-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
138 lines (125 loc) · 4.58 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
resource "cloudflare_ruleset" "this" {
zone_id = lookup(data.cloudflare_zones.domain.zones[0], "id")
name = var.name
kind = var.kind
phase = var.phase
description = var.description
dynamic "rules" {
for_each = var.rules
content {
action = rules.value.action
dynamic "action_parameters" {
for_each = rules.value.action_parameters[*]
content {
# http_config_settings
polish = action_parameters.value.polish
# http_log_custom_fields
cookie_fields = action_parameters.value.cookie_fields
request_fields = action_parameters.value.request_fields
response_fields = action_parameters.value.response_fields
# http_request_dynamic_redirect
dynamic "from_value" {
for_each = rules.value.action_parameters.from_value[*]
content {
preserve_query_string = from_value.value.preserve_query_string
status_code = from_value.value.status_code
dynamic "target_url" {
for_each = from_value.value.target_url.value != null ? [1] : []
content {
value = from_value.value.target_url.value
}
}
dynamic "target_url" {
for_each = from_value.value.target_url.expression != null ? [1] : []
content {
expression = from_value.value.target_url.expression
}
}
}
}
# http_request_firewall_custom
phases = action_parameters.value.phases
ruleset = action_parameters.value.ruleset
products = action_parameters.value.products
# http_request_firewall_managed
id = action_parameters.value.id
dynamic "overrides" {
for_each = rules.value.action_parameters.overrides[*]
content {
action = overrides.value.action
dynamic "categories" {
for_each = overrides.value.categories
content {
action = categories.value.action
category = categories.value.category
enabled = categories.value.enabled
}
}
enabled = overrides.value.enabled
dynamic "rules" {
for_each = overrides.value.rules
iterator = override_rule
content {
id = override_rule.value.id
action = override_rule.value.action
enabled = override_rule.value.enabled
score_threshold = override_rule.value.score_threshold
}
}
}
}
# http_request_origin
host_header = action_parameters.value.host_header
dynamic "origin" {
for_each = rules.value.action_parameters.origin[*]
content {
host = origin.value.host
port = origin.value.port
}
}
# http_request_transform
dynamic "uri" {
for_each = rules.value.action_parameters.uri[*]
content {
dynamic "path" {
for_each = uri.value.path[*]
content {
value = path.value
}
}
dynamic "query" {
for_each = uri.value.query[*]
content {
value = query.value
}
}
}
}
}
}
# http_ratelimit
dynamic "ratelimit" {
for_each = rules.value.ratelimit[*]
content {
characteristics = ratelimit.value.characteristics
counting_expression = ratelimit.value.counting_expression
mitigation_timeout = ratelimit.value.mitigation_timeout
period = ratelimit.value.period
requests_per_period = ratelimit.value.requests_per_period
requests_to_origin = ratelimit.value.requests_to_origin
score_per_period = ratelimit.value.score_per_period
score_response_header_name = ratelimit.value.score_response_header_name
}
}
description = rules.value.description
enabled = rules.value.enabled
expression = rules.value.expression
dynamic "logging" {
for_each = rules.value.logging[*]
content {
enabled = logging.value.enabled
}
}
}
}
}