variable "block_settings" {
  description = "Can change rules to 'count' in order to test before deployment"
  type = object(
    {
      default                               = bool, # Default action. False = count
      custom                                = bool, # XDR Custom Rules. False = count
      admin                                 = bool, # /admin folder
      AWSManagedRulesCommonRuleSet          = bool,
      AWSManagedRulesAmazonIpReputationList = bool,
      AWSManagedRulesKnownBadInputsRuleSet  = bool,
      AWSManagedRulesSQLiRuleSet            = bool,
      AWSManagedRulesLinuxRuleSet           = bool,
      AWSManagedRulesUnixRuleSet            = bool,
    }
  )

  default = {
    "default"                               = true # Default action. False = count
    "custom"                                = true # XDR Custom Rules. False = count
    "admin"                                 = true
    "AWSManagedRulesCommonRuleSet"          = true
    "AWSManagedRulesAmazonIpReputationList" = true
    "AWSManagedRulesKnownBadInputsRuleSet"  = true
    "AWSManagedRulesSQLiRuleSet"            = true
    "AWSManagedRulesLinuxRuleSet"           = true
    "AWSManagedRulesUnixRuleSet"            = true
  }
  nullable = false # If passed in null, default value will be assigned
}

## Exclude Rules
variable "excluded_rules_AWSManagedRulesCommonRuleSet" {
  type = list(string)
  default = [
    "SizeRestrictions_BODY" # Breaks too many things
  ]
  nullable = false
}

variable "excluded_rules_AWSManagedRulesAmazonIpReputationList" {
  type     = list(string)
  default  = []
  nullable = false
}

variable "excluded_rules_AWSManagedRulesKnownBadInputsRuleSet" {
  type     = list(string)
  default  = []
  nullable = false
}

variable "excluded_rules_AWSManagedRulesSQLiRuleSet" {
  type     = list(string)
  default  = []
  nullable = false
}

variable "excluded_rules_AWSManagedRulesLinuxRuleSet" {
  type     = list(string)
  default  = []
  nullable = false
}

variable "excluded_rules_AWSManagedRulesUnixRuleSet" {
  type     = list(string)
  default  = []
  nullable = false
}

## Exclude Entire Sets
variable "excluded_set_AWSManagedRulesCommonRuleSet" {
  type     = bool
  default  = false
  nullable = false
}

variable "excluded_set_AWSManagedRulesAmazonIpReputationList" {
  type     = bool
  default  = false
  nullable = false
}

variable "excluded_set_AWSManagedRulesKnownBadInputsRuleSet" {
  type     = bool
  default  = false
  nullable = false
}

variable "excluded_set_AWSManagedRulesSQLiRuleSet" {
  type     = bool
  default  = false
  nullable = false
}

variable "excluded_set_AWSManagedRulesLinuxRuleSet" {
  type     = bool
  default  = false
  nullable = false
}

variable "excluded_set_AWSManagedRulesUnixRuleSet" {
  type     = bool
  default  = false
  nullable = false
}

variable "additional_blocked_ips" {
  description = "IP addresses that are blocked, in addition to the defaults."
  type        = list(string)
  default     = []
  nullable    = false
}
variable "allowed_ips" {
  description = "IP Addresses that are always allowed"
  type        = list(string)
  default     = []
  nullable    = false
}
variable "admin_ips" {
  description = "IP Addressed that are allowed to the admin interface"
  type        = list(string)
  default     = []
  nullable    = false
}
variable "resource_arn" { type = string }
variable "fqdns" { type = list(string) }

variable "tags" { type = map(any) }
variable "aws_partition" { type = string }
variable "aws_region" { type = string }
variable "aws_account_id" { type = string }