wallarm_api_discovery_config— singleton resource managing the API Discovery configuration (Settings → API Discovery). Editable: enabled flag, protocols (REST/GraphQL/SOAP/GRPC/MCP), content-type filter, endpoint-stability thresholds, parameter-type and PII detection thresholds, disabled-apps list. Read-only attributes mirror the rest of the API response for drift visibility. Bumpswallarm-goto v0.13.0 to addAPIDiscoveryinterface.
data.wallarm_hits: emitinstancecondition for default-app (poolID=-1) hits — fixes 4-vs-5 condition hash mismatch on instance-included API clients.
- Committed reference data — added 13 reference docs,
spec/point_map.json,spec/actions_examples.json, andscripts/fetch_point_refs.pyto the repo. Dedupe ofspec/actions_examples.json(343 raw samples → 82 unique shapes; 18,447 → 4,776 lines). Real domains inspec/actions_examples.jsonscrubbed toexample.com. Deadinit-pluginMakefile target andplugindircheck.shremoved. - Lint modernization —
interface{}→anyacrosswallarm/andscripts/(~990 sites);WriteString(fmt.Sprintf)→fmt.Fprintf(25 sites); 2 tagged-switch conversions. No behavior change.
Rules polish batch — naming cleanup, schema-shape audit (symmetric remove-restores-default), safety hardening, test gap fills. Bumps
wallarm-goto v0.12.2.Migration note: the
Optional+Computed→Optional+Default(<value>)flips below cover ~13 fields. Resources whose API value differs from the new schema default will produce a one-time plan diff after upgrade — reviewterraform planoutput before applying. Affectsactive(all resources),additional_parameters/plain_parameters(brute/bola/enum),introspection/debug_enabled/max_depth/max_value_size_kb/max_doc_size_kb/max_doc_per_batch/max_aliases(graphql_detection),mode(overlimit_res_settings, file_upload_size_limit),time_unit(rate_limit).
- [ACTION REQUIRED]
wallarm_rule_graphql_detection: renamemax_alias_size_kb→max_aliasesin HCL.
wallarm_rule_graphql_detection.max_alias_size_kbrenamed tomax_aliases(count, not size; wire JSON tag unchanged).mitigation(all rule resources) nowComputedonly (wasOptional+Computed); HCL setting it now fails validation.wallarm_rule_regex.experimentaldefault behaviour: HCL omitting the field now creates a regularregexrule (wasexperimental_regex).
wallarm_rule_graphql_detection.introspection/.debug_enablednowOptional+Default(true)— symmetric remove-restores-default.active(all rule resources) nowOptional+Default(true)— same.enumerated_parameters.additional_parameters/.plain_parametersnowOptional+Default(false)(rule_brute/_bola/_enum) — same.wallarm_rule_graphql_detectionint fields nowOptional+Default(<API default>)—max_depth,max_value_size_kb(range1..100validator added),max_doc_size_kb,max_doc_per_batch.wallarm_rule_graphql_detection.max_aliasesnowOptional+Default(5)(wasOptional+Computed+ForceNew); mutates in place. Addswallarm-go.HintUpdateV3Params.MaxAliases+resourcerule.WithMaxAliases.wallarm_rule_overlimit_res_settings.modenowOptional+Default("monitoring").wallarm_rule_rate_limit.time_unitnowOptional+Default("rps").wallarm_rule_file_upload_size_limit.modenowOptional+Default("monitoring");sizegainsIntAtLeast(1)validator.wallarm_rule_regex.experimentalnowOptional+Computed+ForceNew(wasOptional+Default(true)+ForceNew; ForceNew retained); Read derives fromrule_type. Prevents destroy-on-import for regularregexrules.findActionByConditionsHash200-page pagination cap — bounds previously unbounded loop.setIfExistspanic-swallow removed — replaced with explicit cty guards inrawStateHasKey.- Plan-time enum validators added:
attack_typeon rule_disable_attack_type/vpatch (17 values each), rule_regex (16);block_by_session/ip+graylist_by_ipaccept0(unset, dropped on wire) OR600..315569520— preservesterraform import+-generate-config-outround-trip on partially-set reactions;threshold.count/.periodIntAtLeast(1)— surfaces API constraint at plan time. - Generic helper
resourcerule.GetPointerIfConfigured[T any]replaces type-specific variants — used by rate_limitdelay/burstwhere 0 is meaningful.
Schema actualisation against API ground truth, zero-value pointer fixes, plan-time validator for
enumerated_parameters, full rule-test harness migration. Bumpswallarm-goto v0.12.1.
- [ACTION REQUIRED]
wallarm_rule_rate_limit: addrsp_status = <400..599>(typical429) — now Required. - [ACTION REQUIRED]
wallarm_rule_file_upload_size_limit: addsize = N— now Required. - [ACTION REQUIRED]
wallarm_rule_brute/_bola/_enumin regexp mode: set bothname_regexpsandvalue_regexps(use[""]to skip a filter). - Direct callers of
wallarm-goActionCreate:Rate/Burst/Delay/OverlimitTimeare*int— wrap zero withlo.ToPtr(0).
- schema(rule): dropped
Computed: truefromset,title,enumerated_parameters.{name_regexps,value_regexps},reaction.{block_by_session,block_by_ip,graylist_by_ip}— masked SDKv2 zero-value updates. Imports may produce a one-time clearing diff. - schema(rule_rate_limit):
rsp_statusOptional → Required;burst/time_unitRequired → Optional+Computed. - schema(rule_overlimit_res_settings):
modeRequired → Optional+Computed. - schema(rule_file_upload_size_limit):
sizeOptional → Required;mode/size_unit/pointRequired → Optional+Computed.
- resourcerule.Create:
activedefaulted tofalsefor 7 mitigation controls; nowtrue. May produce a one-timefalse → trueplan diff for legacy rules. - rule_rate_limit, rule_overlimit_res_settings: user-typed
rate=0/burst=0/delay=0/overlimit_time=0now reach the API (bumpswallarm-goto v0.12.1 for*int+omitempty). - rule_graphql_detection:
max_depth,max_value_size_kb,max_doc_size_kb,max_doc_per_batch,introspection,debug_enabled→ Optional+Computed; Update used to zero API-defaulted ints. - rule_brute, rule_bola, rule_enum: new plan-time validator rejects
enumerated_parametersfields that don't apply to the chosen mode; regexp mode also requires bothname_regexpsandvalue_regexps. - enumerated_parameters:
additional_parameters/plain_parametersare Optional+Computed; previousDefault: falsecorrupted regexp-mode imports. - mapper_tftoapi: regexp-mode
name_regexps/value_regexps = [""]now reaches the API (was dropped bycty.NullValnormalization). - arbitrary_conditions: mapper now re-chunks the flat-stored
pointper paired/simple element rules instead of wrapping it as a single sub-array — fixes a force-replacement diff every plan. - action_helpers:
existingHintForActionpaginatesActionList— previously missed page-2+ collisions on tenants with >500 actions of a given hint type. - test/rule_*: 12
CheckDestroyhad invertedif err != nil &&; replaced with sharedtestAccCheckHintDestroyedhelper.
- rules_import: new
filter_rules_in_statevariable (defaulttrue) skips rules whoserule_idis already in state, preventing duplicate state entries. - examples: added minimal HCL for
wallarm_rule_graphql_detection,_brute,_bola,_enum,_forced_browsing,_rate_limit_enum,_bola_counter.
- 26 rule acceptance test files migrated to v2.3.5 patterns (
ProtoV5ProviderFactories,testAccNewAPIClient);-racere-enabled onmake testacc. - New unit tests:
existingHintForAction,CachedClient.HintCreate/HintDeletecache cycles,validateEnumeratedParamsBlock,ArbitraryConditionsToTF,isFieldSetInRawConfig. - New acc tests:
enumerated_parameters.mode = "exact"for bola/brute,ActionScopeCustomizeDiffvalid/invalid scopes. - Shared
testAccCheckHintDestroyedextracted; ~700 LoC removed.
Rule lifecycle stability: 45 schema fields go mutable so
planreports update-in-place instead of destroy+recreate, several long-standing false-diff sources are fixed, and counter / empty-body destroy semantics are clarified.
- Bump the provider to
v2.3.7. No HCL migration required. - [ACTION REQUIRED] Provider developers consuming
wallarm-godirectly:wallarm.API.HintDelete(...)now returns*HintDeleteResp{Status, Body}(waserroronly). Update call sites. End users writing only HCL are unaffected.
- fix(rule):
terraform planreports update-in-place (instead of destroy+recreate) for 45 rule fields whose API supports PUT updates. Existing state remains compatible. - fix(action_scope):
iequalaction conditions no longer perpetually drift on mixed-case values; covers bothvaluefield and value-bearing point keys (action_name,action_ext,method,instance,proto,scheme,uri). - fix(action_scope): action conditions no longer perpetually drift on header-name case (API uppercases header names regardless of
type). - fix(rule_overlimit_res_settings): Create now returns
ImportAsExistsErrorwhen a same-scope rule already exists, matchingwallarm_rule_mode/_api_abuse_modebehaviour. - fix(rule_credential_stuffing):
data.wallarm_rulesno longer double-counts credential_stuffing rules within the sameterraform apply— completes the v2.3.2 dedup at the missedHintCache.Insertsite. - fix(rule_counters):
terraform destroyofbruteforce_counter/dirbust_counter/bola_counteris state-only; counters auto-clean ~30s after their last trigger reference is removed. - fix(rule_counters):
title,active,setare nowComputedso counters don't surface phantom diffs after Create. - fix(rule): Delete emits a
[WARN]when the API returns an empty body (rule already absent server-side).
- build(deps): bump
wallarm-gotov0.12.0(typedHintDeleteresponse, extendedHintUpdateV3Paramswith ~30 mutable-field pointers). - refactor(rule): shared
resourcerule.Deletefactory (21 rule resources). - refactor(rule):
resourcerule.Updateaccepts variadicUpdateCustomizers; newWith*helper library wires per-resource Update in one line. - test(rule): in-place Update acceptance tests for every mutable rule resource; ported pinterest-scope (
api_abuse_mode) and multi-vpatch-per-action smokes to acc; unit tests for Update customizers andHintCache.LoadAll/All. - docs(api_spec): moved
wallarm_api_specandwallarm_api_spec_policyto theCommonsubcategory. - build(makefile): dropped
-racefrommake testaccuntil remaining rule tests migrate to the v2.3.5 pattern (ProtoV5ProviderFactories+testAccNewAPIClient); unit tests still run under-race.
Full Terraform support for Wallarm's API Specification Enforcement: expanded
wallarm_api_specschema, newwallarm_api_spec_policyresource for per-violation block/monitor/ignore controls, and wallarm-go v0.11.0 with the backing endpoints.
- Bump the provider to
v2.3.6. No HCL migration is required — existingwallarm_api_specconfigurations continue to apply unchanged. wallarm_api_spec.domainsandwallarm_api_spec.instanceschanged from Required to Optional. If you relied on Terraform failing fast when these were missing, addvalidationblocks on your input variables instead.- [ACTION REQUIRED] Provider developers consuming
wallarm-godirectly must update imports: theApi*prefix is gone. RenameApiSpec→APISpec,ApiSpecBody→APISpecBody,ApiDetection→APIDetection, etc. JSON tags are unchanged, so API payloads are wire-compatible. End users writing only HCL are unaffected.
- New resource
wallarm_api_spec_policy— manages the API Specification Enforcement policy attached to an uploaded spec. Six violation modes (undefined_endpoint_mode,undefined_parameter_mode,missing_parameter_mode,invalid_parameter_value_mode,missing_auth_mode,invalid_request_mode), two threshold modes (timeout_mode,max_request_size_mode), and a repeatableconditionblock that reuses the rule action-scope schema. Destroy is a soft-delete (PUTenabled: false) — the policy record is removed only when the parent spec is deleted. wallarm_api_spec: extended schema withauth_headers(list of{key, value}blocks, sensitive values) used when Wallarm fetches the spec URL, plus API-computed attributes —status,spec_version,openapi_version,endpoints_count,shadow_endpoints_count,orphan_endpoints_count,zombie_endpoints_count,format,version,node_sync_version,last_synced_at,last_compared_at,updated_at,created_at,file_changed_at, and a nestedfileblock (name,signed_url,checksum,mime_type,version).file.signed_urlis Sensitive and regenerates on every Read (short-lived, ~10 min).wallarm_api_spec: Update is now wired viaAPISpecUpdate(partial PUT), so fields can be mutated in place instead of forcing destroy/recreate.
- build(deps): bump
wallarm-gotov0.11.0— addsAPISpecReadByID,APISpecUpdate,APISpecPolicyPutendpoints; extendsAPISpecBodywithAuthHeadersand the new computed fields; renamesApi*Go identifiers toAPI*for idiomatic Go initialisms (JSON tags unchanged). - refactor(api_spec):
domainsandinstancesrelaxed from Required to Optional. The Wallarm console now hides these legacy fields and Wallarm computes the applicable scope from other signals, so forcing a value in HCL was misleading. - feat(api_spec):
title,description,file_remote_url,regular_file_update,api_detection,domains,instancesare now mutable (no moreForceNew). Edits apply as an in-place PUT viaAPISpecUpdateinstead of destroy/recreate.client_idremainsForceNew. - test(api_spec): acceptance-test suite migrated to v2.3.5 patterns (
ProtoV5ProviderFactories,testAccNewAPIClient, unique per-testtitle). Added Update-in-place, Import-round-trip, andauth_headerslifecycle coverage. Newresource_api_spec_policy_test.gocovers Create, Update-mode-flip, scopedconditionblocks, soft-delete, and import. - docs(api_spec): resource doc rewritten against the v2.3.6 schema — full attribute list including the nested
fileblock withsigned_urlcaveat; example updated. - docs(api_spec_policy): new resource doc with Example Usage, Argument Reference split into Scope / Violation Modes / Threshold Limits, Import (3-part ID
{client_id}/{api_spec_id}/policy), and a Limitations section documenting soft-delete behaviour and the one-policy-per-spec constraint. - docs(examples): new
examples/wallarm_api_spec_policy.tfwith three scenarios (observation-mode rollout, block on undefined endpoints with host scope, paused policy preserving settings). - docs(readme): added
wallarm_api_spec_policyto the Infrastructure & Tooling table; resource count bumped 11 → 12. - chore(schema): added
Descriptionstrings to 15+ previously-undocumentedwallarm_api_specfields soterraform providers schemaand registry docs surface helpful text.
- New resource
wallarm_rule_api_abuse_mode— toggles API Abuse Prevention for requests matching an action scope. Primary use case: allowlist trusted crawlers (Pinterest, Google, monitoring agents) withmode = "disabled".modeisForceNew— changing it destroys and recreates the rule.
- Extracted shared
existingHintForActionhelper for duplicate-rule detection on Create. Used bywallarm_rule_modeandwallarm_rule_api_abuse_mode; replaces the per-resourceexistsAction+existsHintpair. - Replaced hand-rolled action-conditions comparison (
equalWithoutOrder,compareActionDetails,actionPointsEqual,convertToStringSlice) with a singleresourcerule.ConditionsHashcompare. Matches the Wallarm API's own canonical action identity and removes ~85 lines of per-field equality logic. - Added
testAccNewAPIClient()test helper for CheckDestroy in tests that useProtoV5ProviderFactories. Constructs an API client fromWALLARM_API_TOKEN/WALLARM_API_HOSTwithout going through the sharedtestAccProvider, avoiding aConfigurerace under-race.
CachedClient.HintDeletenow invalidates the hint cache on success. Previously the cache could return stale entries for just-deleted rules, surfacing in acceptance tests as "dangling resource" errors in CheckDestroy after a Create path that populated the cache.
- New
docs/resources/rule_api_abuse_mode.mdwith Pinterest allowlist example, Argument/Attributes reference, and 3-part ({client_id}/{action_id}/{rule_id}) Import section. - New
examples/wallarm_rule_api_abuse_mode.tfwith three scope patterns (enable per instance, enable per host, Pinterest allowlist). - README Rules table: added
wallarm_rule_api_abuse_modeentry; Rules count bumped 20 → 21.
- Bumped
wallarm-godependency to v0.10.0 — adds Attack, Activity Log, and Security Issues API methods; nil-input guards on request helpers; IP-list search query encoding fix; cursor pagination forAttackRead; hit block-status filter. - Extracted shared
ResourceRuleWallarmImport/ResourceRuleWallarmUpdatehelpers inwallarm/common/resourcerule/— 42 rule resources migrated, ~850 net LOC of duplicated boilerplate removed. - Shortened
resourcerulepublic API:ResourceRuleWallarm{Read,Create,Update,Import}→{Read,Create,Update,Import}. Callers useresourcerule.Read(...)etc. - Added unit tests for
validateActionSet(6 cases),EnumeratedParametersToTF/ToAPI,ArbitraryConditionsToTF/ToAPI,mapEnumeratedParameter{Regexp,Exact}ToAPI, plus 5 cases for the newimportIntegrationhelper.resourcerulecoverage 55.7% → 69.3%. - Extracted
modeExact/modeRegexpconstants inresourcerule/const.go, replacing repeated string literals.
terraform importnow works correctly forwallarm_api_specandwallarm_user. Previously these usedschema.ImportStatePassthroughContextwhich did not populate the fieldsReadrequires, so import commands failed with zero-ID API calls. RealStateContextFuncparsers have been added.data.wallarm_security_issuesno longer panics when an issue has no vpatch mitigation.SecurityIssueMitigations.Vpatch(now a pointer inwallarm-gov0.10.0) is nil-checked before dereference.wallarm_api_specimport ID format changed to{client_id}/{api_spec_id}(was single integer{api_spec_id}) to align with the{client_id}/{resource_id}convention used by other resources. Existing state with bare-integer IDs remains functional —Readdoes not parsed.Id(), so no destroy/recreate occurs on upgrade.
- Removed the
ignore_existingprovider argument and theWALLARM_IGNORE_EXISTING_RESOURCESenvironment variable. The field was defined in the schema but never read by any code, so existing configurations that set it had no effect. Remove the assignment from yourprovider "wallarm" {}block after upgrading.
- Added
## Importsections to 4 resource docs (api_spec,node,tenant,user) with concrete ID-format examples. - Renamed
docs/resources/integration_ms_teams.md→integration_teams.mdto match the resource namewallarm_integration_teams.
- Bumped
wallarm-godependency to v0.9.1 — adds unit test coverage (79.5%), removes unusedvuln_prefixandget_vulnsendpoints - Restructured
wallarm/common/— collapsedmapper/packages intoresourcerule/, deletedcommonpackage, all constants and helpers consolidated - Split monolithic
resource_rule.go(647 lines) into focused files:rule_crud.go,action_hash.go,action_expand.go - Dissolved
utils.go— moved functions to domain files (integration_helpers.go,action_helpers.go,resource_user.go, etc.) - Renamed files for clarity:
default.go→schema_common.go,utils.go→provider_helpers.go,resource_hcl_generator.go→hcl_generator.go - Added
make dev/make dev-cleantargets for local provider development without version hardcoding - CI: dedicated test tenant per acceptance test run — eliminates orphaned resources from failed pipelines
- Removed
vuln_prefixfrom tenant creation (field removed from Wallarm API) - Unit test coverage:
resourceruleraised to 55.7%, added ~50 unit tests acrossresourceruleandproviderpackages
- Removed
generateVulnPrefix— sendingvuln_prefixto the API now causes errors - Fixed counter resources (
bola_counter,bruteforce_counter,dirbust_counter) failing with 403 on import — removed Update (counters are immutable), madecommentandvariativity_disabledcomputed-only
docs/index.md— documentedhint_prefetchandrequire_explicit_client_idprovider arguments; correctedmax_backoffdefault from 30 to 5README.md— Terraform required version raised to >= 1.5
- Instance action conditions now preserve
type="equal"in state instead of clearing to empty string, enabling futuretype="regex"support - Added
admin_extrole towallarm_userresource for Administrator (extended) support
- Fixed credential stuffing rules appearing twice in
data.wallarm_ruleswhen API token has elevated permissions - Fixed instance condition
typefield lost after resource Read, causing perpetual drift when explicitly set - Fixed wrong field name
resource_type→terraform_resourcein 5 resource docs andrules_importguide - Fixed incorrect
rule_typeexamples inrule_bola,rule_brute,rule_forced_browsing,rule_graphql_detection,rule_rate_limit_enumdocs
- Rewrote
rules_importguide with complete configuration, all workflows (native import, generator fallback), sync status, and filtering - Added
terraform {}block withrequired_version >= 1.5to provider example - Added Administrator (extended) role documentation to provider and user resource docs
- Fixed
actionguide:typefield documented as optional (was incorrectly marked required), added missing common fields (title,active,set) - Fixed
mitigation_controlsguide: corrected file upload parameters (sizenotmax_size, removed non-existentfile_types), clarifiedsafe_blockingisrule_modeonly
- Stamps grouped per attack type for traceability — each group now has
attack_typealways set - New
disable_attack_typebool field in aggregated groups — controls whetherdisable_attack_typerule is created, decoupled fromattack_typekey rule_typesfilter correctly controls both stamp and attack_type rule creation
- Fixed
rule_types = ["disable_stamp"]still creatingdisable_attack_typerules - Fixed nil stamps for stampless types (
xxe,invalid_xml) causing HCL null errors - Fixed stamp group key truncation dropping attack_type suffix
data.wallarm_hits:rule_typesfilter — controls which rule types to generate (disable_stamp,disable_attack_type, or both). Validated at plan time.data.wallarm_hits:include_instanceparameter — controls whether instance (pool ID) is included in action conditionsdata.wallarm_hits:aggregatedoutput — compact JSON representation for efficient caching interraform_datawallarm_rule_generator:source = "rules"mode — generates HCL from pre-built rules viarules_jsoninput, with per-rule action conditions (different action scopes generate correct HCL)wallarm_hits_index:readyflag — enables single-apply workflow (no double-apply on first run)wallarm_hits_index:cached_request_idsas TypeSet — replaces comma-separated string- Hits-to-rules deduplication — multiple request_ids with identical actions are deduplicated in HCL locals
- 16-char hash prefixes — action_hash and point_hash in
for_eachkeys use 16 hex chars (was 8) for collision safety
data.wallarm_hits:attack_typesnow filters in all modes — previously only filtered API fetch in attack mode. Now also filters which hits produce rules in request mode.data.wallarm_hits:rulesoutput removed — useaggregatedoutput withterraform_datacaching instead. Also removed:rules_count,rules_stamp_count,rules_attack_type_count. See the Hits to Rules Guide.wallarm_hits_index:cached_request_idstype changed — from comma-separatedstringtoTypeSet. HCL usingsplit(",", ...)must be updated to use the set directly.wallarm_rule_generator:source = "hits"removed — usesource = "rules"(now default) withrules_jsoninput. Therequests_jsonfield is removed.
- Stamps grouped per attack type in aggregated output for traceability
- Error propagation in
buildAggregatedJSON(returns error instead of logging) PointValuePointsexported fromresourcerulepackage for shared usecontainsInt/containsStrmoved toutils.go- Removed dead code:
generateFromHits,groupHitsByPoint,parseActionConditionsJSON,hitJSON,requestEntry - New unit tests for
common.ConvertToStringSlice,apitotf,tftoapimappers - New integration tests for
generateFromRulesJSONwith multiple action scopes
- New:
docs/data-sources/actions.md - Updated:
docs/resources/rule_parser_state.md— addedjwtandgqlparsers - Updated:
docs/guides/hits_to_rules.md— single-apply flow, resource naming, deduplication, stampless types - Updated:
docs/resources/hits_index.md—readyflag, TypeSetcached_request_ids - Updated:
docs/resources/rule_generator.md—source = "rules"default, removedsource = "hits"
- Reorganized registry sidebar: resources and data sources grouped into Common, Integrations, IP Lists, and Rules subcategories
- Fixed guide page titles for registry display (
action→ "Wallarm Rule Action",point→ "Wallarm Rule Point") - Removed redundant "Guide" subcategory from guides
- New resource:
wallarm_rule_generator— generates Terraform rule files fromwallarm_hitsdata source output or existing API rules (source = "hits"/source = "api") - New resource:
wallarm_action— read-only resource for manual action scope tracking - New resource:
wallarm_hits_index— persistent index for tracking fetched request IDs, enables hits-to-rules caching workflow - New data source:
wallarm_actions— discovers all non-empty action scopes with pagination - New example:
hits-to-rules— creates false positive suppression rules from hit data with persistent state caching - New example:
import-ip-lists— imports all existing IP list entries into Terraform state - IP list import by application scope — new import ID format
{clientID}/subnet/{expiredAt}/apps/{appIDs}groups subnets by both expiration and application IDs - Credential stuffing cache — shared cache at
ProviderMetalevel, eliminates redundant API calls - Gzip compression — all API requests use
Accept-Encoding: gzip(~19x payload reduction)
- IP list cache at
ProviderMetalevel with per-rule-type fetching and Create serialization - Centralized API limits in
constants.go - Action scope validation in
CustomizeDiff variativity_disabledchanged toOptional+Default:truefor consistent import behavior[multiple]path handling — hits spanning multiple paths produce HOST-header-only scope- Action conditions mismatch error prints both condition sets inline
- Lint fixes: extracted string constants, pre-allocated slices, checked
d.Set()returns
- Added
Sensitive: trueto nodetokenfield in resource and data source - Added
Sensitive: trueto webhook integrationheadersfield - Safe type assertions in
tftoapimapper — returns errors instead of panicking on corrupted state
- Fixed IP list import merging entries with different application scopes into one resource
- Fixed IP list import chunk index: chunk 0 now correctly includes
/0suffix when chunking is needed - Fixed
context.TODO()in 52 CRUD functions — now passes actualctx - Fixed unchecked
d.Set()on aggregate types - Fixed hint cache pagination slice reuse bug
- Fixed
HitFilter.AttackIDtype from[]stringto[][]string
- New guide:
docs/guides/hits_to_rules.md - New docs:
hits_index,rule_generatorresources - Added ephemeral hits warning to
data.wallarm_hitsdoc - Added common fields section to action guide
- Fixed
integration_ms_teams.mdresource name,rule_file_upload.mdname and field optionality - Rewrote
global_mode.mdandrules_settings.mdwith complete field references
- Completed migration to Terraform Plugin SDKv2
- Added IP Lists Auto Import
- Improved logging system
- Implemented APIError type
- Added errors handling for 5xx and some 4xx responses
- Added 'attack' mode to fetch hits by data source
- Fixed bugs
- Updated tests
- Updated documentation
- Added a module for interaction with Wallarm API:
./examples/terraform-wallarm-api
- Updated Terraform Plugin SDK to v2
- Updated IP List to support all current API source types
- Updated existing integrations
- Removed Scanner
- Added data_source_rules for bulk rules imports
- Added data_source_applications for bulk applications imports
- Added retries for rules CREATE/UPDATE/DELETE methods to handle snapshot 423 error
- Fixed tests
- Fixed bugs
- Added new data source
data_source_wallarm_hits.go - Added middleware between API and terraform provider
hint_cache.go - Bug fixes
- Added new resource
wallarm_rule_disable_stamp
- Add updating comment and variativity_disabled
- Patch wrapPointElements -> support gql params
- Resource rule cred stuff is removed
- Resource rules import refactored
- Go mod updated 1.23 -> 1.24
- Added new rules
- Code refactored
- Added fields 'set', 'active', 'title', 'mitigation' for all resource_rules
- Code refactored
- Code refactored
- Go mod updated 1.15 -> 1.23
- Updated event_type: 'vuln' -> 'vuln_high' in docs/resources
- Removed unused resources 'attack_rechecker', 'attack_rechecker_rewrite'
- Extended validation for resourceWallarmTrigger, added check 'forced_browsing_started'
- Fixed lock_time for triggers, now it fills only for action_id 'block_ips' or 'add_to_graylist'
- Added import support
- Added OverlimitResSettingsRule resource
- Changed rule vpatch resource according to api
- Changed rule set response header resource according to api
- Fixed some api methods
- Added integration with DataDog
- Added integration with Telegram
- Added integration with MS Teams
- Added API Spec resource for managing API specifications
- Added Rate Limit rule
- Added support for all triggers that we have in the UI
- Fixed intergation api methods
- Fixed rule api methods
- Fixed trigger api methods
- Added support for the following new resources:
wallarm_allowlist,wallarm_graylist - Added support of the query field in rules
- Change api authentication method using X-WallarmAPI-Token
- Fixed the following resources that were broken by changes in the API:
wallarm_blacklist,wallarm_rule_bruteforce_counter,wallarm_rule_dirbust_counter,wallarm_global_mode - Fixed various other bugs
- Added support for the following new resources:
wallarm_rule_binary_data,wallarm_rule_disable_attack_type,wallarm_rule_parser_state,wallarm_rule_uploads,wallarm_rule_variative_keys,wallarm_rule_variative_values - Renamed the resource
wallarm_blacklisttowallarm_denylist - Updated the docs
- Fixed Opsgenie integration resource
- Minor changes in the dependencies
- Fixed broken links and typos in the docs
- Fix bug with the incorrect state
- Now
PASSPHRASEfor Release workflow is taken fromsecrets.PASSPHRASEas per best practices - Added support of
go 1.15in tests - Two newly created resources:
wallarm_rule_bruteforce_counterandwallarm_rule_dirbust_counter. The source code and documentation have been included altogether. Triggerarbitrary time value replaced by enum type- New
wallarm-golibrary structure approach
- Minor changes in markdown
- Documentation layout have been modified
- Automatic GO release have been added
New Resource: wallarm_blacklist - is used to manage the blacklist
Resource: wallarm_rule_* - bumped a client library version to comply with the new struct for [][]interface{}
Resource: - fixed 400 HTTP response code when there is an incorrect JSON body for requests on the update call
- The first public release