When you provide config key:value pairs for the integration instance, it is only checked using the Terraform state. If you were to create an integration, and change one of the defined config values in XSOAR - Terraform will not detect a change. I've looked into solving this, and have accepted this risk for now - as the complexity is too vast for now (for me, I'm not an experienced Go developer... yet?). You require to transform the data format to fit into a regular map, which I was not able to do today (perhaps another time).
I think the solution is somewhere in looping over integration["data"] in combination with plan.Config.Elems to create a map that uses the keys of plan.Config.Elems - but the values of integration["data"]. This way, the state will check the API based values - instead of the plan/state. Hence being able to detect changes in the production environment.
Also beware, that not all values are retrievable via the API. Some key:value pairs, are credentials. XSOAR will always (luckily) return an empty string for the keys that contain credentials. It's hard to get this right, with the dynamic nature of the key:value pair solution. If you use Hashicorp Vault for the credentials, this will not create issues. Terraform manages that separately.
When you provide config key:value pairs for the integration instance, it is only checked using the Terraform state. If you were to create an integration, and change one of the defined config values in XSOAR - Terraform will not detect a change. I've looked into solving this, and have accepted this risk for now - as the complexity is too vast for now (for me, I'm not an experienced Go developer... yet?). You require to transform the data format to fit into a regular map, which I was not able to do today (perhaps another time).
I think the solution is somewhere in looping over integration["data"] in combination with plan.Config.Elems to create a map that uses the keys of plan.Config.Elems - but the values of integration["data"]. This way, the state will check the API based values - instead of the plan/state. Hence being able to detect changes in the production environment.
Also beware, that not all values are retrievable via the API. Some key:value pairs, are credentials. XSOAR will always (luckily) return an empty string for the keys that contain credentials. It's hard to get this right, with the dynamic nature of the key:value pair solution. If you use Hashicorp Vault for the credentials, this will not create issues. Terraform manages that separately.