No way to remove condition from oci_waf_web_app_firewall_policy access control or protection rules #2479
Description
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version and Provider Version
Terraform v1.12.2
on darwin_arm64
- provider registry.terraform.io/oracle/oci v7.25.0
Affected Resource(s)
affected_resources = oci_waf_web_app_firewall_policy
affected_resources = terraform
Terraform Configuration Files
resource "oci_waf_web_app_firewall_policy" "test_web_app_firewall_policy" {
#Required
compartment_id = var.compartment_id
request_protection {
#Optional
rules {
#Required
action_name = "Allow"
name = "Test Rule"
protection_capabilities {
#Required
key = var.key
version = var.version
#Optional
}
type = "PROTECTION"
#Optional
condition = "!i_starts_with(http.request.url.path, '/wazzup/doc')"
condition_language = "JMESPATH"
is_body_inspection_enabled = true
}
}
}Debug Output
Panic Output
Expected Behavior
If a WAF policy with protection rule, access control rule, etc. that contains a condition is edited and the condition is removed then the policy should be updated to reflect that change.
Actual Behavior
If a WAF policy with protection rule, access control rule, etc. that contains a condition is edited and the condition is removed, the policy does not update to reflect the change..
Steps to Reproduce
- Create WAF policy with protection rule or access control rule with condition
- Edit the script to remove the condition
- Note that the condition remains. Presumably because the API applies
nullto remove a condition yetnullhere will leave the value "unchanged."
terraform apply