diff --git a/azurerm/internal/services/network/resource_arm_web_application_firewall_policy.go b/azurerm/internal/services/network/resource_arm_web_application_firewall_policy.go index 34b6cf12ff6f..c9df5fb5efeb 100644 --- a/azurerm/internal/services/network/resource_arm_web_application_firewall_policy.go +++ b/azurerm/internal/services/network/resource_arm_web_application_firewall_policy.go @@ -184,7 +184,7 @@ func resourceArmWebApplicationFirewallPolicy() *schema.Resource { }, "managed_rule_set": { Type: schema.TypeList, - Optional: true, + Required: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "type": { diff --git a/azurerm/internal/services/network/tests/resource_arm_web_application_firewall_policy_test.go b/azurerm/internal/services/network/tests/resource_arm_web_application_firewall_policy_test.go index 7dfaa2fb3d2b..aa40a00e5f64 100644 --- a/azurerm/internal/services/network/tests/resource_arm_web_application_firewall_policy_test.go +++ b/azurerm/internal/services/network/tests/resource_arm_web_application_firewall_policy_test.go @@ -80,14 +80,14 @@ func TestAccAzureRMWebApplicationFirewallPolicy_complete(t *testing.T) { resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.exclusion.1.match_variable", "RequestCookieNames"), resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.exclusion.1.selector", "too-much-fun"), resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.exclusion.1.selector_match_operator", "EndsWith"), - resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.managed_rules_set.#", "1"), - resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.managed_rules_set.0.type", "OWASP"), - resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.managed_rules_set.0.version", "3.1"), - resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.managed_rules_set.0.rule_group_override.#", "1"), - resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.managed_rules_set.0.rule_group_override.0.rule_group_name", "REQUEST-920-PROTOCOL-ENFORCEMENT"), - resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.managed_rules_set.0.rule_group_override.0.disabled_rules.#", "2"), - resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.managed_rules_set.0.rule_group_override.0.disabled_rules.0", "920300"), - resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.managed_rules_set.0.rule_group_override.0.disabled_rules.1", "920440"), + resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.managed_rule_set.#", "1"), + resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.managed_rule_set.0.type", "OWASP"), + resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.managed_rule_set.0.version", "3.1"), + resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.managed_rule_set.0.rule_group_override.#", "1"), + resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.managed_rule_set.0.rule_group_override.0.rule_group_name", "REQUEST-920-PROTOCOL-ENFORCEMENT"), + resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.managed_rule_set.0.rule_group_override.0.disabled_rules.#", "2"), + resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.managed_rule_set.0.rule_group_override.0.disabled_rules.0", "920300"), + resource.TestCheckResourceAttr(data.ResourceName, "managed_rules.managed_rule_set.0.rule_group_override.0.disabled_rules.1", "920440"), resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.enabled", "true"), resource.TestCheckResourceAttr(data.ResourceName, "policy_settings.mode", "Prevention"), ), @@ -216,6 +216,13 @@ resource "azurerm_web_application_firewall_policy" "test" { name = "acctestwafpolicy-%d" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location + + managed_rules { + managed_rule_set { + type = "OWASP" + version = "3.1" + } + } } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger) } @@ -296,7 +303,7 @@ resource "azurerm_web_application_firewall_policy" "test" { selector_match_operator = "EndsWith" } - managed_rules_set { + managed_rule_set { type = "OWASP" version = "3.1" diff --git a/website/docs/r/web_application_firewall_policy.html.markdown b/website/docs/r/web_application_firewall_policy.html.markdown index 4020a1dcbae0..b1ee28367c72 100644 --- a/website/docs/r/web_application_firewall_policy.html.markdown +++ b/website/docs/r/web_application_firewall_policy.html.markdown @@ -87,7 +87,7 @@ resource "azurerm_web_application_firewall_policy" "example" { selector_match_operator = "EndsWith" } - managed_rules_set { + managed_rule_set { rule_set_type = "OWASP" rule_set_version = "3.1" rule_group_override { @@ -169,7 +169,7 @@ The `managed_rules` block supports the following: * `exclusion` - (Optional) One or more `exclusion` block defined below. -* `managed_rules_set` - (Optional) One or more `managed_rules_set` block defined below. +* `managed_rule_set` - (Optional) One or more `managed_rule_set` block defined below. --- @@ -183,7 +183,7 @@ The `exclusion` block supports the following: --- -The `managed_rules_set` block supports the following: +The `managed_rule_set` block supports the following: * `type` - (Required) The rule set type.