search

l-with / terraform-provider-mailcow

Terraform Provider for Mailcow
19 stars 2 forks source link

tls_enforce don't work #99

Open KaiBroeker opened 3 months ago

KaiBroeker commented 3 months ago

Hi,

I tried to enable tls_enforce_in and tls_enforce_out for some mailboxes. I get no error from tf but if I look in the web ui there is no tls enforced. Also if I run tf again the change should be applied again.

Here the logs (same on every run):

\mail_automation> D:\terraform.exe apply
mailcow_mailbox.mailboxes-***-de--default["info"]: Refreshing state... [id=info@***.de]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

 # mailcow_mailbox.mailboxe-***-de--info will be updated in-place
  ~ resource "mailcow_mailbox" "mailboxe-***-de--info" {
        id              = "info@***.de"
      ~ tls_enforce_in  = false -> true
      ~ tls_enforce_out = false -> true
        # (13 unchanged attributes hidden)
    }
Plan: 0 to add, 8 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

mailcow_mailbox.mailboxes-***-de--info: Modifying... [id=info@***.de]

Apply complete! Resources: 0 added, 8 changed, 0 destroyed.
mail_automation>
KaiBroeker commented 3 months ago

I tested a little bit. The issue only happens if I add the tls_enforce by existing mailboxes. If I create a new mailbox the configuration is fine.

l-with commented 2 months ago

@KaiBroeker I debugged it. The reason is the mailcow api:

updating e.g. tls_enforce can be possibly done with the mailcow api edit tls_policies, this api endpoint is not part of the swagger UI. documentation of the api, I found an indication that this api endpoint exists in the mailcow-dockerized source code.

The terraform provider flow will be quirky with this addition. I will update this strangeness to the docs. By now my motivation trying to add this functionality is low. You can try to convince me.