search

citrix / terraform-provider-citrixadc

Part of NetScaler Automation Toolkit | https://github.com/netscaler/automation-toolkit
https://registry.terraform.io/providers/citrix/citrixadc
Apache License 2.0
119 stars 59 forks source link

[BUG] Why should I have to provide the entire appfwprofile attributes to update a single attribute? #1085

Closed sumanth-lingappa closed 7 months ago

sumanth-lingappa commented 1 year ago

Contact us

For any immediate issues or help , reach out to us at NetScaler-AutomationToolkit@cloud.com !

Bug Report

Describe the bug A clear and concise description of what the bug is.

To Reproduce Steps to reproduce the behaviour:

  1. My terraform files are 
    resource "citrixadc_appfwprofile" "tf_appfwprofile1" {
name           = "tf_appfwprofile1"
sqlinjectionaction = [
"block",
"log",
"stats",
]
type = [
"HTML",
"JSON",
"XML",
]
}
  2. which terraform command I am getting the error 
    Not applicable
  3. Terraform output logs to the log file (./tf.log). Append TF_LOG=TRACE NS_LOG=TRACE TF_LOG_PATH=./tf.log to your terraform command 
    
root@cloud-client:~/apply-waf-configuration# terraform apply -var-file example.tfvars
citrixadc_nsfeature.tf_nsfeature: Refreshing state... [id=tf-nsfeature-20230913053538261700000001]
citrixadc_lbvserver.tf_lbvserver2: Refreshing state... [id=tf_lbvserver2]
citrixadc_service.web-echoserver2: Refreshing state... [id=web-echoserver2]
citrixadc_nsip.snip: Refreshing state... [id=192.168.3.10]
citrixadc_lbvserver.tf_lbvserver1: Refreshing state... [id=tf_lbvserver1]
citrixadc_csvserver.tf_csvserver: Refreshing state... [id=tf_csvserver]
citrixadc_service.web-echoserver1: Refreshing state... [id=web-echoserver1]
citrixadc_lbvserver_service_binding.lb_binding1: Refreshing state... [id=tf_lbvserver1,web-echoserver1]
citrixadc_lbvserver_service_binding.lb_binding2: Refreshing state... [id=tf_lbvserver2,web-echoserver2]
citrixadc_csaction.tf_csaction1: Refreshing state... [id=tf_csaction1]
citrixadc_csaction.tf_csaction2: Refreshing state... [id=tf_csaction2]
citrixadc_cspolicy.tf_policy_echoserver2: Refreshing state... [id=tf_policy_echoserver2]
citrixadc_cspolicy.tf_policy_echoserver1: Refreshing state... [id=tf_policy_echoserver1]
citrixadc_csvserver_cspolicy_binding.tf_csvscspolbind_echoserver1: Refreshing state... [id=tf_csvserver,tf_policy_echoserver1]
citrixadc_csvserver_cspolicy_binding.tf_csvscspolbind_echoserver2: Refreshing state... [id=tf_csvserver,tf_policy_echoserver2]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

Terraform will perform the following actions:

citrixadc_appfwprofile.tf_appfwprofile1 will be created

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve.

Enter a value: yes

citrixadc_appfwprofile.tf_appfwprofile1: Creating... citrixadc_appfwprofile.tf_appfwprofile1: Creation complete after 0s [id=tf_appfwprofile1]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

root@cloud-client:~/apply-waf-configuration# terraform plan -var-file example.tfvars citrixadc_nsfeature.tf_nsfeature: Refreshing state... [id=tf-nsfeature-20230913053538261700000001] citrixadc_lbvserver.tf_lbvserver2: Refreshing state... [id=tf_lbvserver2] citrixadc_nsip.snip: Refreshing state... [id=192.168.3.10] citrixadc_service.web-echoserver1: Refreshing state... [id=web-echoserver1] citrixadc_lbvserver.tf_lbvserver1: Refreshing state... [id=tf_lbvserver1] citrixadc_appfwprofile.tf_appfwprofile1: Refreshing state... [id=tf_appfwprofile1] citrixadc_csvserver.tf_csvserver: Refreshing state... [id=tf_csvserver] citrixadc_service.web-echoserver2: Refreshing state... [id=web-echoserver2] citrixadc_lbvserver_service_binding.lb_binding1: Refreshing state... [id=tf_lbvserver1,web-echoserver1] citrixadc_csaction.tf_csaction1: Refreshing state... [id=tf_csaction1] citrixadc_lbvserver_service_binding.lb_binding2: Refreshing state... [id=tf_lbvserver2,web-echoserver2] citrixadc_csaction.tf_csaction2: Refreshing state... [id=tf_csaction2] citrixadc_cspolicy.tf_policy_echoserver1: Refreshing state... [id=tf_policy_echoserver1] citrixadc_cspolicy.tf_policy_echoserver2: Refreshing state... [id=tf_policy_echoserver2] citrixadc_csvserver_cspolicy_binding.tf_csvscspolbind_echoserver1: Refreshing state... [id=tf_csvserver,tf_policy_echoserver1] citrixadc_csvserver_cspolicy_binding.tf_csvscspolbind_echoserver2: Refreshing state... [id=tf_csvserver,tf_policy_echoserver2]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place

Terraform will perform the following actions:

citrixadc_appfwprofile.tf_appfwprofile1 will be updated in-place

~ resource "citrixadc_appfwprofile" "tf_appfwprofile1" { ~ bufferoverflowaction = [

Plan: 0 to add, 1 to change, 0 to destroy.

────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.

4. Error I am facing on the console
```bash
Not applicable

Expected behaviour The terraform plan immediately after the terraform apply should not have any changes to be shown

Screenshots If applicable, add screenshots to help explain your problem.

Environment (please fill the following information):

 root@cloud-client:~/apply-waf-configuration# terraform version
Terraform v1.1.4
on linux_amd64
+ provider registry.terraform.io/citrix/citrixadc v1.31.0

Your version of Terraform is out of date! The latest version
is 1.5.7. You can update by downloading from https://www.terraform.io/downloads.html
root@cloud-client:~/apply-waf-configuration# go version
bash: go: command not found
root@cloud-client:~/apply-waf-configuration#

Additional context I am executing NetScaler Community labs - netscaler-adc-basic-application-protection-configuration-waf-using-terraform

jeffriechers commented 1 year ago

I had something similar happen with ecc curve settings. I had to modify my code to manually define every single entry as it shows up after deployment. Even the optional items that are defaults. Once I did that then I no longer had it re-applying settings that existed.

kaiAsmOne commented 12 months ago

It´s not that strange when you look at how the REST API is implemented at the Netscaler. Netscaler gui talks with itself using REST API.

If you sniff the traffic in sslplain you will notice that the attributes of the appfw profile are not optional, all settings are set everytime you do one small change to the appfw / waf profile in gui :)

gusmb commented 7 months ago

What does the state file look like after first apply, shouldn't all those default attributes be there? If that's the case, I'd assume that there would be no issue as TF would know the current state, is the NITRO call. It returning the complete picture in this case?

rohit-myali commented 7 months ago

Hello @sumanth-lingappa @kaiAsmOne @gusmb @jeffriechers Thanks for your patience. We have worked on this and and it is now available in the terraform registry. Please download the latest terraform-provider-citrixadc version v1.38.0. Now you don't need to provide the entire appfwprofile attributes to update a single attribute.

Thank you