I want to create Security Policy in my Google Kubernetes such that there is Adaptive Protection enabled for the DDoS attacks, on my application layer.
Reading pulumi documents, this is what I came up with:
ddos_layer7_defense_policy_name = "ddos-layer7-defense-policy"
ddos_layer7_defense_policy = gcp.compute.SecurityPolicy(
resource_name=ddos_layer7_defense_policy_name,
description="Policy for enabling DDoS defence on L7",
name=ddos_layer7_defense_policy_name,
adaptive_protection_config=gcp.compute.SecurityPolicyAdaptiveProtectionConfigArgs(
layer7_ddos_defense_config=gcp.compute.SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigArgs(
enable=False, # enable DDoS defense
rule_visibility="STANDARD"
)
)
)
I read the official documents, and while they also denote enable=True as the first argument, my local Pulumi library (the one installed in the virtualenv) does not have that kwarg. However, when I look at the code, I can see the two flags being very much present.
Still, I get the invalid key error:
error: gcp:compute/securityPolicy:SecurityPolicy resource 'ddos-layer7-defense-policy' has a problem: Invalid or unknown key. Examine values at 'SecurityPolicy.AdaptiveProtectionConfig.Layer7DdosDefenseConfig'.
Reading at the source code is not helping either as the signature matches to what I am providing.
This problem is also unsolved by people working on pulumi, such as this.
enable=True and removing rule_visibility produces the same result.The pulumi-gcp provider is derived from the Google Terraform provider.
There was a bug in this resource in the Terraform provider which meant that it wasn't possible to manage these resources properly because the resource properties weren't being correctly sent to the API.
This was fixed in this PR which was merged into v4.39.0 of the Terraform provider.
This then propagated to the Pulumi provider in v6.40.0.
It's likely you're not using >6.40.0 of the Pulumi provider, which is why you're experiencing this issue. Try upgrading, and then reattempt.