http_request_firewall_custom with action_parameters.response returns 400

[marcindruzgala]

Describe what happened

We are trying to create a custom firewall rule for blocking requests from certain countries and returning custom html response (it's possible to do using UI and API - see example below).

var customRuleSet = new Ruleset(names.WafBlockingRuleSet, new RulesetArgs
{
    ZoneId = "zoneId",
    Name = "WAF Custom Rules",
    Phase = "http_request_firewall_custom",
    Kind = "zone",
    Rules =
    [
        new RulesetRuleArgs
        {
            Action = "block",
            Expression = "ip.src.country eq \"RU\"",
            Description = "Block frontend requests from Russia with localized error page",
            Enabled = true,
            ActionParameters = new RulesetRuleActionParametersArgs
            {
                Response = new RulesetRuleActionParametersResponseArgs
                {
                    StatusCode = 451,
                    Content = "<html><body><h1>Access Blocked</h1><p>This content is not available in your region.</p></body></html>",
                    ContentType = "text/html",
                },
            },
        },
    ],
});

We get the following error:

error: failed to make http request: PUT "https://api.cloudflare.com/client/v4/zones/zoneId/rulesets/rulesetId": 400 Bad Request {
    "result": null,
    "success": false,
    "errors": [
    {
        "message": "invalid JSON: unknown field \"response\""
    }
    ],
    "messages": []
}

From UI the API call shows something like (and it works when I deploy it using API):

curl -X PATCH \
	"https://api.cloudflare.com/client/v4/zones/zoneid/rulesets/rulesetId/rules/ruleId" \
	-H "Authorization: Bearer $CF_AUTH_TOKEN" \
 -d '{
    "action": "block",
    "description": "Block frontend requests from cookie-overridden countries (testing)",
    "enabled": true,
    "expression": "(ip.src.country eq \\\"RU\\\")",
    "id": "id",
    "last_updated": "timestamp",
    "ref": "ref",
    "version": "1",
    "position": {
        "index": 1
    },
    "action_parameters": {
        "response": {
            "status_code": 451,
            "content_type": "text/html",
            "content": "<html><body><h1>Access Blocked</h1><p>This content is not available in your region.</p></body></html>"
        }
    }
}'

Sample program

Please see the example above

Log output

No response

Affected Resource(s)

No response

Output of pulumi about

Backend
Name name
URL s3://bucket-name
User user
Organizations
Token type personal

Dependencies:
NAME VERSION
Pulumi 3.89.0
Pulumi.Cloudflare 6.10.0

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).