Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

awswafv2: SingleHeaderProperty in GO generates bad CF template (capitalized "Name" property) #28074

Open
Recad opened this issue Nov 20, 2023 · 1 comment
Open

awswafv2: SingleHeaderProperty in GO generates bad CF template (capitalized "Name" property) #28074

Recad opened this issue Nov 20, 2023 · 1 comment
Labels
@aws-cdk/aws-wafv2 bug This issue is a bug. jsii This issue originates in jsii, or this feature must be implemented in jsii. p2

Comments

@Recad
Copy link

Recad commented Nov 20, 2023
edited
Loading

Describe the bug

The use of SingleHeaderProperty in GO CDK for waf header validatrion is synthesizing a nonvalid template.

this is the code used:

        ....rest of rule config...
        SearchString: aws.String(props.HeaderValue),

	FieldToMatch: &awswafv2.CfnWebACL_FieldToMatchProperty{

			SingleHeader: &awswafv2.CfnWebACL_SingleHeaderProperty{

				Name: aws.String(props.HeaderName),

			},

	},
        ....rest of rule config...

This is the generated template portion
"FieldToMatch": { "SingleHeader": { "name": "issued" } },

and this is the error in deployment.
#/Rules/3/Statement/NotStatement/Statement/ByteMatchStatement/FieldToMatch/SingleHeader: required key [Name] not found
#/Rules/3/Statement/NotStatement/Statement/ByteMatchStatement/FieldToMatch/SingleHeader: extraneous key [name] is not permitted

Expected Behavior

synthesize a template with capitalized property
"FieldToMatch": { "SingleHeader": { "Name": "issued" }

Current Behavior

This is the generated template portion
"FieldToMatch": { "SingleHeader": { "name": "issued" } },

Reproduction Steps

create a waf with a rule that validates the header using ByteMathStament:

   webaclbug := awswafv2.NewCfnWebACL(scope, aws.String("BUGACL"), &awswafv2.CfnWebACLProps{
        Name: aws.String("WebACLBUG"),
        DefaultAction: awswafv2.CfnWebACL_DefaultActionProperty{
            Allow: awswafv2.CfnWebACL_AllowActionProperty{},
        },
        Scope: aws.String("REGIONAL"),
        Rules: []*awswafv2.CfnWebACL_RuleProperty{
            {
                Name: aws.String("HeaderValidation"),
                Statement: &awswafv2.CfnWebACL_StatementProperty{
                    NotStatement: &awswafv2.CfnWebACL_NotStatementProperty{
                        Statement: &awswafv2.CfnWebACL_StatementProperty{
                            ByteMatchStatement: &awswafv2.CfnWebACL_ByteMatchStatementProperty{
                                SearchString: aws.String("value"),
                                FieldToMatch: &awswafv2.CfnWebACL_FieldToMatchProperty{
                                    SingleHeader: &awswafv2.CfnWebACL_SingleHeaderProperty{
                                        Name: aws.String("header"),
                                    },
                                },
                                TextTransformations: []*awswafv2.CfnWebACL_TextTransformationProperty{
                                    {
                                        Priority: aws.Float64(0),
                                        Type:     aws.String("NONE"),
                                    },
                                },
                                PositionalConstraint: aws.String("EXACTLY"),
                            },
                        },
                    },
                },
                Action:   aws.String("COUNT"),
                Priority: aws.Float64(1),
                VisibilityConfig: awswafv2.CfnWebACL_VisibilityConfigProperty{
                    SampledRequestsEnabled:   aws.Bool(true),
                    CloudWatchMetricsEnabled: aws.Bool(true),
                    MetricName:               aws.String("HeaderParamsCbRuleMetric"),
                },
            },
        },
        VisibilityConfig: awswafv2.CfnWebACL_VisibilityConfigProperty{
            SampledRequestsEnabled:   aws.Bool(true),
            CloudWatchMetricsEnabled: aws.Bool(true),
            MetricName:               aws.String("WebACLMetric"),
        },
    })

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.110.0

Framework Version

No response

Node.js Version

18.14.0

OS

windows 10

Language

Go

Language Version

No response

Other information

#27537
#23709
@Recad Recad added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 20, 2023
@Recad Recad mentioned this issue Nov 20, 2023
Open
@pahud pahud added p2 needs-review jsii This issue originates in jsii, or this feature must be implemented in jsii. and removed needs-triage This issue or PR still needs to be triaged. labels Nov 21, 2023
@pahud
Copy link
Contributor

pahud commented Nov 21, 2023
edited
Loading

This is probably a jsii-related issue. We'll look into this and see if there's any workaround.

@codypenta codypenta mentioned this issue Nov 30, 2023
Open
@github-actions github-actions bot mentioned this issue Dec 1, 2023
Closed
@pahud pahud added p2 and removed p1 labels Jun 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-wafv2 bug This issue is a bug. jsii This issue originates in jsii, or this feature must be implemented in jsii. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pahud @Recad