-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wafv2 rate_based_rule with nested scopedown and/or not working #15580
Comments
Some more information: When attempting to import the valid json rule using terraform import I get the error message: |
Hi @jpatallah, thank you for creating this issue! While we do support up to 4 levels of nested statements at the moment, the |
@anGie44 Just got bitten with the |
Just hit this as well. Did anyone find a workaround for this? |
This just removed all our scope down rules. 👎🏼 |
We seem to be hitting this same issue. Are there any work arounds for this currently? |
Even though the performance issue hashicorp/terraform#25889 was closed by hashicorp/terraform#26577 (as already mentioned in #15580 (comment)), increasing the
Edit: increasing the
A current work-around is to use the |
Until the performance issue with such recursive schemas is actually resolved in terraform core, and the limit can be raised or completely removed, I see two options moving forward: Allowing configuring this limit at the provider level which, even if slower, may be acceptable for some, e.g.:
Allowing the definition of the rule's statement in plain JSON, e.g.:
Note: Work-aroundFinally, as mentioned in my previous comment, a current work-around is to use the |
Would highly support a solution that allows use of the |
I have just run into this issue as well. Has there been any movement forwards towards including a direct JSON string or increasing the rule group statement depth? |
We are running into this issue as well on the parent and scope down for the {
"Name": "AWSManagedRulesCommonRuleSet-SoapEndpoints",
"Priority": 500,
"Statement": {
"ManagedRuleGroupStatement": {
"VendorName": "AWS",
"Name": "AWSManagedRulesCommonRuleSet",
"ScopeDownStatement": {
"AndStatement": {
"Statements": [
{
"RegexMatchStatement": {
"RegexString": "^(admin|api)\\.example\\.com$",
"FieldToMatch": {
"SingleHeader": {
"Name": "host"
}
},
"TextTransformations": [
{
"Priority": 0,
"Type": "LOWERCASE"
}
]
}
},
{
"RegexMatchStatement": {
"RegexString": "^/v1/services?$",
"FieldToMatch": {
"UriPath": {}
},
"TextTransformations": [
{
"Priority": 0,
"Type": "URL_DECODE"
},
{
"Priority": 1,
"Type": "NORMALIZE_PATH"
}
]
}
}
]
}
},
"RuleActionOverrides": [
{
"Name": "CrossSiteScripting_BODY",
"ActionToUse": {
"Allow": {}
}
}
]
}
},
"OverrideAction": {
"None": {}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "AWSManagedRulesCommonRuleSet-SoapEndpoints"
}
}
|
This issue was originally opened by @jpatallah as hashicorp/terraform#26530. It was migrated here as a result of the provider split. The original body of the issue is below.
Terraform Version
Terraform Configuration Files
Debug Output
Expected Behavior
It should create the wafv2 rule
Actual Behavior
Failed with error message: Blocks of type "or_statement" are not expected here.
Additional Context
Works in the aws gui using the json editor:
The text was updated successfully, but these errors were encountered: