Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CloudArmor Customized Rules and WAF #4994

Closed
oownus opened this issue Nov 26, 2019 · 3 comments · Fixed by GoogleCloudPlatform/magic-modules#2778
Closed

CloudArmor Customized Rules and WAF #4994

oownus opened this issue Nov 26, 2019 · 3 comments · Fixed by GoogleCloudPlatform/magic-modules#2778
Assignees
@megan07
Labels
enhancement forward/review In review; remove label to forward priority/2 service/compute-security-policy size/m
Milestone
Sprint 1 (2020)

Comments

@oownus
Copy link

oownus commented Nov 26, 2019
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

CloudArmor has a new feature, custom rules, which lets you define rule expressions. Currently, the provider doesn't seem to allow defining them through terraform.

New or Affected Resource(s)

  • google_compute_security_policy

Potential Terraform Configuration

resource "google_compute_security_policy" "policy" {
  name = "my-policy"

  rule {
    action   = "deny(403)"
    priority = "1000"
    match {
      expr {
        expression": "evaluatePreconfiguredExpr('xss-canary')"
      }
    },
    description = "Deny access to XSS attempts"
  }

  rule {
    action   = "allow"
    priority = "2147483647"
    match {
      versioned_expr = "SRC_IPS_V1"
      config {
        src_ip_ranges = ["*"]
      }
    }
    description = "default rule"
  }
}

References
@ghost ghost added the enhancement label Nov 26, 2019
@danawillow danawillow added this to the Sprint 1 milestone Dec 2, 2019
@megan07 megan07 mentioned this issue Dec 4, 2019
Merged
@oownus
Copy link
Author

oownus commented Dec 9, 2019
edited
Loading

Hello, thanks to @megan07 and @danawillow for getting this issue closed. In which release could we expect to see this change? Thanks!

@danawillow
Copy link
Contributor

You can expect it in 3.2.0, which should be coming out tomorrowish

@sanmmishra sanmmishra mentioned this issue Feb 5, 2020
Closed
@ghost
Copy link

ghost commented Mar 28, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 28, 2020
@github-actions github-actions bot added forward/review In review; remove label to forward service/compute-security-policy labels Jan 14, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@megan07 megan07

Labels
enhancement forward/review In review; remove label to forward priority/2 service/compute-security-policy size/m
Projects
None yet
Milestone
Sprint 1 (2020)
Development

Successfully merging a pull request may close this issue.

Add expr to google_compute_security_policy.rule.match hashicorp/magic-modules
3 participants
@danawillow @megan07 @oownus