From a9a01982c496779c863db6f1e146eb07871319d1 Mon Sep 17 00:00:00 2001 From: Imran Nayer Date: Tue, 24 Oct 2023 15:19:56 -0400 Subject: [PATCH] fix(tpg v5)!: rule.rate_limit_options.enforce_on_key has not default value (#77) --- docs/upgrading_to_v2.0.md | 3 ++ examples/security-policy-all/versions.tf | 28 ------------------- examples/security-policy-edge/versions.tf | 28 ------------------- .../versions.tf | 28 ------------------- .../security-policy-recaptcha/versions.tf | 28 ------------------- examples/simple-example/versions.tf | 28 ------------------- .../security_policy_test.go | 6 ++-- .../simple-example/simple_example_test.go | 2 +- versions.tf | 4 +-- 9 files changed, 9 insertions(+), 146 deletions(-) delete mode 100644 examples/security-policy-all/versions.tf delete mode 100644 examples/security-policy-edge/versions.tf delete mode 100644 examples/security-policy-managed-protection-plus/versions.tf delete mode 100644 examples/security-policy-recaptcha/versions.tf delete mode 100644 examples/simple-example/versions.tf diff --git a/docs/upgrading_to_v2.0.md b/docs/upgrading_to_v2.0.md index 1133233..bb465c1 100644 --- a/docs/upgrading_to_v2.0.md +++ b/docs/upgrading_to_v2.0.md @@ -3,3 +3,6 @@ The v2.0 release contains backwards-incompatible changes. This update requires upgrading the minimum provider version to `4.79`. + +### TPG max version is bumped to 5.x +In `4.X`, the default value for `rule.rate_limit_options.enforce_on_key` is `ALL`. In `5.X` this field no longer has a default value. If you need `All` you will need to set it explicitly. See [Rule 2](https://github.com/GoogleCloudPlatform/terraform-google-cloud-armor/blob/main/examples/security-policy-all/main.tf) in `examples/security-policy-all` folder for reference. diff --git a/examples/security-policy-all/versions.tf b/examples/security-policy-all/versions.tf deleted file mode 100644 index e220e27..0000000 --- a/examples/security-policy-all/versions.tf +++ /dev/null @@ -1,28 +0,0 @@ -/** - * Copyright 2023 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - required_providers { - google = { - source = "hashicorp/google" - version = "~> 4.0" - } - google-beta = { - source = "hashicorp/google-beta" - version = "~> 4.0" - } - } -} diff --git a/examples/security-policy-edge/versions.tf b/examples/security-policy-edge/versions.tf deleted file mode 100644 index e220e27..0000000 --- a/examples/security-policy-edge/versions.tf +++ /dev/null @@ -1,28 +0,0 @@ -/** - * Copyright 2023 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - required_providers { - google = { - source = "hashicorp/google" - version = "~> 4.0" - } - google-beta = { - source = "hashicorp/google-beta" - version = "~> 4.0" - } - } -} diff --git a/examples/security-policy-managed-protection-plus/versions.tf b/examples/security-policy-managed-protection-plus/versions.tf deleted file mode 100644 index e220e27..0000000 --- a/examples/security-policy-managed-protection-plus/versions.tf +++ /dev/null @@ -1,28 +0,0 @@ -/** - * Copyright 2023 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - required_providers { - google = { - source = "hashicorp/google" - version = "~> 4.0" - } - google-beta = { - source = "hashicorp/google-beta" - version = "~> 4.0" - } - } -} diff --git a/examples/security-policy-recaptcha/versions.tf b/examples/security-policy-recaptcha/versions.tf deleted file mode 100644 index e220e27..0000000 --- a/examples/security-policy-recaptcha/versions.tf +++ /dev/null @@ -1,28 +0,0 @@ -/** - * Copyright 2023 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - required_providers { - google = { - source = "hashicorp/google" - version = "~> 4.0" - } - google-beta = { - source = "hashicorp/google-beta" - version = "~> 4.0" - } - } -} diff --git a/examples/simple-example/versions.tf b/examples/simple-example/versions.tf deleted file mode 100644 index e220e27..0000000 --- a/examples/simple-example/versions.tf +++ /dev/null @@ -1,28 +0,0 @@ -/** - * Copyright 2023 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - required_providers { - google = { - source = "hashicorp/google" - version = "~> 4.0" - } - google-beta = { - source = "hashicorp/google-beta" - version = "~> 4.0" - } - } -} diff --git a/test/integration/security-policy-all/security_policy_test.go b/test/integration/security-policy-all/security_policy_test.go index 330bb50..c4e0fd7 100644 --- a/test/integration/security-policy-all/security_policy_test.go +++ b/test/integration/security-policy-all/security_policy_test.go @@ -54,7 +54,7 @@ func TestSecurityPolicyAll(t *testing.T) { assert.Equal("throttle", sp.Get("action").String(), "priority 2 rule has expected action") assert.Equal("XSS Sensitivity Level 2 with excluded rules", sp.Get("description").String(), "priority 2 rule has expected description") assert.Equal("allow", sp.Get("rateLimitOptions.conformAction").String(), "priority 2 rule has expected Rate limit confirm action") - assert.Equal("ALL", sp.Get("rateLimitOptions.enforceOnKey").String(), "priority 2 rule has expected Rate limit enforce on key") + assert.Equal("", sp.Get("rateLimitOptions.enforceOnKey").String(), "priority 2 rule has expected Rate limit enforce on key") assert.Equal("deny(502)", sp.Get("rateLimitOptions.exceedAction").String(), "priority 2 rule has expected Rate limit exceed action") assert.Equal("10", sp.Get("rateLimitOptions.rateLimitThreshold.count").String(), "priority 2 rule has expected Rate limit threshold count") assert.Equal("60", sp.Get("rateLimitOptions.rateLimitThreshold.intervalSec").String(), "priority 2 rule has expected Rate limit threshold interval") @@ -170,7 +170,7 @@ func TestSecurityPolicyAll(t *testing.T) { assert.Equal(srcIpRanges[0].String(), "45.116.227.71", "priority 15 rule found first valid cidr range") assert.Equal(srcIpRanges[1].String(), "190.217.68.214", "priority 15 rule found second valid cidr range") assert.Equal("allow", sp.Get("rateLimitOptions.conformAction").String(), "priority 15 rule has Rate limit confirm action") - assert.Equal("ALL", sp.Get("rateLimitOptions.enforceOnKey").String(), "priority 15 rule has Rate limit Enforce on key") + assert.Equal("", sp.Get("rateLimitOptions.enforceOnKey").String(), "priority 15 rule has Rate limit Enforce on key") assert.Equal("deny(502)", sp.Get("rateLimitOptions.exceedAction").String(), "priority 15 rule has Rate limit exceed action") assert.Equal("10", sp.Get("rateLimitOptions.rateLimitThreshold.count").String(), "priority 15 rule has Rate limit threshold count") assert.Equal("60", sp.Get("rateLimitOptions.rateLimitThreshold.intervalSec").String(), "priority 15 rule has Rate limit threshold interval") @@ -202,7 +202,7 @@ func TestSecurityPolicyAll(t *testing.T) { assert.Equal("Throttle specific IP address in US Region", sp.Get("description").String(), "priority 23 rule has expected description") assert.Equal("origin.region_code == \"US\" && inIpRange(origin.ip, '47.185.201.159/32')\n", sp.Get("match.expr.expression").String(), "priority 23 rule has expected expression") assert.Equal("allow", sp.Get("rateLimitOptions.conformAction").String(), "priority 23 rule has Rate limit confirm action") - assert.Equal("ALL", sp.Get("rateLimitOptions.enforceOnKey").String(), "priority 23 rule has Rate limit Enforce on key") + assert.Equal("", sp.Get("rateLimitOptions.enforceOnKey").String(), "priority 23 rule has Rate limit Enforce on key") assert.Equal("deny(502)", sp.Get("rateLimitOptions.exceedAction").String(), "priority 23 rule has Rate limit exceed action") assert.Equal("10", sp.Get("rateLimitOptions.rateLimitThreshold.count").String(), "priority 23 rule has Rate limit threshold count") assert.Equal("60", sp.Get("rateLimitOptions.rateLimitThreshold.intervalSec").String(), "priority 23 rule has Rate limit threshold interval") diff --git a/test/integration/simple-example/simple_example_test.go b/test/integration/simple-example/simple_example_test.go index a4680da..3b42c2e 100644 --- a/test/integration/simple-example/simple_example_test.go +++ b/test/integration/simple-example/simple_example_test.go @@ -205,7 +205,7 @@ func TestSimpleExample(t *testing.T) { assert.Equal("Throttle specific IP address in US Region", sp.Get("description").String(), "priority 23 rule has expected description") assert.Equal("origin.region_code == \"US\" && inIpRange(origin.ip, '47.185.201.159/32')\n", sp.Get("match.expr.expression").String(), "priority 23 rule has expected expression") assert.Equal("allow", sp.Get("rateLimitOptions.conformAction").String(), "priority 23 rule has Rate limit confirm action") - assert.Equal("ALL", sp.Get("rateLimitOptions.enforceOnKey").String(), "priority 23 rule has Rate limit Enforce on key") + assert.Equal("", sp.Get("rateLimitOptions.enforceOnKey").String(), "priority 23 rule has Rate limit Enforce on key") assert.Equal("deny(502)", sp.Get("rateLimitOptions.exceedAction").String(), "priority 23 rule has Rate limit exceed action") assert.Equal("10", sp.Get("rateLimitOptions.rateLimitThreshold.count").String(), "priority 23 rule has Rate limit threshold count") assert.Equal("60", sp.Get("rateLimitOptions.rateLimitThreshold.intervalSec").String(), "priority 23 rule has Rate limit threshold interval") diff --git a/versions.tf b/versions.tf index 16c87b0..9fdd977 100644 --- a/versions.tf +++ b/versions.tf @@ -19,11 +19,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.79.0, < 5.0" + version = ">= 4.79.0, < 6" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.79.0, < 5.0" + version = ">= 4.79.0, < 6" } } provider_meta "google" {