search

imperva / terraform-provider-incapsula

This package is a plugin for Terraform, and is designed to be used to auto-provision sites in Incapsula via Incapsula’s API from the terraform cli/yaml configurations.
Mozilla Public License 2.0
44 stars 72 forks source link

Problem after "3.23.0" patch with ssl_settings #417

Open MrZend opened 5 months ago

MrZend commented 5 months ago

Confirmation

Terraform and Imperva provider version

I run terraform commands via CI/CD pipeline, below code of installing right version of provider

Initializing provider plugins...

Affected resource(s)

incapsula_ssl_settings

Terraform configuration files

After patch, I added block "inbound_tls_settings". Before update it worked good

resource "incapsula_site_ssl_settings" "this" {
  count   = var.ssl_settings != null ? 1 : 0
  site_id = incapsula_site.this.id
  hsts {
    is_enabled           = try(var.ssl_settings.hsts.is_enabled, null)
    max_age              = try(var.ssl_settings.hsts.max_age, null)
    pre_loaded           = try(var.ssl_settings.hsts.pre_loaded, null)
    sub_domains_included = try(var.ssl_settings.hsts.sub_domains_included, null)
  }

  inbound_tls_settings { 
    configuration_profile = var.ssl_settings.inbound_tls_settings.configuration_profile

    dynamic "tls_configuration" {
      for_each = var.ssl_settings.inbound_tls_settings.tls_configuration != null ? var.ssl_settings.inbound_tls_settings.tls_configuration : []
      content {
        tls_version     = tls_configuration.value.tls_version
        ciphers_support = tls_configuration.value.ciphers_support
      }
    }

  }
  depends_on = [incapsula_site.this, incapsula_custom_certificate.this[0]]
}

Debug output

Panic output

No response

Expected output

I want to manage incapsula_ssl_setting under subaccount, if user under account

Actual output

Terraform wants to create new resource of incapsula_ssl_settings. I think, it because user, from which I run terraform commands, at "superaccount" and sites that I want to manage at subaccounts, and I dont have opportunities to specify subaccount where site is located. Furthermore, I tested new API of imperva for ssl_settings and find out that API cant find site under subaccount, If user under "superaccount" - and at api you can specify account_id where site is located, but in provider you cant do it.

Steps to reproduce

  1. User under account
  2. Sites under subaccounts

Additional factoids

No response

References

No response