Skip to content

Commit 8232222

Browse files
tongyimingmikatong
tongyiming
and
mikatong
authored
Feat/antiddos config (#2367)
* ddos support warte print * update doc * add changelog --------- Co-authored-by: mikatong <mikatong@tencent.com>
1 parent 940459e commit 8232222

File tree

5 files changed

+342
-29
lines changed

5 files changed

+342
-29
lines changed

.changelog/2367.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
```release-note:enhancement
2+
resource/tencentcloud_dayu_ddos_policy_v2: Support param water_print_config
3+
```

tencentcloud/resource_tc_dayu_ddos_policy_v2.go

Lines changed: 192 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,16 @@ resource "tencentcloud_dayu_ddos_policy_v2" "ddos_v2" {
7575
is_not=0
7676
is_not2=0
7777
}
78+
water_print_config {
79+
offset = 1
80+
open_status = 1
81+
listeners {
82+
frontend_port = 90
83+
forward_protocol = "TCP"
84+
frontend_port_end = 90
85+
}
86+
verify = "checkall"
87+
}
7888
}
7989
8090
```
@@ -213,6 +223,54 @@ func resourceTencentCloudDayuDdosPolicyV2() *schema.Resource {
213223
},
214224
Description: "Protocol block configuration for DDoS protection.",
215225
},
226+
"water_print_config": {
227+
Type: schema.TypeList,
228+
Optional: true,
229+
Elem: &schema.Resource{
230+
Schema: map[string]*schema.Schema{
231+
"offset": {
232+
Type: schema.TypeInt,
233+
Required: true,
234+
Description: "Watermark offset, value range: [0-100].",
235+
},
236+
"open_status": {
237+
Type: schema.TypeInt,
238+
Required: true,
239+
Description: "Whether it is enabled, value [0 (manual open), 1 (immediate operation)].",
240+
},
241+
"listeners": {
242+
Type: schema.TypeList,
243+
Required: true,
244+
Elem: &schema.Resource{
245+
Schema: map[string]*schema.Schema{
246+
"frontend_port": {
247+
Type: schema.TypeInt,
248+
Required: true,
249+
Description: "Lower limit of forwarding listening port. Values: [1-65535].",
250+
},
251+
"forward_protocol": {
252+
Type: schema.TypeString,
253+
Required: true,
254+
Description: "Forwarding protocol, value [TCP, UDP].",
255+
},
256+
"frontend_port_end": {
257+
Type: schema.TypeInt,
258+
Required: true,
259+
Description: "Upper limit of forwarding listening port. Values: [1-65535].",
260+
},
261+
},
262+
},
263+
Description: "List of forwarding listeners to which the watermark belongs.",
264+
},
265+
"verify": {
266+
Type: schema.TypeString,
267+
Required: true,
268+
Description: "Watermark check mode, value [`checkall`(normal mode), `shortfpcheckall`(simplified mode)].",
269+
},
270+
},
271+
},
272+
Description: "Water print config.",
273+
},
216274
"ddos_connect_limit": {
217275
Type: schema.TypeList,
218276
MaxItems: 1,
@@ -553,6 +611,39 @@ func resourceTencentCloudDayuDdosPolicyV2Create(d *schema.ResourceData, meta int
553611
}
554612
}
555613

614+
if v, ok := d.GetOk("water_print_config"); ok {
615+
waterPrintConfigs := v.([]interface{})
616+
for _, waterPrintConfigItem := range waterPrintConfigs {
617+
waterPrintConfigs := waterPrintConfigItem.(map[string]interface{})
618+
offset := waterPrintConfigs["offset"].(int)
619+
openStatus := waterPrintConfigs["open_status"].(int)
620+
verify := waterPrintConfigs["verify"].(string)
621+
listeners := waterPrintConfigs["listeners"].([]interface{})
622+
listenerList := make([]*antiddos.ForwardListener, 0)
623+
for _, listenerItem := range listeners {
624+
listener := listenerItem.(map[string]interface{})
625+
frontendPort := listener["frontend_port"].(int)
626+
forwardProtocol := listener["forward_protocol"].(string)
627+
frontendPortEnd := listener["frontend_port_end"].(int)
628+
listenerList = append(listenerList, &antiddos.ForwardListener{
629+
FrontendPort: helper.IntInt64(frontendPort),
630+
ForwardProtocol: helper.String(forwardProtocol),
631+
FrontendPortEnd: helper.IntInt64(frontendPortEnd),
632+
})
633+
}
634+
tmpWaterPrintConfig := antiddos.WaterPrintConfig{
635+
Offset: helper.IntInt64(offset),
636+
OpenStatus: helper.IntInt64(openStatus),
637+
Verify: helper.String(verify),
638+
Listeners: listenerList,
639+
}
640+
err := antiddosService.CreateWaterPrintConfig(ctx, resourceId, tmpWaterPrintConfig)
641+
if err != nil {
642+
return err
643+
}
644+
}
645+
}
646+
556647
if v, ok := d.GetOk("ddos_connect_limit"); ok {
557648
ddosConnectLimits := v.([]interface{})
558649
for _, ddosConnectLimitItem := range ddosConnectLimits {
@@ -777,6 +868,30 @@ func resourceTencentCloudDayuDdosPolicyV2Read(d *schema.ResourceData, meta inter
777868
_ = d.Set("protocol_block_config", []map[string]interface{}{protocolBlockConfig})
778869
}
779870

871+
waterPrintConfigs, err := antiddosService.DescribeListWaterPrintConfig(ctx, instanceId)
872+
if err != nil {
873+
return err
874+
}
875+
waterPrintConfigList := make([]map[string]interface{}, 0)
876+
877+
for _, waterPrintConfig := range waterPrintConfigs {
878+
waterPrintConfigMap := make(map[string]interface{})
879+
waterPrintConfigMap["offset"] = waterPrintConfig.WaterPrintConfig.Offset
880+
waterPrintConfigMap["open_status"] = waterPrintConfig.WaterPrintConfig.OpenStatus
881+
waterPrintConfigMap["verify"] = waterPrintConfig.WaterPrintConfig.Verify
882+
listenerList := make([]interface{}, 0)
883+
for _, listener := range waterPrintConfig.WaterPrintConfig.Listeners {
884+
listenerMap := make(map[string]interface{})
885+
listenerMap["frontend_port"] = listener.FrontendPort
886+
listenerMap["forward_protocol"] = listener.ForwardProtocol
887+
listenerMap["frontend_port_end"] = listener.FrontendPortEnd
888+
listenerList = append(listenerList, listenerMap)
889+
}
890+
waterPrintConfigMap["listeners"] = listenerList
891+
waterPrintConfigList = append(waterPrintConfigList, waterPrintConfigMap)
892+
}
893+
_ = d.Set("water_print_config", waterPrintConfigList)
894+
780895
connectLimitRelation, err := antiddosService.DescribeDDoSConnectLimitList(ctx, instanceId)
781896
if err != nil {
782897
return err
@@ -809,7 +924,6 @@ func resourceTencentCloudDayuDdosPolicyV2Read(d *schema.ResourceData, meta inter
809924
ddosGeoIPBlockConfig := make(map[string]interface{})
810925
ddosGeoIPBlockConfig["action"] = ddosGeoIPBlockConfigRelation.GeoIPBlockConfig.Action
811926
ddosGeoIPBlockConfig["area_list"] = ddosGeoIPBlockConfigRelation.GeoIPBlockConfig.AreaList
812-
ddosGeoIPBlockConfig["id"] = ddosGeoIPBlockConfigRelation.GeoIPBlockConfig.Id
813927
ddosGeoIPBlockConfig["region_type"] = ddosGeoIPBlockConfigRelation.GeoIPBlockConfig.RegionType
814928
ddosGeoIPBlockConfigList = append(ddosGeoIPBlockConfigList, ddosGeoIPBlockConfig)
815929
}
@@ -847,7 +961,6 @@ func resourceTencentCloudDayuDdosPolicyV2Read(d *schema.ResourceData, meta inter
847961
packetFilters := make([]map[string]interface{}, 0)
848962
for _, packetFilterRelation := range packetFilterRelationList {
849963
tmpPacketFilter := make(map[string]interface{})
850-
tmpPacketFilter["id"] = packetFilterRelation.PacketFilterConfig.Id
851964
tmpPacketFilter["s_port_start"] = packetFilterRelation.PacketFilterConfig.SportStart
852965
tmpPacketFilter["s_port_end"] = packetFilterRelation.PacketFilterConfig.SportEnd
853966
tmpPacketFilter["d_port_start"] = packetFilterRelation.PacketFilterConfig.DportStart
@@ -861,6 +974,12 @@ func resourceTencentCloudDayuDdosPolicyV2Read(d *schema.ResourceData, meta inter
861974
tmpPacketFilter["match_type2"] = packetFilterRelation.PacketFilterConfig.MatchType2
862975
tmpPacketFilter["match_begin"] = packetFilterRelation.PacketFilterConfig.MatchBegin
863976
tmpPacketFilter["match_begin2"] = packetFilterRelation.PacketFilterConfig.MatchBegin2
977+
tmpPacketFilter["action"] = packetFilterRelation.PacketFilterConfig.Action
978+
tmpPacketFilter["depth"] = packetFilterRelation.PacketFilterConfig.Depth
979+
tmpPacketFilter["depth2"] = packetFilterRelation.PacketFilterConfig.Depth2
980+
tmpPacketFilter["offset"] = packetFilterRelation.PacketFilterConfig.Offset
981+
tmpPacketFilter["offset2"] = packetFilterRelation.PacketFilterConfig.Offset2
982+
tmpPacketFilter["protocol"] = packetFilterRelation.PacketFilterConfig.Protocol
864983
packetFilters = append(packetFilters, tmpPacketFilter)
865984
}
866985
_ = d.Set("packet_filters", packetFilters)
@@ -1044,6 +1163,66 @@ func resourceTencentCloudDayuDdosPolicyV2Update(d *schema.ResourceData, meta int
10441163

10451164
}
10461165

1166+
if d.HasChange("water_print_config.0.offset") || d.HasChange("water_print_config.0.listeners") || d.HasChange("water_print_config.0.verify") {
1167+
oldWaterPrintConfigList, err := antiddosService.DescribeListWaterPrintConfig(ctx, resourceId)
1168+
if err != nil {
1169+
return err
1170+
}
1171+
if len(oldWaterPrintConfigList) > 0 {
1172+
err := antiddosService.DeleteWaterPrintConfig(ctx, resourceId)
1173+
if err != nil {
1174+
return err
1175+
}
1176+
}
1177+
1178+
waterPrintConfigs := d.Get("water_print_config").([]interface{})
1179+
if len(waterPrintConfigs) > 0 {
1180+
waterPrintConfigItem := waterPrintConfigs[0]
1181+
waterPrintConfigItemMap := waterPrintConfigItem.(map[string]interface{})
1182+
offset := waterPrintConfigItemMap["offset"].(int)
1183+
openStatus := waterPrintConfigItemMap["open_status"].(int)
1184+
verify := waterPrintConfigItemMap["verify"].(string)
1185+
listeners := waterPrintConfigItemMap["listeners"].([]interface{})
1186+
listenerList := make([]*antiddos.ForwardListener, 0)
1187+
for _, listenerItem := range listeners {
1188+
listenerMap := listenerItem.(map[string]interface{})
1189+
frontendPort := listenerMap["frontend_port"].(int)
1190+
forwardProtocol := listenerMap["forward_protocol"].(string)
1191+
frontendPortEnd := listenerMap["frontend_port_end"].(int)
1192+
listenerList = append(listenerList, &antiddos.ForwardListener{
1193+
FrontendPort: helper.IntInt64(frontendPort),
1194+
ForwardProtocol: helper.String(forwardProtocol),
1195+
FrontendPortEnd: helper.IntInt64(frontendPortEnd),
1196+
})
1197+
}
1198+
tmpWaterPrintConfig := antiddos.WaterPrintConfig{
1199+
Offset: helper.IntInt64(offset),
1200+
OpenStatus: helper.IntInt64(openStatus),
1201+
Verify: helper.String(verify),
1202+
Listeners: listenerList,
1203+
}
1204+
err := antiddosService.CreateWaterPrintConfig(ctx, resourceId, tmpWaterPrintConfig)
1205+
if err != nil {
1206+
return err
1207+
}
1208+
1209+
}
1210+
1211+
}
1212+
1213+
if d.HasChange("water_print_config.0.open_status") {
1214+
waterPrintConfigs := d.Get("water_print_config").([]interface{})
1215+
if len(waterPrintConfigs) > 0 {
1216+
waterPrintConfigItem := waterPrintConfigs[0]
1217+
waterPrintConfigItemMap := waterPrintConfigItem.(map[string]interface{})
1218+
openStatus := waterPrintConfigItemMap["open_status"].(int)
1219+
err := antiddosService.SwitchWaterPrintConfig(ctx, resourceId, openStatus)
1220+
if err != nil {
1221+
return err
1222+
}
1223+
}
1224+
}
1225+
10471226
if d.HasChange("ddos_geo_ip_block_config") {
10481227
oldDDoSGeoIPBlockConfigRelations, err := antiddosService.DescribeListDDoSGeoIPBlockConfig(ctx, resourceId)
10491228
if err != nil {
@@ -1318,5 +1497,16 @@ func resourceTencentCloudDayuDdosPolicyV2Delete(d *schema.ResourceData, meta int
13181497
for _, packetFilterRelation := range packetFilterRelationList {
13191498
_ = antiddosService.DeletePacketFilterConfig(ctx, resourceId, *packetFilterRelation.PacketFilterConfig)
13201499
}
1500+
1501+
oldWaterPrintConfigList, err := antiddosService.DescribeListWaterPrintConfig(ctx, resourceId)
1502+
if err != nil {
1503+
return err
1504+
}
1505+
if len(oldWaterPrintConfigList) > 0 {
1506+
err := antiddosService.DeleteWaterPrintConfig(ctx, resourceId)
1507+
if err != nil {
1508+
return err
1509+
}
1510+
}
13211511
return nil
13221512
}

tencentcloud/resource_tc_dayu_ddos_policy_v2_test.go

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ import (
1313
func TestAccTencentCloudDayuDdosPolicyV2Resource(t *testing.T) {
1414
t.Parallel()
1515
resource.Test(t, resource.TestCase{
16-
PreCheck: func() { testAccPreCheckCommon(t, ACCOUNT_TYPE_INTERNATIONAL) },
16+
PreCheck: func() { testAccPreCheckCommon(t, ACCOUNT_TYPE_PREPAY) },
1717
Providers: testAccProviders,
1818
CheckDestroy: testAccCheckDayuDdosPolicyV2Destroy,
1919
Steps: []resource.TestStep{
@@ -103,7 +103,7 @@ func testAccCheckDayuDdosPolicyV2Exists(n string) resource.TestCheckFunc {
103103

104104
const testAccDayuDdosPolicyV2 string = `
105105
resource "tencentcloud_dayu_ddos_policy_v2" "test_policy" {
106-
resource_id = "bgpip-000004xf"
106+
resource_id = "bgpip-0000078h"
107107
business = "bgpip"
108108
ddos_threshold="100"
109109
ddos_level="low"
@@ -173,4 +173,14 @@ resource "tencentcloud_dayu_ddos_policy_v2" "test_policy" {
173173
is_not=0
174174
is_not2=0
175175
}
176+
water_print_config {
177+
offset = 1
178+
open_status = 1
179+
listeners {
180+
frontend_port = 90
181+
forward_protocol = "TCP"
182+
frontend_port_end = 90
183+
}
184+
verify = "checkall"
185+
}
176186
}`

0 commit comments

Comments
 (0)