CheckPointSW / terraform-provider-checkpoint

Terraform provider for Check Point
https://www.terraform.io/docs/providers/checkpoint/
Mozilla Public License 2.0
28 stars 40 forks source link

Feature request: Trigger publish to force replace itself #51

Closed alec-pinson closed 3 years ago

alec-pinson commented 3 years ago

Hi,

It would be great if we can add a new list variable triggers for example to the checkpoint_management_publish resource which forces the resource to be re-created.

I have created some example code on how this would work:-

locals {
  publish_triggers = [
    sha256(jsonencode(checkpoint_management_host.this)),
    sha256(jsonencode(checkpoint_management_address_range.this)),
    sha256(jsonencode(checkpoint_management_service_tcp.this)),
    sha256(jsonencode(checkpoint_management_access_rule.this)),
  ]
}

output test {
  value = local.publish_triggers
  # sensitive = true
}

resource "checkpoint_management_publish" "publish" {
  depends_on = [checkpoint_management_host.this, checkpoint_management_address_range.this, checkpoint_management_service_tcp.this, checkpoint_management_access_rule.this]
  triggers = local.publish_triggers
}

This will mean if any of the above resources are changed we can at least get publish to run again without having to taint.

alec-pinson commented 3 years ago

I tested the below and it works

https://github.com/CheckPointSW/terraform-provider-checkpoint/blob/master/checkpoint/resource_checkpoint_management_command_publish.go#L10

func resourceManagementPublish() *schema.Resource {
    return &schema.Resource{
        Create: createManagementPublish,
        Read:   readManagementPublish,
        Delete: deleteManagementPublish,
        Schema: map[string]*schema.Schema{
            "uid": {
                Type:        schema.TypeString,
                Optional:    true,
                ForceNew:    true,
                Description: "Session unique identifier. Specify it to publish a different session than the one you currently use.",
            },
            "task_id": {
                Type:        schema.TypeString,
                Computed:    true,
                Description: "Command asynchronous task unique identifier.",
            },
            "triggers": {
                Type:        schema.TypeSet,
                Optional:    true,
                ForceNew:    true,
                Description: "Triggers a publish if there are any changes to objects in this list.",
                Elem: &schema.Schema{
                    Type: schema.TypeString,
                },
            },
        },
    }
}
  # checkpoint_management_publish.publish must be replaced
-/+ resource "checkpoint_management_publish" "publish" {
      ~ id       = "20e83dca-fe96-4961-9677-82628389f192" -> (known after apply)
      ~ task_id  = "01234567-89ab-cdef-bdfd-d39332285ea3" -> (known after apply)
      ~ triggers = [ # forces replacement
            "7c8da0a2b5dbcb94ae8bb28a34eba9fb9c7857dd6191a366426827f959d609ce",
          + "ade31980eeeade84cb8fbaf5c72db276962a7e702f583f1734d01a7e328c69ed",
          - "c448ee1c9c847e1f50192c02fbe07d2a8212ebfc7f5115a663a73fc75dab1876",
            "ec085cd0ded732589ff5a4d7bc07f4ce9e64260c90cb145d98003d2e9da79e71",
            "f8fb23c1c4e9f4632b89e400e613f6df67ada00f99a8439c6b48f8b83f81af53",
        ]
    }

I guess ideally you would pass the id of each resource and do some magic to check if they change, however this solution is extremely simple

chkp-royl commented 3 years ago

Hi @alec-pinson, This solution looks good to me. We will add this feature for publish, logout and install-policy resource in the next version of Check Point provider.

Thanks, Roy

chkp-royl commented 3 years ago

Hi @alec-pinson , We added support for this feature in the new release of Check Point provider v1.2.0. Please upgrade provider to latest version to use it.

Regards, Roy