This package is a plugin for Terraform, and is designed to be used to auto-provision sites in Incapsula via Incapsula’s API from the terraform cli/yaml configurations.
Mozilla Public License 2.0
44
stars
72
forks
source link
Unable to change incapsula_policy_asset_association from default to another policy #450
# current terraform state is policy_id=X where X is the default policy
resource "incapsula_policy_asset_association" "waf_rules_policy_asset_association" {
policy_id = Y
asset_id = incapsula_site.site.id
asset_type = "WEBSITE"
}
resource "incapsula_site" "site" {
domain = "test.com"
wildcard_san = true
lifecycle {
prevent_destroy = true
}
}
Debug output
I can privately supply debug output but it may contain configuration information that should not be made publicly available
Panic output
No response
Expected output
I expect the old asset allocation to be replaced with a new one. In the config above, X is the default policy for the account and Y is a different policy. This works if I set the policy to Y in the console and use terraform to change it back to X.
Actual output
module.dns.module.waf_portal.incapsula_policy_asset_association.waf_rules_policy_asset_association must be replaced
account_id = (known after apply)
~ id = "X/N/WEBSITE" -> (known after apply)
~ policy_id = "X" -> "Y" # forces replacement
(2 unchanged attributes hidden)
}
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
module.dns.module.waf_portal.incapsula_policy_asset_association.waf_rules_policy_asset_association: Destroying... [id=X/N/WEBSITE]
╷
│ Error: Error status code 400 from Incapsula service when deleting Policy Asset Association: {"value":"cannot remove default policy of Type WAF_RULES","isError":true}
│
│
╵
Steps to reproduce
change a site that is using the default policy to use a non-default policy in the terraform configuration.
Confirmation
Terraform and Imperva provider version
Terraform v1.9.0-dev on linux_amd64
Your version of Terraform is out of date! The latest version is 1.9.0. You can update by downloading from https://www.terraform.io/downloads.html
Affected resource(s)
incapsula_policy_asset_association
Terraform configuration files
Debug output
I can privately supply debug output but it may contain configuration information that should not be made publicly available
Panic output
No response
Expected output
I expect the old asset allocation to be replaced with a new one. In the config above, X is the default policy for the account and Y is a different policy. This works if I set the policy to Y in the console and use terraform to change it back to X.
Actual output
module.dns.module.waf_portal.incapsula_policy_asset_association.waf_rules_policy_asset_association must be replaced
-/+ resource "incapsula_policy_asset_association" "waf_rules_policy_asset_association" {
(2 unchanged attributes hidden)
}
Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve.
Enter a value: yes
module.dns.module.waf_portal.incapsula_policy_asset_association.waf_rules_policy_asset_association: Destroying... [id=X/N/WEBSITE] ╷ │ Error: Error status code 400 from Incapsula service when deleting Policy Asset Association: {"value":"cannot remove default policy of Type WAF_RULES","isError":true} │ │ ╵
Steps to reproduce
Additional factoids
No response
References
No response