feat(firewall): add firewall management resources#344
Open
tphilll wants to merge 6 commits into
Open
Conversation
…rces Implements CrowdStrike firewall management capabilities for Terraform: Resources: - crowdstrike_firewall_rule_group: Manage firewall rule groups with nested rules - crowdstrike_firewall_policy: Manage firewall policies with host groups and settings - crowdstrike_firewall_policy_precedence: Control policy ordering/priority Data Sources: - crowdstrike_firewall_policies: Query existing firewall policies - crowdstrike_firewall_rule_groups: Query existing rule groups Closes CrowdStrike#99
…tion Bug fixes discovered during verification testing: 1. Log field not preserved: API doesn't return log field, causing drift - Preserve plan's log value in wrapRules when reading back from API 2. Single port handling: start=443, end=443 caused API 'duplicate ports' error - Convert to end=0 when sending to API - Restore plan's end value when reading back (if plan had start==end) 3. Precedence dynamic enforcement race condition: - Parallel tests changing policy count caused failures - Preserve plan IDs in state for dynamic mode instead of reading from API - Changed precedence tests to sequential to avoid interference All 29 acceptance tests pass.
This removes all duplicate calls that were introduced during the merge conflict resolution
Author
|
@ffalor Initial failed checks was caused by duplicate RegisterSweeper() calls that was introduced during merge conflict resolution. This has since been fixed. What is the typical ETA for getting changes merged? I know this PR is HUGE. If you have any questions please let me know, thanks! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add
crowdstrike_firewall_rule_group,crowdstrike_firewall_policy, andcrowdstrike_firewall_policy_precedenceresources for managing CrowdStrike Falcon Host-Based Firewall via Terraform.Closes #99
What's included
crowdstrike_firewall_rule_group- manage firewall rule groups with nested rulescrowdstrike_firewall_policy- manage firewall policies with host groups and settingscrowdstrike_firewall_policy_precedence- control policy ordering/prioritycrowdstrike_firewall_policiesdata source - query existing firewall policiescrowdstrike_firewall_rule_groupsdata source - query existing rule groupsDesign decisions
Testing
TestAccFirewallRuleGroupResource_*— 8 tests covering basic CRUD, multiple rules, platform tests, edge casesTestAccFirewallPolicyResource_*— 8 tests covering basic CRUD, rule group attachments, host groups, all settingsTestAccFirewallPolicyPrecedenceResource_*— 2 tests covering dynamic enforcement and updatesTestAccFirewallPoliciesDataSource_*— 5 tests for policy data source queriesTestAccFirewallRuleGroupsDataSource_*— 6 tests for rule group data source queriesChecklist