terraform-provider-incapsula
terraform-provider-incapsula copied to clipboard
imperva
Resource incapsula_policy ignores account_id parameter with sub accounts
Confirmation
- [X] My issue isn't already found on the issue tracker.
- [X] I have replicated my issue using the latest version of the provider and it is still present.
Terraform and Imperva provider version
Terraform v1.4.6 on darwin_arm64
- provider registry.terraform.io/imperva/incapsula v3.18.3 (Note: 3.18.3 is the latest version in the terraform registry.)
Affected resource(s)
incapsula_policy
Terraform configuration files
resource "incapsula_policy" "this" {
name = "name"
enabled = true
account_id = "8675309"
policy_type = "ACL"
description = "description"
policy_settings = jsonencode([
{ data = { ips = ["0.0.0.0/0"] }
policyDataExceptions = [{
data = [{
exceptionType = "IP"
values = [
"192.168.0.0/32"
]
}, ]
}, ]
policySettingType = "IP", settingsAction = "BLOCK"
}
]
)
}
Debug output
2023-07-13T16:53:18.498-0700 [DEBUG] incapsula_policy.this: applying the planned Create change 2023-07-13T16:53:18.498-0700 [INFO] provider.terraform-provider-incapsula_v3.18.3: 2023/07/13 16:53:18 [INFO] Adding Incapsula Policy: timestamp=2023-07-13T16:53:18.498-0700 2023-07-13T16:53:18.498-0700 [INFO] provider.terraform-provider-incapsula_v3.18.3: 2023/07/13 16:53:18 [DEBUG] Incapsula Add Incap Policy JSON request: {"name":"name","description":"description","enabled":true,"accountId":8675309,"policyType":"ACL","policySettings":[{"settingsAction":"BLOCK","policySettingType":"IP","data":{"ips":["0.0.0.0/0"]},"policyDataExceptions":[{"data":[{"exceptionType":"IP","values":["192.168.0.0/32"]}]}]}],"defaultPolicyConfig":null}: timestamp=2023-07-13T16:53:18.498-0700 2023-07-13T16:53:19.983-0700 [INFO] provider.terraform-provider-incapsula_v3.18.3: 2023/07/13 16:53:19 [DEBUG] Incapsula Add Policy JSON response: {"value":{"defaultPolicyConfig":[],"policySettings":[{"id":193,"policyId":93,"settingsAction":"BLOCK","policySettingType":"IP","data":{"ips":["0.0.0.0/0"]},"policyDataExceptions":[{"id":236,"policySettingsId":193,"data":[{"exceptionType":"IP","values":["192.168.0.0/32"]}]}]}],"lastModifiedBy":75,"lastModified":"Jul 13, 2023, 11:53:19 PM"}]}],"id":93,"name":"name","description":"description","enabled":true,"accountId":9035768,"policyType":"ACL","lastModified":"Jul 13, 2023, 11:53:19 PM","lastModifiedBy":75},"isError":false}: timestamp=2023-07-13T16:53:19.983-0700 2023-07-13T16:53:19.984-0700 [INFO] provider.terraform-provider-incapsula_v3.18.3: 2023/07/13 16:53:19 [INFO] Created Incapsula policy with ID: 93: timestamp=2023-07-13T16:53:19.983-0700
2023-07-13T16:53:19.984-0700 [INFO] provider.terraform-provider-incapsula_v3.18.3: 2023/07/13 16:53:19 [INFO] Created Incapsula policy with ID: 93: timestamp=2023-07-13T16:53:19.983-0700 2023-07-13T16:53:19.984-0700 [INFO] provider.terraform-provider-incapsula_v3.18.3: 2023/07/13 16:53:19 [INFO] Getting Incapsula Policy: 93: timestamp=2023-07-13T16:53:19.983-0700 2023-07-13T16:53:19.984-0700 [INFO] provider.terraform-provider-incapsula_v3.18.3: 2023/07/13 16:53:19 [DEBUG] Waiting for state to become: [success]: timestamp=2023-07-13T16:53:19.983-0700 2023-07-13T16:53:20.161-0700 [INFO] provider.terraform-provider-incapsula_v3.18.3: 2023/07/13 16:53:20 [DEBUG] Incapsula Read Policy JSON response: {"value":{"policySettings":[{"id":193,"policyId":93,"settingsAction":"BLOCK","policySettingType":"IP","data":{"ips":["0.0.0.0/0"]},"policyDataExceptions":[{"id":236,"policySettingsId":193,"data":[{"exceptionType":"IP","values":["192.168.0.0/32"]}]}]}],"lastModifiedBy":75,"lastModified":"Jul 13, 2023, 11:53:20 PM","exceptionAssetMapping":[]}]}],"id":93,"name":"name","description":"description","enabled":true,"accountId":9035768,"policyType":"ACL","lastModified":"Jul 13, 2023, 11:53:20 PM","lastModifiedBy":75},"isError":false}: timestamp=2023-07-13T16:53:20.161-0700 2023-07-13T16:53:20.162-0700 [WARN] Provider "provider["registry.terraform.io/imperva/incapsula"]" produced an unexpected new value for incapsula_policy.this, but we are tolerating it because it is using the legacy plugin SDK. The following problems may be the cause of any confusing errors from downstream operations: - .policy_settings: was cty.StringVal("[{"data":{"ips":["0.0.0.0/0"]},"policyDataExceptions":[{"data":[{"exceptionType":"IP","values":["192.168.0.0/32""]}]}],"policySettingType":"IP","settingsAction":"BLOCK"}]"), but now cty.StringVal("[\n {\n "settingsAction": "BLOCK",\n "policySettingType": "IP",\n "data": {\n "ips": [\n "0.0.0.0/0"\n ]\n },\n "policyDataExceptions": [\n {\n "data": [\n {\n "exceptionType": "IP",\n "values": [\n "192.168.0.0/32",\n ]\n }\n ]\n }\n ]\n }\n]") - .account_id: was cty.NumberIntVal(8.675309e+06), but now cty.NumberIntVal(9.035768+06) incapsula_policy.devops-development-tester3: Creation complete after 2s [id=93] 2023-07-13T16:53:20.192-0700 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF" 2023-07-13T16:53:20.193-0700 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/imperva/incapsula/3.18.3/darwin_arm64/terraform-provider-incapsula_v3.18.3 pid=4577 2023-07-13T16:53:20.193-0700 [DEBUG] provider: plugin exited
Values modified: accountId, policyId, policySettingsId,lastModifiedBy,policyDataExceptions values,
Panic output
No response
Expected output
account_id - (Optional) Account ID of the policy.
Actual output
Policy was created on parent account, which causes drift on the next terraform execution - the provider identifies that it should be on the sub account and wants to delete/ recreate the policy.
Steps to reproduce
- Have an Imperva account,9035768
- Have a sub account, 8675309
- Make a user with policy read and creation permissions on the parent and sub accounts
- Generate an api key for the user, in the parent account (8675309)
- use the api key in terraform to create a policy on the sub account (9035768)
Additional factoids
No response
References
No response
Ah, my repro steps are not quite accurate. commenting here to track the "Hey I messed up".
Prior state
Have an Imperva account, 8675309
Have a sub account, 9035768
Correct state
Have an Imperva account, 9035768
Have a sub account,8675309
Thanks for reaching out. We are checking your issue and will get back to you soon.
