WAF policy resource, managed WAF rulesets data source, and waf_policy_id in build settings

[ramonsnir]

WAF policy resource
Managed WAF rules data source

[rybit]

Nothing blocking! I think it will be great to have it!

[rybit]

nit: this is the policy not the rule set. A policy contains a set of rule sets that each in turn contain a set of rules

[ramonsnir]

You're not wrong, but this is what netlify-react-ui sets for all its policies:

    "name": "Baseline Ruleset",
    "description": "Netlify maintained ruleset",

I copied this very early in the development and didn't think about it. I'll change it to say policy.

[rybit]

is there some const that we can export? I don't know if terraform has those in general

[ramonsnir]

I will think about that. Worst-case, maybe a hard-coded data source? I'll let you know what I find.

[ramonsnir]

I don't see something in the docs, and ChatGPT also recommended a hard-coded data source - which I don't love. I haven't seen other people doing that.

I will note that there is a static validation on this: https://github.com/netlify/terraform-provider-netlify/pull/77/files#diff-020ba6260ff9fbb79426060f367c74580fbcd04ff8b20c35bbd6345d1acb9157R116

It will fail the .tf file before trying to apply, and I think smart IDEs might do a red squiggly if you enter an invalid value.

[rybit]

Not sure what this is doing?

[ramonsnir]

It should say netlify_waf_policy 🙂 It's an example of how you import it through the CLI. It goes into the generated Markdown docs.

[ramonsnir]

Merging of this PR is waiting on an API change around plan capabilities, coming up in the next few days. The change might require logic change when connecting sites to policies, so I'm waiting for that to be done to test the two together.