search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
42.61k stars 9.55k forks source link

Wrong unsupported block type message #32436

Closed miguelconde91 closed 1 year ago

miguelconde91 commented 1 year ago

Terraform Version

Terraform v1.3.3
on linux_amd64
+ provider registry.terraform.io/hashicorp/aws v4.22.0
+ provider registry.terraform.io/hashicorp/null v3.1.1
+ provider registry.terraform.io/hashicorp/template v2.2.0

Terraform Configuration Files

resource "aws_wafv2_web_acl" "zendesk-connector-lb-protection" {
    name        = "API-LB-ACL2"
    description = "Filter access to /zendesk-connector in public ALB"
    scope       = "REGIONAL"

    default_action {
        allow {}
    }

    rule {
        name     = "Path-Check-first_step"
        priority = 0

        action {
            block {}
        }

        statement {
            regex_match_statement {
                field_to_match {
                    single_header {
                        name = var.header_from_API
                    }
                }
            regex_string = "[a-z]"
            text_transformation {
                priority = 0
                type = "NONE"
            }
            }
        }
        visibility_config {
            cloudwatch_metrics_enabled = true
            metric_name                = "Zendesk-Connector-ALB-Protection-Rule"
            sampled_requests_enabled   = true
            }
    }

    visibility_config {
        cloudwatch_metrics_enabled = true
        metric_name                = "Zendesk-Connector-ALB-Protection"
        sampled_requests_enabled   = true
    }

    tags = merge(var.tags_security)
}

Debug Output

│ Error: Unsupported block type
│ 
│   on modules/security-module/waf.tf line 137, in resource "aws_wafv2_web_acl" "zendesk-connector-lb-protection":
│  137:             regex_match_statement {
│ 
│ Blocks of type "regex_match_statement" are not expected here.
╵
Operation failed: failed running terraform plan (exit 1)

Expected Behavior

An aws wafv2 web acl is created

Actual Behavior

Fail the terraform plan command, shows like the block regex_match_statement is not supported, however in the documentation https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl#statement the block regex_match_statement is listed like supported inside statement

Steps to Reproduce

terraform plan

Additional Context

If I replace the content for example with other supported block like this then it's works:

resource "aws_wafv2_web_acl" "zendesk-connector-lb-protection" {
    name        = "API-LB-ACL2"
    description = "Filter access to /zendesk-connector in public ALB"
    scope       = "REGIONAL"

    default_action {
        allow {}
    }

    rule {
        name     = "Path-Check-first_step"
        priority = 0

        action {
            block {}
        }

        statement {
            byte_match_statement {
                field_to_match {
                    uri_path {
                    }
                }
            positional_constraint = "CONTAINS"
            search_string = "/zendesk-connector/first_step"
            text_transformation {
                priority = 0
                type = "NONE"
                }                  
            }
        }
        visibility_config {
            cloudwatch_metrics_enabled = true
            metric_name                = "Zendesk-Connector-ALB-Protection-Rule"
            sampled_requests_enabled   = true
            }
    }

    visibility_config {
        cloudwatch_metrics_enabled = true
        metric_name                = "Zendesk-Connector-ALB-Protection"
        sampled_requests_enabled   = true
    }

    tags = merge(var.tags_security)
}

References

No response

liamcervante commented 1 year ago

Hi @miguelconde91, thanks for the report.

The documentation you linked is for the latest version of the AWS provider, while I can see you are actually using v4.22.0.

If you look at the documentation for v4.22.0 specifically, you can see the regex_match_statement statement isn't yet supported: https://registry.terraform.io/providers/hashicorp/aws/4.22.0/docs/resources/wafv2_web_acl#statement

This should start working if you update your AWS provider version.

miguelconde91 commented 1 year ago

Fixed updating to aws provider v4.48.0

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.