Skip to content

Comments

[DTOSS-12283] - Allow WAF policy to be created at project level in the same apply run#281

Merged
josielsouzanordcloud merged 1 commit intomainfrom
DTOSS-12283-extending-waf-policy
Feb 20, 2026
Merged

[DTOSS-12283] - Allow WAF policy to be created at project level in the same apply run#281
josielsouzanordcloud merged 1 commit intomainfrom
DTOSS-12283-extending-waf-policy

Conversation

@josielsouzanordcloud
Copy link
Contributor

@josielsouzanordcloud josielsouzanordcloud commented Feb 20, 2026

Summary

  • Previously the WAF policy had to exist in the hub before cdn-frontdoor-endpoint could reference it — the data source lookup would fail at plan time if the policy did not yet exist.
  • Adds cdn_frontdoor_firewall_policy_id as an optional attribute onsecurity_policies, allowing spoke projects to pass the policy resource ID directly from a resource reference in the same apply run, bypassing the data source lookup.
  • Makes cdn_frontdoor_firewall_policy_name and cdn_frontdoor_firewall_policy_rg_name optional (default null) —only required when cdn_frontdoor_firewall_policy_id is not supplied.
  • Updates tfdocs.md to reflect the new optional inputs

Type of changes

  • Refactoring (non-breaking change)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would change existing functionality)
  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I am familiar with the contributing guidelines
  • I have followed the code style of the project
  • I have added tests to cover my changes
  • I have updated the documentation accordingly
  • This PR is a result of pair or mob programming

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

  • I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

@josielsouzanordcloud
Allow WAF policy ID to be passed directly to cdn-frontdoor-endpoint
6a136cf 
  Adds an optional cdn_frontdoor_firewall_policy_id field to security_policies.
  When provided, the data source lookup is skipped and the ID is used directly, avoiding a plan-time failure when the WAF policy is created in the same apply.

  Existing callers passing name and resource group are unaffected.
@josielsouzanordcloud josielsouzanordcloud mentioned this pull request Feb 20, 2026
Open
1 task
@josielsouzanordcloud josielsouzanordcloud added this pull request to the merge queue Feb 20, 2026
Merged via the queue into main with commit 7b88cf5 Feb 20, 2026
25 of 26 checks passed
@josielsouzanordcloud josielsouzanordcloud deleted the DTOSS-12283-extending-waf-policy branch February 20, 2026 17:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rfk-nc rfk-nc rfk-nc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@josielsouzanordcloud @rfk-nc