Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support the new actions in Cloud Armor's rules. #10944

Closed
boushi-bird opened this issue Jan 21, 2022 · 2 comments
Closed

Support the new actions in Cloud Armor's rules. #10944

boushi-bird opened this issue Jan 21, 2022 · 2 comments
Labels
enhancement size/s
Milestone
Goals

Comments

@boushi-bird
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

rate_based_ban, redirect and throttle actions have been added to rules[].action in securityPolicies.

https://cloud.google.com/compute/docs/reference/rest/v1/securityPolicies

Please support these actions.

New or Affected Resource(s)

  • google_compute_security_policy

Potential Terraform Configuration

resource "google_compute_security_policy" "cloud_armor" {
  name = "dev-armor"
  rule {
    action = "rate_based_ban"
    preview  = true
    priority = 100000000
    match {
      versioned_expr = "SRC_IPS_V1"
      config {
        src_ip_ranges = ["*"]
      }
    }
  }
}

terraform {
  required_version = "~> 1.0"
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~> 4.7"
    }
  }
}

The current version does not support this.

$ terraform -v
Terraform v1.0.11
on linux_amd64
+ provider registry.terraform.io/hashicorp/google v4.7.0

$ terraform plan
╷
│ Error: expected rule.0.action to be one of [allow deny(403) deny(404) deny(502)], got rate_based_ban
│
│   with google_compute_security_policy.cloud_armor,
│   on main.tf line 1, in resource "google_compute_security_policy" "cloud_armor":
│    1: resource "google_compute_security_policy" "cloud_armor" {
│
╵

References

https://cloud.google.com/blog/products/identity-security/improve-your-ddos--waf-defense-with-new-cloud-armor-features

Finally, we are announcing the preview release of per-client rate limiting in Cloud Armor by introducing two new rule actions: throttle and rate-based-ban.
@boushi-bird boushi-bird changed the title Support the new actions in Cloud Armar's rules. Support the new actions in Cloud Armor's rules. Jan 24, 2022
@rileykarson rileykarson added this to the Goals milestone Jan 24, 2022
@rileykarson
Copy link
Collaborator

I believe this dupes #10020, please correct me if that's not the case!

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 24, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement size/s
Projects
None yet
Milestone
Goals
Development

No branches or pull requests
2 participants
@rileykarson @boushi-bird