search

pulumi / pulumi-azure

A Microsoft Azure Pulumi resource package, providing multi-language access to Azure
Apache License 2.0
133 stars 50 forks source link

Can't create WAF policy for FrontDoor with azure-native #2210

Closed devnev closed 3 months ago

devnev commented 3 months ago

Describe what happened

I'm trying to set up FrontDoor with a WAF. When I create a WAF policy, this creates an ApplicationGatewayWebApplicationFirewallPolicies, and referencing that in the FrontDoor.FrontendEndpoints.*.WebApplicationFirewallPolicyLink gives an API error Invalid Resource Id provided for WebApplicationFirewallPolicy link.. I think it wants a resource of type FrontDoorWebApplicationFirewallPolicies, but I can't figure out how to create one usnig the azure-native SDK. In the Azure documentation, one is https://learn.microsoft.com/en-us/azure/templates/microsoft.network/applicationgatewaywebapplicationfirewallpolicies, while the other is https://learn.microsoft.com/en-us/azure/templates/microsoft.network/frontdoorwebapplicationfirewallpolicies

Sample program

package main

import (
    "fmt"

    "github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func definitions(ctx *pulumi.Context) error {
    firewallPolicy, err := network.NewWebApplicationFirewallPolicy(ctx, "firewall-policy", &network.WebApplicationFirewallPolicyArgs{
        ResourceGroupName: pulumi.Srting("rg1"),
        Location:          pulumi.String("westus2"),
        PolicyName:        pulumi.String("policy"),
        ManagedRules: network.ManagedRulesDefinitionArgs{
            ManagedRuleSets: network.ManagedRuleSetArray{
                network.ManagedRuleSetArgs{
                    RuleSetType:    pulumi.String("OWASP"),
                    RuleSetVersion: pulumi.String("3.2"),
                },
            },
        },
    })
    frontDoor, err := network.NewFrontDoor(ctx, "frontdoor", &network.FrontDoorArgs{
        ResourceGroupName: pulumi.String("rg1"),
        Location:      pulumi.String("global"),
        FrontDoorName: pulumi.String("frontdoor"),
        FrontendEndpoints: network.FrontendEndpointArray{
            network.FrontendEndpointArgs{
            Name:     pulumi.String("default"),
            HostName: pulumi.String("frontdoor.azurefd.net"),
            WebApplicationFirewallPolicyLink: &network.FrontendEndpointUpdateParametersWebApplicationFirewallPolicyLinkArgs{
                Id: firewallPolicy.ID(),
            },
        },
        // lots more stuff here that I'm not sure how to simplify for an example
    })
}

Log output

 +  azure-native:network:FrontDoor frontdoor creating (2s) error: Code="BadRequest" Message="Invalid Resource Id provided for WebApplicationFirewallPolicy link."

Affected Resource(s)

Output of pulumi about

CLI
Version      3.122.0
Go Version   go1.22.4
Go Compiler  gc

Host
OS       darwin
Version  14.5
Arch     x86_64

Pulumi locates its logs in /var/folders/sz/rcyd6rg51cbb4qzqsvzyn92m0000gn/T/ by default
warning: Failed to read project: no Pulumi.yaml project file found (searching upwards from /Users/marknevill/Work/PrivacyWall/Infrastructure). If you have not created a project yet, use `pulumi new` to do so: no project file found
warning: Could not access the backend: unable to open bucket azblob://pulumi-state-live: azureblob: Options.AccountName is required

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

devnev commented 3 months ago

Ah azure-native is in a different repository, and this is a duplicate of https://github.com/pulumi/pulumi-azure-native/issues/2457, which I didn't find because I was in the wrong repository 🤦