Closed yuko12 closed 3 years ago
Hi @yuko12 , thank you for raising this issue. For clarification, when you note that the default values are not overriden, do you mean for both "single_header" and "single_query_argument" , or just one of the 2 ? Please note, as of v3.33.0
, the single_query_argument
configuration block has been deprecated as it's not currently supported by the WAFv2 service.
To be able to further investigate, do you mind providing the values being used invariables.tf
and/or the plan output you see when using the above resource. As well if you could provide the directory organization you are using such as
βββ example
βΒ Β βββ main.tf
βΒ Β βββ variables.tf
it would be greatly appreciated. Thank you in advance!
Hi! Thanks a lot for the prompt reply, directory structure is
βββ product
βΒ Β βββ modules
βΒ Β β βββ waf
β β βββmain.tf
β β βββoutputs.tf
β β βββvariables.tf
β βββprod
β β βββ global
β β βββ waf
β β βββmain.tf
β β βββlogging.tf
β β βββvariables_prod.tf
β β βββprovider.tf
β β βββoutputs.tf
β β
β βββqa
β β βββ global
β β βββ waf
β β βββmain.tf
β β βββlogging.tf
β β βββvariables_qa.tf
β β βββprovider.tf
β β βββoutputs.tf
Thanks for noticing about "single_header" and "single_query_argument", however we didn't use it yet. And current issue is with variables "create_logging_configuration" and "log_destination_configs". So if I put the below config into variables_qa.tf
variable "create_logging_configuration" {
description = "Whether to create logging configuration in order start logging from a WAFv2 Web ACL to Amazon Kinesis Data Firehose."
type = bool
default = true
}
variable "log_destination_configs" {
description = "The Amazon Kinesis Data Firehose Amazon Resource Name (ARNs) that you want to associate with the web ACL."
type = list(string)
default = [aws_kinesis_firehose_delivery_stream.aws_waf_logs_qa.arn]
}
Or specify [aws_kinesis_firehose_delivery_stream.aws_waf_logs_qa.arn] as actual arn, it doesn't override values specified in the module file variables.tf, which are
variable "create_logging_configuration" {
description = "Whether to create logging configuration in order start logging from a WAFv2 Web ACL to Amazon Kinesis Data Firehose."
type = bool
default =false
}
variable "log_destination_configs" {
description = "The Amazon Kinesis Data Firehose Amazon Resource Name (ARNs) that you want to associate with the web ACL."
type = list(string)
default = []
}
I can't provide plan output, as it just says nothing to change, when I add variables_qa.tf into folder. Sorry for being not clear on specifying the issue from the very beginning.
Apologize, my bad, I had to add:
create_logging_configuration = var.create_logging_configuration log_destination_configs = var.log_destination_configs
in folder with live config when calling the module, then it take values from the local folder dedicated to specific environment.
I'm going to lock this issue because it has been closed for 30 days β³. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
Community Note
Terraform CLI and Terraform AWS Provider Version
Terraform v0.14.9 aws v3.35.0
Affected Resource(s)
Terraform Configuration Files
Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.
Debug Output
Panic Output
Expected Behavior
If we use above block resource "aws_wafv2_web_acl_logging_configuration" in terraform module to create WAF web acl and respective logging configuration, we should declare variables there and put default values for
Then we should be able to override default values with declaration of variables again within live config folder. That would allow us to define different values for prod/qa (different live config folders) and not specify the same var values in every module definition. The above described way works fine for aws_wafv2_web_acl and aws_cloudfront_distribution resources for example, but not for aws_wafv2_web_acl_logging_configuration
Actual Behavior
aws_wafv2_web_acl_logging_configuration - don't see var definitions in live config folder, but works if we set it in module definition like
Steps to Reproduce
Important Factoids
References
0000