Support logical rule statements in wafv2-controller

[takeshi-hatamoto]

Is your feature request related to a problem?

The following code deploys a rule in labelMatchStatement.

  rules:
   - name: Allowbot
      priority: 12
      action:
        allow: {}
      visibilityConfig:
        metricName: Allowbot
        sampledRequestsEnabled: true
        cloudWatchMetricsEnabled: true
      statement:
        labelMatchStatement: 
          scope: LABEL
          key: "awswaf:managed:aws:bot-control:bot:name:googlebot"

However, when I use “orStatement” to apply the or condition of labelMatchStatement, I get the following error, which I would like to improve.

strict decoding error: unknown field “spec.rules[12].statement.orStatement.statements”

    - name: Allowbot
      priority: 13
      action:
        allow: {}
      visibilityConfig:
        metricName: Allowbot
        sampledRequestsEnabled: true
        cloudWatchMetricsEnabled: true
      statement:
        orStatement: 
          statements:
            - labelMatchStatement:
                scope: LABEL
                key: "awswaf:managed:aws:bot-control:bot:user_triggered:verified"
            - labelMatchStatement:
              scope: LABEL
              key: "awswaf:managed:aws:bot-control:bot:name:googlebot"

Describe the solution you'd like

Please let me know if you have already implemented this and if there is a way to solve this problem with orStatement.
I would like to eventually be able to use not only orStatement but also andStatement and NotStatement.
Using logical rule statements in AWS WAF

[github-actions]

Hello @takeshi-hatamoto 👋 Thank you for opening an issue in ACK! A maintainer will triage this issue soon.

We encourage community contributions, so if you're interested in tackling this yourself or suggesting a solution, please check out our Contribution and Code of Conduct guidelines.

You can find more information about ACK on our website.

[rushmash91]

Hi @takeshi-hatamoto,
Thanks for reporting this issue! The Statement fiels are implemented.

The logical statements (orStatement, andStatement, notStatement) are string fields that contain YAML content, rather than structured objects like your snippet. You need to use the YAML pipe | operator to provide the logical statement as a multi-line string.

Here's the corrected version of your configuration:

- name: Allowbot
  priority: 13
  action:
    allow: {}
  visibilityConfig:
    metricName: Allowbot
    sampledRequestsEnabled: true
    cloudWatchMetricsEnabled: true
  statement:
    orStatement: |
      statements:
        - labelMatchStatement:
            scope: LABEL
            key: "awswaf:managed:aws:bot-control:bot:user_triggered:verified"
        - labelMatchStatement:
            scope: LABEL
            key: "awswaf:managed:aws:bot-control:bot:name:googlebot"

another example: https://github.com/aws-controllers-k8s/wafv2-controller/blob/main/test/e2e/resources/rule_group_nested_statements.yaml

This should resolve your issue. Let me know if you need any clarification or continue to face the issue!

[takeshi-hatamoto]

Thank you very much. Resolved.

[rushmash91]

/close

[ack-prow]

@rushmash91: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.