terraform-provider-fastly icon indicating copy to clipboard operation
terraform-provider-fastly copied to clipboard

Published 20 hours ago verified publisher icon fastly

FR: Better support for UI toggles

Open timkelty opened this issue 3 years ago • 9 comments

Affected Resource(s)

  • fastly_service_v1

Currently, there are some settings in the UI that are simply shortcuts to other resources, eg:

  • CleanShot 2021-10-14 at 10 51 13
  • CleanShot 2021-10-14 at 10 51 32
  • CleanShot 2021-10-14 at 10 54 58

Currently, if you want those toggles enabled from Terraform, you have to just match the name exactly, which is kind of clumsy:

  condition {
    # Magical name that ties to Fastly defaults
    name = "Generated by synthetic response for 503 page"

    priority  = 0
    statement = "beresp.status == 503"
    type      = "CACHE"
  }

  header {
    # Magical name that ties to Fastly defaults
    name = "Generated by force TLS and enable HSTS"

    action        = "set"
    destination   = "http.Strict-Transport-Security"
    ignore_if_set = false
    priority      = 100
    source        = "\"max-age=31557600\""
    type          = "response"
  }

  response_object {
    # Magical name that ties to Fastly defaults
    name = "Generated by synthetic response for 503 page"

    cache_condition = "Generated by synthetic response for 503 page"
    content         = file("files/503.html")
    content_type    = "text/html"
    response        = "Service Unavailable"
    status          = 503
  }

It would be nice if either:

  • these settings were there own dedicated options
  • or, there was simply a setting to toggle the UI setting on/off (even if the explicit resources were still required)

It can be alarming looking at the UI, thinking these settings aren't enabled, when in fact they are, but the toggles may not be active.

timkelty avatar Oct 14 '21 14:10 timkelty

Futhermore, the gzip block doesn't seem to be able to be toggled by a matching string like the others:

  gzip {
    name = "Default gzip policy"
    content_types = [
      "application/javascript",
      "application/json",
      "application/vnd.ms-fontobject",
      "application/x-font-opentype",
      "application/x-font-truetype",
      "application/x-font-ttf",
      "application/x-javascript",
      "application/xml",
      "font/eot",
      "font/opentype",
      "font/otf",
      "image/svg+xml",
      "image/vnd.microsoft.icon",
      "text/css",
      "text/html",
      "text/javascript",
      "text/plain",
      "text/xml",
    ]
    extensions = [
      "css", "eot", "html", "ico", "js", "json", "otf", "svg", "ttf"
    ]
  }

…will result in the toggle being "off" in the UI.

timkelty avatar Oct 15 '21 13:10 timkelty

https://github.com/fastly/terraform-provider-fastly/pull/433

smaeda-ks avatar Oct 15 '21 18:10 smaeda-ks

How did you manage to enable the toggle for "Force TLS and enable HSTS"? the example above will add the header, but what about Force TLS?

DanOfir avatar Oct 17 '21 10:10 DanOfir

@DanOfir sorry, didn't include the full example:

locals {
  # Magical names that ties to Fastly defaults
  magic_name_503       = "Generated by synthetic response for 503 page"
  magic_name_robots    = "Generated by synthetic response for robots.txt"
  magic_name_force_tls = "Generated by force TLS and enable HSTS"
}


resource "fastly_service_v1" "this" {
  header {
    name          = local.magic_name_force_tls
    action        = "set"
    destination   = "http.Strict-Transport-Security"
    ignore_if_set = false
    priority      = 100
    source        = "\"max-age=31557600\""
    type          = "response"
  }

  request_setting {
    name          = local.magic_name_force_tls
    force_ssl     = true
    max_stale_age = 0
    xff           = ""
  }
}

timkelty avatar Oct 18 '21 14:10 timkelty

Would also like to see this!

ohookins avatar Dec 06 '21 04:12 ohookins

Futhermore, the gzip block doesn't seem to be able to be toggled by a matching string like the others:

  gzip {
    name = "Default gzip policy"

This works for me if I use name = "Generated by default gzip policy"

jonnangle avatar Nov 02 '22 13:11 jonnangle

I'd be curious to know if, like gzip and the other settings mentioned so far, the same can be achieved for the apex to www redirect setting?

image

It seems like that creates snippets for recv and error that are hidden in the UI.

That might be harder to get the resource naming correct in order for the Terraform configuration to align with the UI settings however!

Anyone successfully got that working?

sjparkinson avatar Nov 04 '22 14:11 sjparkinson

Hit a small snag on the Force TLS option that I figure is worth documenting, we currently define the following:

request_setting {
  name      = "Generated by force TLS and enable HSTS"
  force_ssl = true
  xff       = ""
}

For an existing service with this name with the xff field accidently set to append, this configuration looks to always result in a change in the Terraform plan, with Terraform not actually updating/clearing the value for xff. Can be manually fixed by turning the setting off and on in the UI to reset the request setting.

Likely because a value for xff of "" doesn't match a case at?:

https://github.com/fastly/terraform-provider-fastly/blob/a22ea5f9b2043f47cfa869d125ca67f26342690c/fastly/block_fastly_service_requestsetting.go#L293-L305

It also seems like there's a difference for the value of max_stale_age based on the diff after manually resetting the Force TLS setting, Terraform creating different default values than the UI?:

Screenshot 2022-11-08 at 13 27 21

sjparkinson avatar Nov 08 '22 13:11 sjparkinson

Another setting for the list, enabling HTTP/3.

image

It looks to create a recv snippet that is hidden from the UI. There doesn't look to be a method of creating a snippet with a "magic" name that will toggle the setting in the UI.

Be great to have a setting for this in the provider.

Done with https://github.com/fastly/terraform-provider-fastly/pull/640.

sjparkinson avatar Nov 22 '22 11:11 sjparkinson