Import resources

[stiewie33]

Hi, I am considering using this provider to streamline some processes we're handling manually, however, I can't find any docs regarding importing existing infrastructure. Has anyone imported existing resources before? I'm quite new with terraform so any help would be greatly appreciated.

[Taoquitok]

In principal, you would run terraform import "resource_reference" "reference_id" (e.g. terraform import "netskope_privateapps.examplehost" "1"), but in practice I've found that the netskope terraform provider, though very useful, is missing support for importing existing resources.
There's other limitations where failed changes to existing managed resources may still update the state inappropriately (See issue #22), and bulk private app creation which have tags can create broken PAs if not running with --parallelism=1 (see #6).

The refresh steps of any plan/apply also doesn't check the live values, so any manual changes to resources won't be detected by terraform and corrected.

Overall, worth using for templating new resources and to minimise risk of manual changes going wrong, but currently doesn't fully follow expected terraform behaviours, so will take some experimenting to understand its quirks

[stiewie33]

@Taoquitok do you have any tips or suggestions on how to connect new apps to existing publishers or is that not possible as I can't get the publishers into my tf state?

[Taoquitok]

New private apps with existing publishers should be easy enough as there's a publishers data source

You would need to use the filter to limit down to just the one you need, or collect all and use locals or inline logic in the resource to filter down to the appropriate publisher.

I haven't used the data source for publishers so below is an educated guess based on the docs schema for data source + a new private_apps resource. I'd suspect this either works, or is close to working (commented where I suspect it could fail)

data "netskope_publishers" "example" {
   # Update this filter to match your publisher's name. Arguably can drop the registered and just go by name
    filter = "publisher_name eq your_publisher and registered eq true"
}

resource "netskope_privateapps" "PrivateApp" {
    app_name = "Eaxmple-Private-App"
    host     = "site1.example.internal, site2.example.internal"

    protocols {
        type = "tcp"
        port = "22, 443, 8080-8081"
    }

    protocols {
        type = "udp"
        port = "194"
    }

    publisher {
        # For the data reference, as it's a list of objects at the ".publishers" level
        # I'm assuming you need to [0] index... but you'll need to test to confirm this
        # POST EDIT: Correct id/name references
        publisher_id   = data.netskope_publishers.example.publishers[0].publisher_id
        publisher_name = data.netskope_publishers.example.publishers[0].publisher_name
    }
}

[stiewie33]

Thanks! That worked with a few minor tweaks.

data "netskope_publishers" "example_pub" {
    filter = "publisher_name eq example_name and publisher_id eq example_id"
}
resource "netskope_privateapps" "example _app_1" {
  app_name = "Example app 1"
  host     = "example.com"

  protocols {
    type = "tcp"
    port = "443"
  }

  publisher {
    publisher_id   = data.netskope_publishers.example_pub.publishers[0].publisher_id
    publisher_name = data.netskope_publishers.example_pub.publishers[0].publisher_name
  }
}