Skip to content

Commit

Permalink
Merge pull request #122 from athiththan11/main-cdn-fd
Browse files Browse the repository at this point in the history 
Onboard Azure CDN FrontDoor Policy Terraform Modules
  • Loading branch information
@athiththan11
athiththan11 authored Dec 4, 2024
2 parents b4f1bf0 + 01be246 commit c40ba84
Show file tree
Hide file tree
Showing 8 changed files with 430 additions and 0 deletions.
109 changes: 109 additions & 0 deletions modules/azurerm/CDN-FrontDoor-Firewall-Policy/cdn_frontdoor_firewall_policy.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
# -------------------------------------------------------------------------------------
#
# Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
#
# WSO2 LLC. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# --------------------------------------------------------------------------------------

resource "azurerm_cdn_frontdoor_firewall_policy" "cdn_frontdoor_firewall_policy" {
name = join("", [var.frontdoor_firewall_policy_abbreviation, var.frontdoor_firewall_policy_name])
resource_group_name = var.resource_group_name
sku_name = var.sku_name
enabled = var.enabled
mode = var.mode
redirect_url = var.redirect_url
custom_block_response_status_code = var.custom_block_response_status_code
custom_block_response_body = var.custom_block_response_body
tags = var.tags

dynamic "custom_rule" {
for_each = var.custom_rules
content {
name = custom_rule.key
action = custom_rule.value.action
enabled = custom_rule.value.enabled
priority = custom_rule.value.priority
rate_limit_duration_in_minutes = custom_rule.value.rate_limit_duration_in_minutes
rate_limit_threshold = custom_rule.value.rate_limit_threshold
type = custom_rule.value.type

dynamic "match_condition" {
for_each = custom_rule.value.match_conditions
content {
match_variable = match_condition.value.match_variable
match_values = match_condition.value.match_values
operator = match_condition.value.operator
selector = match_condition.value.selector
negation_condition = match_condition.value.negation_condition
transforms = match_condition.value.transforms
}
}
}
}

dynamic "managed_rule" {
for_each = var.managed_rules
content {
type = managed_rule.value.type
version = managed_rule.value.version
action = managed_rule.value.action

dynamic "exclusion" {
for_each = managed_rule.value.exclusions
content {
match_variable = exclusion.value.match_variable
operator = exclusion.value.operator
selector = exclusion.value.selector
}
}

dynamic "override" {
for_each = managed_rule.value.overrides
content {
rule_group_name = override.value.rule_group_name

dynamic "exclusion" {
for_each = override.value.exclusions
content {
match_variable = exclusion.value.match_variable
operator = exclusion.value.operator
selector = exclusion.value.selector
}
}

dynamic "rule" {
for_each = override.value.rules
content {
rule_id = rule.value.rule_id
action = rule.value.action
enabled = rule.value.enabled

dynamic "exclusion" {
for_each = rule.value.exclusions
content {
match_variable = exclusion.value.match_variable
operator = exclusion.value.operator
selector = exclusion.value.selector
}
}

}
}
}
}
}
}
}
24 changes: 24 additions & 0 deletions modules/azurerm/CDN-FrontDoor-Firewall-Policy/outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# -------------------------------------------------------------------------------------
#
# Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
#
# WSO2 LLC. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# --------------------------------------------------------------------------------------

output "id" {
depends_on = [azurerm_cdn_frontdoor_firewall_policy.cdn_frontdoor_firewall_policy]
value = azurerm_cdn_frontdoor_firewall_policy.cdn_frontdoor_firewall_policy.id
}
129 changes: 129 additions & 0 deletions modules/azurerm/CDN-FrontDoor-Firewall-Policy/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
# -------------------------------------------------------------------------------------
#
# Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
#
# WSO2 LLC. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# --------------------------------------------------------------------------------------

variable "frontdoor_firewall_policy_abbreviation" {
description = "Abbreviation for the FrontDoor Firewall Policy"
default = "fdfp"
type = string
}

variable "frontdoor_firewall_policy_name" {
description = "Name for the FrontDoor Firewall Policy"
type = string
}

variable "resource_group_name" {
description = "Name of the Resource Group in which the FrontDoor Firewall Policy should exist"
type = string
}

variable "sku_name" {
description = "The SKU of the FrontDoor Firewall Policy"
default = "Premium_AzureFrontDoor"
type = string
}

variable "enabled" {
description = "Is the FrontDoor Firewall Policy enabled?"
default = true
type = bool
}

variable "mode" {
description = "The mode of the FrontDoor Firewall Policy"
default = "Prevention"
type = string
}

variable "redirect_url" {
description = "The URL to redirect to when a request is blocked"
type = string
}

variable "custom_block_response_status_code" {
description = "The status code to return when a request is blocked"
default = 403
type = number
}

variable "custom_block_response_body" {
description = "The body to return when a request is blocked"
type = string
}

variable "tags" {
description = "A mapping of tags to assign to the resource"
default = {}
type = map(string)
}

variable "custom_rules" {
description = "A list of custom rules to apply to the FrontDoor Firewall Policy"
default = {}
type = map(object({
enabled = bool
priority = number
rate_limit_duration_in_minutes = number
rate_limit_threshold = number
type = string
action = string
match_conditions = map(object({
match_variable = string
operator = string
negation_condition = string
match_values = list(string)
transforms = list(string)
selector = string
}))
}))
}

variable "managed_rules" {
description = "A list of managed rules to apply to the FrontDoor Firewall Policy"
default = {}
type = map(object({
type = string
version = string
action = string
exclusions = list(object({
match_variable = string
operator = string
selector = string
}))
overrides = list(object({
rule_group_name = string
exclusions = list(object({
match_variable = string
operator = string
selector = string
}))
rules = list(object({
rule_id = string
action = string
enabled = bool
exclusions = list(object({
match_variable = string
operator = string
selector = string
}))
}))
}))
}))
}
29 changes: 29 additions & 0 deletions modules/azurerm/CDN-FrontDoor-Firewall-Policy/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# -------------------------------------------------------------------------------------
#
# Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
#
# WSO2 LLC. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# --------------------------------------------------------------------------------------

terraform {
required_version = ">= 0.14"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">= 3.52.0"
}
}
}
40 changes: 40 additions & 0 deletions modules/azurerm/CDN-FrontDoor-Security-Policy/cdn_frontdoor_security_policy.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
# -------------------------------------------------------------------------------------
#
# Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
#
# WSO2 LLC. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# --------------------------------------------------------------------------------------

resource "azurerm_cdn_frontdoor_security_policy" "cdn_frontdoor_security_policy" {
name = var.security_policy_name
cdn_frontdoor_profile_id = var.cdn_frontdoor_profile_id

security_policies {
firewall {
cdn_frontdoor_firewall_policy_id = var.cdn_frontdoor_firewall_policy_id

association {
patterns_to_match = var.patterns_to_match
dynamic "domain" {
for_each = var.domains
content {
cdn_frontdoor_domain_id = domain.value
}
}
}
}
}
}
24 changes: 24 additions & 0 deletions modules/azurerm/CDN-FrontDoor-Security-Policy/outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# -------------------------------------------------------------------------------------
#
# Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
#
# WSO2 LLC. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# --------------------------------------------------------------------------------------

output "id" {
depends_on = [azurerm_cdn_frontdoor_security_policy.cdn_frontdoor_security_policy]
value = azurerm_cdn_frontdoor_security_policy.cdn_frontdoor_security_policy.id
}
Loading

0 comments on commit c40ba84

Please sign in to comment.