viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

rybbit: fix cloudflare_ruleset import id (zone/ 3-part form) + depends_on lists

Browse source 
v4.52.7 import id must be zone/<zone_id>/<ruleset_id>; add depends_on so the
crowdsec_ban/captcha lists exist before the WAF rules reference them.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-06-20 19:12:29 +00:00
parent 58fc6d5061
commit f2b089e267
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
stacks/rybbit/crowdsec_edge.tf
View file

@ -107,7 +107,7 @@ resource "cloudflare_list" "crowdsec_captcha" {
# (currently disabled) skip rule preserved verbatim below it. # (currently disabled) skip rule preserved verbatim below it.
import { import {
to = cloudflare_ruleset.crowdsec to = cloudflare_ruleset.crowdsec
id = "fd2c5dd4efe8fe38958944e74d0ced6d/106a1342bc88454ea59c47ad3431fe0e" id = "zone/fd2c5dd4efe8fe38958944e74d0ced6d/106a1342bc88454ea59c47ad3431fe0e"
} }
resource "cloudflare_ruleset" "crowdsec" { resource "cloudflare_ruleset" "crowdsec" {
@ -116,6 +116,10 @@ resource "cloudflare_ruleset" "crowdsec" {
kind = "zone" kind = "zone"
phase = "http_request_firewall_custom" phase = "http_request_firewall_custom"
# The WAF rules reference the IP lists by name ($crowdsec_ban / $crowdsec_captcha),
# so the lists must exist before this ruleset is created/updated.
depends_on = [cloudflare_list.crowdsec_ban, cloudflare_list.crowdsec_captcha]
# CrowdSec ban evaluated FIRST so a banned IP is blocked before anything else. # CrowdSec ban evaluated FIRST so a banned IP is blocked before anything else.
rules { rules {
action = "block" action = "block"