search

pulumi / pulumi-azure-native

Azure Native Provider
Apache License 2.0
126 stars 33 forks source link

Incorrect Application Gateway Web Application Firewall Policy Setting validation #1332

Closed Pseudo-Eponymous closed 2 years ago

Pseudo-Eponymous commented 2 years ago

Hello!

Issue details

When provisioning or importing an Application Gateway Web Application Firewall Policy with the PolicySettingsArgs maxRequestBodySizeInKb value greater than 128 the following error is reported:

error: azure-native:network:WebApplicationFirewallPolicy resource has a problem: 'policySettings.maxRequestBodySizeInKb' is too high ( > 128.000000) error: Preview failed: one or more inputs failed to validate

However, when viewed through the Azure portal, this value can be set to some arbitrarily high value.

Steps to reproduce

  1. Attempt to provision a WAF policy
  2. When defining the policy settings attribute, specify a maxRequestBodySizeInKb value higher than 128

Expected:

A waf policy to be provisioned with the specified maxRequestBodySizeInKb

Actual: error: azure-native:network:WebApplicationFirewallPolicy resource has a problem: 'policySettings.maxRequestBodySizeInKb' is too high ( > 128.000000) error: Preview failed: one or more inputs failed to validate

mikhailshilkov commented 2 years ago

They do provide a maximum in the Open API spec for the current default API version 2020-11-01: https://github.com/Azure/azure-rest-api-specs/blob/88e7838a09868a51de3894114355c75929847a46/specification/network/resource-manager/Microsoft.Network/stable/2020-11-01/webapplicationfirewall.json#L459

Interestingly, they don't provide it in the latest specs 2021-02-01: https://github.com/Azure/azure-rest-api-specs/blob/88e7838a09868a51de3894114355c75929847a46/specification/network/resource-manager/Microsoft.Network/stable/2021-02-01/webapplicationfirewall.json#L456

So I think that, as a workaround, you may switch to use the explicit version v20210201 (import * as network from "@pulumi/azure-native/network/v20210201 or similar in other languages).

Pseudo-Eponymous commented 2 years ago

They do provide a maximum in the Open API spec for the current default API version 2020-11-01: https://github.com/Azure/azure-rest-api-specs/blob/88e7838a09868a51de3894114355c75929847a46/specification/network/resource-manager/Microsoft.Network/stable/2020-11-01/webapplicationfirewall.json#L459

Interestingly, they don't provide it in the latest specs 2021-02-01: https://github.com/Azure/azure-rest-api-specs/blob/88e7838a09868a51de3894114355c75929847a46/specification/network/resource-manager/Microsoft.Network/stable/2021-02-01/webapplicationfirewall.json#L456

So I think that, as a workaround, you may switch to use the explicit version v20210201 (import * as network from "@pulumi/azure-native/network/v20210201 or similar in other languages).

Can confirm that this instantly resolved the issue, I wasn't aware that you could explicitly specify the version of the rest api you want to use use! Thank you!

mikhailshilkov commented 2 years ago

I'll close this as "by design" because our behavior is correct here and the upstream spec isn't perfect. We'll bump the API version at 2.0. release time next year.