Closed kireledan closed 4 years ago
Hi @kireledan - I think I see what's going on.
I assumed when writing the provider that generated_certificate
would be the same regardless of the validation method. I was wrong.
Per the documentation, here's the example for HTML validation (and what you're doing based on the return value from the API):
"generated_certificate" : {
"ca" : "globalsign",
"validation_method" : "html",
"validation_data" : "<meta name="globalsign-domain-verification" content="rgwlWGF7wQsdWdhbd54pGGruzskFMVezwMvnUtRAzW" />",
"san" : ["*.example.com", "example.com"],
"validation_status" : "pending_user_action"
}
Here's the example for DNS validation:
"generated_certificate" : {
"ca" : "globalsign",
"validation_method" : "dns",
"validation_data" : [
{"dns_record_name": "www.example.com", "set_type_to": "TXT", "set_data_to": "globalsign-domain-verification=rgwlWGF7wQsdWdhbd54pGGruzskFMVezwMvnUtRAzW"},
...
],
"san" : ["*.example.com", "example.com"],
"validation_status" : "pending_user_action"
}
We really shouldn't be changing the inner structure of the validation data like this and instead be using different field names. I'll bring this up with our PD team separately. In the mean time, let me see if I can change out validation_data
to be an interface{}
and do on-the-fly casting based on validation_method
.
Best, Kunal
Just pushed the fix to the repository. Verified locally with a few different sites. Example from my own domain for testing:
resource "incapsula_site" "example-site-html" {
data_storage_region = "US"
dns_a_record_value = []
domain = "--redacted--"
domain_validation = "html"
domain_verification = "<meta name=\"_globalsign-domain-verification\" content=\"-rRHZbEu8sjtBhcr6Iqwhbed0tlJ__Uv88hthYzuZ3\" />"
....
}
Please note, that if your domain has already been validated in the past, editing validation to a new option will not work. You'll need to contact customer support for that one. I assume you're not in this boat as you already had a successful JSON blob (as indicated in your issue above).
Let me know if you run into additional issues with this.
Awesome! Thanks for the followup
I've encountered an issue with terraform planning with sites that contain a generated SSL certificate.
I'm suspecting this is because the API doesn't return as expected.
The struct is expecting these fields within the
validation_data
blob.Hitting the api though (https://my.incapsula.com/api/prov/v1/sites/status) , the
validation_data
does not contain these fields.