-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
114 lines (90 loc) · 3.58 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
resource "azurerm_web_application_firewall_policy" "this" {
count = var.create_waf_rule ? 1 : 0
name = var.name
resource_group_name = var.resource_group_name
location = var.location
dynamic "custom_rules" {
for_each = var.custom_rules
content {
name = try(custom_rules.value.name, null)
priority = try(custom_rules.value.priority)
rule_type = try(custom_rules.value.rule_type, null)
dynamic "match_conditions" {
for_each = try(custom_rules.value.match_conditions, [])
content {
match_values = try(match_conditions.value.match_values, [])
operator = try(match_conditions.value.operator)
negation_condition = try(match_conditions.value.negation_condition, null)
transforms = try(match_conditions.value.transforms, [])
dynamic "match_variables" {
for_each = try(match_conditions.value.match_variables)
content {
variable_name = try(match_variables.value.variable_name)
selector = try(match_variables.value.selector, null)
}
}
}
}
action = try(custom_rules.value.action, "Log")
}
}
dynamic "policy_settings" {
for_each = var.policy_settings
content {
enabled = try(policy_settings.value.enabled, true)
mode = try(policy_settings.value.mode, "Detection")
file_upload_limit_in_mb = try(policy_settings.value.file_upload_limit_in_mb, 100)
request_body_check = try(policy_settings.value.request_body_check, true)
max_request_body_size_in_kb = try(policy_settings.value.max_request_body_size_in_kb, 128)
}
}
dynamic "managed_rules" {
for_each = var.managed_rules
content {
dynamic "exclusion" {
for_each = try(managed_rules.value.exclusion, [])
content {
match_variable = try(exclusion.value.match_variable)
selector = try(exclusion.value.selector)
selector_match_operator = try(exclusion.value.selector_match_operator)
dynamic "excluded_rule_set" {
for_each = try(exclusion.value.excluded_rule_set, [])
content {
type = try(excluded_rule_set.value.type, "OWASP")
version = try(excluded_rule_set.value.version, "3.2")
dynamic "rule_group" {
for_each = try(excluded_rule_set.value.rule_group, [])
content {
rule_group_name = try(rule_group.value.rule_group_name)
excluded_rules = try(rule_group.value.excluded_rules, [])
}
}
}
}
}
}
dynamic "managed_rule_set" {
for_each = try(managed_rules.value.managed_rule_set, [])
content {
type = try(managed_rule_set.value.type, null)
version = try(managed_rule_set.value.version, null)
dynamic "rule_group_override" {
for_each = try(managed_rule_set.value.rule_group_override, [])
content {
rule_group_name = try(rule_group_override.value.rule_group_name)
dynamic "rule" {
for_each = try(rule_group_override.value.rule, [])
content {
id = try(rule.value.id)
enabled = try(rule.value.enabled, null)
action = try(rule.value.action, null)
}
}
}
}
}
}
}
}
tags = var.tags
}