Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[incapsula_incap_rule] resource fails to delete on destroy run #245

Open
2 tasks done
lachlanjholmes opened this issue Nov 14, 2022 · 1 comment
Open
2 tasks done

[incapsula_incap_rule] resource fails to delete on destroy run #245

lachlanjholmes opened this issue Nov 14, 2022 · 1 comment
Labels
service/cwaf

Comments

@lachlanjholmes
Copy link

lachlanjholmes commented Nov 14, 2022
edited
Loading

Confirmation

  • My issue isn't already found on the issue tracker.
  • I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Imperva provider version

Terraform v1.3.4
on linux_amd64
+ provider registry.terraform.io/hashicorp/local v2.2.3
+ provider registry.terraform.io/imperva/incapsula v3.10.2

Affected resource(s)

incapsula_incap_rule

Terraform configuration files

resource "incapsula_site" "site" {
    domain  =  testing.com
    account_id = 123
    force_ssl  = true
    send_site_setup_emails  = false
    site_ip = 1.2.3.4
    data_storage_region    = "US"
    wildcard_san    =   false
    naked_domain_san    =   false
    perf_mode_level =   dont_include_html
    perf_response_stale_content_mode    =   adaptive
    perf_response_cache_response_header_mode    =   custom
    perf_client_enable_client_side_caching =    true
}

resource "incapsula_incap_rule" "delete-server-response-header" {
    name           = "delete server response header"
    site_id              = incapsula_site.site.id
    action         = "RULE_ACTION_RESPONSE_DELETE_HEADER"
    rewrite_name   = "server"
}

resource "incapsula_incap_rule" "delete-xpoweredby-response-header" {
    name           = "delete xpoweredby response header"
    site_id              = incapsula_site.site.id
    action         = "RULE_ACTION_RESPONSE_DELETE_HEADER"
    rewrite_name   = "X-Powered-By"
}

resource "incapsula_incap_rule" "delete-xaspnet-response-header" {
    name           = "delete xaspnetversion response header"
    site_id              = incapsula_site.site.id
    action         = "RULE_ACTION_RESPONSE_DELETE_HEADER"
    rewrite_name   = "x-aspnet-version"
}

Debug output

I know you asked not to truncate the output but I can't easly risk giving you a full output file.

2022-11-14T23:06:31.059Z [INFO]  provider.terraform-provider-incapsula_v3.10.2: 2022/11/14 23:06:31 [INFO] Deleting Incapsula Incap Rule XXXXXX3 for Site ID 5XXXXXXX: timestamp=2022-11-14T23:06:31.059Z
2022-11-14T23:06:31.059Z [INFO]  provider.terraform-provider-incapsula_v3.10.2: 2022/11/14 23:06:31 [INFO] Deleting Incapsula Incap Rule XXXXXX4 for Site ID 5XXXXXXX: timestamp=2022-11-14T23:06:31.059Z
2022-11-14T23:06:31.059Z [INFO]  provider.terraform-provider-incapsula_v3.10.2: 2022/11/14 23:06:31 [INFO] Deleting Incapsula Incap Rule XXXXXX5 for Site ID 5XXXXXXX: timestamp=2022-11-14T23:06:31.059Z
2022-11-14T23:06:31.611Z [INFO]  provider.terraform-provider-incapsula_v3.10.2: 2022/11/14 23:06:31 [DEBUG] Incapsula Delete Incap Rule JSON response: {"res":0,"res_message":"OK","debug_info":{"id-info":"999999","status":"ok"}}: timestamp=2022-11-14T23:06:31.611Z
2022-11-14T23:06:31.883Z [INFO]  provider.terraform-provider-incapsula_v3.10.2: 2022/11/14 23:06:31 [DEBUG] Incapsula Delete Incap Rule JSON response: {"res":0,"res_message":"OK","debug_info":{"id-info":"999999","status":"ok"}}: timestamp=2022-11-14T23:06:31.883Z
2022-11-14T23:06:31.886Z [INFO]  provider.terraform-provider-incapsula_v3.10.2: 2022/11/14 23:06:31 [DEBUG] Incapsula Delete Incap Rule JSON response: Unknown error. Contact support: timestamp=2022-11-14T23:06:31.885Z
2022-11-14T23:06:31.888Z [ERROR] vertex "incapsula_incap_rule.delete-server-response-header[\"testing.com\"] (destroy)" error: Error status code 500 from Incapsula service when deleting Incap Rule XXXXXX4 for Site ID 5XXXXXXX: Unknown error. Contact support
�[31m│�[0m �[0m�[1m�[31mError: �[0m�[0m�[1mError status code 500 from Incapsula service when deleting Incap Rule XXXXXX4 for Site ID 5XXXXXXX: Unknown error. Contact support�[0m

Panic output

No response

Expected output

incapsula_incap_rule.delete-xaspnet-response-header: Destruction complete after 1s

Actual output

╷
│ Error: Error status code 500 from Incapsula service when deleting Incap Rule XXXXXX for Site ID XXXXXXX: Unknown error. Contact support
│ 
│ 
╵

Steps to reproduce

  1. create a imperva site in tf
  2. create three or more incap rule for the above site in tf
  3. apply the tf
  4. confirm it's built
  5. destroy the tf
  6. error code should appear.

Additional factoids

Hey Team,

Creating the incap rules works 100% of the time

When I go do delete these three incap rules from the site via a destroy run, the destruction of the resource fails with the generic 500 error code.

From my testing I suspect it's a case of rate limiting from the imperva api as it will typically not delete two or one of the incap rules out of the three.

My actual use case leverages a csv file that holds multiple websites, this means that will fail on many of the rules being deleted as the each site is a three x multiplier.

I have a case open with Support 01627145 but I'm logging the case here to get some traction.

I'm happy to share the debug out file with someone via the imperva support team in a offline manner.

Thanks!

References

No response
@lachlanjholmes lachlanjholmes changed the title incapsula_incap_rule resource fails to delete on destroy run [incapsula_incap_rule resource] fails to delete on destroy run Nov 14, 2022
@lachlanjholmes lachlanjholmes changed the title [incapsula_incap_rule resource] fails to delete on destroy run [incapsula_incap_rule] resource fails to delete on destroy run Nov 15, 2022
@BrachaY
Copy link
Collaborator

BrachaY commented Nov 16, 2022

Hi @lachlanjholmes
Thanks for reaching out.
We are checking your issue, and hope to return with answers soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
service/cwaf
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lachlanjholmes @BrachaY