search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.76k stars 9.12k forks source link

WAFv2: forwarded_ip_config and forwarded_ip_config don't work as dynamic blocks #20542

Closed kiwimato closed 3 years ago

kiwimato commented 3 years ago

Community Note

Terraform CLI and Terraform AWS Provider Version

$ terraform -v
Terraform v0.14.11
+ provider registry.terraform.io/hashicorp/aws v2.70.0
+ provider registry.terraform.io/hashicorp/template v2.2.0

Your version of Terraform is out of date! The latest version
is 1.0.4. You can update by downloading from https://www.terraform.io/downloads.html

Affected Resource(s)

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

Full code here

  dynamic "rule" {
    for_each = local.geo_match_statement_rules

    content {
      name     = rule.value.name
      priority = rule.value.priority

      action {
        dynamic "allow" {
          for_each = rule.value.action == "allow" ? [1] : []
          content {}
        }
        dynamic "block" {
          for_each = rule.value.action == "block" ? [1] : []
          content {}
        }
        dynamic "count" {
          for_each = rule.value.action == "count" ? [1] : []
          content {}
        }
      }

      statement {
        dynamic "geo_match_statement" {
          for_each = lookup(rule.value, "statement", null) != null ? [rule.value.statement] : []

          content {
            country_codes = geo_match_statement.value.country_codes

            dynamic "forwarded_ip_config" {
              for_each = lookup(geo_match_statement.value, "forwarded_ip_config", null) != null ? [geo_match_statement.value.forwarded_ip_config] : []

              content {
                fallback_behavior = forwarded_ip_config.value.fallback_behavior
                header_name       = forwarded_ip_config.value.header_name
              }
            }
          }
        }
      }

      dynamic "visibility_config" {
        for_each = lookup(rule.value, "visibility_config", null) != null ? [rule.value.visibility_config] : []

        content {
          cloudwatch_metrics_enabled = lookup(visibility_config.value, "cloudwatch_metrics_enabled", true)
          metric_name                = visibility_config.value.metric_name
          sampled_requests_enabled   = lookup(visibility_config.value, "sampled_requests_enabled", true)
        }
      }
    }
  }

Debug Output

Not sure this is necesssary, however if it is, I will post it.

Expected Behavior

Should work.

Actual Behavior

Error: Unsupported block type

  on .terraform/modules/wafv2/rules.tf line 253, in resource "aws_wafv2_web_acl" "default":
 253:             dynamic "forwarded_ip_config" {

Blocks of type "forwarded_ip_config" are not expected here.

Error: Unsupported block type

  on .terraform/modules/wafv2/rules.tf line 306, in resource "aws_wafv2_web_acl" "default":
 306:             dynamic "ip_set_forwarded_ip_config" {

Blocks of type "ip_set_forwarded_ip_config" are not expected here.

Error: Unsupported block type

  on .terraform/modules/wafv2/rules.tf line 409, in resource "aws_wafv2_web_acl" "default":
 409:             dynamic "forwarded_ip_config" {

Blocks of type "forwarded_ip_config" are not expected here.

Steps to Reproduce

  1. terraform plan

Important Factoids

References

kiwimato commented 3 years ago

After I posted this bug report I realized that I was using a old version of the aws provider, upgraded to 3.53.0 and it seems it worked!

github-actions[bot] commented 2 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.