Closed deutmeyerbrianpfg closed 9 months ago
Hi @deutmeyerbrianpfg ,
You can't modify rule layer like the way you did. Management API does not support layer changing as you can see in the access-rule documentation: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-access-rule~v1.8%20 You should first delete rule resource and then create new resource configuration with the new layer.
Regards, Roy
Isn't there a way you can make a change like this force a replacement? Forcing a replacement causes terraform to destroy the resource and build a new one.
It seems silly I need to run my pipeline twice as you've mentioned. I could also change the resource name when this happens, which would destroy and build new. Ultimately, if the provider could force replacement, that would be best for pipeline runs.
Here is an example: https://registry.terraform.io/providers/AviatrixSystems/aviatrix/latest/docs/resources/aviatrix_site2cloud#custom_mapped
Changing custom_mapped
from false
to true
forced a replacement, which destroyed the resource and rebuilt it in a single run.
Here is the code:
https://github.com/AviatrixSystems/terraform-provider-aviatrix/blob/master/aviatrix/resource_aviatrix_site2cloud.go#L268
ForceNew: true,
I think you could add ForceNew: true,
after this line:
https://github.com/CheckPointSW/terraform-provider-checkpoint/blob/master/checkpoint/resource_checkpoint_management_access_rule.go#L33
Thanks!
Hi @b-diggity ,
Thanks for suggesting this new feature. We need to see if there are no edge cases in your solution and if not, we can add it to the next version of Check Point provider. Terraform is open source so you can add this line locally and build provider so it won't block your work.
Regards, Roy
Sure. I opened a PR for this just to help contribute.
Changing the layer ID of a rule and position causes an error.
To re-create:
Expected output: