DXE-3455 Release/v1.12.0

CHANGELOG.md

@@ -1,5 +1,31 @@
 # Release Notes
 
+## Version 1.12.0 (February 19, 2024)
+
+### Features/Enhancements
+
+* Cloudlets
+  * Modified export of active policies for cloudlets to generate `akamai_cloudlets_policy_activation` resource entry in `import.sh` script. In case of activation on both networks, only production will be exported
+  * Added support to export shared (V3) policies
+  * Added support for exporting policies without any version
+* Edgeworkers
+  * Added support for generation of `note` field when exporting EdgeWorker configuration
+* IVM
+  * Added support for generation of `serve_stale_duration`, `allow_pristine_on_downsize` and `prefer_modern_formats` when exporting using `--policy-as-hcl` flag
+* PAPI
+  * Introduced two variables `activate_latest_on_staging` and `activate_latest_on_production` in exported configuration for property activation or include activation (when exporting includes alone), to drive which version to use for activation
+  * When there is no activation for given network, export activation commented out
+  * Added a new export command `export-property-include` as replacement for `export-property`.`include` subcommand. It'll generate `include` configuration without related properties
+  * Deprecated `include` subcommand available for `export-property`
+  * Deprecated `--with-includes` flag available for `export-property`
+  * `export-property` and `export-property-include` commands with flag `--rules-as-hcl` now support export of properties in frozen format `v2024-01-09`
+  * Added support for `export-property` command with flag `--akamai-property-bootstrap` to export property using `akamai_property_bootstrap` resource. This option is false by default
+
+### Bug fixes
+
+* APPSEC
+  * Fixed issue where advanced exceptions were not generated for Rules and Risk Groups ([#61](https://github.com/akamai/cli-terraform/issues/61))
+
 ## Version 1.11.0 (Dec 7, 2023)
 
 ### Features/Enhancements

Makefile

@@ -30,7 +30,7 @@ $(BIN)/tflint: $(BIN) ; $(info $(M) Installing tflint...)
 	curl -sSfL https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh  | bash
 
 GOLANGCILINT = $(BIN)/golangci-lint
-GOLANGCI_LINT_VERSION = v1.52.2
+GOLANGCI_LINT_VERSION = v1.55.2
 $(BIN)/golangci-lint: ; $(info $(M) Installing golangci-lint...)
 	@curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(BIN) $(GOLANGCI_LINT_VERSION)
 

README.md

@@ -194,13 +194,14 @@ Certain export conditions require the use of a particular property rule format.
    akamai terraform [global flags] export-property [subcommand] [flags] <property name>
 
 Subcommand:
-    include <contract_id> <include_name>    Generates Terraform configuration for Include resources
+    include <contract_id> <include_name>    Generates Terraform configuration for Include resources. Deprecated, use `export-property-include` instead.
 
 Flags:
-   --tfworkpath path      Directory used to store files created when running commands. (default: current directory)
-   --version value        Property version to import  (default: LATEST)
-   --with-includes        Referenced includes will also be exported along with property
-   --rules-as-hcl         Rules will be exported as `akamai_property_rules_builder` data source in HCL format.
+   --tfworkpath path             Directory used to store files created when running commands. (default: current directory)
+   --version value               Property version to import  (default: LATEST)
+   --with-includes               Referenced includes will also be exported along with property. Deprecated.
+   --rules-as-hcl                Rules will be exported as `akamai_property_rules_builder` data source in HCL format.
+   --akamai-property-bootstrap   Referenced property will be exported using combination of `akamai-property-bootstrap` and `akamai-property` resources (default: false)
 ```
 
 > Flag `rules-as-hcl` works now with `include` sub-command as well with `with-includes` flag.
@@ -211,6 +212,48 @@ Flags:
 $ akamai terraform export-property
 ```
 
+## Property Manager Includes
+
+Certain export conditions require the use of a particular property rule format. Verify your rule format matches the use case requirement and [update your rule format](https://techdocs.akamai.com/terraform/docs/set-up-includes#update-rule-format) as needed.
+
+<table>
+<thead>
+  <tr>
+    <th>Export condition</th>
+    <th>Output</th>
+    <th>Rule format</th>
+  </tr>
+</thead>
+<tbody>
+  <tr>
+    <td>General</td>
+    <td>Your declarative include configuration and its JSON-formatted rules.</td>
+    <td>Any supported format.</td>
+  </tr>
+  <tr>
+    <td>Addition of <code>--rules-as-hcl</code> flag</td>
+    <td>Your declarative include configuration and HCL-formatted rules. <strong>Does not return includes</strong> as includes are JSON-formatted.</td>
+    <td>Must be a dated rule format ≥ <code>v2023-01-05</code>. Cannot use <code>latest</code>.</td>
+  </tr>
+</tbody>
+</table>
+
+### Usage
+
+```
+   akamai terraform [global flags] export-property-include [flags] <contract_id> <include_name>
+
+Flags:
+   --tfworkpath path      Directory used to store files created when running commands. (default: current directory)
+   --rules-as-hcl         Rules will be exported as `akamai_property_rules_builder` data source in HCL format.
+```
+
+### Export property manager include configuration.
+
+```
+$ akamai terraform export-property-include
+```
+
 ## Cloudlets
 
 ### Usage

build/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1.0-experimental
 # This script was copied from 'terraform-provider-akamai'
-FROM golang:1.20-alpine3.18
+FROM golang:1.21-alpine3.18
 ENV PROVIDER_VERSION="1.0.0" \
     GO111MODULE="on" \
     CGO_ENABLED=0 \

cli.json

@@ -5,7 +5,7 @@
   "commands": [
     {
       "name": "terraform",
-      "version": "1.11.0",
+      "version": "1.12.0",
       "description": "Administer and Manage Akamai Terraform configurations",
       "bin": "https://github.com/akamai/cli-terraform/releases/download/v{{.Version}}/akamai-{{.Name}}-{{.Version}}-{{.OS}}{{.Arch}}{{.BinSuffix}}",
       "auto-complete": true,

cli/cli.go

@@ -33,7 +33,7 @@ import (
 
 var (
 	// Version holds current version of cli-terraform
-	Version = "1.11.0"
+	Version = "1.12.0"
 )
 
 // Run initializes the cli and runs it

go.mod

@@ -3,13 +3,13 @@ module github.com/akamai/cli-terraform
 go 1.18
 
 require (
-	github.com/akamai/AkamaiOPEN-edgegrid-golang/v7 v7.5.0
-	github.com/akamai/cli v1.5.5
+	github.com/akamai/AkamaiOPEN-edgegrid-golang/v7 v7.6.0
+	github.com/akamai/cli v1.5.6
 	github.com/fatih/color v1.13.0
 	github.com/hashicorp/hcl/v2 v2.11.1
 	github.com/jinzhu/copier v0.4.0
 	github.com/shirou/gopsutil v2.20.4+incompatible
-	github.com/stretchr/testify v1.8.0
+	github.com/stretchr/testify v1.8.4
 	github.com/tj/assert v0.0.3
 	github.com/urfave/cli/v2 v2.3.0
 )
@@ -43,12 +43,13 @@ require (
 	github.com/russross/blackfriday/v2 v2.0.1 // indirect
 	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
 	github.com/spf13/cast v1.3.1 // indirect
-	github.com/stretchr/objx v0.4.0 // indirect
+	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/zclconf/go-cty v1.8.0 // indirect
 	go.uber.org/ratelimit v0.2.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
-	golang.org/x/term v0.5.0 // indirect
-	golang.org/x/text v0.7.0 // indirect
+	golang.org/x/net v0.20.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/term v0.16.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/ini.v1 v1.66.4 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

go.sum

@@ -9,10 +9,10 @@ github.com/StackExchange/wmi v1.2.1 h1:VIkavFPXSjcnS+O8yTq7NI32k0R5Aj+v39y29VYDO
 github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8=
 github.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tjT8=
 github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
-github.com/akamai/AkamaiOPEN-edgegrid-golang/v7 v7.5.0 h1:rxtfltEe15EyTrAdkKpd7/R8GDmMQXbMmh4OX7acO5o=
-github.com/akamai/AkamaiOPEN-edgegrid-golang/v7 v7.5.0/go.mod h1:+8Nc6CkB/hiTEvoxxZwvY3whU5QsXxW4RhSARTMnAfI=
-github.com/akamai/cli v1.5.5 h1:XKubVW8WOVP8qcgJRK2MOj8HeqC4kudvSOM0m8mJsj0=
-github.com/akamai/cli v1.5.5/go.mod h1:29wClp63PEEkpDLxtqM/JrVmnwOCSaE+itIJjCAIECE=
+github.com/akamai/AkamaiOPEN-edgegrid-golang/v7 v7.6.0 h1:Y6DiIpp6fWR01YaK65PqTV8wiatLOaN8rBPzqfmjb7Y=
+github.com/akamai/AkamaiOPEN-edgegrid-golang/v7 v7.6.0/go.mod h1:gajRk0oNRQj4bHUc2SGAvAp/gPestSpuvK4QXU1QtPA=
+github.com/akamai/cli v1.5.6 h1:L/QsSqligFRhMD+tKJoX9cwqbHnmojfqXw64HUfp6gk=
+github.com/akamai/cli v1.5.6/go.mod h1:PwHrS8f2vh1Kns2Hl1rtfMCq90ZfYLXI81zRGDTkMRs=
 github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 h1:MzBOUgng9orim59UnfUTLRjMpd09C5uEVQ6RPGeCaVI=
 github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129/go.mod h1:rFgpPQZYZ8vdbc+48xibu8ALc3yeyd64IhHS+PU6Yyg=
 github.com/apex/log v1.9.0 h1:FHtw/xuaM8AgmvDDTI9fiwoAL25Sq2cxojnZICUU8l0=
@@ -118,15 +118,17 @@ github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0=
 github.com/tj/assert v0.0.3 h1:Df/BlaZ20mq6kuai7f5z2TvPFiwC3xaWJSDQNiIS3Rk=
 github.com/tj/assert v0.0.3/go.mod h1:Ne6X72Q+TB1AteidzQncjw9PabbMp4PBMZ1k+vd1Pvk=
@@ -155,6 +157,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -167,17 +171,17 @@ golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY=
-golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=

pkg/commands/commands.go

@@ -142,7 +142,7 @@ func CommandLocator() ([]*cli.Command, error) {
 		Subcommands: []*cli.Command{
 			{
 				Name:        "include",
-				Description: "Generates Terraform configuration for Include resources",
+				Description: "Generates Terraform configuration for Include resources. Deprecated, use `export-property-include` command instead",
 				ArgsUsage:   "<contract_id> <include_name>",
 				Action:      validatedAction(papi.CmdCreateInclude, requireValidWorkpath, requireNArguments(2)),
 			},
@@ -160,7 +160,32 @@ func CommandLocator() ([]*cli.Command, error) {
 			},
 			&cli.BoolFlag{
 				Name:  "with-includes",
-				Usage: "Referenced includes will also be exported along with property",
+				Usage: "Referenced includes will also be exported along with property. Deprecated.",
+			},
+			&cli.BoolFlag{
+				Name:    "rules-as-hcl",
+				Aliases: []string{"schema"},
+				Usage:   "Referenced rules will be exported as data source",
+			},
+			&cli.BoolFlag{
+				Name:  "akamai-property-bootstrap",
+				Usage: "Referenced property will be exported using combination of 'akamai-property-bootstrap' and 'akamai-property' resources",
+			},
+		},
+		BashComplete: autocomplete.Default,
+	})
+
+	commands = append(commands, &cli.Command{
+		Name:        "export-property-include",
+		Description: "Generates Terraform configuration for Include resources",
+		Usage:       "export-property-include",
+		ArgsUsage:   "<contract_id> <include_name>",
+		Action:      validatedAction(papi.CmdCreateInclude, requireValidWorkpath, requireNArguments(2)),
+		Flags: []cli.Flag{
+			&cli.StringFlag{
+				Name:        "tfworkpath",
+				Usage:       "Directory used to store files created when running commands.",
+				DefaultText: "current directory",
 			},
 			&cli.BoolFlag{
 				Name:    "rules-as-hcl",

pkg/providers/appsec/templates/imports.tmpl

@@ -60,15 +60,13 @@ terraform import module.security.akamai_appsec_rate_protection.{{ $policyName}}
 terraform import module.security.akamai_appsec_reputation_protection.{{ $policyName}} {{ $configID }}:{{ $policyID }}
 terraform import module.security.akamai_appsec_slowpost_protection.{{ $policyName}} {{ $configID }}:{{ $policyID }}
 terraform import module.security.akamai_appsec_waf_mode.{{ $policyName}} {{ $configID }}:{{ $policyID }}
-{{ if or (eq $wafMode "KRS") (eq $wafMode "ASE_MANUAL") -}}
 {{ if .WebApplicationFirewall -}}
 {{ if .WebApplicationFirewall.RuleActions -}}
 {{ range .WebApplicationFirewall.RuleActions -}}
 terraform import module.security.akamai_appsec_rule.{{ $policyName}}_{{ getRuleNameByID $ .ID }}_{{ .ID }} {{ $configID }}:{{ $policyID }}:{{ .ID }}
 {{ end -}}
 {{ end -}}
 {{ end -}}
-{{ end -}}
 {{ if .CustomRuleActions -}}
 {{ range .CustomRuleActions -}}
 {{ if isStructuredRule $ .ID -}}

pkg/providers/appsec/templates/modules-security-waf.tmpl

@@ -10,7 +10,6 @@ resource "akamai_appsec_waf_mode" "{{ $policyName }}" {
     mode               = "{{ $wafMode }}"
 }
 
-{{ if or (eq $wafMode "KRS") (eq $wafMode "ASE_MANUAL") -}}
 {{ if .WebApplicationFirewall.RuleActions -}}
 // WAF Rule Actions
 {{ range .WebApplicationFirewall.RuleActions -}}
@@ -20,19 +19,21 @@ resource "akamai_appsec_rule" "{{ $policyName }}_{{ getRuleNameByID $ .ID }}_{{
     security_policy_id  = akamai_appsec_waf_protection.{{ $policyName }}.security_policy_id
     rule_id             = "{{ .ID }}"
     rule_action         = "{{ .Action }}"
-    {{ if or .Exception .Conditions -}}
-    condition_exception = jsonencode(
-  {{ if .Exception -}}
-        { "exception": {{ toJSON .Exception }} }{{- if and .Exception .Conditions -}},{{- end }}
-  {{ end -}}
-  {{ if .Conditions -}}
-        { "conditions": {{ toJSON .Conditions }} }
-  {{ end -}}
-)
-    {{ end -}}
+    {{ if or .AdvancedExceptionsList .Exception .Conditions -}}
+     condition_exception = jsonencode(
+     {{ if .AdvancedExceptionsList -}}
+          { "advancedExceptions": {{ toJSON .AdvancedExceptionsList }} } {{- if and .Exception .Conditions -}},{{- end }}
+     {{ end -}}
+     {{ if .Exception -}}
+          { "exception": {{ toJSON .Exception }} } {{- if and .Exception .Conditions -}},{{- end }}
+     {{ end -}}
+     {{ if .Conditions -}}
+           { "conditions": {{ toJSON .Conditions }} }
+     {{ end -}}
+  )
+   {{ end -}}
 }
 
-{{ end -}}
 {{ end -}}
 {{ end -}}
 
@@ -58,11 +59,16 @@ resource "akamai_appsec_attack_group" "{{ $policyName }}_{{ .Group }}" {
     security_policy_id  = akamai_appsec_waf_protection.{{ $policyName }}.security_policy_id
     attack_group        = "{{ .Group }}"
     attack_group_action = "{{ .Action }}"
-    {{ if .Exception -}}
-    condition_exception = jsonencode(
-        { "exception": {{ toJSON .Exception }} }
-)
-    {{ end -}}
+   {{ if or .AdvancedExceptionsList .Exception -}}
+         condition_exception = jsonencode(
+       {{ if .AdvancedExceptionsList -}}
+          { "advancedExceptions": {{ toJSON .AdvancedExceptionsList }} }
+       {{ end -}}
+       {{ if .Exception -}}
+          { "exception": {{ toJSON .Exception }} }
+       {{ end -}}
+     )
+     {{ end -}}
 }
 
 {{ end -}}