fix waf name resolution #4390
Merged
fix waf name resolution #4390
+130 −46
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
k8s-ci-robot added the cncf-cla: yes 
| [APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: zac-nixon The full list of commands accepted by this bot can be found here. The pull request process is described here Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot added approved 
wweiwei-li reviewed Oct 14, 2025
pkg/aws/services/wafv2.go Outdated
| DisassociateWebACLWithContext(ctx context.Context, req *wafv2.DisassociateWebACLInput) (*wafv2.DisassociateWebACLOutput, error) | ||
| GetWebACLForResourceWithContext(ctx context.Context, req *wafv2.GetWebACLForResourceInput) (*wafv2.GetWebACLForResourceOutput, error) | ||
| GetWebACLWithContext(ctx context.Context, req *wafv2.GetWebACLInput) (*wafv2.GetWebACLOutput, error) | ||
| ListWebACLs(ctx context.Context, req *wafv2.ListWebACLsInput) (*wafv2.ListWebACLsOutput, error) |
There was a problem hiding this comment.
For consistency, should we name it ListWebACLsContext. Other than this , looks good.
| /lgtm |
k8s-ci-robot added the lgtm Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
Issue
Description
The initial implementation of grabbing the WAFv2 ACL via it's name was incorrect :(. The Get API requires both the name and ID. To implement the
Get By NameAPI, we need to utilize the ListWebACLs API to grab a list and filter it server side, unfortunately WAF doesn't provide a server side filtering option. Also, we were missing the scope setting, so I've set to beRegionalwhich captures the ALB use case. Also, we forgot to set the name -> arn mapper which caused null pointers.Manual test cases:
Checklist
README.md, or thedocsdirectory)BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯