#cloudposse (2024-05)

<http://cloudposse.com/quizcloudposse.com/quiz>

Want to hire Cloud Posse? Take our quiz. <http://cloudposse.com/quizcloudposse.com/quiz>

2024-05-01

slackbot avatar
slackbot
01:22:36 PM

Upgrade to reconnect this channel

Your team recently switched to a free plan. Cloud Posse, LLC has been removed from this channel. To automatically reconnect this channel, upgrade to a paid plan by Sunday, May 5th.

2024-05-15

Enrique avatar
Enrique
08:17:41 AM

Good morning (or what suits for you) Folks! Id like to provide a PR to solve this issue. But before start working on it wondering if someone has already a plan… Shall I introduce a new variable waf_rules for backward compatibilities and add a deprecated announcement on firewall_rules description? WAF is the only one I need for now…

#25 Deprecated Resource: `cloudflare_firewall_rule` and `cloudflare_filter`

Describe the Bug

The cloudposse/zone/cloudflare module makes use of resources cloudflare_firewall_rule and cloudflare_filter. Because of this, there are these deprecation messages.

`cloudflare_firewall_rule` resource is in a deprecation phase that will
│ last for one year (May 1st, 2024). During this time period, this
│ resource is still fully supported but you are strongly advised
│ to move to the `cloudflare_ruleset` resource. For more information, see
│ <https://developers.cloudflare.com/waf/reference/migration-guides/firewall-rules-to-custom-rules/#relevant-changes-for-terraform-users>.

and

`cloudflare_filter` resource is in a deprecation phase that will
│ last for one year (May 1st, 2024). During this time period, this
│ resource is still fully supported but you are strongly advised
│ to move to the `cloudflare_ruleset` resource. For more information, see
│ <https://developers.cloudflare.com/waf/reference/migration-guides/firewall-rules-to-custom-rules/#relevant-changes-for-terraform-users>.

Expected Behavior

Should be able to use the module without any deprecation messages.

Steps to Reproduce

Create [main.tf](http://main.tf) and add the following

module "cloudflare_zone" {
  source  = "cloudposse/zone/cloudflare"
  version = "0.5.0"
  enabled = true

  account_id   = "<your_account_id>"
  zone         = "<your_zone>"
  zone_enabled = false

  records = [
    # Google Site Verification
    {
      name    = "example.com"
      value   = "google-site-verification=123"
      type    = "TXT"
      ttl     = 1
      proxied = false
    }
  ]
}

Running apply will produce the deprecation messages.

Screenshots

No response

Environment

• OS: OSX • OS Version: 12.6.3 • Module Version: 0.5.0 • Terraform Version: 1.4.5

Additional Context

Firewall rules are becoming WAF custom rulesRelevant changes for Terraform users

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
12:59:18 PM

Thanks, yes - please proceed if you have the time to open a PR.

#25 Deprecated Resource: `cloudflare_firewall_rule` and `cloudflare_filter`

Describe the Bug

The cloudposse/zone/cloudflare module makes use of resources cloudflare_firewall_rule and cloudflare_filter. Because of this, there are these deprecation messages.

`cloudflare_firewall_rule` resource is in a deprecation phase that will
│ last for one year (May 1st, 2024). During this time period, this
│ resource is still fully supported but you are strongly advised
│ to move to the `cloudflare_ruleset` resource. For more information, see
│ <https://developers.cloudflare.com/waf/reference/migration-guides/firewall-rules-to-custom-rules/#relevant-changes-for-terraform-users>.

and

`cloudflare_filter` resource is in a deprecation phase that will
│ last for one year (May 1st, 2024). During this time period, this
│ resource is still fully supported but you are strongly advised
│ to move to the `cloudflare_ruleset` resource. For more information, see
│ <https://developers.cloudflare.com/waf/reference/migration-guides/firewall-rules-to-custom-rules/#relevant-changes-for-terraform-users>.

Expected Behavior

Should be able to use the module without any deprecation messages.

Steps to Reproduce

Create [main.tf](http://main.tf) and add the following

module "cloudflare_zone" {
  source  = "cloudposse/zone/cloudflare"
  version = "0.5.0"
  enabled = true

  account_id   = "<your_account_id>"
  zone         = "<your_zone>"
  zone_enabled = false

  records = [
    # Google Site Verification
    {
      name    = "example.com"
      value   = "google-site-verification=123"
      type    = "TXT"
      ttl     = 1
      proxied = false
    }
  ]
}

Running apply will produce the deprecation messages.

Screenshots

No response

Environment

• OS: OSX • OS Version: 12.6.3 • Module Version: 0.5.0 • Terraform Version: 1.4.5

Additional Context

Firewall rules are becoming WAF custom rulesRelevant changes for Terraform users

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
12:59:24 PM

I added a comment just now https://github.com/cloudposse/terraform-cloudflare-zone/issues/25#issuecomment-2112453171

Comment on #25 Deprecated Resource: `cloudflare_firewall_rule` and `cloudflare_filter`

Any pull requests welcome. We don’t have any active customer engagements that could sponsor this work. Tag us in #pr-reviews on SweetOps to prioritize review.

1
RB avatar
RB
05:45:39 AM

Kinda related, loosely related to deprecations.

I like this module and have used it in the past but i had to shy away from it recently when i ended up managing too many resources in a single module instantiation.

I wrote this up just now to hopefully break up the module into smaller modules to create separate components and still reuse upstream modules

https://github.com/cloudposse/terraform-cloudflare-zone/issues/40

#40 Break up module into smaller modules

Describe the Feature

Cloudflare is a lot like AWS. It’s turning into its own cloud.

They have r2, workers, dns, waf, rate limit rules, pages, transform rules, etc. Most of these resources are either attributed to the account or to a domain (zone in cloudflare lingo). Thus, thus module dedicated to a zone would encourage a teralith.

Expected Behavior

Break apart the existing module into separate modules

Use Case

Fewer resources managed by a single module

Describe Ideal Solution

See above

Alternatives Considered

No response

Additional Context

• current resources managed https://github.com/cloudposse/terraform-cloudflare-zone?tab=readme-ov-file#resources • New ones on the way https://github.com/cloudposse/terraform-cloudflare-zone/issues

2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
01:25:07 PM

Agree - some of our older modules create factories inside of terraform that are unwieldly

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
01:26:06 PM

I like the hybrid approach, were a subset of resources are created this way, and then it can be re-instantiated multiple times to break the state down into smaller pieces. E.g. by team, or product

2024-05-16

    keyboard_arrow_up