Updates to ip_set_forward_ip_config #128
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Testing change for ip_set_forward_ip_config.
Fixes to ip_set_forwarded_ip_config.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Currently with all ip_set_reference statements to set the ip_set_forwarded_ip_config the following dynamic statement is used in all scope down and nested and/or/not statements.
dynamic "ip_set_forwarded_ip_config" { for_each = length(lookup(ip_set_reference_statement.value, "forwarded_ip_config", {})) == 0 ? [] : [lookup(ip_set_reference_statement.value, "forwarded_ip_config", {})] content { fallback_behavior = lookup(forwarded_ip_config.value, "fallback_behavior") header_name = lookup(forwarded_ip_config.value, "header_name") position = lookup(forwarded_ip_config.value, "position") } }For the top level ip_set_reference_statement the following dynamic statement is used.
dynamic "ip_set_forwarded_ip_config" { for_each = length(lookup(ip_set_reference_statement.value, "ip_set_forwarded_ip_config", {})) == 0 ? [] : [lookup(ip_set_reference_statement.value, "ip_set_forwarded_ip_config", {})] content { fallback_behavior = lookup(ip_set_forwarded_ip_config.value, "fallback_behavior") header_name = lookup(ip_set_forwarded_ip_config.value, "header_name") position = lookup(ip_set_forwarded_ip_config.value, "position") } }Following the examples and testing I have found that ip_set_forwarded_ip_config is set on the top level dynamic statement as expected. but none of the nested statements work, the ip_set_forward_ip_config is ignored and not applied as expected.
As an example I had applied this following snippet
` and_statement = {
statements = [
{
not_statement = {
ip_set_reference_statement = {
arn = "arn:aws:wafv2:us-east-1:X:region/X"
And I get the following error returned:
│ Error: Reference to undeclared resource │ │ on .terraform/modules/waf/main.tf line 5386, in resource "aws_wafv2_web_acl" "main": │ 5386: position = lookup(forwarded_ip_config.value, "position") │ │ A managed resource "forwarded_ip_config" "value" has not been declared in │ module.waf. ╵When I try this code
` and_statement = {
statements = [
{
not_statement = {
ip_set_reference_statement = {
arn = "arn:aws:wafv2:us-east-1:X:region/X"
The plan shows no ip_set_forward_ip_config being applied, and just the arn is listed within the ip_set_reference_statement. I have tested my updates so that the nested dynamic statements match the top level statement and when I applied the last example statement above it works as expected and the ip_set_forwarded_ip_config is included in the plan.
Note: there is no change to the examples as the examples work with the proposed change but do not with the current setup.