of the attack signatures package used by NGINX App Protect.