terraform-provider-incapsula icon indicating copy to clipboard operation
terraform-provider-incapsula copied to clipboard

Published 20 hours ago verified publisher icon imperva

Problem after "3.23.0" patch with ssl_settings

Open MrZend opened this issue 9 months ago • 0 comments

Confirmation

  • [X] My issue isn't already found on the issue tracker.
  • [X] I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Imperva provider version

I run terraform commands via CI/CD pipeline, below code of installing right version of provider

Initializing provider plugins...

  • Finding imperva/incapsula versions matching "~> 3.0"...
  • Installing imperva/incapsula v3.23.1...
  • Installed imperva/incapsula v3.23.1

Affected resource(s)

incapsula_ssl_settings

Terraform configuration files

After patch, I added block "inbound_tls_settings". Before update it worked good

resource "incapsula_site_ssl_settings" "this" {
  count   = var.ssl_settings != null ? 1 : 0
  site_id = incapsula_site.this.id
  hsts {
    is_enabled           = try(var.ssl_settings.hsts.is_enabled, null)
    max_age              = try(var.ssl_settings.hsts.max_age, null)
    pre_loaded           = try(var.ssl_settings.hsts.pre_loaded, null)
    sub_domains_included = try(var.ssl_settings.hsts.sub_domains_included, null)
  }

  inbound_tls_settings { 
    configuration_profile = var.ssl_settings.inbound_tls_settings.configuration_profile


    dynamic "tls_configuration" {
      for_each = var.ssl_settings.inbound_tls_settings.tls_configuration != null ? var.ssl_settings.inbound_tls_settings.tls_configuration : []
      content {
        tls_version     = tls_configuration.value.tls_version
        ciphers_support = tls_configuration.value.ciphers_support
      }
    }

  }
  depends_on = [incapsula_site.this, incapsula_custom_certificate.this[0]]
}

Debug output

Panic output

No response

Expected output

I want to manage incapsula_ssl_setting under subaccount, if user under account

Actual output

Terraform wants to create new resource of incapsula_ssl_settings. I think, it because user, from which I run terraform commands, at "superaccount" and sites that I want to manage at subaccounts, and I dont have opportunities to specify subaccount where site is located. Furthermore, I tested new API of imperva for ssl_settings and find out that API cant find site under subaccount, If user under "superaccount" - and at api you can specify account_id where site is located, but in provider you cant do it.

Steps to reproduce

  1. User under account
  2. Sites under subaccounts

Additional factoids

No response

References

No response

MrZend avatar May 02 '24 11:05 MrZend