Closed scalp42 closed 4 years ago
+1. This is very useful, can we get someone to look over this?
The aws_waf_rule
resource (but interestingly not the aws_wafregional_rule
) resource validates the metric_name
attribute with validateWafMetricName()
:
The applicable API references are:
A friendly name or description for the metrics for this Rule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change the name of the metric after you create the Rule.
A friendly name or description for the metrics for this Rule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change the name of the metric after you create the Rule.
I think that the AWS Console is defaulting to the new WAF v2 API:
MetricName A friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example "All" and "Default_Action." You can't change a MetricName after you create a VisibilityConfig.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern: ^[\w#:.-/]+$
Required: Yes
https://github.com/terraform-providers/terraform-provider-aws/issues/11176 tracks implementing the WAFv2 Web ACL resource.
@ewbankkit thanks for the feedback but it doesn't seem to match what I see:
Error: Only alphanumeric characters allowed in "metric_name": "filter_countries"
on waf_regional/groups.tf line 1, in resource "aws_wafregional_rule_group" "filter_countries":
1: resource "aws_wafregional_rule_group" "filter_countries" {
aws_wafregional_rule_group
does appear to still check for it for example while aws_waf_rule
is fine with underscores.
@ewbankkit I opened a PR that fixes this the way you described it above. Could you please take a look and let me know if there's any other work on this? Cheers
@scalp42 It's all rather inconsistent right now.
For WAF resources with a metric_name
attribute:
aws_waf_rate_based_rule
- ValidateFunc: validateWafMetricName
aws_waf_rule
- ValidateFunc: validateWafMetricName
aws_waf_rule_group
- ValidateFunc: validateWafMetricName
aws_waf_web_acl
- ValidateFunc: validateWafMetricName
aws_wafregional_rate_based_rule
- ValidateFunc: validateWafMetricName
aws_wafregional_rule
- ValidateFunc: nil
aws_wafregional_rule_group
- ValidateFunc: validateWafMetricName
aws_wafregional_web_acl
- ValidateFunc: nil
@scalp42 If I try creating an aws_wafregional_rate_based_rule
resource with metric_name = "filter_country_vietnam"
, incorporating the change from @Y-Tian, then the API returns an exception:
Error creating WAF Regional Rate Based Rule (): WAFDisallowedNameException: The specified name is not permitted.
You should be able to click on Switch to AWS WAF Classic in the AWS WAF section of the WAF & Shield console to verify that in classic mode underscores aren't allowed in metrics names. Please upvote the linked WAF v2 issue 😄.
Gotcha, this is pretty confusing. Thanks for taking the time @ewbankkit we'll focus on #11176 then.
@scalp42 Can you please close this issue if you're happy with continuing any discussion in #11176? Thanks.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
Assuming the following:
The valid regex is:
^[\w#:\.\-/]+$
Tested by hand and we can pass underscrores in the rule (gets passed to metric_name):
I also tested with the JSON editor:
Related to https://github.com/terraform-providers/terraform-provider-aws/issues/8197.