Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Terraform Linter reports error with WAFv2 rule_action_override but matches documentation #1785

Open
1 task
cwoollard opened this issue Jun 27, 2024 · 6 comments
Labels
bug Something isn't working

Comments

@cwoollard
Copy link

Extension Version

v2.30.2

VS Code Version

Version: 1.90.2 (Universal)
Commit: 5437499feb04f7a586f677b155b039bc2b3669eb
Date: 2024-06-18T22:37:41.291Z
Electron: 29.4.0
ElectronBuildId: 9728852
Chromium: 122.0.6261.156
Node.js: 20.9.0
V8: 12.2.281.27-electron.0
OS: Darwin arm64 23.5.0

Operating System

macOS Sonoma 14.5

Terraform Version

Terraform v1.9.0 on darwin_arm64

Steps to Reproduce

resource "aws_wafv2_web_acl" "api_waf" {
  name        = "test-waf"
  description = "Test WAF Ruleset"
  scope       = "REGIONAL"

  default_action {
    allow {}
  }

  rule {
    name     = "AWSManagedRulesCommonRuleSet"
    priority = 7

    override_action {
      none {}
    }

    statement {
      managed_rule_group_statement {
        name        = "AWSManagedRulesCommonRuleSet"
        vendor_name = "AWS"

        rule_action_override {
          action_to_use {
            count {}
          }
          name = "SizeRestrictions_QUERYSTRING"
        }

        rule_action_override {
          action_to_use {
            count {}
          }
          name = "NoUserAgent_HEADER"
        }

        rule_action_override {
          action_to_use {
            count {}
          }
          name = "SizeRestrictions_BODY"
        }

        rule_action_override {
          action_to_use {
            count {}
          }
          name = "CrossSiteScripting_BODY"
        }
      }
    }

    visibility_config {
      cloudwatch_metrics_enabled = true
      metric_name                = "test-waf-AWSManagedRulesCommonRuleSet"
      sampled_requests_enabled   = true
    }
  }

  visibility_config {
    cloudwatch_metrics_enabled = true
    metric_name                = "test-waf"
    sampled_requests_enabled   = true
  }

}

Expected Behavior

The code matches the current documentation. Why is the linter reporting an issue?

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl.html

Actual Behavior

If you run Terraform validate from the command line, there is no issue.
If you apply the code, there is no issue.

Why is the linter reporting this error?

Unexpected block: Blocks of type "rule_action_override" are not expected hereTerraform
No quick fixes available

Terraform Configuration

No response

Project Structure

No response

Gist

No response

Anything Else?

No response

Workarounds

No response

References

No response

Help Wanted

  • I'm interested in contributing a fix myself

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
@cwoollard cwoollard added the bug Something isn't working label Jun 27, 2024
@cwoollard cwoollard changed the title WAF Linter reports error with rule_action_override but matches documentation Terraform Linter reports error with WAFv2 rule_action_override but matches documentation Jun 27, 2024
@dbanck
Copy link
Member

dbanck commented Jun 27, 2024

Hi @cwoollard! I'm not able to reproduce the bug with the extension version you mentioned.

The extended validation feature uses provider schemas to determine which blocks and attributes are expected in a given context. We have two sources of provider schemas: 1) bundled with the extension 2) obtained from Terraform CLI.
The bundled schema contains the `rule_action_override' blocks, so I can't reproduce the error.

Can you please check if you have a local installation of the aws provider and if so, which version? We always prefer a local installation as it is usually closer to the required version of the provider.

@cwoollard
Copy link
Author

cwoollard commented Jun 27, 2024

Terraform v1.9.0
on darwin_arm64

  • provider registry.terraform.io/hashicorp/aws v5.53.0

I have also tried upgrading to the latest, and that still gives me the issue.

terraform version
Terraform v1.9.0
on darwin_arm64

  • provider registry.terraform.io/hashicorp/aws v5.55.0

@cwoollard
Copy link
Author

Screenshot 2024-06-27 at 15 17 50

Here is a screenshot of the issue.

@dbanck
Copy link
Member

dbanck commented Jun 27, 2024

Thanks for checking! That's odd.

Can you hover over the resource and check the reported version?
CleanShot 2024-06-27 at 16 33 57@2x

@cwoollard
Copy link
Author

cwoollard commented Jun 27, 2024

It says 4.35. I guess it is picking up another version from somewhere.

Do you know where it might be pulling that from?

@cwoollard
Copy link
Author

Question. Does anyone know how this plugin works out which provider to use? I suspect it is deciding based on something in a higher directory in the tree. Yet it doesn't seem to be clear exactly how and where it has made that decision.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants