search

imperva / terraform-provider-incapsula

This package is a plugin for Terraform, and is designed to be used to auto-provision sites in Incapsula via Incapsula’s API from the terraform cli/yaml configurations.
Mozilla Public License 2.0
44 stars 72 forks source link

Error when using "+" symbols in email addresses #291

Closed ren3gadem4rm0t closed 1 year ago

ren3gadem4rm0t commented 1 year ago

Confirmation

Terraform and Imperva provider version

Terraform v1.3.7 on darwin_amd64

Affected resource(s)

incapsula_account_user

Terraform configuration files

resource "incapsula_account_user" "user_1" {
  account_id = data.incapsula_account_data.account_data.current_account
  email = "example+api_user@example.com"
  first_name = "First"
  last_name = "Last"
  role_ids = [
    data.incapsula_account_roles.roles.reader_role_id,
  ]
}

Debug output

incapsula_account_user.user_1: Refreshing state... [id=0000000/example+api_user@example.com]
2023-02-06T15:15:28.641-0700 [INFO]  provider.terraform-provider-incapsula_v3.15.1: 2023/02/06 15:15:28 [INFO] Reading Incapsula user : 0000000/example+api_user@example.com: timestamp=2023-02-06T15:15:28.641-0700
2023-02-06T15:15:28.641-0700 [INFO]  provider.terraform-provider-incapsula_v3.15.1: 2023/02/06 15:15:28 [INFO] Getting Incapsula user status for email id: example+api_user@example.com: timestamp=2023-02-06T15:15:28.641-0700
2023-02-06T15:15:28.641-0700 [INFO]  provider.terraform-provider-incapsula_v3.15.1: 2023/02/06 15:15:28 [DEBUG] Waiting for state to become: [success]: timestamp=2023-02-06T15:15:28.641-0700
2023-02-06T15:15:28.765-0700 [INFO]  provider.terraform-provider-incapsula_v3.15.1: 2023/02/06 15:15:28 [DEBUG] Incapsula user status JSON response: {"errors":[{"status":400,"id":"REDACTED","source":{"pointer":"/v3/users"},"title":"Input validation error","detail":"getUserByUserEmail.email: must be a well-formed email address"}]}: timestamp=2023-02-06T15:15:28.765-0700
2023-02-06T15:15:28.765-0700 [INFO]  provider.terraform-provider-incapsula_v3.15.1: 2023/02/06 15:15:28 [ERROR] Could not read Incapsula user: example+api_user@example.com, Error status code 400 from Incapsula service when getting User example+api_user@example.com: {"errors":[{"status":400,"id":"REDACTED","source":{"pointer":"/v3/users"},"title":"Input validation error","detail":"getUserByUserEmail.email: must be a well-formed email address"}]}: timestamp=2023-02-06T15:15:28.765-0700
2023-02-06T15:15:28.765-0700 [ERROR] provider.terraform-provider-incapsula_v3.15.1: Response contains error diagnostic: @caller=github.com/hashicorp/terraform-plugin-go@v0.14.1/tfprotov5/internal/diag/diagnostics.go:55 @module=sdk.proto diagnostic_severity=ERROR diagnostic_summary="Error status code 400 from Incapsula service when getting User example+api_user@example.com: {"errors":[{"status":400,"id":"REDACTED","source":{"pointer":"/v3/users"},"title":"Input validation error","detail":"getUserByUserEmail.email: must be a well-formed email address"}]}" tf_req_id=REDACTED tf_resource_type=incapsula_account_user diagnostic_detail= tf_proto_version=5.3 tf_provider_addr=provider tf_rpc=ReadResource timestamp=2023-02-06T15:15:28.765-0700
2023-02-06T15:15:28.765-0700 [ERROR] vertex "incapsula_account_user.user_1" error: Error status code 400 from Incapsula service when getting User example+api_user@example.com: {"errors":[{"status":400,"id":"REDACTED","source":{"pointer":"/v3/users"},"title":"Input validation error","detail":"getUserByUserEmail.email: must be a well-formed email address"}]}
2023-02-06T15:15:28.765-0700 [ERROR] vertex "incapsula_account_user.user_1 (expand)" error: Error status code 400 from Incapsula service when getting User example+api_user@example.com: {"errors":[{"status":400,"id":"REDACTED","source":{"pointer":"/v3/users"},"title":"Input validation error","detail":"getUserByUserEmail.email: must be a well-formed email address"}]}
023-02-06T15:15:28.767-0700 [INFO]  backend/local: plan operation completed

│ Error: Error status code 400 from Incapsula service when getting User example+api_user@example.com: {"errors":[{"status":400,"id":"REDACTED","source":{"pointer":"/v3/users"},"title":"Input validation error","detail":"getUserByUserEmail.email: must be a well-formed email address"}]}
│ 
│   with incapsula_account_user.user_1,
│   on api_users.tf line 299, in resource "incapsula_account_user" "user_1":
│  299: resource "incapsula_account_user" "user_1" {
│ 
╵
2023-02-06T15:15:28.775-0700 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2023-02-06T15:15:28.778-0700 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/imperva/incapsula/3.15.1/darwin_amd64/terraform-provider-incapsula_v3.15.1 pid=49713
2023-02-06T15:15:28.778-0700 [DEBUG] provider: plugin exited

Panic output

No response

Expected output

Either the API needs to permit + in the validator, or the TF module should url encode + to %2B where appropriate.

For example, the following fails with the same error:

terraform import incapsula_account_user.user_1 "000000/example+test@example.com"

Where this succeeds:

terraform import incapsula_account_user.user_1 "000000/example%2Btest@example.com"

Actual output

When working with a valid email string that contains a + (plus) symbol, the provider fails to properly parse the email address and fails to continue.

Steps to reproduce

New User Resource:

  1. Create a new user account resource in HCL using a valid + alias notation in the email address.
  2. terraform plan
  3. terraform apply
  4. See error: Error status code 400 from Incapsula service when getting User example+test@example.com:

Existing User Resource:

  1. Create a new user account via the Imperva Management portal using a valid + alias notation in the email address.
  2. Import the resource in terraform: 
    terraform import incapsula_account_user.user_1 "000000/example+test@example.com"
  3. See error: Error status code 400 from Incapsula service when getting User example+test@example.com:

Additional factoids

+ is a valid character in the 'local part' of an email address.

References

https://www.rfc-editor.org/rfc/rfc3696#section-3

BrachaY commented 1 year ago

Hi @ren3gadem4rm0t Thanks for reaching out. We are checking the issue and will get back to you soon.

BrachaY commented 1 year ago

@ren3gadem4rm0t The bug was fixed in the latest version: 3.15.2.