Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to update preview status on google_compute_region_security_policy_rule #20949

Open
jasonloewen opened this issue Jan 17, 2025 · 0 comments
Open

Unable to update preview status on google_compute_region_security_policy_rule #20949

jasonloewen opened this issue Jan 17, 2025 · 0 comments
Labels
bug forward/review In review; remove label to forward service/compute-security-policy

Comments

@jasonloewen
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to a user, that user is claiming responsibility for the issue.
  • Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version & Provider Version(s)

Terraform v1.6.1

  • provider registry.terraform.io/hashicorp/google v6.16.0
  • provider registry.terraform.io/hashicorp/google-beta v6.16.0

Affected Resource(s)

google_compute_region_security_policy_rule

Terraform Configuration

Code

  • Using the cloud-armor regional submodule
module "cloud_armor-regional" {
  source  = "GoogleCloudPlatform/cloud-armor/google//modules/regional-backend-security-policy"
  version = "4.0"

  project_id  = var.project_id
  name        = var.policy_name
  description = var.description
  type        = var.type
  region      = var.region

  # Pre-configured WAF Rules

  pre_configured_rules = {

    "sqli_preconfigured" = {
      description             = "SQLi Sensitivity Level ${var.sqli_rule.sensitivity}"
      action                  = "deny(${var.sqli_rule.deny_http_response_code})"
      priority                = 1000
      preview                 = false
      target_rule_set         = "sqli-v33-stable"
      sensitivity_level       = var.sqli_rule.sensitivity
      exclude_target_rule_ids = var.sqli_rule.exclusions
    }
}

Plan

regional.google_compute_region_security_policy_rule.pre_configured_rules["sqli_preconfigured"] will be updated in-place
  ~ resource "google_compute_region_security_policy_rule" "pre_configured_rules" {
        id              = "projects/sdb-cloudinf-pac12a0/regions/us-central1/securityPolicies/************/priority/1000"
      ~ preview         = true -> false
        # (6 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Debug Output

No response

Expected Behavior

The Cloud Armor rule should have it's preview status updated to false

Actual Behavior

  • Terraform indicates a successful apply
  • The Cloud Armor rule did not change the value appropriately.

Steps to reproduce

  1. terraform apply

Important Factoids

No response

References

Basically a mirror of this issue, but for the regional resource.
@github-actions github-actions bot added forward/review In review; remove label to forward service/compute-security-policy labels Jan 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug forward/review In review; remove label to forward service/compute-security-policy
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jasonloewen