Skip to content

Commit e813ad4

Browse files
Merge pull request #29 from wallarm/release-v1.1.0
Release v1.1.0
2 parents 1b640ab + b593514 commit e813ad4

75 files changed

Lines changed: 1443 additions & 599 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/acceptance-tests.yml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,14 +2,19 @@ name: Acceptance Tests
22
on:
33
push:
44
branches: [master, develop]
5+
pull_request:
6+
types:
7+
- opened
8+
- synchronize
9+
schedule:
10+
- cron: 0 12 * * 5
511
jobs:
612
build:
713
name: Build
814
runs-on: ubuntu-latest
915
env:
1016
WALLARM_API_HOST: ${{ secrets.WALLARM_API_HOST }}
11-
WALLARM_API_UUID: ${{ secrets.WALLARM_API_UUID }}
12-
WALLARM_API_SECRET: ${{ secrets.WALLARM_API_SECRET }}
17+
WALLARM_API_TOKEN: ${{ secrets.WALLARM_API_TOKEN }}
1318
steps:
1419
- name: Set up Go
1520
uses: actions/setup-go@v2

CHANGELOG.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,17 @@
1+
# v1.1.0 (May 24, 2023)
2+
3+
## BUG FIXES:
4+
5+
* Fixed intergation api methods
6+
* Fixed rule api methods
7+
* Fixed trigger api methods
8+
9+
## NOTES:
10+
11+
* Added support for the following new resources: `wallarm_allowlist`, `wallarm_graylist`
12+
* Added support of the query field in rules
13+
* Change api authentication method using X-WallarmAPI-Token
14+
115
# v1.0.0 (November 3, 2022)
216

317
## BUG FIXES:

README.md

Lines changed: 4 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -59,8 +59,7 @@ then run `terraform init`
5959

6060
To start using this provider you have to set up you environment with the required variables:
6161
```sh
62-
WALLARM_API_UUID
63-
WALLARM_API_SECRET
62+
WALLARM_API_TOKEN
6463
```
6564
Optional:
6665
`WALLARM_API_HOST` with the default value `https://api.wallarm.com`
@@ -70,8 +69,7 @@ Another variant is to define the provider attributes within HCL files:
7069
```hcl
7170
provider "wallarm" {
7271
api_host = var.api_host
73-
api_uuid = var.api_uuid
74-
api_secret = var.api_secret
72+
api_token = var.api_token
7573
}
7674
```
7775
Create the files `variables.tf` and `variables.auto.tfvars`
@@ -83,19 +81,14 @@ variable "api_host" {
8381
default = "https://us1.api.wallarm.com"
8482
}
8583
86-
variable "api_uuid" {
87-
type = string
88-
}
89-
90-
variable "api_secret" {
84+
variable "api_token" {
9185
type = string
9286
}
9387
9488
```
9589
`variables.auto.tfvars`:
9690
```
97-
api_uuid = "00000000-0000-0000-0000-000000000000"
98-
api_secret = "000000000000000000000000000000000000000000"
91+
api_token = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
9992
```
10093

10194
## Using The Provider

docs/index.md

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,7 @@ Use the navigation to the left to read about the available resources.
1717
# Sets up Wallarm authentication credentials
1818
# You can use environment variables instead
1919
provider "wallarm" {
20-
api_uuid = "4f6b8ace-9502-48c5-b1ad-526a230c2203"
21-
api_secret = "e3f929a2eeb4f0fe6a453fee0f81e36d935b03a5f002d740ff8aa425f6cf4647"
20+
api_token = "yXccqbq8o0zznJ5wMxzGmjvQ2RvmFAJZ6mFKF5Ka6n8fFpYaZBJHWIFBNXdeDhIG"
2221
api_host = "https://api.wallarm.com"
2322
client_id = 1111
2423
}
@@ -40,10 +39,9 @@ resource "wallarm_rule_vpatch" "vpatch" {
4039

4140
The following arguments are supported in `provider "wallarm"`:
4241

43-
* `api_uuid` - (**required**) your Wallarm user UUID, obtain it in the Wallarm Console → **Settings****Profile****API credentials**. Note that the most operations with Wallarm API are allowed only for the users with the **Administrator** role. This can also be specified with the `WALLARM_API_UUID` shell environment variable.
44-
* `api_secret` - (**required**) your Wallarm secret key. Note that the most operations with Wallarm API are allowed only for the users with the **Administrator** role. To get secret key, please follow the [instruction](https://docs.wallarm.com/admin-en/api-en/#your-own-client). This can also be specified with the `WALLARM_API_SECRET` shell environment variable.
42+
* `api_token` - (**required**) your Wallarm api token. Note that the most operations with Wallarm API are allowed only for the users with the **Administrator** role. To get api token, please follow the [instruction](https://docs.wallarm.com/api/overview/#your-own-client). This can also be specified with the `WALLARM_API_TOKEN` shell environment variable.
4543
* `api_host` - (optional) Wallarm API URL. Can be: `https://us1.api.wallarm.com` for the [US Cloud](https://docs.wallarm.com/about-wallarm/overview/#us-cloud), `https://api.wallarm.com` for the [EU Cloud](https://docs.wallarm.com/about-wallarm/overview/#eu-cloud). This can also be specified with the `WALLARM_API_HOST` shell environment variable. Default: `https://api.wallarm.com`.
46-
* `client_id` - (optional) ID of the client (tenant). The value is required for [multi-tenant scenarios][2]. This can also be specified with the `WALLARM_API_CLIENT_ID` shell environment variable. Default: client ID of the authenticated user defined by UUID and SECRET.
44+
* `client_id` - (optional) ID of the client (tenant). The value is required for [multi-tenant scenarios][2]. This can also be specified with the `WALLARM_API_CLIENT_ID` shell environment variable. Default: client ID of the authenticated user defined by api_token.
4745
* `retries` - (optional) maximum number of retries to perform when an API request fails. Default: 3. This can also be specified with the `WALLARM_API_RETRIES` shell environment variable.
4846
* `min_backoff` - (optional) minimum backoff period in seconds after failed API calls. Default: 1. This can also be specified with the `WALLARM_API_MIN_BACKOFF` shell environment variable.
4947
* `max_backoff` - (optional) maximum backoff period in seconds after failed API calls Default: 30. This can also be specified with the `WALLARM_API_MAX_BACKOFF` shell environment variable.

docs/resources/allowlist.md

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
---
2+
layout: "wallarm"
3+
page_title: "Wallarm: wallarm_allowlist"
4+
subcategory: "Common"
5+
description: |-
6+
Provides the resource to manage allowlist in the account.
7+
---
8+
9+
# wallarm_allowlist
10+
11+
Provides the resource to manage [allowlist][1] in the account providing functionality to block all requests originated from allowlisted IP addresses for a desired time either via `RFC3339` or `Minutes` formats.
12+
13+
## Example Usage
14+
15+
```hcl
16+
# Creates two new allowlist entries for the specific application
17+
# with the determined block time (60 minutes) and until the 2nd of January 2026
18+
19+
resource "wallarm_allowlist" "allowlist_minutes" {
20+
ip_range = ["1.1.1.1/32"]
21+
application = [1]
22+
reason = "TEST ALLOWLIST MINUTES"
23+
time_format = "Minutes"
24+
time = 60
25+
}
26+
27+
resource "wallarm_allowlist" "allowlist_date" {
28+
ip_range = ["2.2.2.2/32"]
29+
application = [1]
30+
reason = "TEST ALLOWLIST DATE"
31+
time_format = "RFC3339"
32+
time = "2026-01-02T15:04:05+07:00"
33+
}
34+
```
35+
36+
## Argument Reference
37+
38+
* `ip_range` - (**required**) IP range to be blocked. Can be defined as an array of ranges. Accept:
39+
- distinct IP addresses (e.g. `1.1.1.1`, `2.2.2.2`)
40+
- subnets (e.g. `1.1.1.1/24`, `2.2.2.2/30`)
41+
* `time_format` - (**required**) block time format.
42+
Can be:
43+
- `Minutes` - Time in minutes (e.g. `60` is to block for 60 minutes)
44+
- `RFC3339` - RFC3339 time (e.g. `2021-06-01T15:04:05+07:00`)
45+
* `time` - (**required**) time for (or until) which the IP address should be blocked.
46+
* `application` - (optional) list of application IDs.
47+
Default: all applications.
48+
* `reason` - (optional) arbitrary reason for blocking these IP addresses.
49+
* `client_id` - (optional) ID of the client (tenant). The value is required for [multi-tenant scenarios][2].
50+
51+
## Attributes Reference
52+
53+
`address_id` - ID of the address, composed of the following parts:
54+
55+
- `ip_addr` - discrete IP address.
56+
- `ip_id` - ID of the entry with the certain IP address.
57+
58+
[1]: https://docs.wallarm.com/user-guides/ip-lists/allowlist/
59+
[2]: https://docs.wallarm.com/installation/multi-tenant/overview/

docs/resources/graylist.md

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
---
2+
layout: "wallarm"
3+
page_title: "Wallarm: wallarm_graylist"
4+
subcategory: "Common"
5+
description: |-
6+
Provides the resource to manage graylist in the account.
7+
---
8+
9+
# wallarm_graylist
10+
11+
Provides the resource to manage [graylist][1] in the account providing functionality to block all requests originated from graylisted IP addresses for a desired time either via `RFC3339` or `Minutes` formats.
12+
13+
## Example Usage
14+
15+
```hcl
16+
# Creates two new graylist entries for the specific application
17+
# with the determined block time (60 minutes) and until the 2nd of January 2026
18+
19+
resource "wallarm_graylist" "graylist_minutes" {
20+
ip_range = ["1.1.1.1/32"]
21+
application = [1]
22+
reason = "TEST GRAYLIST MINUTES"
23+
time_format = "Minutes"
24+
time = 60
25+
}
26+
27+
resource "wallarm_graylist" "graylist_date" {
28+
ip_range = ["2.2.2.2/32"]
29+
application = [1]
30+
reason = "TEST GRAYLIST DATE"
31+
time_format = "RFC3339"
32+
time = "2026-01-02T15:04:05+07:00"
33+
}
34+
```
35+
36+
## Argument Reference
37+
38+
* `ip_range` - (**required**) IP range to be blocked. Can be defined as an array of ranges. Accept:
39+
- distinct IP addresses (e.g. `1.1.1.1`, `2.2.2.2`)
40+
- subnets (e.g. `1.1.1.1/24`, `2.2.2.2/30`)
41+
* `time_format` - (**required**) block time format.
42+
Can be:
43+
- `Minutes` - Time in minutes (e.g. `60` is to block for 60 minutes)
44+
- `RFC3339` - RFC3339 time (e.g. `2021-06-01T15:04:05+07:00`)
45+
* `time` - (**required**) time for (or until) which the IP address should be blocked.
46+
* `application` - (optional) list of application IDs.
47+
Default: all applications.
48+
* `reason` - (optional) arbitrary reason for blocking these IP addresses.
49+
* `client_id` - (optional) ID of the client (tenant). The value is required for [multi-tenant scenarios][2].
50+
51+
## Attributes Reference
52+
53+
`address_id` - ID of the address, composed of the following parts:
54+
55+
- `ip_addr` - discrete IP address.
56+
- `ip_id` - ID of the entry with the certain IP address.
57+
58+
[1]: https://docs.wallarm.com/user-guides/ip-lists/graylist/
59+
[2]: https://docs.wallarm.com/installation/multi-tenant/overview/

docs/resources/rule_attack_rechecker.md

Lines changed: 15 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -65,15 +65,18 @@ The **point** attribute supports the following fields:
6565
* `action_ext` - (optional) the part of the URL after the last period `.`. It may be missing in the request.
6666
Example:
6767
`action_ext = "php"`
68+
* `query` - (optional) the query parameter name.
69+
Example:
70+
`query = "user"`
6871
* `proto` - (optional) version of the HTTP Protocol.
6972
Example:
7073
`proto = "1.1"`
7174
* `scheme` - (optional) http/https.
7275
Example:
73-
`scheme = "https"`
76+
`scheme = "https"`
7477
* `uri` - (optional) String with the original URL value.
7578
Example:
76-
`uri = "/api/login"`
79+
`uri = "/api/login"`
7780
* `instance` - (optional) ID of the application.
7881
Example:
7982
`instance = 42`
@@ -95,7 +98,7 @@ Example:
9598
instance = 9
9699
}
97100
}
98-
101+
99102
action {
100103
type = "absent"
101104
point = {
@@ -125,6 +128,14 @@ Example:
125128
}
126129
}
127130
131+
action {
132+
type = "equal"
133+
value = "admin"
134+
point = {
135+
query = "user"
136+
}
137+
}
138+
128139
# ... skipped
129140
```
130141

@@ -134,7 +145,7 @@ See below what limitations apply
134145
`type` must be omitted when:
135146
- `point` is made up for `instance`
136147

137-
`value` must be omitted when:
148+
`value` must be omitted when:
138149
- `type` is `absent`
139150
- `point` is made up for `instance`
140151

docs/resources/rule_attack_rechecker_rewrite.md

Lines changed: 15 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -79,15 +79,18 @@ resource "wallarm_rule_attack_rechecker_rewrite" "default_rewrite" {
7979
* `action_ext` - (optional) the part of the URL after the last period (`.`). It may be missing in the request.
8080
Example:
8181
`action_ext = "php"`
82+
* `query` - (optional) the query parameter name.
83+
Example:
84+
`query = "user"`
8285
* `proto` - (optional) version of the HTTP Protocol.
8386
Example:
8487
`proto = "1.1"`
8588
* `scheme` - (optional) `http`/`https`.
8689
Example:
87-
`scheme = "https"`
90+
`scheme = "https"`
8891
* `uri` - (optional) part of the request URL without domain.
8992
Example:
90-
`uri = "/api/login"`
93+
`uri = "/api/login"`
9194
* `instance` - (optional) ID of the application.
9295
Example:
9396
`instance = 42`
@@ -109,7 +112,7 @@ Example:
109112
instance = 9
110113
}
111114
}
112-
115+
113116
action {
114117
type = "absent"
115118
point = {
@@ -139,6 +142,14 @@ Example:
139142
}
140143
}
141144
145+
action {
146+
type = "equal"
147+
value = "admin"
148+
point = {
149+
query = "user"
150+
}
151+
}
152+
142153
# ... omitted
143154
```
144155

@@ -154,4 +165,4 @@ When `type` is `absent`, `point` must contain key with the default value. For `a
154165
* `rule_type` - type of the created rule. For example, `rule_type = "ignore_regex"`.
155166

156167
[1]: https://docs.wallarm.com/user-guides/rules/change-request-for-active-verification/#rewriting-the-request-before-attack-replaying
157-
[2]: https://docs.wallarm.com/user-guides/scanner/intro/#active-threat-verification
168+
[2]: https://docs.wallarm.com/user-guides/scanner/intro/#active-threat-verification

docs/resources/rule_binary_data.md

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -61,15 +61,18 @@ resource "wallarm_rule_binary_data" "allow_bin_in_body" {
6161
* `action_ext` - (optional) the part of the URL after the last period (`.`). It may be missing in the request.
6262
Example:
6363
`action_ext = "php"`
64+
* `query` - (optional) the query parameter name.
65+
Example:
66+
`query = "user"`
6467
* `proto` - (optional) version of the HTTP Protocol.
6568
Example:
6669
`proto = "1.1"`
6770
* `scheme` - (optional) `http`/`https`.
6871
Example:
69-
`scheme = "https"`
72+
`scheme = "https"`
7073
* `uri` - (optional) part of the request URL without domain.
7174
Example:
72-
`uri = "/api/login"`
75+
`uri = "/api/login"`
7376
* `instance` - (optional) ID of the application.
7477
Example:
7578
`instance = 42`
@@ -91,7 +94,7 @@ Example:
9194
instance = 9
9295
}
9396
}
94-
97+
9598
action {
9699
type = "absent"
97100
point = {
@@ -121,6 +124,14 @@ Example:
121124
}
122125
}
123126
127+
action {
128+
type = "equal"
129+
value = "admin"
130+
point = {
131+
query = "user"
132+
}
133+
}
134+
124135
# ... omitted
125136
```
126137

0 commit comments

Comments
 (0)