azurerm_cdn_frontdoor_firewall_policy - custom rules to accept JSChallenge

[EValge-IT]

Community Note

• Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for PR followers and do not help prioritize for review

Description

azurerm_cdn_frontdoor_firewall_policy Allow the creation of custom_rules with JSChallenge as the action.

PR Checklist

• I have followed the guidelines in our Contributing Documentation.
• I have checked to ensure there aren't other open Pull Requests for the same update/change.
• I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
• I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
• I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.
  For example: “resource_name_here - description of change e.g. adding property new_property_name_here”

Changes to existing Resource / Data Source

• I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).

Testing

I am unable to run tests that provision new resources due to organisation restrictions. However, I built the provider locally and ran terraform against a current workspace. Behaviour was as expected.

  # azurerm_cdn_frontdoor_firewall_policy.afd_waf_policy[0] will be updated in-place
  ~ resource "azurerm_cdn_frontdoor_firewall_policy" "afd_waf_policy" {
        id                                        = "/subscriptions/<SUBSCRIPTION>/resourceGroups/rg-rg-name/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/wafpolicy"
        name                                      = "wafpolicy"
        tags                                      = {  "excluded"      }
        # (8 unchanged attributes hidden)

      ~ custom_rule {
          ~ action                         = "Log" -> "JSChallenge"
            name                           = "jsChallenge"
            # (5 unchanged attributes hidden)

            # (6 unchanged blocks hidden)
        }

        # (14 unchanged blocks hidden)
    }
Plan: 0 to add, 1 to change, 0 to destroy.

azurerm_cdn_frontdoor_firewall_policy.afd_waf_policy[0]: Modifications complete after 1m16s [id=/subscriptions/<SUBSCRIPTION>/resourceGroups/rg-rg-name/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/wafpolicy]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

• azurerm_cdn_frontdoor_firewall_policy - added support for the JSChallenge action for custom_rule

This is a (please select all that apply):

• Bug Fix
• New Feature (ie adding a service, resource, or data source)
• Enhancement
• Breaking Change

Related Issue(s)

Fixes #28713

Note

If this PR changes meaningfully during the course of review please update the title and description as required.

[WodansSon]

Hi @EValge-IT, Thanks for opening this PR, it mostly LGTM and I have left a minor comment in the code that needs to be addressed. There needs to be test cases added for this change to the Custom rules. I understand due to corporate policies you are not allowed to run tests in your environment, but if you can create some test cases for JSChallenge being set on Custom rules I can run those for you on our test server. Thanks again for the PR, looking forward to those updates! 🚀

Additional:

• I have gotten a response from the service team and JSChallenge IS supported for custom rules but ONLY for Premium_AzureFrontDoor SKUs .

[WodansSon]

Note: You can fix your lint error by running the below command in a command prompt that is opened to the root provider directory:

terrafmt fmt ./internal/services/containerapps/container_app_resource_test.go -f -v -c

Additional: I worked with HashiCorp engineers and got that test formatting issue fixed in main, so if you pull to your local branch that CI/CD job should pass for you now.

[WodansSon]

@EValge-IT, I was actually assigned another work item late Friday night which also addresses a related issue to this PR. I will go ahead and merge this PR and correct the documentation in the PR I currently have in draft.

[WodansSon]

@EValge-IT, thanks for opening this PR, I have given it a look and it LGTM! 🚀