Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

awswafv2: SingleHeaderProperty in GO generates bad CF template (capitalized "Name" property) #28074

Open
Recad opened this issue Nov 20, 2023 · 1 comment
Open

awswafv2: SingleHeaderProperty in GO generates bad CF template (capitalized "Name" property) #28074

Recad opened this issue Nov 20, 2023 · 1 comment
Labels
@aws-cdk/aws-wafv2 bug This issue is a bug. jsii This issue originates in jsii, or this feature must be implemented in jsii. p2

Comments

@Recad
Copy link

Recad commented Nov 20, 2023
edited
Loading

Describe the bug

The use of SingleHeaderProperty in GO CDK for waf header validatrion is synthesizing a nonvalid template.

this is the code used:

        ....rest of rule config...
        SearchString: aws.String(props.HeaderValue),

	FieldToMatch: &awswafv2.CfnWebACL_FieldToMatchProperty{

			SingleHeader: &awswafv2.CfnWebACL_SingleHeaderProperty{

				Name: aws.String(props.HeaderName),

			},

	},
        ....rest of rule config...

This is the generated template portion
"FieldToMatch": { "SingleHeader": { "name": "issued" } },

and this is the error in deployment.
#/Rules/3/Statement/NotStatement/Statement/ByteMatchStatement/FieldToMatch/SingleHeader: required key [Name] not found
#/Rules/3/Statement/NotStatement/Statement/ByteMatchStatement/FieldToMatch/SingleHeader: extraneous key [name] is not permitted

Expected Behavior

synthesize a template with capitalized property
"FieldToMatch": { "SingleHeader": { "Name": "issued" }

Current Behavior

This is the generated template portion
"FieldToMatch": { "SingleHeader": { "name": "issued" } },

Reproduction Steps

create a waf with a rule that validates the header using ByteMathStament:

   webaclbug := awswafv2.NewCfnWebACL(scope, aws.String("BUGACL"), &awswafv2.CfnWebACLProps{
        Name: aws.String("WebACLBUG"),
        DefaultAction: awswafv2.CfnWebACL_DefaultActionProperty{
            Allow: awswafv2.CfnWebACL_AllowActionProperty{},
        },
        Scope: aws.String("REGIONAL"),
        Rules: []*awswafv2.CfnWebACL_RuleProperty{
            {
                Name: aws.String("HeaderValidation"),
                Statement: &awswafv2.CfnWebACL_StatementProperty{
                    NotStatement: &awswafv2.CfnWebACL_NotStatementProperty{
                        Statement: &awswafv2.CfnWebACL_StatementProperty{
                            ByteMatchStatement: &awswafv2.CfnWebACL_ByteMatchStatementProperty{
                                SearchString: aws.String("value"),
                                FieldToMatch: &awswafv2.CfnWebACL_FieldToMatchProperty{
                                    SingleHeader: &awswafv2.CfnWebACL_SingleHeaderProperty{
                                        Name: aws.String("header"),
                                    },
                                },
                                TextTransformations: []*awswafv2.CfnWebACL_TextTransformationProperty{
                                    {
                                        Priority: aws.Float64(0),
                                        Type:     aws.String("NONE"),
                                    },
                                },
                                PositionalConstraint: aws.String("EXACTLY"),
                            },
                        },
                    },
                },
                Action:   aws.String("COUNT"),
                Priority: aws.Float64(1),
                VisibilityConfig: awswafv2.CfnWebACL_VisibilityConfigProperty{
                    SampledRequestsEnabled:   aws.Bool(true),
                    CloudWatchMetricsEnabled: aws.Bool(true),
                    MetricName:               aws.String("HeaderParamsCbRuleMetric"),
                },
            },
        },
        VisibilityConfig: awswafv2.CfnWebACL_VisibilityConfigProperty{
            SampledRequestsEnabled:   aws.Bool(true),
            CloudWatchMetricsEnabled: aws.Bool(true),
            MetricName:               aws.String("WebACLMetric"),
        },
    })

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.110.0

Framework Version

No response

Node.js Version

18.14.0

OS

windows 10

Language

Go

Language Version

No response

Other information

#27537
#23709
@Recad Recad added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 20, 2023
@Recad Recad mentioned this issue Nov 20, 2023
Open
@pahud pahud added p2 needs-review jsii This issue originates in jsii, or this feature must be implemented in jsii. and removed needs-triage This issue or PR still needs to be triaged. labels Nov 21, 2023
@pahud
Copy link
Contributor

pahud commented Nov 21, 2023
edited
Loading

This is probably a jsii-related issue. We'll look into this and see if there's any workaround.

@codypenta codypenta mentioned this issue Nov 30, 2023
Open
@github-actions github-actions bot mentioned this issue Dec 1, 2023
Closed
@pahud pahud added p2 and removed p1 labels Jun 11, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-wafv2 bug This issue is a bug. jsii This issue originates in jsii, or this feature must be implemented in jsii. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pahud @Recad