lookup of field_to_match conditional assignment issue #2
Assignees
Labels
bug
🐛 An issue with the system
Comments
|
I would be happy to modify the code and raise a pull request if required, just let me know. |
|
This is also the case for the dynamic config block for regex rules ("regex_pattern_set_reference_statement") I will shortly raise a PR of my own to address the issue. |
|
@JayTeeVF can you test this issue against https://github.com/cloudposse/terraform-aws-waf/releases/tag/0.0.4 and let me know if you run into the same issue? I believe @dannyibishev fixed this. |
It's still broken on the latest. I have opened PR #19 to address it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hiya I am not sure if this is a bug or more likely that my approach is not correct.
Can you please investigate this issue.
I created a variable for a byte_match_statement_rule which uses 'single_header' for the field_to_match.
I am intending to scan the 'user-agent' header for a particular string.
terraform plan fails with the error shown below:
`
[jthomas@UKRHEL-MSR-01 exampleTwillo]$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
Error: Unsupported attribute
on .terraform/modules/example_wafv2.wafv2/rules.tf line 176, in resource "aws_wafv2_web_acl" "default":
176: name = single_header.value.name
|----------------
| single_header.value is 1
This value does not have any attributes.
`
Expected Behavior
A clear and concise description of what you expected to happen.
Steps to Reproduce
Steps to reproduce the behavior:
Define variable with the following code:
`variable "byte_match_statement_rule_400" {
type = list
default = [
{
name = "byte_match_tillowHeaderUserAgent-400"
action = "allow"
priority = 400
statement = {
positional_constraint = "CONTAINS_WORD"
search_string = "myHeader"
text_transformation = [
{
priority = 30
type = "COMPRESS_WHITE_SPACE"
}
]
}
visibility_config = {
cloudwatch_metrics_enabled = false
sampled_requests_enabled = false
metric_name = "rule-400-metric"
}
}
]
}`
Run 'terraform plan'
See error
`Error: Unsupported attribute
on .terraform/modules/example_wafv2.wafv2/rules.tf line 176, in resource "aws_wafv2_web_acl" "default":
176: name = single_header.value.name
|----------------
| single_header.value is 1
This value does not have any attributes.`
Screenshots
byte_match_statement variable:
modified dynamic single_header lookup from the local copy of rules.tf:
Environment (please complete the following information):
OS: RHEL 7.9,
Terraform v0.13.6,
provider registry.terraform.io/hashicorp/aws v3.37.0
Additional Context
Add any other context about the problem here.
I was able to get the 'terraform plan' command to complete successfully by making the following changes:
for_each = lookup(field_to_match.value, "single_header", null) != null ? [1] : []so that it now becomes:
for_each = lookup(field_to_match.value, "single_header", null)and then run the 'terraform apply' command which will then complete successfully.
I would also like to ask if the field_to_match structure is correct:
field_to_match = { single_header = { data = { name = "user-agent" } } }I would have thought that the following structure was expected:
field_to_match = { single_header = { name = "user-agent" } }but then you would have to modify the name assignment on line 176 of the dynamic single_header lookup in the same rules.tf file {removing the '.name'} as follows:
`
dynamic "single_header" {
for_each = lookup(field_to_match.value, "single_header", null)
`
Thanks for your help.
Jay.
The text was updated successfully, but these errors were encountered: