Closed acatte10 closed 4 years ago
Hi @acatte10 - all of this is available today. As an example - any site that you add as a resource w/ DNS validation will populate an attribute called domain_verification
, which is a TXT record that you need to add. You can also choose HTML and it will populate the meta tag there as well. Let us know if you need assistance and we can jump in to help.
Hello @anandkunal I've just tested again with the terraform provider published on Hashicorp side but i didn't found "domain_verification" attribute in the outputs :
"acceleration_level" = "none"
"account_id" = "XXXXXX"
"active" = "active"
"dns_a_record_value" = []
"dns_cname_record_name" = "aurelien.XXXXXX.ad"
"dns_cname_record_value" = "x.incapdns.net"
"domain" = "aurelien.XXXXXX.ad"
"domain_redirect_to_full" = "false"
"domain_validation" = "dns"
"force_ssl" = "true"
"id" = "XXXX"
"remove_ssl" = "false"
"send_site_setup_emails" = "true"
"site_creation_date" = 1604063567000
"site_ip" = "XXXX"
Where shoud I suppose to find this attribute ? I find it in the doc but not in the output. thanks in advance
@acatte10 can you please send me your terraform state
hello @joeymoore
FYI, I used the terraform provider in version 2.1.0 that is the only version valid for the moment on Hashicorp providers side. And many updates have been done on this repo since... it woul be great to get a new release with all the evol and fixes
Here is the tfstate for the imperva website part
{
"module": "module.cpe_stack_instance.module.imperva[\"subdomain.mywebsite.io\"]",
"mode": "managed",
"type": "incapsula_site",
"name": "project_site",
"provider": "module.cpe_stack_instance.provider[\"registry.terraform.io/terraform-providers/incapsula\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"acceleration_level": null,
"account_id": "XXXXX",
"active": "active",
"approver": "",
"dns_a_record_name": null,
"dns_a_record_value": [],
"dns_cname_record_name": "subdomain.mywebsite.io",
"dns_cname_record_value": "xxxxx.x.incapdns.net",
"domain": "subdomain.mywebsite.io",
"domain_redirect_to_full": "false",
"domain_validation": "dns",
"force_ssl": "false",
"id": "XXXXXXX",
"ignore_ssl": null,
"log_level": null,
"logs_account_id": null,
"ref_id": null,
"remove_ssl": "true",
"seal_location": null,
"send_site_setup_emails": "false",
"site_creation_date": 1604083050000,
"site_ip": "X.X.X.X"
},
"private": "XXXX"
}
]
},
I don't see any domain_verification field. Maybe some settings are not well configured but I didn't find the clear info to get an Imperva certificate and not a custom one.
Thanks in advance
For anyone else who stumbles upon this:
The domain_verification
attribute does exist as shown here.
Strangely, my IDE (GoLand with Terraform plugin) does not find this in the struct (you can add an ignore comment which should be suggested in Quick Actions). It could be because it is an unusual parameter in that it is optional: false
(or nil
) but computed: true
. I've never personally seen this but is certainly what I'm blaming.
If you do output incapsula_site.site.domain_verification
you will see the following:
"ssl_validation" = "globalsign-domain-verification=f00b4r1234567890"
FYI, my incapsula_site
resource has the following:
...
# SSL
domain_validation = "dns"
# https://github.com/imperva/terraform-provider-incapsula/issues/48
ignore_ssl = "true"
# Manually set the site to support SSL.
force_ssl = "true"
...
Thank you @osulli This is all correct, I have the same issue with my IDE but it does work when testing the following:
resource "incapsula_site" "example-sites" {
domain = "xxxxx"
account_id = "2398"
site_ip = "1105938788.us-east-2.elb.amazonaws.com"
force_ssl = "true"
domain_validation = "dns"
ignore_ssl = "true"
}
output "ssl_validation" {
value = incapsula_site.example-sites.domain_verification
}
State:
resource "incapsula_site" "example-sites" {
account_id = 0000
data_storage_region = "US"
dns_a_record_value = []
dns_cname_record_name = "xxxxx"
dns_cname_record_value = "xxxxxx"
domain = "xxx"
domain_validation = "dns"
domain_verification = "globalsign-domain-verification=xxxxxxxxxx"
force_ssl = "true"
hashing_enabled = false
id = "71173230"
ignore_ssl = "true"
log_level = "none"
perf_client_comply_no_cache = false
perf_client_enable_client_side_caching = true
perf_client_send_age_header = false
perf_key_comply_vary = false
perf_key_unite_naked_full_cache = false
perf_mode_https = "dont_include_html"
perf_mode_level = "smart"
perf_mode_time = 300
perf_response_cache_300x = false
perf_response_cache_404_enabled = false
perf_response_cache_404_time = 0
perf_response_cache_empty_responses = false
perf_response_cache_http_10_responses = false
perf_response_cache_response_header_mode = "custom"
perf_response_cache_response_headers = []
perf_response_cache_shield = true
perf_response_stale_content_mode = "adaptive"
perf_response_stale_content_time = 0
perf_ttl_prefer_last_modified = false
perf_ttl_use_shortest_caching = false
site_creation_date = 1614916143000
site_ip = "1105938788.us-east-2.elb.amazonaws.com"
}
Hello,
It seems impossible to go deep in the "Imperva Generated certificate" process. I've just found a way with custom certificate.
I would like that the Imperva Provider do :
if it's already possible and it's just a bad configuration on my side, let me know ;)
Thanks