diff --git a/environments/test/test.tfvars b/environments/test/test.tfvars index 2729786b9..b06f6e514 100644 --- a/environments/test/test.tfvars +++ b/environments/test/test.tfvars @@ -360,98 +360,170 @@ frontends = [ ] }, { - name = "nfdiv-apply" - custom_domain = "nfdiv-apply-for-divorce.perftest.platform.hmcts.net" - dns_zone_name = "perftest.platform.hmcts.net" - mode = "Prevention" - backend = "nfdiv" - disabled_rules = { - SQLI = [ - "942100", - "942150", - "942200", - "942210", - "942230", - "942361", - "942380", - "942400", - "942430", - "942260" - ] - LFI = [ - "930100", // false positive on multi-part uploads - "930110", // false positive on multi-part uploads - ] - RCE = [ - "932100" - ] - RFI = [ - "931130" - ] - }, - global_exclusions = [ - { - match_variable = "RequestCookieNames" - operator = "Equals" - selector = "connect.sid" - }, - { - match_variable = "RequestCookieNames" - operator = "Equals" - selector = "dtSa" - }, - { - match_variable = "RequestCookieNames" - operator = "Equals" - selector = "nfdiv-cookie-preferences" - }, - { - match_variable = "RequestCookieNames" - operator = "Equals" - selector = "dtCookie" - }, - { - match_variable = "RequestCookieNames" - operator = "Equals" - selector = "nfdiv-session" - }, - { - match_variable = "QueryStringArgNames" - operator = "Equals" - selector = "lng" - }, - { - match_variable = "QueryStringArgNames" - operator = "Equals" - selector = "code" - }, - { - match_variable = "QueryStringArgNames" - operator = "Equals" - selector = "client_id" - }, - { - match_variable = "QueryStringArgNames" - operator = "Equals" - selector = "iss" - }, - { - match_variable = "RequestBodyPostArgNames" - operator = "Equals" - selector = "_csrf" - }, - { - match_variable = "RequestBodyPostArgNames" - operator = "Equals" - selector = "applicant1UploadedFiles" - }, - { - match_variable = "RequestBodyPostArgNames" - operator = "Equals" - selector = "applicant2UploadedFiles" - }, + name = "nfdiv-apply" + custom_domain = "nfdiv-apply-for-divorce.perftest.platform.hmcts.net" + dns_zone_name = "perftest.platform.hmcts.net" + mode = "Prevention" + backend = "nfdiv" + disabled_rules = { + SQLI = [ + "942100", + "942150", + "942200", + "942210", + "942230", + "942361", + "942380", + "942400", + "942430", + "942260" + ] + LFI = [ + "930100", // false positive on multi-part uploads + "930110", // false positive on multi-part uploads + ] + RCE = [ + "932100" + ] + RFI = [ + "931130" ] }, + global_exclusions = [ + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "connect.sid" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "dtSa" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "nfdiv-cookie-preferences" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "dtCookie" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "nfdiv-session" + }, + { + match_variable = "QueryStringArgNames" + operator = "Equals" + selector = "lng" + }, + { + match_variable = "QueryStringArgNames" + operator = "Equals" + selector = "code" + }, + { + match_variable = "QueryStringArgNames" + operator = "Equals" + selector = "client_id" + }, + { + match_variable = "QueryStringArgNames" + operator = "Equals" + selector = "iss" + }, + { + match_variable = "RequestBodyPostArgNames" + operator = "Equals" + selector = "_csrf" + }, + { + match_variable = "RequestBodyPostArgNames" + operator = "Equals" + selector = "applicant1UploadedFiles" + }, + { + match_variable = "RequestBodyPostArgNames" + operator = "Equals" + selector = "applicant2UploadedFiles" + }, + ] + + + resource "azurerm_cdn_frontdoor_rule_set" "caching_ruleset" { + for_each = { + for frontend in var.frontends : frontend.name => frontend + if lookup(frontend, "cache_enabled", "true") == "true" + } + name = replace("${each.value.name}caching", "-", "") + cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.front_door.id + } + + + resource "azurerm_cdn_frontdoor_rule" "caching_rule" { + for_each = { + for frontend in var.frontends : frontend.name => frontend + if lookup(frontend, "cache_enabled", "true") == "true" + } + name = replace("${each.value.name}cachingrule", "-", "") + + cdn_frontdoor_rule_set_id = azurerm_cdn_frontdoor_rule_set.caching_ruleset[each.key].id + order = 3 + + conditions { + dynamic "url_file_extension_condition" { + for_each = lookup(each.value, "caching", { + url_file_extension_conditions = [ + { + operator = "Equal" + negate_condition = false + match_values = ["jpg", "png", "css", "ico", "js"] + transforms = ["Lowercase"] + } + ] + }).url_file_extension_conditions + iterator = condition + content { + operator = lookup(condition.value, "operator", null) != null ? condition.value.operator : "Equal" + negate_condition = lookup(condition.value, "negate_condition", null) != null ? condition.value.negate_condition : false + match_values = lookup(condition.value, "match_values", null) != null ? condition.value.match_values : ["jpg", "png", "css", "ico", "js"] + transforms = lookup(condition.value, "transforms", null) != null ? condition.value.transforms : ["Lowercase"] + } + } + } + + actions { + dynamic "route_configuration_override_action" { + for_each = lookup(each.value, "caching", { + route_configuration_override_action = [ + { + cache_duration = null + cdn_frontdoor_origin_group_id = null + forwarding_protocol = null + query_string_caching_behavior = "UseQueryString" + query_string_parameters = null + compression_enabled = false + cache_behavior = "HonorOrigin" + } + ] + }).route_configuration_override_action + iterator = action + content { + cache_duration = lookup(action.value, "cache_duration", null) != null ? action.value.cache_duration : null + cdn_frontdoor_origin_group_id = lookup(action.value, "cdn_frontdoor_origin_group_id", null) != null ? action.value.cdn_frontdoor_origin_group_id : null + forwarding_protocol = lookup(action.value, "forwarding_protocol", null) != null ? action.value.forwarding_protocol : null + query_string_caching_behavior = lookup(action.value, "query_string_caching_behavior", null) != null ? action.value.query_string_caching_behavior : "UseQueryString" + query_string_parameters = lookup(action.value, "query_string_parameters", null) != null ? action.value.query_string_parameters : null + compression_enabled = lookup(action.value, "compression_enabled", null) != null ? action.value.compression_enabled : false + cache_behavior = lookup(action.value, "cache_behavior", null) != null ? action.value.cache_behavior : "HonorOrigin" + } + } + } + } + }, { name = "nfdiv-civil" custom_domain = "nfdiv-end-civil-partnership.perftest.platform.hmcts.net"