Merge pull request #28435 from bigwheel/ftd-support-captcha-in-wafv2-…

…rule-group

Support captcha action in wafv2 rule group

.changelog/28435.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_wafv2_rule_group: Add `rule.action.captcha` argument
+```

internal/service/wafv2/rule_group.go

@@ -91,9 +91,10 @@ func ResourceRuleGroup() *schema.Resource {
 							MaxItems: 1,
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
-									"allow": allowConfigSchema(),
-									"block": blockConfigSchema(),
-									"count": countConfigSchema(),
+									"allow":   allowConfigSchema(),
+									"block":   blockConfigSchema(),
+									"count":   countConfigSchema(),
+									"captcha": captchaConfigSchema(),
 								},
 							},
 						},

internal/service/wafv2/rule_group_test.go

@@ -105,6 +105,7 @@ func TestAccWAFV2RuleGroup_updateRule(t *testing.T) {
 						"action.0.allow.#":                  "0",
 						"action.0.block.#":                  "0",
 						"action.0.count.#":                  "1",
+						"action.0.captcha.#":                "0",
 						"statement.#":                       "1",
 						"statement.0.geo_match_statement.#": "1",
 						"statement.0.geo_match_statement.0.country_codes.#": "2",
@@ -149,12 +150,13 @@ func TestAccWAFV2RuleGroup_updateRuleProperties(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "visibility_config.0.sampled_requests_enabled", "false"),
 					resource.TestCheckResourceAttr(resourceName, "rule.#", "1"),
 					resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule.*", map[string]string{
-						"name":             "rule-1",
-						"priority":         "1",
-						"action.#":         "1",
-						"action.0.allow.#": "0",
-						"action.0.block.#": "0",
-						"action.0.count.#": "1",
+						"name":               "rule-1",
+						"priority":           "1",
+						"action.#":           "1",
+						"action.0.allow.#":   "0",
+						"action.0.block.#":   "0",
+						"action.0.count.#":   "1",
+						"action.0.captcha.#": "0",
 						"visibility_config.0.cloudwatch_metrics_enabled": "false",
 						"visibility_config.0.metric_name":                "friendly-rule-metric-name",
 						"visibility_config.0.sampled_requests_enabled":   "false",
@@ -187,6 +189,7 @@ func TestAccWAFV2RuleGroup_updateRuleProperties(t *testing.T) {
 						"action.0.allow.#":    "0",
 						"action.0.block.#":    "0",
 						"action.0.count.#":    "1",
+						"action.0.captcha.#":  "0",
 						"visibility_config.#": "1",
 						"visibility_config.0.cloudwatch_metrics_enabled": "false",
 						"visibility_config.0.metric_name":                "rule-1",
@@ -202,6 +205,7 @@ func TestAccWAFV2RuleGroup_updateRuleProperties(t *testing.T) {
 						"action.0.allow.#":    "0",
 						"action.0.block.#":    "1",
 						"action.0.count.#":    "0",
+						"action.0.captcha.#":  "0",
 						"visibility_config.#": "1",
 						"visibility_config.0.cloudwatch_metrics_enabled": "false",
 						"visibility_config.0.metric_name":                ruleName2,
@@ -247,6 +251,7 @@ func TestAccWAFV2RuleGroup_updateRuleProperties(t *testing.T) {
 						"action.0.allow.#":    "0",
 						"action.0.block.#":    "0",
 						"action.0.count.#":    "1",
+						"action.0.captcha.#":  "0",
 						"visibility_config.#": "1",
 						"visibility_config.0.cloudwatch_metrics_enabled": "false",
 						"visibility_config.0.metric_name":                "rule-1",
@@ -262,6 +267,7 @@ func TestAccWAFV2RuleGroup_updateRuleProperties(t *testing.T) {
 						"action.0.allow.#":    "0",
 						"action.0.block.#":    "1",
 						"action.0.count.#":    "0",
+						"action.0.captcha.#":  "0",
 						"visibility_config.#": "1",
 						"visibility_config.0.cloudwatch_metrics_enabled": "false",
 						"visibility_config.0.metric_name":                "updated",
@@ -1398,6 +1404,7 @@ func TestAccWAFV2RuleGroup_ruleAction(t *testing.T) {
 						"action.0.allow.0.custom_request_handling.#": "0",
 						"action.0.block.#":                           "0",
 						"action.0.count.#":                           "0",
+						"action.0.captcha.#":                         "0",
 					}),
 				),
 			},
@@ -1418,6 +1425,7 @@ func TestAccWAFV2RuleGroup_ruleAction(t *testing.T) {
 						"action.0.block.#":                   "1",
 						"action.0.block.0.custom_response.#": "0",
 						"action.0.count.#":                   "0",
+						"action.0.captcha.#":                 "0",
 					}),
 				),
 			},
@@ -1438,6 +1446,7 @@ func TestAccWAFV2RuleGroup_ruleAction(t *testing.T) {
 						"action.0.block.#": "0",
 						"action.0.count.#": "1",
 						"action.0.count.0.custom_request_handling.#": "0",
+						"action.0.captcha.#":                         "0",
 					}),
 				),
 			},
@@ -1482,8 +1491,9 @@ func TestAccWAFV2RuleGroup_RuleAction_customRequestHandling(t *testing.T) {
 						"action.0.allow.0.custom_request_handling.0.insert_header.0.value": "test-val1",
 						"action.0.allow.0.custom_request_handling.0.insert_header.1.name":  "x-hdr2",
 						"action.0.allow.0.custom_request_handling.0.insert_header.1.value": "test-val2",
-						"action.0.block.#": "0",
-						"action.0.count.#": "0",
+						"action.0.block.#":   "0",
+						"action.0.count.#":   "0",
+						"action.0.captcha.#": "0",
 					}),
 				),
 			},
@@ -1509,6 +1519,7 @@ func TestAccWAFV2RuleGroup_RuleAction_customRequestHandling(t *testing.T) {
 						"action.0.count.0.custom_request_handling.0.insert_header.0.value": "test-val1",
 						"action.0.count.0.custom_request_handling.0.insert_header.1.name":  "x-hdr2",
 						"action.0.count.0.custom_request_handling.0.insert_header.1.value": "test-val2",
+						"action.0.captcha.#": "0",
 					}),
 				),
 			},
@@ -1555,7 +1566,8 @@ func TestAccWAFV2RuleGroup_RuleAction_customResponse(t *testing.T) {
 						"action.0.block.0.custom_response.0.response_header.0.value": "test-val1",
 						"action.0.block.0.custom_response.0.response_header.1.name":  "x-hdr2",
 						"action.0.block.0.custom_response.0.response_header.1.value": "test-val2",
-						"action.0.count.#": "0",
+						"action.0.count.#":   "0",
+						"action.0.captcha.#": "0",
 					}),
 				),
 			},
@@ -1587,7 +1599,8 @@ func TestAccWAFV2RuleGroup_RuleAction_customResponse(t *testing.T) {
 						"action.0.block.0.custom_response.#": "1",
 						"action.0.block.0.custom_response.0.response_code":            "429",
 						"action.0.block.0.custom_response.0.custom_response_body_key": "test_body_1",
-						"action.0.count.#": "0",
+						"action.0.count.#":   "0",
+						"action.0.captcha.#": "0",
 					}),
 				),
 			},
@@ -1620,7 +1633,8 @@ func TestAccWAFV2RuleGroup_RuleAction_customResponse(t *testing.T) {
 						"action.0.block.0.custom_response.#": "1",
 						"action.0.block.0.custom_response.0.response_code":            "429",
 						"action.0.block.0.custom_response.0.custom_response_body_key": "test_body_2",
-						"action.0.count.#": "0",
+						"action.0.count.#":   "0",
+						"action.0.captcha.#": "0",
 					}),
 				),
 			},

website/docs/r/wafv2_rule_group.html.markdown

@@ -340,6 +340,7 @@ The `action` block supports the following arguments:
 
 * `allow` - (Optional) Instructs AWS WAF to allow the web request. See [Allow](#action) below for details.
 * `block` - (Optional) Instructs AWS WAF to block the web request. See [Block](#block) below for details.
+* `captcha` - (Optional) Instructs AWS WAF to run a `CAPTCHA` check against the web request. See [Captcha](#captcha) below for details.
 * `count` - (Optional) Instructs AWS WAF to count the web request and allow it. See [Count](#count) below for details.
 
 ### Allow
@@ -354,6 +355,12 @@ The `block` block supports the following arguments:
 
 * `custom_response` - (Optional) Defines a custom response for the web request. See [Custom Response](#custom-response) below for details.
 
+### Captcha
+
+The `captcha` block supports the following arguments:
+
+* `custom_request_handling` - (Optional) Defines custom handling for the web request. See [Custom Request Handling](#custom-request-handling) below for details.
+
 ### Count
 
 The `count` block supports the following arguments: