terraform-provider-citrixadc
terraform-provider-citrixadc copied to clipboard
citrix
[Bug]: Issue 1113, 1147 ,1162 Still results in non working citrixadc_appfwsignatures
Terraform Core Version
1.5.7
citrixadc Provider Version
1.40.1
Operating system
macOS
Affected Resource(s)
citrixadc_appfwsignatures
Equivalent NetScaler CLI Command
N/A
Expected Behavior
I am trying to modify the signature behaviour for an existing signature object in an already existing signature file ( as in GUI: Security / Citrix Web Application Firewall / Signatures/ modifying already existing waf_sig_app.company.com).
Netscaler have to provide the following functionallity if not the Signatures in WAF Engine is useless when
1: You cannot on an entire Signature category ( set enabled = (enabled | disabled) ) && ( set action = (none | block | log | stats))
2: You cannot on a individual Signature / Rules to ( set enabled = (enabled | disabled) ) && ( set action = (none | block | log | stats))
2: You cannot set a list of Signature Entries / Rules to ( set enabled = (enabled | disabled) ) && ( set action = (none | block | log | stats))
I have written terraform module for citrixadc_appfwsignatures as follows:
resource "citrixadc_appfwsignatures" "app_waf_signatures" { name = "waf_sig_${var.waf_profilename}" merge = var.waf_signature_merge == "" ? null : var.waf_signature_merge overwrite = var.waf_signature_overwrite == "" ? null : var.waf_signature_overwrite src = var.waf_signature_location == "" ? null : var.waf_signature_location preservedefactions = var.waf_signature_preservedefaction == "" ? null : var.waf_signature_preservedefaction autoenablenewsignatures = var.waf_signature_autoenablenewsignatures == "" ? null : var.waf_signature_autoenablenewsignatures ruleid = var.waf_signature_ruleid == "" ? null : var.waf_signature_ruleid category = var.waf_signature_category == "" ? null : var.waf_signature_category enabled = var.waf_signature_enabled == "" ? null : var.waf_signature_enabled action = var.waf_signature_action == "" ? null : var.waf_signature_action
}
I call this module from my Netscaler as follows:
module "netscaler-adc-waf-signatures-myapp_company_com" { source = "../modules/CitrixADC-Appfw-Signatures" waf_profilename = var.myapp_company_com_applicationname waf_signature_merge = true waf_signature_overwrite = true waf_signature_location = "local:waf_sig_${var.myapp_company_com_applicationname}" waf_signature_action = ["log", "stats"] waf_signature_enabled = "ON" waf_signature_ruleid = ["998418", "998419","998420","998420","998421","998422","998423","998424","998425","998426"] depends_on = [module.netscaler-adc-waf-myapp_company_com , module.app_myapp_company_com] }
Actual Behavior
│ Error: [ERROR] nitro-go: Failed to apply action on resource of type appfwsignatures, action=Import err=failed: 599 Netscaler specific error ({ "errorcode": 3197, "message": "Importing the resource failed", "severity": "ERROR" }) │ │ with module.netscaler-adc-waf-signatures-myapp_company_com.citrixadc_appfwsignatures.app_waf_signatures, │ on ../modules/CitrixADC-Appfw-Signatures/main.tf line 2, in resource "citrixadc_appfwsignatures" "app_waf_signatures": │ 2: resource "citrixadc_appfwsignatures" "app_waf_signatures" { │ ╵
Relevant Error/Panic Output Snippet
From ns.log logfile on the Netscaler
Oct 12 13:40:17 <local0.warn> 139.98.19.10 2024/10/12:11:40:17 GMT myadc-ext01 0-PPE-1 : default APPFW Message 0 0 : "Failed to update information: '/var/tmp/_updates/waf_sig_myapp.company.com1728733217.8931', 'waf_sig_myapp.company.com'
### Terraform Configuration Files
variables.tf but not relevant for this issue
### Steps to Reproduce
Please observe data in Expected Behavior
### Debug Output
N/A
### Panic Output
N/A
### Important Factoids
_No response_
### References
_No response_
