search

IBM-Cloud / terraform-provider-ibm

https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs
Mozilla Public License 2.0
340 stars 667 forks source link

ibm_cis_domain_settings - fails to edit setting for web application firewall #5118

Open iamar7 opened 8 months ago

iamar7 commented 8 months ago

Community Note

Terraform CLI and Terraform IBM Provider Version

Terraform v1.5.7

Affected Resource(s)

Terraform Configuration Files

While trying to enable/disable the web application firewall(WAF) using the below code, results in failure to edit settings.

https://github.com/terraform-ibm-modules/terraform-ibm-cis/blob/main/examples/complete/main.tf

Slack Conversation for reference: https://ibm-cloudplatform.slack.com/archives/C8XKQ9FPB/p1705068584340459

Debug Output

Panic Output

│ Error: Not allowed to edit setting for waf
│ 
│   with module.cis_domain_settings.ibm_cis_domain_settings.domain_settings,
│   on ../../modules/waf/main.tf line 5, in resource "ibm_cis_domain_settings" "domain_settings":
│    5: resource "ibm_cis_domain_settings" "domain_settings" {
│ 
╵}

Expected Behavior

terraform apply should just enable/disable the WAF without any issues.

Actual Behavior

terraform apply fails to edit settings for WAF

Steps to Reproduce

  1. terraform apply

Important Factoids

References

iamar7 commented 7 months ago

I discussed the issue with the ibmcloud-cis team, who suggested integrating time_sleep to ensure the proper configuration of CIS. The inclusion of a 30-second time_sleep interval before modifying the ibm_cis_domain_settings did not trigger any errors. Furthermore, observing the CIS instance and domain status before and after the time_sleep revealed no changes in state. Given that the CIS instance internals are taking some time to get configured properly, it should ideally be incorporated by the provider itself."