Merge pull request #5730 from cloudflare/vaishak/fix-rulesets-grit

vaishakdinesh · web-flow · commit 4540c249981a · 2025-07-25T13:40:06.000-07:00
fix: rulesets grit (not all cases)
diff --git a/.grit/patterns/cloudflare_terraform_v5_block_to_attribute_configuration.grit b/.grit/patterns/cloudflare_terraform_v5_block_to_attribute_configuration.grit
@@ -138,12 +138,12 @@ pattern cloudflare_terraform_v5_block_to_attribute_configuration() {
     inline_cloudflare_block_to_list(`status_code_ttl`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
     inline_cloudflare_block_to_list(`status_code_range`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
     inline_cloudflare_block_to_list(`from_list`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
-    inline_cloudflare_block_to_list(`from_value`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
-    inline_cloudflare_block_to_list(`target_url`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
+    inline_cloudflare_block_to_map(`from_value`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
+    inline_cloudflare_block_to_map(`target_url`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
     inline_cloudflare_block_to_list(`headers`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
     inline_cloudflare_block_to_list(`matched_data`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
     inline_cloudflare_block_to_list(`origin`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
-    inline_cloudflare_block_to_list(`overrides`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
+    inline_cloudflare_block_to_map(`overrides`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
     inline_cloudflare_block_to_list(`categories`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
     inline_cloudflare_block_to_map(`response`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
     inline_cloudflare_block_to_list(`serve_stale`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
@@ -153,7 +153,7 @@ pattern cloudflare_terraform_v5_block_to_attribute_configuration() {
     inline_cloudflare_block_to_list(`query`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
     inline_cloudflare_block_to_list(`exposed_credential_check`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
     inline_cloudflare_block_to_map(`logging`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
-    inline_cloudflare_block_to_list(`ratelimit`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
+    inline_cloudflare_block_to_map(`ratelimit`) as $block where { $block <: within `resource "cloudflare_ruleset" $_ { $_ }` },
     inline_cloudflare_block_to_map(`dns`) as $block where { $block <: within `resource "cloudflare_spectrum_application" $_ { $_ }` },
     inline_cloudflare_block_to_map(`edge_ips`) as $block where { $block <: within `resource "cloudflare_spectrum_application" $_ { $_ }` },
     inline_cloudflare_block_to_map(`origin_dns`) as $block where { $block <: within `resource "cloudflare_spectrum_application" $_ { $_ }` },
diff --git a/.grit/patterns/test_v5.md b/.grit/patterns/test_v5.md
@@ -108,6 +108,137 @@ resource "cloudflare_access_policy" "test_policy" {
 }
 ```
 
+## test-rulesets: collapse list, nested blocks mapped
+```hcl
+resource "cloudflare_ruleset" "test_ruleset" {
+  kind        = "zone"
+  name        = "test"
+  phase       = "http_request_dynamic_redirect"
+  zone_id     = "f037e56e89293a057740de681ac9abbe"
+
+  rules {
+    action = "redirect"
+    action_parameters {
+      from_value {
+        preserve_query_string = true
+        status_code           = 301
+        target_url {
+          value = "https://example.com"
+        }
+      }
+    }
+    description = "foo"
+    enabled     = false
+    expression  = "(http.host in {\"www.foo.com\"} and (http.user_agent contains \"foo\" or http.user_agent contains \"foo\"))"
+    ref         = "f037e56e89293a057740de681ac9abbe"
+  }
+  rules {
+    action = "redirect"
+    action_parameters {
+      from_value {
+        preserve_query_string = false
+        status_code           = 301
+        target_url {
+          value = "https://example.com"
+        }
+      }
+    }
+    description = "foo"
+    enabled     = false
+    expression  = "(http.host in {\"www.foo.com\"} and (http.user_agent contains \"foo\" or http.user_agent contains \"foo\"))"
+    ref         = "f037e56e89293a057740de681ac9abbe"
+  }
+  rules {
+    action = "execute"
+    action_parameters {
+      id = "f037e56e89293a057740de681ac9abbe"
+      overrides {
+        enabled = true
+        categories {
+          category = "drupal"
+          action   = "managed_challenge"
+        }
+        categories {
+          category = "command-injection"
+          action   = "block"
+        }
+        categories {
+          category = "apache-struts"
+          action   = "challenge"
+        }
+      }
+    }
+    enabled    = true
+    expression = "true"
+  }
+}
+```
+```hcl
+resource "cloudflare_ruleset" "test_ruleset" {
+  kind    = "zone"
+  name    = "test"
+  phase   = "http_request_dynamic_redirect"
+  zone_id = "f037e56e89293a057740de681ac9abbe"
+
+  rules = [{
+    action = "redirect"
+    action_parameters = {
+      from_value = {
+        preserve_query_string = true
+        status_code           = 301
+        target_url = {
+          value = "https://example.com"
+        }
+      }
+    }
+    description = "foo"
+    enabled     = false
+    expression  = "(http.host in {\"www.foo.com\"} and (http.user_agent contains \"foo\" or http.user_agent contains \"foo\"))"
+    ref         = "f037e56e89293a057740de681ac9abbe"
+    },
+    {
+      action = "redirect"
+      action_parameters = {
+        from_value = {
+          preserve_query_string = false
+          status_code           = 301
+          target_url = {
+            value = "https://example.com"
+          }
+        }
+      }
+      description = "foo"
+      enabled     = false
+      expression  = "(http.host in {\"www.foo.com\"} and (http.user_agent contains \"foo\" or http.user_agent contains \"foo\"))"
+      ref         = "f037e56e89293a057740de681ac9abbe"
+    },
+    {
+      action = "execute"
+      action_parameters = {
+        id = "f037e56e89293a057740de681ac9abbe"
+        overrides = {
+          enabled = true
+          categories = [{
+            category = "drupal"
+            action   = "managed_challenge"
+            },
+            {
+              category = "command-injection"
+              action   = "block"
+            },
+            {
+              category = "apache-struts"
+              action   = "challenge"
+          }]
+
+
+        }
+      }
+      enabled    = true
+      expression = "true"
+  }]
+}
+```
 ## test: single blocks
 
 Blocks which are not lists should become attribute objects. This is based on the schema, not the number of blocks.
