hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.5k stars 4.59k forks source link

TF example for web_categories in application rules for azurerm_firewall_policy_rule_collection_group #18623

Closed jenka13all closed 1 year ago

jenka13all commented 1 year ago

Is there an existing issue for this?

Community Note

Description

I cannot get the "web_categories" of an application rule for a firewall policy rule collection group to work: I keep getting the error that the provided string is invalid. I am using the web categories provided by Microsoft under "liability":

https://learn.microsoft.com/en-us/azure/firewall/web-categories

The one-word entries work as is (e.g. "Gambling"), and I've been able to add some multiple-word entries by making them CamelCase without spaces. For instance, "Illegal Software" is accepted in TF as "IllegalSoftware". But there are entries that I haven't been able to map yet.

What is the mapping from Azure Firewall web categories to entries in "web_categories"? Could there be a table in the documentation, and/or an example as TF code?

New or Affected Resource(s)/Data Source(s)

azurerm_firewall_policy_rule_collection_group.application_rule_collection.web_categories

Potential Terraform Configuration

# Application Rule Collection Group
resource "azurerm_firewall_policy_rule_collection_group" "firewall_policy_apprules" {
  provider           = azurerm.connectivity
  name               = "DefaultApplicationRuleCollectionGroup"
  firewall_policy_id = data.azurerm_firewall_policy.firewall_policy.id
  priority           = 300

  #Restrict web access by categories
  application_rule_collection {
    name     = "AVD-Deny-Inappropriate-Internet"
    priority = 199
    action   = "Deny"
    rule {
        name = "WebCategoriesRule"
        source_addresses = ["10.2.0.0/16"]
        web_categories = [
            "ChildAbuseImages",
            "Gambling",
            "HateAndIntolerance",
            "IllegalDrug",
            "IllegalSoftware",
            "Nudity",
            "PornographyOrSexuallyExplicit", # does not work
            "Violence",
            "Weapons"
        ]
        protocols {
          type = "Http"
          port = "80"
        }
        protocols {
          type = "Https"
          port = "443"
        }
    }
  }
}

References

No response

IgorOrmus commented 1 year ago

Best way to figure out gaps in documentation I found is doing the changes on a resource manually and then running a plan against it to see the changes and referenced values in the plan output. For you question some of the examples came back as:

~ web_categories = [

jenka13all commented 1 year ago

This is perfect - thank you!

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.