Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to change incapsula_policy_asset_association from default to another policy #450

Open
2 tasks done
stockmaj opened this issue Jun 28, 2024 · 0 comments
Open
2 tasks done

Unable to change incapsula_policy_asset_association from default to another policy #450

stockmaj opened this issue Jun 28, 2024 · 0 comments

Comments

@stockmaj
Copy link

Confirmation

  • My issue isn't already found on the issue tracker.
  • I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Imperva provider version

Terraform v1.9.0-dev
on linux_amd64

  • provider registry.terraform.io/devops-rob/terracurl v1.0.1
  • provider registry.terraform.io/hashicorp/azuread v2.53.0
  • provider registry.terraform.io/hashicorp/azurerm v3.110.0
  • provider registry.terraform.io/hashicorp/time v0.11.2
  • provider registry.terraform.io/imperva/incapsula v3.25.2

Your version of Terraform is out of date! The latest version
is 1.9.0. You can update by downloading from https://www.terraform.io/downloads.html

Affected resource(s)

incapsula_policy_asset_association

Terraform configuration files

# current terraform state is policy_id=X where X is the default policy
resource "incapsula_policy_asset_association" "waf_rules_policy_asset_association" {
  policy_id  = Y
  asset_id   = incapsula_site.site.id
  asset_type = "WEBSITE"
}
resource "incapsula_site" "site" {
  domain = "test.com"

  wildcard_san = true
  lifecycle {
    prevent_destroy = true
  }
}

Debug output

I can privately supply debug output but it may contain configuration information that should not be made publicly available

Panic output

No response

Expected output

I expect the old asset allocation to be replaced with a new one. In the config above, X is the default policy for the account and Y is a different policy. This works if I set the policy to Y in the console and use terraform to change it back to X.

Actual output

module.dns.module.waf_portal.incapsula_policy_asset_association.waf_rules_policy_asset_association must be replaced

-/+ resource "incapsula_policy_asset_association" "waf_rules_policy_asset_association" {
+ account_id = (known after apply)
~ id = "X/N/WEBSITE" -> (known after apply)
~ policy_id = "X" -> "Y" # forces replacement
# (2 unchanged attributes hidden)
}

Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.

Enter a value: yes

module.dns.module.waf_portal.incapsula_policy_asset_association.waf_rules_policy_asset_association: Destroying... [id=X/N/WEBSITE]

│ Error: Error status code 400 from Incapsula service when deleting Policy Asset Association: {"value":"cannot remove default policy of Type WAF_RULES","isError":true}


Steps to reproduce

  1. change a site that is using the default policy to use a non-default policy in the terraform configuration.
  2. terraform apply

Additional factoids

No response

References

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stockmaj