CheckPointSW / terraform-provider-checkpoint

Terraform provider for Check Point
https://www.terraform.io/docs/providers/checkpoint/
Mozilla Public License 2.0
28 stars 40 forks source link

Log settings are updated even if code and api are equal #89

Closed harhan closed 2 years ago

harhan commented 3 years ago

The comparison between simple-gateway objects from API and HCL code should result in no change. Still the provider proposes in place updates since the state is not updated correctly.

This is usually under log-settings:

I've tried to override all these settings with default values to avoid this problem in the HCL code:

resource "checkpoint_management_simple_gateway" "simplegw" {
...
  logs_settings = {
    "before_delete_run_script_command"                 = ""
    "delete_index_files_when_index_size_above_metrics" = "mbytes"
    "reserve_for_packet_capture_metrics"               = "mbytes"
    "stop_logging_when_free_disk_space_below_metrics"  = "mbytes"
    "free_disk_space_metrics"                          = "mbytes"
    "delete_when_free_disk_space_below_metrics"        = "mbytes"
  }
...
}

The API returns:

> show simple-gateway name "simplegw"

uid: "14b917ee-e8a3-4099-a6fd-d0a8af237459"
name: "simplegw"
type: "simple-gateway"
domain: 
  uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
  name: "SMC User"
  domain-type: "domain"
...
logs-settings: 
  rotate-log-by-file-size: false
  rotate-log-file-size-threshold: 1000
  rotate-log-on-schedule: false
  alert-when-free-disk-space-below-metrics: "mbytes"
  alert-when-free-disk-space-below: true
  alert-when-free-disk-space-below-threshold: 20
  alert-when-free-disk-space-below-type: "popup alert"
  delete-when-free-disk-space-below-metrics: "mbytes"
  delete-when-free-disk-space-below: true
  delete-when-free-disk-space-below-threshold: 5000
  before-delete-keep-logs-from-the-last-days: false
  before-delete-keep-logs-from-the-last-days-threshold: 3664
  before-delete-run-script: false
  before-delete-run-script-command: ""
  stop-logging-when-free-disk-space-below-metrics: "mbytes"
  stop-logging-when-free-disk-space-below: true
  stop-logging-when-free-disk-space-below-threshold: 100
  reject-connections-when-free-disk-space-below-threshold: false
  reserve-for-packet-capture-metrics: "mbytes"
  reserve-for-packet-capture-threshold: 500
  delete-index-files-when-index-size-above-metrics: "mbytes"
  delete-index-files-when-index-size-above: false
  delete-index-files-when-index-size-above-threshold: 100000
  delete-index-files-older-than-days: false
  delete-index-files-older-than-days-threshold: 14
  forward-logs-to-log-server: false
  perform-log-rotate-before-log-forwarding: false
  update-account-log-every: 3600
  detect-new-citrix-ica-application-names: false
  turn-on-qos-logging: true
groups: []
comments: ""
color: "black"
icon: "NetworkObjects/gateway"
tags: []
meta-info: 
  lock: "unlocked"
  validation-state: "ok"
  last-modify-time: 
    posix: 1637306298524
    iso-8601: "2021-11-19T08:18+0100"
  last-modifier: "admin"
  creation-time: 
    posix: 1635185297253
    iso-8601: "2021-10-25T20:08+0200"
  creator: "admin"
read-only: false

The state, even after running terraform apply -refresh-only, only has one of these settings:

:~/cp-tf$ terraform state show checkpoint_management_simple_gateway.skatt-ia-gw[\"skatt-ia-11\"]
# checkpoint_management_simple_gateway. simplegw:
resource "checkpoint_management_simple_gateway" "simplegw" {
...
    logs_settings              = {
        "delete_when_free_disk_space_below_metrics" = "mbytes"
    }
...
}

It is completely random if the state has correct logs_settings, I have some that do, others that don't. All using the exact same code in a for_each loop.

chkp-alonshev commented 3 years ago

hi @harhan , Thank you for posting this bug, we will fix it in the next provider's version.

chkp-alonshev commented 2 years ago

Hi @harhan , This issue is fixed on the new provider's version, which is available now.

Thank you