Unable to create a vercel_firewall_config with an "inc" condition

[tyrannosaurus-becks]

Version

provider "registry.terraform.io/vercel/vercel" {
  version     = "2.10.0"
  constraints = "~> 2.10"
  hashes = [
    "h1:dqn6MVkhUm5ynbuIg53zCGpX8fxoFx3kkYq11Rdzi3o=",
    "zh:00030228128bb41d22f92b39cbabf423b1be32227dddf3c63595075648c208a7",
    "zh:1fe72ae0a9ed346f35ae9de77031a40f290e50ae94ef81934771ad13e0957095",
    "zh:2bd7fa6854970c51e653b4a4572cee54c6db2154f08d2c77f19f260b2e313fbe",
    "zh:4af64ed95b3677d1aa7a7ee3f26b2f1b5d5e3005fdd02812c93f86d2ac834d29",
    "zh:4b42e66aca775191b3861a29a68d28fd13b6284540a5febdc4ffc8c801feff3e",
    "zh:537ca509b0aeaa6851eaec56fe8272a598c5f5700d136b686f82ecf20aa7f9cf",
    "zh:7d0bd21cdedc64681a66cb1f9724edfa3237def6cb80cfee847c613998e0e42c",
    "zh:a3bc0cce521452a9a8794699816961190e4c7a7c34ea589245e852659d24c659",
    "zh:b18408a71c99ba4a5882dc0c673ea43410b2f9b208637cd20acc2b53b7139867",
    "zh:c17f42a8ef3f5fd60821d4187920c31d0666db10629ccdb7b8dd9ec1e1103bae",
    "zh:c7bfecb76c5db46a3295c63620720e4ebd8bea2b81756807831b715216987ca9",
    "zh:ed1e1d3bbdc7946edc9bdbc6dbba8a5138cdd859765c787ff2a8ac8f2a930811",
    "zh:ef9b8346ac8d226c69e77b0ee50cf77a40562c80e11a0afe59cd08b8cbd12d2e",
    "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
    "zh:f449bfa061af348c58722d0f2bb374d403d57c3f4ca2d81c02745a2e9ccc5bbc",
  ]
}

Code

# Vercel Firewall Configuration
resource "vercel_firewall_config" "main" {
  count = var.environment != "prod" ? 1 : 0

  project_id = var.vercel_project_id

  rules {
    rule {
      name        = "Blocklist"
      active      = true
      description = "IP addresses or CIDRs to always block."
      action = {
        action = "deny"
      }
      condition_group = [{
        conditions = [{
          type  = "ip_address"
          op    = "inc"
          value = ["17.241.227.11", "157.55.39.49", "172.81.130.38"]
        }],
        conditions = [{
          type  = "user_agent"
          op    = "sub"
          neg   = true
          value = "google"
        }]
      }]
    }

    rule {
      name   = "POST /en-US/users/sign-in missing hipcamp session"
      active = true
      action = {
        action = "deny"
      }
      condition_group = [{
        conditions = [{
          type  = "path"
          op    = "eq"
          value = "/en-US/users/sign-in"
        }],
        conditions = [{
          type  = "method"
          op    = "eq"
          value = "POST"
        }],
        conditions = [{
          type = "cookie"
          op   = "ex"
          neg  = true
          key  = "_hipcamp_session"
        }]
      }]
    }

    rule {
      name   = "Challenge all POST sign-ins to /en-US/users/sign-in"
      active = false
      action = {
        action = "challenge"
      }
      condition_group = [{
        conditions = [{
          type  = "path"
          op    = "eq"
          value = "/en-US/users/sign-in"
        }],
        conditions = [{
          type  = "method"
          op    = "eq"
          value = "POST"
        }],
        conditions = [{
          type  = "environment"
          op    = "eq"
          value = "production"
        }]
      }]
    }

    rule {
      name        = "Block ddos attacks"
      active      = true
      description = "Block requests from Hong Kong, China Vietnam etc"
      action = {
        action = "deny"
      }
      condition_group = [{
        conditions = [{
          type  = "geo_country"
          op    = "inc"
          value = "RU, RO, CZ, HK, SG, LV, TH, PS"
        }]
      }]
    }

    rule {
      name   = "FirstJA4"
      active = false
      action = {
        action = "log"
      }
      condition_group = [{
        conditions = [{
          type  = "ja4_digest"
          op    = "eq"
          value = "t13d2014h2_a09f3c656075_14788d8d241b"
        }]
      }]
    }
  }
}

Errors received

With the code above, when Terraform Cloud attempts to create the firewall, the following error is received:

However, if I change the code to:

    rule {
      name        = "Block ddos attacks"
      active      = true
      description = "Block requests from Hong Kong, China Vietnam etc"
      action = {
        action = "deny"
      }
      condition_group = [{
        conditions = [{
          type  = "geo_country"
          op    = "inc"
          value = ["RU", "RO", "CZ", "HK", "SG", "LV", "TH", "PS"]
        }]
      }]
    }

I receive the following error during $ terraform plan:

╷
│ Error: Incorrect attribute value type
│
│   on vercel.tf line 88, in resource "vercel_firewall_config" "main":
│   88:       condition_group = [{
│   89:         conditions = [{
│   90:           type  = "geo_country"
│   91:           op    = "inc"
│   92:           value = ["RU", "RO", "CZ", "HK", "SG", "LV", "TH", "PS"]
│   93:         }]
│   94:       }]
│
│ Inappropriate value for attribute "condition_group": element 0: attribute
│ "conditions": element 0: attribute "value": string required.
╵
Operation failed: failed running terraform plan (exit 1)

There is no way to both pass the terraform plan and apply phases.

[sueplex]

Hi, we recently added the values key which accepts a list of strings to handle the inc/ninc case. Could you give that a try and let me know if that resolves your problem?