search

opentelekomcloud / terraform-provider-opentelekomcloud

Terraform OpenTelekomCloud provider
https://registry.terraform.io/providers/opentelekomcloud/opentelekomcloud/latest
Mozilla Public License 2.0
84 stars 76 forks source link

Apply gob is failing every time when waf_dedicated_alarm_masking_rule advanced_settings is used. #2570

Open IngIhorMuzychka opened 1 week ago

IngIhorMuzychka commented 1 week ago

Terraform provider version

v1.36.12

Affected Resource(s)

opentelekomcloud_waf_dedicated_alarm_masking_rule_v1

Terraform Configuration Files

resource "opentelekomcloud_waf_dedicated_alarm_masking_rule_v1" "integrationws-xss-body" {
  policy_id   = opentelekomcloud_waf_dedicated_policy_v1.dwaf_policy_1[0].id
  domains     = [var.waf.waf_domain.name] # String
  rule        = "xss"

  conditions {
    category        = "url"
    contents        = ["integrationws"]
    logic_operation = "contain"
  }

  advanced_settings {
    index           = "Body"
  }
}

resource "opentelekomcloud_waf_dedicated_alarm_masking_rule_v1" "integrationws-sqli-contenttype" {
  policy_id   = opentelekomcloud_waf_dedicated_policy_v1.dwaf_policy_1[0].id
  domains     = [var.waf.waf_domain.name] # String
  rule        = "sqli"

  conditions {
    category        = "url"
    contents        = ["integrationws"]
    logic_operation = "contain"
  }

  advanced_settings {
    index = "Header"
    contents = ["content-type"]
  }
}

Debug Output/Panic Output

Error: error creating OpenTelekomCloud WAF Dedicated Alarms Masking Rule:
Bad request with: [POST https://premium-waf.eu-de.otc.t-systems.com/v1/a99465aa49554e9fb91f1b3316be2353/waf/policy/0eeae57306cc4372a27f2e1a6a1fe2e4/ignore],
error message: {"error_code":"WAF.00021001","error_msg":"JSON parse error: Cannot deserialize value of type `com.huawei.waf.mgr.model.policy.Condition` from Array value (token `JsonToken.START_ARRAY`);
nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException:
Cannot deserialize value of type `com.huawei.waf.mgr.model.policy.Condition` from Array value (token `JsonToken.START_ARRAY`)
at [Source: (org.springframework.util.StreamUtils$NonClosingInputStream); line: 1, column: 168]
(through reference chain: com.huawei.waf.mgr.model.policy.Ignore[\"advanced\"])"}

Steps to Reproduce

  1. terraform apply

Expected Behavior

Resource is created without errors.

Actual Behavior

Every time I'm trying to add advanced_settings block terraform apply is failing (plan is working without issues). Same configuration except advanced_settings was successfully created.

Important Factoids

Also I found another issue in conditions block, apply is failing whenever contents string starts with "/":

  conditions {
    category        = "url"
    contents        = ["/integrationws"] # Fails when starts with "/"
    logic_operation = "contain"

References

anton-sidelnikov commented 1 week ago

Hi @IngIhorMuzychka, did you create also jira ticket? This is backend issue, in provider everything implemented according documentation, this error comes from api itself, need to ask devs.

Also, about second issue, without advanced options, everything is fine:

resource "opentelekomcloud_waf_dedicated_alarm_masking_rule_v1" "rule_1" {
  policy_id   = opentelekomcloud_waf_dedicated_policy_v1.policy_1.id
  domains     = ["www.example.com"]
  rule        = "xss"
  description = "description"

  conditions {
    category        = "url"
    contents        = ["/integrationws"]
    logic_operation = "contain"
  }
}
image
IngIhorMuzychka commented 6 days ago

Hi Anton, thanks for respond, Oh you right, second issue is not an issue actually. I did not open a jira ticket yet, but thanks for explanations.