add: missing NOT regex_pattern_set_reference_statement dynamic blocks

[viktord]

Description

When using and_statement within rate_based_statement we cannot add negated regex_pattern_set_reference_statement cause the corresponding dynamic block is missing.

Example:

  rules = [
    {
      name     = "example_rate_limit"
      priority = "3"

      action = "count"

      visibility_config = {
        cloudwatch_metrics_enabled = true
        metric_name                = "example_rate_limit"
        sampled_requests_enabled   = true
      }

      rate_based_statement = {
        limit              = 3000
        aggregate_key_type = "IP"
        scope_down_statement = {
          and_statement = {
            statements = [
              {
                byte_match_statement = {
                  field_to_match = {
                    single_header = {
                      name = "Host"
                    }
                  }
                  positional_constraint = "STARTS_WITH"
                  search_string         = "example."
                  priority              = 0
                  type                  = "NONE"
                }
              },
              {
                not_statement = {
                  regex_pattern_set_reference_statement = {
                    arn = aws_wafv2_regex_pattern_set.example.arn
                    field_to_match = {
                      uri_path = "{}"
                    }
                    priority = 0
                    type     = "LOWERCASE"
                  }
                }
              }
            ]
          }
        }
      }
    }
  ]

produces:

      + rule {
          + name     = "example_rate_limit"
          + priority = 3

          + action {
              + count {
                }
            }

          + statement {
              + rate_based_statement {
                  + aggregate_key_type = "IP"
                  + limit              = 3000

                  + scope_down_statement {
                      + and_statement {
                          + statement {
                              + byte_match_statement {
                                  + positional_constraint = "STARTS_WITH"
                                  + search_string         = "example."

                                  + field_to_match {
                                    }

                                  + text_transformation {
                                      + priority = 0
                                      + type     = "NONE"
                                    }
                                }
                            }
                          + statement {
                              + not_statement {
                                  + statement {
                                    }
                                }
                            }
                        }
                    }
                }
            }

Also added:

• custom_key block (was missing)
• size_constraint_statement block in and_statement
• NOT size_constraint_statement block in and_statement

[tmiller]

This seems to be working for me.

[viktord]

@Ohid25 ready for merge?

[hectorballega]

Hi there! Could it be possible to merge this pull request? It looks like a relevant fix and its currently blocking us from using this module to import our WebACL rules. Thanks!