Closed acatte10 closed 4 years ago
anandkunal
commented
4 years ago Hi @acatte10 - all of this is available today. As an example - any site that you add as a resource w/ DNS validation will populate an attribute called domain_verification, which is a TXT record that you need to add. You can also choose HTML and it will populate the meta tag there as well. Let us know if you need assistance and we can jump in to help.
acatte10
commented
3 years ago Hello @anandkunal I've just tested again with the terraform provider published on Hashicorp side but i didn't found "domain_verification" attribute in the outputs :
"acceleration_level" = "none"
"account_id" = "XXXXXX"
"active" = "active"
"dns_a_record_value" = []
"dns_cname_record_name" = "aurelien.XXXXXX.ad"
"dns_cname_record_value" = "x.incapdns.net"
"domain" = "aurelien.XXXXXX.ad"
"domain_redirect_to_full" = "false"
"domain_validation" = "dns"
"force_ssl" = "true"
"id" = "XXXX"
"remove_ssl" = "false"
"send_site_setup_emails" = "true"
"site_creation_date" = 1604063567000
"site_ip" = "XXXX"Where shoud I suppose to find this attribute ? I find it in the doc but not in the output. thanks in advance
joeymoore
commented
3 years ago @acatte10 can you please send me your terraform state
acatte10
commented
3 years ago hello @joeymoore
FYI, I used the terraform provider in version 2.1.0 that is the only version valid for the moment on Hashicorp providers side. And many updates have been done on this repo since... it woul be great to get a new release with all the evol and fixes
Here is the tfstate for the imperva website part
{
"module": "module.cpe_stack_instance.module.imperva[\"subdomain.mywebsite.io\"]",
"mode": "managed",
"type": "incapsula_site",
"name": "project_site",
"provider": "module.cpe_stack_instance.provider[\"registry.terraform.io/terraform-providers/incapsula\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"acceleration_level": null,
"account_id": "XXXXX",
"active": "active",
"approver": "",
"dns_a_record_name": null,
"dns_a_record_value": [],
"dns_cname_record_name": "subdomain.mywebsite.io",
"dns_cname_record_value": "xxxxx.x.incapdns.net",
"domain": "subdomain.mywebsite.io",
"domain_redirect_to_full": "false",
"domain_validation": "dns",
"force_ssl": "false",
"id": "XXXXXXX",
"ignore_ssl": null,
"log_level": null,
"logs_account_id": null,
"ref_id": null,
"remove_ssl": "true",
"seal_location": null,
"send_site_setup_emails": "false",
"site_creation_date": 1604083050000,
"site_ip": "X.X.X.X"
},
"private": "XXXX"
}
]
},I don't see any domain_verification field. Maybe some settings are not well configured but I didn't find the clear info to get an Imperva certificate and not a custom one.
Thanks in advance
osulli
commented
3 years ago For anyone else who stumbles upon this:
The domain_verification attribute does exist as shown here.
Strangely, my IDE (GoLand with Terraform plugin) does not find this in the struct (you can add an ignore comment which should be suggested in Quick Actions). It could be because it is an unusual parameter in that it is optional: false (or nil) but computed: true. I've never personally seen this but is certainly what I'm blaming.
If you do output incapsula_site.site.domain_verification you will see the following:
"ssl_validation" = "globalsign-domain-verification=f00b4r1234567890"FYI, my incapsula_site resource has the following:
...
# SSL
domain_validation = "dns"
# https://github.com/imperva/terraform-provider-incapsula/issues/48
ignore_ssl = "true"
# Manually set the site to support SSL.
force_ssl = "true"
...Thank you @osulli This is all correct, I have the same issue with my IDE but it does work when testing the following:
resource "incapsula_site" "example-sites" {
domain = "xxxxx"
account_id = "2398"
site_ip = "1105938788.us-east-2.elb.amazonaws.com"
force_ssl = "true"
domain_validation = "dns"
ignore_ssl = "true"
}
output "ssl_validation" {
value = incapsula_site.example-sites.domain_verification
}State:
resource "incapsula_site" "example-sites" {
account_id = 0000
data_storage_region = "US"
dns_a_record_value = []
dns_cname_record_name = "xxxxx"
dns_cname_record_value = "xxxxxx"
domain = "xxx"
domain_validation = "dns"
domain_verification = "globalsign-domain-verification=xxxxxxxxxx"
force_ssl = "true"
hashing_enabled = false
id = "71173230"
ignore_ssl = "true"
log_level = "none"
perf_client_comply_no_cache = false
perf_client_enable_client_side_caching = true
perf_client_send_age_header = false
perf_key_comply_vary = false
perf_key_unite_naked_full_cache = false
perf_mode_https = "dont_include_html"
perf_mode_level = "smart"
perf_mode_time = 300
perf_response_cache_300x = false
perf_response_cache_404_enabled = false
perf_response_cache_404_time = 0
perf_response_cache_empty_responses = false
perf_response_cache_http_10_responses = false
perf_response_cache_response_header_mode = "custom"
perf_response_cache_response_headers = []
perf_response_cache_shield = true
perf_response_stale_content_mode = "adaptive"
perf_response_stale_content_time = 0
perf_ttl_prefer_last_modified = false
perf_ttl_use_shortest_caching = false
site_creation_date = 1614916143000
site_ip = "1105938788.us-east-2.elb.amazonaws.com"
}
Hello,
It seems impossible to go deep in the "Imperva Generated certificate" process. I've just found a way with custom certificate.
I would like that the Imperva Provider do :
if it's already possible and it's just a bad configuration on my side, let me know ;)
Thanks