github.com/GoogleCloudPlatform/terraformer@v0.8.18/providers/aws/waf.go (about) 1 // Copyright 2020 The Terraformer Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package aws 16 17 import ( 18 "context" 19 20 "github.com/GoogleCloudPlatform/terraformer/terraformutils" 21 "github.com/aws/aws-sdk-go-v2/service/waf" 22 ) 23 24 var wafAllowEmptyValues = []string{"tags."} 25 26 type WafGenerator struct { 27 AWSService 28 } 29 30 func (g *WafGenerator) InitResources() error { 31 config, e := g.generateConfig() 32 if e != nil { 33 return e 34 } 35 svc := waf.NewFromConfig(config) 36 37 if err := g.loadWebACL(svc); err != nil { 38 return err 39 } 40 if err := g.loadByteMatchSet(svc); err != nil { 41 return err 42 } 43 if err := g.loadGeoMatchSet(svc); err != nil { 44 return err 45 } 46 if err := g.loadIPSet(svc); err != nil { 47 return err 48 } 49 if err := g.loadRateBasedRules(svc); err != nil { 50 return err 51 } 52 if err := g.loadRegexMatchSets(svc); err != nil { 53 return err 54 } 55 if err := g.loadRegexPatternSets(svc); err != nil { 56 return err 57 } 58 if err := g.loadWafRules(svc); err != nil { 59 return err 60 } 61 if err := g.loadWafRuleGroups(svc); err != nil { 62 return err 63 } 64 if err := g.loadSizeConstraintSets(svc); err != nil { 65 return err 66 } 67 if err := g.loadSQLInjectionMatchSets(svc); err != nil { 68 return err 69 } 70 if err := g.loadXSSMatchSet(svc); err != nil { 71 return err 72 } 73 74 return nil 75 } 76 77 func (g *WafGenerator) loadWebACL(svc *waf.Client) error { 78 output, err := svc.ListWebACLs(context.TODO(), &waf.ListWebACLsInput{}) 79 if err != nil { 80 return err 81 } 82 for _, acl := range output.WebACLs { 83 g.Resources = append(g.Resources, terraformutils.NewSimpleResource( 84 *acl.WebACLId, 85 *acl.Name+"_"+(*acl.WebACLId)[0:8], 86 "aws_waf_web_acl", 87 "aws", 88 wafAllowEmptyValues)) 89 } 90 return nil 91 } 92 93 func (g *WafGenerator) loadByteMatchSet(svc *waf.Client) error { 94 output, err := svc.ListByteMatchSets(context.TODO(), &waf.ListByteMatchSetsInput{}) 95 if err != nil { 96 return err 97 } 98 for _, byteMatchSet := range output.ByteMatchSets { 99 g.Resources = append(g.Resources, terraformutils.NewSimpleResource( 100 *byteMatchSet.ByteMatchSetId, 101 *byteMatchSet.Name+"_"+(*byteMatchSet.ByteMatchSetId)[0:8], 102 "aws_waf_byte_match_set", 103 "aws", 104 wafAllowEmptyValues)) 105 } 106 return nil 107 } 108 109 func (g *WafGenerator) loadGeoMatchSet(svc *waf.Client) error { 110 output, err := svc.ListGeoMatchSets(context.TODO(), &waf.ListGeoMatchSetsInput{}) 111 if err != nil { 112 return err 113 } 114 for _, matchSet := range output.GeoMatchSets { 115 g.Resources = append(g.Resources, terraformutils.NewSimpleResource( 116 *matchSet.GeoMatchSetId, 117 *matchSet.Name+"_"+(*matchSet.GeoMatchSetId)[0:8], 118 "aws_waf_geo_match_set", 119 "aws", 120 wafAllowEmptyValues)) 121 } 122 return nil 123 } 124 125 func (g *WafGenerator) loadIPSet(svc *waf.Client) error { 126 output, err := svc.ListIPSets(context.TODO(), &waf.ListIPSetsInput{}) 127 if err != nil { 128 return err 129 } 130 for _, IPSet := range output.IPSets { 131 g.Resources = append(g.Resources, terraformutils.NewSimpleResource( 132 *IPSet.IPSetId, 133 *IPSet.Name+"_"+(*IPSet.IPSetId)[0:8], 134 "aws_waf_ipset", 135 "aws", 136 wafAllowEmptyValues)) 137 } 138 return nil 139 } 140 141 func (g *WafGenerator) loadRateBasedRules(svc *waf.Client) error { 142 output, err := svc.ListRateBasedRules(context.TODO(), &waf.ListRateBasedRulesInput{}) 143 if err != nil { 144 return err 145 } 146 for _, rule := range output.Rules { 147 g.Resources = append(g.Resources, terraformutils.NewSimpleResource( 148 *rule.RuleId, 149 *rule.Name+"_"+(*rule.RuleId)[0:8], 150 "aws_waf_rate_based_rule", 151 "aws", 152 wafAllowEmptyValues)) 153 } 154 return nil 155 } 156 157 func (g *WafGenerator) loadRegexMatchSets(svc *waf.Client) error { 158 output, err := svc.ListRegexMatchSets(context.TODO(), &waf.ListRegexMatchSetsInput{}) 159 if err != nil { 160 return err 161 } 162 for _, regexMatchSet := range output.RegexMatchSets { 163 g.Resources = append(g.Resources, terraformutils.NewSimpleResource( 164 *regexMatchSet.RegexMatchSetId, 165 *regexMatchSet.Name+"_"+(*regexMatchSet.RegexMatchSetId)[0:8], 166 "aws_waf_regex_match_set", 167 "aws", 168 wafAllowEmptyValues)) 169 } 170 return nil 171 } 172 173 func (g *WafGenerator) loadRegexPatternSets(svc *waf.Client) error { 174 output, err := svc.ListRegexPatternSets(context.TODO(), &waf.ListRegexPatternSetsInput{}) 175 if err != nil { 176 return err 177 } 178 for _, regexPatternSet := range output.RegexPatternSets { 179 g.Resources = append(g.Resources, terraformutils.NewSimpleResource( 180 *regexPatternSet.RegexPatternSetId, 181 *regexPatternSet.Name+"_"+(*regexPatternSet.RegexPatternSetId)[0:8], 182 "aws_waf_regex_pattern_set", 183 "aws", 184 wafAllowEmptyValues)) 185 } 186 return nil 187 } 188 189 func (g *WafGenerator) loadWafRules(svc *waf.Client) error { 190 output, err := svc.ListRules(context.TODO(), &waf.ListRulesInput{}) 191 if err != nil { 192 return err 193 } 194 for _, rule := range output.Rules { 195 g.Resources = append(g.Resources, terraformutils.NewSimpleResource( 196 *rule.RuleId, 197 *rule.Name+"_"+(*rule.RuleId)[0:8], 198 "aws_waf_rule", 199 "aws", 200 wafAllowEmptyValues)) 201 } 202 return nil 203 } 204 205 func (g *WafGenerator) loadWafRuleGroups(svc *waf.Client) error { 206 output, err := svc.ListRuleGroups(context.TODO(), &waf.ListRuleGroupsInput{}) 207 if err != nil { 208 return err 209 } 210 for _, ruleGroup := range output.RuleGroups { 211 g.Resources = append(g.Resources, terraformutils.NewSimpleResource( 212 *ruleGroup.RuleGroupId, 213 *ruleGroup.Name+"_"+(*ruleGroup.RuleGroupId)[0:8], 214 "aws_waf_rule_group", 215 "aws", 216 wafAllowEmptyValues)) 217 } 218 return nil 219 } 220 221 func (g *WafGenerator) loadSizeConstraintSets(svc *waf.Client) error { 222 output, err := svc.ListSizeConstraintSets(context.TODO(), &waf.ListSizeConstraintSetsInput{}) 223 if err != nil { 224 return err 225 } 226 for _, sizeConstraintSet := range output.SizeConstraintSets { 227 g.Resources = append(g.Resources, terraformutils.NewSimpleResource( 228 *sizeConstraintSet.SizeConstraintSetId, 229 *sizeConstraintSet.Name+"_"+(*sizeConstraintSet.SizeConstraintSetId)[0:8], 230 "aws_waf_size_constraint_set", 231 "aws", 232 wafAllowEmptyValues)) 233 } 234 return nil 235 } 236 237 func (g *WafGenerator) loadSQLInjectionMatchSets(svc *waf.Client) error { 238 output, err := svc.ListSqlInjectionMatchSets(context.TODO(), &waf.ListSqlInjectionMatchSetsInput{}) 239 if err != nil { 240 return err 241 } 242 for _, sqlInjectionMatchSet := range output.SqlInjectionMatchSets { 243 g.Resources = append(g.Resources, terraformutils.NewSimpleResource( 244 *sqlInjectionMatchSet.SqlInjectionMatchSetId, 245 *sqlInjectionMatchSet.Name+"_"+(*sqlInjectionMatchSet.SqlInjectionMatchSetId)[0:8], 246 "aws_waf_sql_injection_match_set", 247 "aws", 248 wafAllowEmptyValues)) 249 } 250 return nil 251 } 252 253 func (g *WafGenerator) loadXSSMatchSet(svc *waf.Client) error { 254 output, err := svc.ListXssMatchSets(context.TODO(), &waf.ListXssMatchSetsInput{}) 255 if err != nil { 256 return err 257 } 258 for _, xssMatchSet := range output.XssMatchSets { 259 g.Resources = append(g.Resources, terraformutils.NewSimpleResource( 260 *xssMatchSet.XssMatchSetId, 261 *xssMatchSet.Name+"_"+(*xssMatchSet.XssMatchSetId)[0:8], 262 "aws_waf_xss_match_set", 263 "aws", 264 wafAllowEmptyValues)) 265 } 266 return nil 267 }