search

opentelekomcloud / terraform-provider-opentelekomcloud

Terraform OpenTelekomCloud provider
https://registry.terraform.io/providers/opentelekomcloud/opentelekomcloud/latest
Mozilla Public License 2.0
85 stars 77 forks source link

error with opentelekomcloud_waf_dedicated_precise_protection_rule_v1, category "url" and "params" and logic_operations "len_equal", "len_less" and "len_greater" #2434

Closed IamThomasB closed 7 months ago

IamThomasB commented 7 months ago

Terraform provider version

Terraform v1.7.2 on linux_amd64

Affected Resource(s)

opentelekomcloud_waf_dedicated_precise_protection_rule_v1

Terraform Configuration Files

resource "opentelekomcloud_waf_dedicated_policy_v1" "policy1" {
  name = "policy_1"
}

resource "opentelekomcloud_waf_dedicated_precise_protection_rule_v1" "regel1" {
  policy_id = opentelekomcloud_waf_dedicated_policy_v1.policy1.id
  priority  = 50
  time = false
  action {
    category = "pass"
  }

  conditions  {
    category        = "url"
    contents        = ["/xxx/api/v1/zzzz/"]
    logic_operation = "prefix"
  }

  conditions {
    category        = "url"
    contents        = ["70"]
    logic_operation = "len_less"
  }
}

resource "opentelekomcloud_waf_dedicated_precise_protection_rule_v1" "regel2" {
  policy_id = opentelekomcloud_waf_dedicated_policy_v1.policy1.id
  priority  = 50
  time = false
  action {
    category = "pass"
  }

      conditions {
        category        = "url"
        contents        = [
            "/xxx-yyyy-zzz.html"
        ]
        logic_operation = "contain"
    }
    conditions {
        category        = "params"
        contents        = [
            "32"
        ]
        index           = "u"
        logic_operation = "len_equal"
    }
    conditions {
        category        = "params"
        contents        = [
            "3"
        ]
        index           = "t"
        logic_operation = "len_greater"
    }
    conditions {
        category        = "params"
        contents        = [
            "13"
        ]
        index           = "t"
        logic_operation = "len_less"
    }

}

resource "opentelekomcloud_waf_dedicated_precise_protection_rule_v1" "default_block" {
  policy_id = opentelekomcloud_waf_dedicated_policy_v1.policy1.id
  priority  = 100
  time = false
  action {
    category = "block"
  }

  conditions {
    category        = "url"
    contents        = ["/"]
    logic_operation = "prefix"
  }
}

Debug Output/Panic Output

https://gist.github.com/IamThomasB/a57cfa58d3f3f1091034e281ded4214a

Steps to Reproduce

  1. terraform validate

Expected Behavior

logic_operation "len_less" should be valid for the category "url", as mentioned in the documentation logic_operations "len_equal", "len_less" and "len_greater" should be valid for the category "params", as mentioned in the documentation

Actual Behavior

logic_operation "len_less" is not accepted for the category "url" logic_operations "len_equal", "len_less" and "len_greater" are not accepted for the category "params"

We even created a rule manually via the web console and used the logic_operations mentioned above. We then imported the rule into terraform and the logic_oparations were as mentioned above. terraform validate fails, even if it is an imported rule

Important Factoids

References

artem-lifshits commented 7 months ago

Fixed in latest release.