r/aws_wafv2_web_acl: add support for captcha in rule actions

[wedneyyuri]

We can now configure rules to run a CAPTCHA check against web requests and, as needed, send a CAPTCHA challenge to the client

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #21754

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccWAFV2WebACL_' PKG_NAME=internal/service/wafv2

--- PASS: TestAccWAFV2WebACL_disappears (46.59s)
--- PASS: TestAccWAFV2WebACL_minimal (64.41s)
--- PASS: TestAccWAFV2WebACL_basic (66.79s)
--- PASS: TestAccWAFV2WebACL_Operators_maxNested (87.27s)
--- PASS: TestAccWAFV2WebACL_Update_nameForceNew (95.51s)
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_basic (104.39s)
--- PASS: TestAccWAFV2WebACL_Custom_response (106.21s)
--- PASS: TestAccWAFV2WebACL_GeoMatch_basic (111.33s)
--- PASS: TestAccWAFV2WebACL_RateBased_forwardedIP (113.00s)
--- PASS: TestAccWAFV2WebACL_GeoMatch_forwardedIP (114.08s)
--- PASS: TestAccWAFV2WebACL_RateBased_basic (120.77s)
--- PASS: TestAccWAFV2WebACL_IPSetReference_basic (125.96s)
--- PASS: TestAccWAFV2WebACL_Update_rule (130.30s)
--- PASS: TestAccWAFV2WebACL_RateBased_maxNested (138.40s)
--- PASS: TestAccWAFV2WebACL_RuleGroupReference_basic (146.37s)
--- PASS: TestAccWAFV2WebACL_Update_ruleProperties (147.75s)
--- PASS: TestAccWAFV2WebACL_Custom_requestHandling (148.60s)
--- PASS: TestAccWAFV2WebACL_tags (182.04s)
--- PASS: TestAccWAFV2WebACL_IPSetReference_forwardedIP (234.00s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/wafv2	234.053s

[github-actions]

Welcome @wedneyyuri 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTING guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

[nouhab]

can you tell us when this pull request will be merged please ?

[flavioelawi]

Am I missing it or CaptchaConfig is not included in this PR?

[jeffery7]

Is it this?

terraform-provider-aws/internal/service/wafv2/helper.go

Line 441 in 8fb1370

func wafv2CaptchaConfigSchema() *schema.Schema {

It sure would be great to be able to configure rate_based_rules to use Captcha using TF.

[kunalsumblyavenue]

Any idea when will this get merged ? Thanks

[nodomain]

Needing this as well.

[tolidano]

does it make sense for this to also support specifying the custom rule based CAPTCHA token lifetime as noted here: https://docs.aws.amazon.com/sdk-for-go/api/service/wafv2/#CaptchaConfig.SetImmunityTimeProperty

This is the same type as used in the WebACL: https://docs.aws.amazon.com/sdk-for-go/api/service/wafv2/#WebACL
But on the Rule: https://docs.aws.amazon.com/sdk-for-go/api/service/wafv2/#WebACL

[breathingdust]

Hi all 👋 Just letting you know that this is issue is featured on this quarters roadmap. If a PR exists to close the issue a maintainer will review and either make changes directly, or work with the original author to get the contribution merged. If you have written a PR to resolve the issue please ensure the "Allow edits from maintainers" box is checked. Thanks for your patience and we are looking forward to getting this merged soon!

[ewbankkit]

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccWAFV2WebACL_' PKG=wafv2 ACCTEST_PARALLELISM=2 
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/wafv2/... -v -count 1 -parallel 2  -run=TestAccWAFV2WebACL_ -timeout 180m
=== RUN   TestAccWAFV2WebACL_basic
=== PAUSE TestAccWAFV2WebACL_basic
=== RUN   TestAccWAFV2WebACL_Update_rule
=== PAUSE TestAccWAFV2WebACL_Update_rule
=== RUN   TestAccWAFV2WebACL_Update_ruleProperties
=== PAUSE TestAccWAFV2WebACL_Update_ruleProperties
=== RUN   TestAccWAFV2WebACL_Update_nameForceNew
=== PAUSE TestAccWAFV2WebACL_Update_nameForceNew
=== RUN   TestAccWAFV2WebACL_disappears
=== PAUSE TestAccWAFV2WebACL_disappears
=== RUN   TestAccWAFV2WebACL_ManagedRuleGroup_basic
=== PAUSE TestAccWAFV2WebACL_ManagedRuleGroup_basic
=== RUN   TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
=== PAUSE TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
=== RUN   TestAccWAFV2WebACL_minimal
=== PAUSE TestAccWAFV2WebACL_minimal
=== RUN   TestAccWAFV2WebACL_RateBased_basic
=== PAUSE TestAccWAFV2WebACL_RateBased_basic
=== RUN   TestAccWAFV2WebACL_GeoMatch_basic
=== PAUSE TestAccWAFV2WebACL_GeoMatch_basic
=== RUN   TestAccWAFV2WebACL_GeoMatch_forwardedIP
=== PAUSE TestAccWAFV2WebACL_GeoMatch_forwardedIP
=== RUN   TestAccWAFV2WebACL_LabelMatchStatement
=== PAUSE TestAccWAFV2WebACL_LabelMatchStatement
=== RUN   TestAccWAFV2WebACL_RuleLabels
=== PAUSE TestAccWAFV2WebACL_RuleLabels
=== RUN   TestAccWAFV2WebACL_IPSetReference_basic
=== PAUSE TestAccWAFV2WebACL_IPSetReference_basic
=== RUN   TestAccWAFV2WebACL_IPSetReference_forwardedIP
=== PAUSE TestAccWAFV2WebACL_IPSetReference_forwardedIP
=== RUN   TestAccWAFV2WebACL_RateBased_forwardedIP
=== PAUSE TestAccWAFV2WebACL_RateBased_forwardedIP
=== RUN   TestAccWAFV2WebACL_RuleGroupReference_basic
=== PAUSE TestAccWAFV2WebACL_RuleGroupReference_basic
=== RUN   TestAccWAFV2WebACL_Custom_requestHandling
=== PAUSE TestAccWAFV2WebACL_Custom_requestHandling
=== RUN   TestAccWAFV2WebACL_Custom_response
=== PAUSE TestAccWAFV2WebACL_Custom_response
=== RUN   TestAccWAFV2WebACL_tags
=== PAUSE TestAccWAFV2WebACL_tags
=== RUN   TestAccWAFV2WebACL_RateBased_maxNested
=== PAUSE TestAccWAFV2WebACL_RateBased_maxNested
=== RUN   TestAccWAFV2WebACL_Operators_maxNested
=== PAUSE TestAccWAFV2WebACL_Operators_maxNested
=== CONT  TestAccWAFV2WebACL_basic
=== CONT  TestAccWAFV2WebACL_LabelMatchStatement
--- PASS: TestAccWAFV2WebACL_basic (22.19s)
=== CONT  TestAccWAFV2WebACL_Custom_requestHandling
--- PASS: TestAccWAFV2WebACL_LabelMatchStatement (40.71s)
=== CONT  TestAccWAFV2WebACL_Operators_maxNested
--- PASS: TestAccWAFV2WebACL_Operators_maxNested (21.33s)
=== CONT  TestAccWAFV2WebACL_RateBased_maxNested
--- PASS: TestAccWAFV2WebACL_Custom_requestHandling (49.82s)
=== CONT  TestAccWAFV2WebACL_tags
--- PASS: TestAccWAFV2WebACL_RateBased_maxNested (24.19s)
=== CONT  TestAccWAFV2WebACL_Custom_response
--- PASS: TestAccWAFV2WebACL_tags (71.68s)
=== CONT  TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion
--- PASS: TestAccWAFV2WebACL_Custom_response (79.73s)
=== CONT  TestAccWAFV2WebACL_GeoMatch_forwardedIP
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_specifyVersion (57.71s)
=== CONT  TestAccWAFV2WebACL_GeoMatch_basic
--- PASS: TestAccWAFV2WebACL_GeoMatch_forwardedIP (57.18s)
=== CONT  TestAccWAFV2WebACL_RateBased_basic
--- PASS: TestAccWAFV2WebACL_GeoMatch_basic (55.88s)
=== CONT  TestAccWAFV2WebACL_minimal
--- PASS: TestAccWAFV2WebACL_RateBased_basic (53.01s)
=== CONT  TestAccWAFV2WebACL_Update_nameForceNew
--- PASS: TestAccWAFV2WebACL_minimal (23.39s)
=== CONT  TestAccWAFV2WebACL_ManagedRuleGroup_basic
--- PASS: TestAccWAFV2WebACL_Update_nameForceNew (33.99s)
=== CONT  TestAccWAFV2WebACL_disappears
--- PASS: TestAccWAFV2WebACL_disappears (14.34s)
=== CONT  TestAccWAFV2WebACL_IPSetReference_forwardedIP
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_basic (50.68s)
=== CONT  TestAccWAFV2WebACL_RuleGroupReference_basic
--- PASS: TestAccWAFV2WebACL_RuleGroupReference_basic (43.93s)
=== CONT  TestAccWAFV2WebACL_RateBased_forwardedIP
--- PASS: TestAccWAFV2WebACL_IPSetReference_forwardedIP (77.99s)
=== CONT  TestAccWAFV2WebACL_Update_ruleProperties
--- PASS: TestAccWAFV2WebACL_RateBased_forwardedIP (37.70s)
=== CONT  TestAccWAFV2WebACL_Update_rule
--- PASS: TestAccWAFV2WebACL_Update_rule (37.81s)
=== CONT  TestAccWAFV2WebACL_RuleLabels
--- PASS: TestAccWAFV2WebACL_Update_ruleProperties (56.14s)
=== CONT  TestAccWAFV2WebACL_IPSetReference_basic
--- PASS: TestAccWAFV2WebACL_IPSetReference_basic (21.99s)
--- PASS: TestAccWAFV2WebACL_RuleLabels (36.65s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/wafv2	491.287s

[ewbankkit]

@wedneyyuri Thanks for the contribution 🎉 👏.

[github-actions]

This functionality has been released in v4.21.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.