Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resource of type cloudflare_notification_policy with alert_type "advanced_ddos_attack_l7_alert" can't be created #2260

Closed
2 tasks done
brunorubin opened this issue Feb 27, 2023 · 2 comments · Fixed by #2425
Closed
2 tasks done

Resource of type cloudflare_notification_policy with alert_type "advanced_ddos_attack_l7_alert" can't be created #2260

brunorubin opened this issue Feb 27, 2023 · 2 comments · Fixed by #2425
Labels
kind/bug Categorizes issue or PR as related to a bug. service/notifications Categorizes issue or PR as related to the notification service. triage/debug-log-attached Indicates an issue or PR has a complete Terraform debug log.
Milestone
v4.6.0

Comments

@brunorubin
Copy link

brunorubin commented Feb 27, 2023
edited
Loading

Confirmation

  • My issue isn't already found on the issue tracker.
  • I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.3.4
on darwin_arm64
+ provider registry.terraform.io/cloudflare/cloudflare v4.0.0

and

Terraform v1.3.4
on darwin_arm64
+ provider registry.terraform.io/cloudflare/cloudflare v3.35.0

Affected resource(s)

  • cloudflare_notification_policy

Terraform configuration files

resource "cloudflare_notification_policy" "ddos_notifications_type_l7" {
  account_id  = module.cloudflare_account.id
  name        = "DDoS Notification"
  enabled     = false
  alert_type  = "advanced_ddos_attack_l7_alert"

  filters {
    target_zone_name = ["sampledomain.com"]
    target_host      = ["sub.sampledomain.com"]
  }
}

Link to debug output

https://gist.github.com/brunorubin/f4594b792961c51df6c8f136a906c8fc

Panic output

No response

Expected output

cloudflare_notification_policy.ddos_notifications_type_l7: Creating...
cloudflare_notification_policy.ddos_notifications_type_l7: Creation complete after 3s [id=23c4901d88ce401e99a0a4b71b875917]

Actual output

│ Error: error creating policy DDoS: Invalid object selections (17003)
│
│   with cloudflare_notification_policy.ddos_notifications_type_l7,
│   on ddos.tf line 25, in resource "cloudflare_notification_policy" "ddos_notifications_type_l7":
│   25: resource "cloudflare_notification_policy" "ddos_notifications_type_l7" {
│

Steps to reproduce

  1. Create a new cloudflare_notification_policy
  2. Define alert_type to advanced_ddos_attack_l7_alert
  3. Include a filter for hostname and zone:
  filters {
    target_host      = ["sampledomain.com"]
    target_zone_name = ["sub.sampledomain.com"]
  }
  1. Run terraform apply

Additional factoids

When removing target_host the resource gets created normally:

  filters {
    target_zone_name = ["sampledomain.com"]
  }

Looks like the actual Cloudflare Schema expects target_hostname instead

      {
        "display_name": "Advanced HTTP DDoS Attack Alert",
        "type": "advanced_ddos_attack_l7_alert",
        "description": "Cloudflare detects and mitigates an HTTP DDoS attack against one of your domains",
        "filter_options": [
          {
            "Key": "requests_per_second",
            "ComparisonOperator": "\u003e=",
            "Optional": true
          },
          {
            "Key": "target_zone_name",
            "ComparisonOperator": "==",
            "Optional": true
          },
          {
            "Key": "target_hostname",
            "ComparisonOperator": "==",
            "Optional": true
          }
        ]
      }

References

No response
@brunorubin brunorubin added kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Feb 27, 2023
@github-actions
Copy link
Contributor

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added the triage/debug-log-attached Indicates an issue or PR has a complete Terraform debug log. label Feb 27, 2023
@jacobbednarz jacobbednarz added service/notifications Categorizes issue or PR as related to the notification service. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Mar 5, 2023
@atsushii atsushii mentioned this issue May 9, 2023
Merged
@github-actions github-actions bot added this to the v4.6.0 milestone May 10, 2023
@github-actions
Copy link
Contributor

This functionality has been released in v4.6.0 of the Terraform Cloudflare Provider.

Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 17, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. service/notifications Categorizes issue or PR as related to the notification service. triage/debug-log-attached Indicates an issue or PR has a complete Terraform debug log.
Projects
None yet
Milestone
v4.6.0
2 participants
@jacobbednarz @brunorubin