terraform-provider-pingfederate
terraform-provider-pingfederate copied to clipboard
Published
20 hours ago •
iwarapter
iwarapter
Tracked HTTP Params
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version
Terraform v0.12.25
Affected Resource(s)
- pingfederate_authentication_policies with PF 10.0.2.2
Terraform Configuration Files
# Copy-paste your Terraform configurations here
resource "pingfederate_authentication_policies" "demo" {
fail_if_no_selection = false
tracked_http_parameters = []
...truncated....
}
Debug Output
Panic Output
Expected Behavior
HTTP Params removed
Actual Behavior
HTTP Params not removed
Steps to Reproduce
Create resource to add params Params added Remove resource Param not removed from PF
terraform apply
Important Factoids
References
- #0000
This appears to be a bug with the PF admin API:
Update with no trackedHttpHeaders
curl -s -k -X PUT -H "X-XSRF-Header: pingfederate" -H "Content-Type: application/json" --user Administrator:2Federate -d '{"authnSelectionTrees":[{"enabled":true,"name":"bar","rootNode":{"action":{"authenticationSource":{"sourceRef":{"id":"testing","location":"https://localhost:9999/pf-admin-api/v1/idp/adapters/testing"},"type":"IDP_ADAPTER"},"type":"AUTHN_SOURCE"},"children":[{"action":{"context":"Fail","type":"RESTART"}},{"action":{"context":"Success","type":"DONE"}}]}}],"defaultAuthenticationSources":[{"sourceRef":{"id":"testing","location":"https://localhost:9999/pf-admin-api/v1/idp/adapters/testing"},"type":"IDP_ADAPTER"}],"failIfNoSelection":false}' https://localhost:9999/pf-admin-api/v1/authenticationPolicies/default | jq .trackedHttpParameters
[
"foo"
]
Update with empty trackedHttpHeaders
curl -s -k -X PUT -H "X-XSRF-Header: pingfederate" -H "Content-Type: application/json" --user Administrator:2Federate -d '{"authnSelectionTrees":[{"enabled":true,"name":"bar","rootNode":{"action":{"authenticationSource":{"sourceRef":{"id":"testing","location":"https://localhost:9999/pf-admin-api/v1/idp/adapters/testing"},"type":"IDP_ADAPTER"},"type":"AUTHN_SOURCE"},"children":[{"action":{"context":"Fail","type":"RESTART"}},{"action":{"context":"Success","type":"DONE"}}]}}],"defaultAuthenticationSources":[{"sourceRef":{"id":"testing","location":"https://localhost:9999/pf-admin-api/v1/idp/adapters/testing"},"type":"IDP_ADAPTER"}],"failIfNoSelection":false,"trackedHttpParameters":[]}' https://localhost:9999/pf-admin-api/v1/authenticationPolicies/default | jq .trackedHttpParameters
[
"foo"
]
Update with new value (works)
curl -s -k -X PUT -H "X-XSRF-Header: pingfederate" -H "Content-Type: application/json" --user Administrator:2Federate -d '{"authnSelectionTrees":[{"enabled":true,"name":"bar","rootNode":{"action":{"authenticationSource":{"sourceRef":{"id":"testing","location":"https://localhost:9999/pf-admin-api/v1/idp/adapters/testing"},"type":"IDP_ADAPTER"},"type":"AUTHN_SOURCE"},"children":[{"action":{"context":"Fail","type":"RESTART"}},{"action":{"context":"Success","type":"DONE"}}]}}],"defaultAuthenticationSources":[{"sourceRef":{"id":"testing","location":"https://localhost:9999/pf-admin-api/v1/idp/adapters/testing"},"type":"IDP_ADAPTER"}],"failIfNoSelection":false,"trackedHttpParameters":["bar"]}' https://localhost:9999/pf-admin-api/v1/authenticationPolicies/default | jq .trackedHttpParameters
[
"bar"
]
Tested with 10.0.2.2
This bug is also present in 10.0.4.1 - You will need to raise this as a bug with PingIdentity