search

imperva / terraform-provider-incapsula

This package is a plugin for Terraform, and is designed to be used to auto-provision sites in Incapsula via Incapsula’s API from the terraform cli/yaml configurations.
Mozilla Public License 2.0
44 stars 72 forks source link

incapsula_site.site_ip change is ignored #383

Closed stockmaj closed 4 months ago

stockmaj commented 9 months ago

Confirmation

Terraform and Imperva provider version

terraform -v Terraform v1.6.6-dev on linux_amd64

  • provider registry.terraform.io/devops-rob/terracurl v1.0.1
  • provider registry.terraform.io/hashicorp/azuread v2.47.0
  • provider registry.terraform.io/hashicorp/azurerm v3.86.0
  • provider registry.terraform.io/hashicorp/time v0.10.0
  • provider registry.terraform.io/imperva/incapsula v3.21.1

Affected resource(s)

When I change the site_ip on an incapsula_site, the terraform plan does not detect any change to the resource.

If I go to the web console and change the website IP address/CNAME field without changing terraform, the terraform plan does not detect any change to the resource. In the example below, I can change 1.2.3.4 to 4.3.2.1 and terraform says there are no changes

Terraform configuration files

resource "incapsula_site" "site_portal" {
  domain = "my.site.com"

  site_ip      = "1.2.3.4"
  wildcard_san = true
  lifecycle {
    prevent_destroy = true
  }
}

Debug output

There is company specific information in the debug output and I do not have an extra website license to be able to create one for testing purposes. This is replicable on multiple sites, though.****

Panic output

No response

Expected output

I expected the plan to say the IP address woudl be changed

Actual output

No changes. Your infrastructure matches the configuration.

Steps to reproduce

Yes, changing either terrraform or the website Server IP so they do not match should result in the terraform plan indicating an update to the incapsula_site image

Additional factoids

No response

References

No response

RomanNess commented 9 months ago

Hi @stockmaj,

we just hit the same issue and found out that the behavior is actually documented on the resource: https://registry.terraform.io/providers/imperva/incapsula/latest/docs/resources/site#site_ip

site_ip - (Optional) The web server IP/CNAME. This field should be specified when creating a site and the domain does not yet exist or the domain already points to Imperva Cloud. When specified, its value will be used for adding site only. After site is already created this field will be ignored. To modify site ip, please use resource incapsula_data_centers_configuration instead.

The code also illustrates this behavior: https://github.com/imperva/terraform-provider-incapsula/blob/8d8e58e7306e3c39694cf69633ac38858d01ab7f/incapsula/resource_site.go#L69-L76

Note, that the resource incapsula_data_centers_configuration has quite a few fields, but can be imported in a Terraform config if your incapsula_site already exists. If you are using a recent version of Terraform, you can use an import block, run a terraform plan and easily deduce the current state of the data center configuration via diff.

import {
  id = "1234567"
  to = incapsula_data_centers_configuration.example
}

resource "incapsula_data_centers_configuration" "example" {
  site_id = incapsula_site.example.id
  site_topology = "SINGLE_DC"

  data_center {
    name = "New DC"
    ip_mode = "SINGLE_IP"

    origin_server {
      address = "1.1.1.1"
      is_active = true
    }
  }
}
stockmaj commented 4 months ago

Thanks @RomanNess