Description
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
cdktf & Language Versions
language: python
cdktf-cli: 0.13.3
node: v18.12.1
cdktf: 0.13.3
constructs: 10.1.188
jsii: 1.72.0
terraform: 1.1.9
arch: x64
os: darwin 22.2.0
python: Python 3.10.8
pip: pip 22.3.1 from /usr/local/lib/python3.10/site-packages/pip (python 3.10)
pipenv: pipenv, version 2022.9.24
Affected Resource(s)
wafv2 RuleGroup , Rules
Debug Output
deploy fails with error -
[ERROR] default - ╷
│ Error: creating WAFv2 RuleGroup (test-cdk): WAFInvalidParameterException: Error reason: EXACTLY_ONE_CONDITION_REQUIRED, field: STATEMENT, parameter: Statement
│ {
│ RespMetadata: {
│ StatusCode: 400,
│ RequestID: "7beaebeb-dc61-460d-9c47-10a9188b56eb"
│ },
│ Field: "STATEMENT",
│ Message_: "Error reason: EXACTLY_ONE_CONDITION_REQUIRED, field: STATEMENT, parameter: Statement",
│ Parameter: "Statement",
│ Reason: "You have used none or multiple values for a field that requires exactly one value."
│ }
│
│ with aws_wafv2_rule_group.test-rg-cdk,
│ on cdk.tf .json line 69, in resource.aws _wafv2_rule_group.test-rg-cdk:
│ 69: }
Expected Behavior
The rule statement should be present.
Actual Behavior
statement is blank, making the deploy fail.
Steps to Reproduce
Use cdktf python , main.py definition -
#!/usr/bin/env python
from pickle import NONE
import profile
from typing import Sequence
from constructs import Construct
from cdktf import App, TerraformStack, TerraformOutput, Token, Fn
from imports.aws.provider import AwsProvider
from imports.aws import fms_policy, wafv2_rule_group
import json
class MyStack(TerraformStack):
def __init__(self, scope: Construct, id: str):
super().__init__(scope, id)
# Creating wafv2_rule_group
AwsProvider(self, "AWS", region="xxx", profile='xxx')
wrg=wafv2_rule_group.Wafv2RuleGroup(self,
id_='test-rg-cdk',
visibility_config={
"sampled_requests_enabled": True,
"cloudwatch_metrics_enabled": True,
"metric_name": "test-metric"
},
description="Test rg from cdk",
capacity=80,
name='test-cdk',
scope='REGIONAL',
rule=[
{
"name": "body_size_constraint",
"priority": 0,
"statement": {
"size_constraint_statement": {
"field_to_match": {
"body": {}
},
"comparison_operator": "GT",
"size": 8192,
"text_transformation": [
{
"priority": 0,
"type": "NONE"
}
]
}
},
"action": {
"count": {}
},
"visibilityConfig": {
"sampledRequestsEnabled": True,
"cloudwatchMetricsEnabled": True,
"metricName": "body_size_constraint"
}
}
],
tags={
"name":"waf-fms-policy-cdk",
"Managedby":"CDK Terraform"
})
app = App()
MyStack(app, "coupa-waf-cdk")
app.synth()
Run cdktf deploy
Refer the below cdk.tf.json output file -- showing blank statement line-39-
{
"//": {
"metadata": {
"backend": "local",
"stackName": "waf-cdk",
"version": "0.13.3"
},
"outputs": {
}
},
"provider": {
"aws": [
{
"profile": "xx",
"region": "xxx"
}
]
},
"resource": {
"aws_wafv2_rule_group": {
"test-rg-cdk": {
"//": {
"metadata": {
"path": "waf-cdk/test-rg-cdk",
"uniqueId": "test-rg-cdk"
}
},
"capacity": 80,
"description": "Test rg from cdk",
"name": "test-cdk",
"rule": [
{
"action": {
"count": {
}
},
"name": "body_size_constraint",
"priority": 0,
"statement": {
},
"visibility_config": {
"cloudwatch_metrics_enabled": true,
"metric_name": "body_size_constraint",
"sampled_requests_enabled": true
}
}
],
"scope": "REGIONAL",
"tags": {
"Managedby": "CDK Terraform",
"name": "waf-fms-policy-cdk"
},
"visibility_config": {
"cloudwatch_metrics_enabled": true,
"metric_name": "test-metric",
"sampled_requests_enabled": true
}
}
}
},
"terraform": {
"backend": {
"local": {
"path": "/xxxx/terraform.coupa-waf-cdk.tfstate"
}
},
"required_providers": {
"aws": {
"source": "aws",
"version": "4.46.0"
}
}
}
}