#cloudposse (2024-05)

Describe the Bug

The cloudposse/zone/cloudflare module makes use of resources cloudflare_firewall_rule and cloudflare_filter. Because of this, there are these deprecation messages.

`cloudflare_firewall_rule` resource is in a deprecation phase that will
│ last for one year (May 1st, 2024). During this time period, this
│ resource is still fully supported but you are strongly advised
│ to move to the `cloudflare_ruleset` resource. For more information, see
│ <https://developers.cloudflare.com/waf/reference/migration-guides/firewall-rules-to-custom-rules/#relevant-changes-for-terraform-users>.

and

`cloudflare_filter` resource is in a deprecation phase that will
│ last for one year (May 1st, 2024). During this time period, this
│ resource is still fully supported but you are strongly advised
│ to move to the `cloudflare_ruleset` resource. For more information, see
│ <https://developers.cloudflare.com/waf/reference/migration-guides/firewall-rules-to-custom-rules/#relevant-changes-for-terraform-users>.

Expected Behavior

Should be able to use the module without any deprecation messages.

Steps to Reproduce

Create [main.tf](http://main.tf) and add the following

module "cloudflare_zone" {
  source  = "cloudposse/zone/cloudflare"
  version = "0.5.0"
  enabled = true

  account_id   = "<your_account_id>"
  zone         = "<your_zone>"
  zone_enabled = false

  records = [
    # Google Site Verification
    {
      name    = "example.com"
      value   = "google-site-verification=123"
      type    = "TXT"
      ttl     = 1
      proxied = false
    }
  ]
}

Running apply will produce the deprecation messages.

Screenshots

No response

Environment

• OS: OSX • OS Version: 12.6.3 • Module Version: 0.5.0 • Terraform Version: 1.4.5

Additional Context

• Firewall rules are becoming WAF custom rules • Relevant changes for Terraform users

Describe the Bug

I have a main module that uses your module as a sub module , which is turn is passed to a template. There has been no alteration to your code.

When , I try to generate the plan I get 18 resources created:

│ Error: expected length of rule.0.id to be in the range (1 - 255), got
│
│ with module.logging.module.cloudtrail-s3.module.cloudtrail_s3_bucket.module.s3_bucket.module.aws_s3_bucket.aws_s3_bucket_lifecycle_configuration.default[0],
│ on .terraform\modules\logging.cloudtrail-s3.cloudtrail_s3_bucket.s3_bucket.aws_s3_bucket[lifecycle.tf](http://lifecycle.tf) line 157, in resource “aws_s3_bucket_lifecycle_configuration” “default”:
│ 157: resource “aws_s3_bucket_lifecycle_configuration” “default” {

Expected Behavior

All resources are able to be created in the plan.

I also expect when I set the

“variable “lifecycle_rule_enabled” {
description = “Enable lifecycle events on this bucket”
type = bool
default = false
}”

I would expect no lifecycle rules to be created and thus this error wouldn’t even occur.

Steps to Reproduce

Module:

Main.tf

module “cloudtrail-s3” {
source = “cloudposse/cloudtrail-s3-bucket/aws//examples/complete”
version = “0.26.4”
region = “us-east-1”
}

providers.tf

terraform {
required_version = “~> 1.5”

required_providers {
aws = {
source = “hashicorp/aws”
version = “~> 5.16.0”
}

}
}

variables.tf

variable “abort_incomplete_multipart_upload_days” {
description = “Maximum time (in days) that you want to allow multipart uploads to remain in progress”
type = number
default = 5
}

variable “access_log_bucket_name” {
description = “Name of the S3 bucket where s3 access log will be sent to”
type = string
default = “”
}

variable “acl” {
description = “The canned ACL to apply. We recommend log-delivery-write for compatibility with AWS services”
type = string
default = “log-delivery-write”
}

variable “additional_tag_map” {
description = “Additional key-value pairs to add to each map in tags_as_list_of_maps. Not added to tags or id.”
type = map(string)
default = {}
}

variable “allow_ssl_requests_only” {
description = “Set to true to require requests to use Secure Socket Layer (HTTPS/SSL). This will explicitly deny access to HTTP requests”
type = bool
default = true
}

variable “attributes” {
description = “ID element. Additional attributes (e.g. workers or cluster) to add to id, in the order they appear in the list. New attributes are appended to the end of the list. The elements of the list are joined by the delimiter and treated as a single ID element.”
type = list(string)
default = []
}

variable “block_public_acls” {
description = “Set to false to disable the blocking of new public access lists on the bucket”
type = bool
default = true
}

variable “block_public_policy” {
description = “Set to false to disable the blocking of new public policies on the bucket”
type = bool
default = true
}

variable “bucket_notifications_enabled” {
description = “Send notifications for the object created events. Used for 3rd-party log collection from a bucket. This does not affect access log bucket created by this module. To enable bucket notifications on the access log bucket, create it separately using the cloudposse/s3-log-storage/aws”
type = bool
default = false
}

variable “bucket_notifications_prefix” {
description = “Prefix filter. Used to manage object notifications”
type = string
default = “”
}

variable “bucket_notifications_type” {
description = “Type of the notification configuration. Only SQS is supported.”
type = string
default = “SQS”
}

variable “context” {
description = “Single object for setting entire context at once. See description of individual variables for details. Leave string and numeric variables as null to use default value. Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged.”
type = any
default = {
additional_tag_map = {},
attributes = [],
delimiter = null,
descriptor_formats = {},
enabled = true,
environment = null,
id_length_limit = null,
label_key_case = null,
label_order = [],
label_value_case = null,
labels_as_tags = [“unset”],
name = null,
namespace = null,
regex_replace_chars = null,
stage = null,
tags = {},
tenant = null
}
}

variable “create_access_log_bucket” {
description = “A flag to indicate if a bucket for s3 access logs should be created”
type = bool
default = false
}

variable “delimiter” {
description = “Delimiter to be used between ID elements. Defaults to - (hyphen). Set to “” to use no delimiter at all.”
type = string
default = null
}

variable “descriptor_formats” {
description = “Describe additional descriptors to be output in the descriptors output map. Map of maps. Keys are names of descriptors. Values are maps of the form { format = string labels = list(string) } (Type is any so the map values can later be enhanced to provide additional options.) format is a Terraform format string to be passed to the format() function. labels is a list of labels, in order, to pass to format() function. Label values will be normalized before being passed to format() so they will be identical to how they appear in id. Default is {} (descriptors output will be empty).”
type = any
default = {}
}

variable “enable_glacier_transition” {
description = “Glacier transition might just increase your bill. Set to false to disable lifecycle transitions to AWS Glacier.”
type = bool
default = false
}

variable “enabled” {
description = “Set to false to prevent the module from creating any resources”
type = bool
default = null
}

variable “environment” {
description = “ID element. Usually used for region e.g. ‘uw2’, ‘us-west-2’, OR role ‘prod’, ‘staging’, ‘dev’, ‘UAT’”
type = string
default = null
}

variable “expiration_days” {
description = “Number of days after which to expunge the objects”
type = number
default = 90
}

variable “force_destroy” {
description = “(Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable”
type = bool
default = false
}

variable “glacier_transition_days” {
description = “Number of days after which to move the data to the glacier storage tier”
type = number
default = 60
}

variable “id_length_limit” {
description = “Limit id to this many characters (minimum 6). Set to 0 for unlimited length. Set to null for keep the existing setting, which defaults to 0. Does not affect id_full.”
type = number
default = null
}

variable “ignore_public_acls” {
description = “Set to false to disable the ignoring of public access lists on the bucket”
type = bool
default = true
}

variable “kms_master_key_arn” {
description = “The AWS KMS master key ARN used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms”
type = string
default = “”
}

variable “label_key_case” {
description = “Controls the letter case of the tags keys (label names) for tags generated by this module. Does not affect keys of tags passed in via the tags input. Possible values: lower, title, upper. Default value: title.”
type = string
default = null
}

variable “label_order” {
description = “The order in which the labels (ID elements) appear in the id. Defaults to [“namespace”, “environment”, “stage”, “name”, “attributes”]. You can omit any of the 6 labels (“tenant” is the 6th), but at least one must be present.”
type = list(string)
default = null
}

variable “label_value_case” {
description = “Controls the lett…