terraform-provider-incapsula icon indicating copy to clipboard operation
terraform-provider-incapsula copied to clipboard

Published 20 hours ago verified publisher icon imperva

[incapsula_incap_rule] resource fails to delete on destroy run

Open lachlanjholmes opened this issue 2 years ago • 1 comments

Confirmation

  • [X] My issue isn't already found on the issue tracker.
  • [X] I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Imperva provider version

Terraform v1.3.4
on linux_amd64
+ provider registry.terraform.io/hashicorp/local v2.2.3
+ provider registry.terraform.io/imperva/incapsula v3.10.2

Affected resource(s)

incapsula_incap_rule

Terraform configuration files

resource "incapsula_site" "site" {
    domain  =  testing.com
    account_id = 123
    force_ssl  = true
    send_site_setup_emails  = false
    site_ip = 1.2.3.4
    data_storage_region    = "US"
    wildcard_san    =   false
    naked_domain_san    =   false
    perf_mode_level =   dont_include_html
    perf_response_stale_content_mode    =   adaptive
    perf_response_cache_response_header_mode    =   custom
    perf_client_enable_client_side_caching =    true
}

resource "incapsula_incap_rule" "delete-server-response-header" {
    name           = "delete server response header"
    site_id              = incapsula_site.site.id
    action         = "RULE_ACTION_RESPONSE_DELETE_HEADER"
    rewrite_name   = "server"
}

resource "incapsula_incap_rule" "delete-xpoweredby-response-header" {
    name           = "delete xpoweredby response header"
    site_id              = incapsula_site.site.id
    action         = "RULE_ACTION_RESPONSE_DELETE_HEADER"
    rewrite_name   = "X-Powered-By"
}

resource "incapsula_incap_rule" "delete-xaspnet-response-header" {
    name           = "delete xaspnetversion response header"
    site_id              = incapsula_site.site.id
    action         = "RULE_ACTION_RESPONSE_DELETE_HEADER"
    rewrite_name   = "x-aspnet-version"
}

Debug output

I know you asked not to truncate the output but I can't easly risk giving you a full output file.

2022-11-14T23:06:31.059Z [INFO]  provider.terraform-provider-incapsula_v3.10.2: 2022/11/14 23:06:31 [INFO] Deleting Incapsula Incap Rule XXXXXX3 for Site ID 5XXXXXXX: timestamp=2022-11-14T23:06:31.059Z
2022-11-14T23:06:31.059Z [INFO]  provider.terraform-provider-incapsula_v3.10.2: 2022/11/14 23:06:31 [INFO] Deleting Incapsula Incap Rule XXXXXX4 for Site ID 5XXXXXXX: timestamp=2022-11-14T23:06:31.059Z
2022-11-14T23:06:31.059Z [INFO]  provider.terraform-provider-incapsula_v3.10.2: 2022/11/14 23:06:31 [INFO] Deleting Incapsula Incap Rule XXXXXX5 for Site ID 5XXXXXXX: timestamp=2022-11-14T23:06:31.059Z
2022-11-14T23:06:31.611Z [INFO]  provider.terraform-provider-incapsula_v3.10.2: 2022/11/14 23:06:31 [DEBUG] Incapsula Delete Incap Rule JSON response: {"res":0,"res_message":"OK","debug_info":{"id-info":"999999","status":"ok"}}: timestamp=2022-11-14T23:06:31.611Z
2022-11-14T23:06:31.883Z [INFO]  provider.terraform-provider-incapsula_v3.10.2: 2022/11/14 23:06:31 [DEBUG] Incapsula Delete Incap Rule JSON response: {"res":0,"res_message":"OK","debug_info":{"id-info":"999999","status":"ok"}}: timestamp=2022-11-14T23:06:31.883Z
2022-11-14T23:06:31.886Z [INFO]  provider.terraform-provider-incapsula_v3.10.2: 2022/11/14 23:06:31 [DEBUG] Incapsula Delete Incap Rule JSON response: Unknown error. Contact support: timestamp=2022-11-14T23:06:31.885Z
2022-11-14T23:06:31.888Z [ERROR] vertex "incapsula_incap_rule.delete-server-response-header[\"testing.com\"] (destroy)" error: Error status code 500 from Incapsula service when deleting Incap Rule XXXXXX4 for Site ID 5XXXXXXX: Unknown error. Contact support
[31m│[0m [0m[1m[31mError: [0m[0m[1mError status code 500 from Incapsula service when deleting Incap Rule XXXXXX4 for Site ID 5XXXXXXX: Unknown error. Contact support[0m

Panic output

No response

Expected output

incapsula_incap_rule.delete-xaspnet-response-header: Destruction complete after 1s

Actual output

╷
│ Error: Error status code 500 from Incapsula service when deleting Incap Rule XXXXXX for Site ID XXXXXXX: Unknown error. Contact support
│ 
│ 
╵

Steps to reproduce

  1. create a imperva site in tf
  2. create three or more incap rule for the above site in tf
  3. apply the tf
  4. confirm it's built
  5. destroy the tf
  6. error code should appear.

Additional factoids

Hey Team,

Creating the incap rules works 100% of the time

When I go do delete these three incap rules from the site via a destroy run, the destruction of the resource fails with the generic 500 error code.

From my testing I suspect it's a case of rate limiting from the imperva api as it will typically not delete two or one of the incap rules out of the three.

My actual use case leverages a csv file that holds multiple websites, this means that will fail on many of the rules being deleted as the each site is a three x multiplier.

I have a case open with Support 01627145 but I'm logging the case here to get some traction.

I'm happy to share the debug out file with someone via the imperva support team in a offline manner.

Thanks!

References

No response

lachlanjholmes avatar Nov 14 '22 23:11 lachlanjholmes

Hi @lachlanjholmes Thanks for reaching out. We are checking your issue, and hope to return with answers soon.

BrachaY avatar Nov 16 '22 05:11 BrachaY