-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WAFv2: Added support for label_match_statement and rule_label #19576
WAFv2: Added support for label_match_statement and rule_label #19576
Conversation
…he wafv2 rule_group and web_acl resources.
As the original writer of the issue, the choice of As a follow up, AWS's API reference for Rule notes that
Would it help simplify the code and syntax if it mirrored such?
|
@mcab I certainly agree that the way the API is right now, where labels only have a name, that an array of strings would be simpler and easier to use. The disadvantage of going that way would be if amazon added another attribute to the |
@anGie44 sorry to bother you, but you were so helpful with my last PR. I've had a couple additional PR's open for several weeks now and no one seems to be looking at them. What do I need to do to get a maintainer to review them? Have I missed an important step? |
6ce3101
to
1c06b3d
Compare
Pull request #21306 has significantly refactored the AWS Provider codebase. As a result, most PRs opened prior to the refactor now have merge conflicts that must be resolved before proceeding. Specifically, PR #21306 relocated the code for all AWS resources and data sources from a single We recognize that many pull requests have been open for some time without yet being addressed by our maintainers. Therefore, we want to make it clear that resolving these conflicts in no way affects the prioritization of a particular pull request. Once a pull request has been prioritized for review, the necessary changes will be made by a maintainer -- either directly or in collaboration with the pull request author. For a more complete description of this refactor, including examples of how old filepaths and function names correspond to their new counterparts: please refer to issue #20000. For a quick guide on how to amend your pull request to resolve the merge conflicts resulting from this refactor and bring it in line with our new code patterns: please refer to our Service Package Refactor Pull Request Guide. |
Hi all 👋 Just letting you know that this is issue is featured on this quarters roadmap. If a PR exists to close the issue a maintainer will review and either make changes directly, or work with the original author to get the contribution merged. If you have written a PR to resolve the issue please ensure the "Allow edits from maintainers" box is checked. Thanks for your patience and we are looking forward to getting this merged soon! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @andyalm , thanks so much for another great contribution! LGTM, just 2 minor nits I can add in and get this merged for our upcoming release 👍
Output of acceptance tests:
--- PASS: TestAccWAFV2RuleGroup_disappears (252.46s)
--- PASS: TestAccWAFV2RuleGroup_minimal (325.55s)
--- PASS: TestAccWAFV2RuleGroup_RuleAction_customResponse (522.35s)
--- PASS: TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement (594.82s)
--- PASS: TestAccWAFV2RuleGroup_ipSetReferenceStatement (595.61s)
--- PASS: TestAccWAFV2RuleGroupDataSource_basic (688.71s)
--- PASS: TestAccWAFV2RuleGroup_geoMatchStatement (718.44s)
--- PASS: TestAccWAFV2RuleGroup_RuleAction_customRequestHandling (789.87s)
--- PASS: TestAccWAFV2RuleGroup_changeMetricNameForceNew (802.58s)
--- PASS: TestAccWAFV2RuleGroup_changeCapacityForceNew (937.89s)
--- PASS: TestAccWAFV2RuleGroup_basic (424.12s)
--- PASS: TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP (1063.35s)
--- PASS: TestAccWAFV2RuleGroup_sizeConstraintStatement (1063.35s)
--- PASS: TestAccWAFV2RuleGroup_RuleLabels (940.40s)
--- PASS: TestAccWAFV2RuleGroup_tags (1273.63s)
--- PASS: TestAccWAFV2RuleGroup_byteMatchStatement (849.34s)
--- PASS: TestAccWAFV2RuleGroup_xssMatchStatement (1464.38s)
--- PASS: TestAccWAFV2RuleGroup_updateRule (954.23s)
--- PASS: TestAccWAFV2RuleGroup_sqliMatchStatement (1538.95s)
--- PASS: TestAccWAFV2RuleGroup_ruleAction (1582.47s)
--- PASS: TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP (1694.05s)
--- PASS: TestAccWAFV2RuleGroup_LabelMatchStatement (1730.09s)
--- PASS: TestAccWAFV2RuleGroup_updateRuleProperties (1064.15s)
--- PASS: TestAccWAFV2RuleGroup_logicalRuleStatements (1771.03s)
--- PASS: TestAccWAFV2RuleGroup_changeNameForceNew (1816.35s)
--- PASS: TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch (1499.74s)
--- PASS: TestAccWAFV2WebACL_RateBased_maxNested (938.59s)
--- PASS: TestAccWAFV2WebACL_basic (1012.95s)
--- PASS: TestAccWAFV2WebACL_minimal (1054.21s)
--- PASS: TestAccWAFV2WebACL_RateBased_forwardedIP (1067.08s)
--- PASS: TestAccWAFV2WebACL_GeoMatch_basic (1211.42s)
--- PASS: TestAccWAFV2WebACL_ManagedRuleGroup_basic (1306.20s)
--- PASS: TestAccWAFV2WebACL_disappears (414.84s)
--- PASS: TestAccWAFV2WebACL_Update_nameForceNew (1376.59s)
--- PASS: TestAccWAFV2WebACL_Custom_requestHandling (1435.81s)
--- PASS: TestAccWAFV2WebACL_RuleLabels (1435.93s)
--- PASS: TestAccWAFV2WebACL_RuleGroupReference_basic (1469.11s)
--- PASS: TestAccWAFV2WebACL_GeoMatch_forwardedIP (1469.32s)
--- PASS: TestAccWAFV2WebACL_LabelMatchStatement (1580.54s)
--- PASS: TestAccWAFV2WebACL_Operators_maxNested (1580.89s)
--- PASS: TestAccWAFV2WebACL_IPSetReference_basic (1593.40s)
--- PASS: TestAccWAFV2WebACL_Update_rule (1594.14s)
--- PASS: TestAccWAFV2WebACL_Custom_response (1595.87s)
--- PASS: TestAccWAFV2WebACL_RateBased_basic (1638.41s)
--- PASS: TestAccWAFV2WebACL_tags (1639.01s)
--- PASS: TestAccWAFV2WebACL_Update_ruleProperties (1667.76s)
--- PASS: TestAccWAFV2WebACL_IPSetReference_forwardedIP (1706.09s)
This functionality has been released in v3.67.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
This adds support to rules in both
rule_group
andweb_acl
resources for two label related attributes:label_match_statement
- allows rule statements that match on labels from other rules.rule_label
- Therule_label
block allows you to assign labels to the current web request when your rule matches.Note that this addresses #19486, however, I went with a slightly different naming choice for the
rule_label
block than was suggested in the issue.rule_label
is what its called for this part of the AWS api (its actuallyRuleLabels
, but since this is a repeated block, I've given it a singular name). I'm open to changing the name, but it was my understanding that terraform resources generally follow the AWS api naming structures very closely.Community Note
Relates OR Closes #19486
Output from acceptance testing: