CheckPointSW / terraform-provider-checkpoint

Terraform provider for Check Point
https://www.terraform.io/docs/providers/checkpoint/
Mozilla Public License 2.0
28 stars 40 forks source link

Update access role comment fails #71

Closed deutmeyerbrianpfg closed 3 years ago

deutmeyerbrianpfg commented 3 years ago

I needed to update the comment on an access role to fix a typo. The original version had an equal sign (=) instead of a (-). When terraform tries to make the update, it ends in failure. See below for the output from Terraform. To recreate this:

  1. Create an access role via the apply
  2. Update the access role's comment in a separate plan/apply and voila
Terraform will perform the following actions:

  # checkpoint_management_access_role.ar_my_ad_group_name will be updated in-place
  ~ resource "checkpoint_management_access_role" "ar_my_ad_group_name" {
      ~ comments        = "my=ad-group-name" -> "my-ad-group-name"
        id              = "f555e5555e55"
        name            = "ar_my_ad_group_name"
        tags            = [
            "terraform",
        ]
        # (3 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

---------------------------------------------------------------------------
╷
│ Error: failed to execute API call
│ Status: 400 Bad Request
│ Code: generic_err_missing_required_parameters
│ Message: Missing parameter: [source]
│ 
│   with checkpoint_management_access_role.ar_my_ad_group_name,
│   on main.tf line 11, in resource "checkpoint_management_access_role" "ar_my_ad_group_name":
│   11: resource "checkpoint_management_access_role" "ar_my_ad_group_name" {
│ 
╵
Error: Terraform exited with code 1.
Error: Process completed with exit code 1.
chkp-royl commented 3 years ago

Hi @deutmeyerbrianpfg ,

Thanks for reporting this issue. Parameter 'source' exists in 'machines' and 'users' fields and it's required in set operation. Do you have one of the fields in your configuration? If yes, Did you modify one of them as well? We will investigate this issue and fix it in the next version of Check Point provider.

Regards, Roy

deutmeyerbrianpfg commented 3 years ago

Hi @chkp-royl-

Yes, we have the users block set. We are setting the same AD group name in the comments of the access role so we can search in SmartConsole. The only the thing that changed was the comments. Everything else remained the same.

Here is the resource in question. We only want to fix the comments to match the selection of the users block (changing the = to a -):

resource "checkpoint_management_access_role" "ar_my_ad_group_name" {
  name = "ar_my_ad_group_name"
  users {
    source    = "my.domain.com__AD"
    selection = ["my-ad-group-name"]
  }
  comments = "my=ad-group-name"
  tags     = ["terraform"]
}
chkp-royl commented 3 years ago

Hi @deutmeyerbrianpfg,

In order to better understand why this issue happen, please re-produce it and send terraform + API server (run 'api status -s') logs to royl@checkpoint.com.

Thanks in advance, Roy

deutmeyerbrianpfg commented 3 years ago

Done

chkp-royl commented 3 years ago

Hi @deutmeyerbrianpfg ,

We delivered fix for this issue in the new version of Check Point provider v1.5.0. Please download new version and let us know if you still face any problem.

Regards, Roy