Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

incapsula_site fails when using "domain_validation" parameter and wildcard certificates exist #476

Open
2 tasks done
jonxir opened this issue Nov 15, 2024 · 0 comments
Open
2 tasks done

Comments

@jonxir
Copy link
Contributor

jonxir commented Nov 15, 2024

Confirmation

  • My issue isn't already found on the issue tracker.
  • I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Imperva provider version

Terraform v1.9.8 on linux_amd64
Providers required by configuration:
.
└── provider[registry.terraform.io/imperva/incapsula] 3.27.1

Affected resource(s)

incapsula_site

Terraform configuration files

resource "incapsula_site" "testing" {
  domain                 = "sub.[redacted].com"
  account_id             = [redacted]
  ref_id                 = "123"
  send_site_setup_emails = "false"
  site_ip                = "[redacted]"
  force_ssl              = "true"
  data_storage_region    = "EU"
  log_level              = "full"
  domain_validation      = "dns"

  # Performance
  perf_client_comply_no_cache              = true
  perf_client_enable_client_side_caching   = true
  perf_client_send_age_header              = true
  perf_key_comply_vary                     = true
  perf_key_unite_naked_full_cache          = true
  perf_mode_level                          = "standard"
  perf_mode_time                           = 1000
  perf_response_cache_300x                 = true
  perf_response_cache_404_enabled          = true
  perf_response_cache_404_time             = 60
  perf_response_cache_empty_responses      = true
  perf_response_cache_http_10_responses    = true
  perf_response_cache_response_header_mode = "custom"
  perf_response_cache_response_headers     = ["Access-Control-Allow-Origin", "Foo-Bar-Header"]
  perf_response_cache_shield               = true
  perf_response_stale_content_mode         = "custom"
  perf_response_stale_content_time         = 1000
  perf_response_tag_response_header        = "Example-Tag-Value-Header"
  perf_ttl_prefer_last_modified            = true
  perf_ttl_use_shortest_caching            = true
}

Debug output

2024-11-15T16:54:51.207+0100 [INFO] provider.terraform-provider-incapsula_v3.27.1: 2024/11/15 16:54:51 [INFO] Updating Incapsula site for siteID: REDACTED: timestamp="2024-11-15T16:54:51.206+0100"
2024-11-15T16:54:52.233+0100 [INFO] provider.terraform-provider-incapsula_v3.27.1: 2024/11/15 16:54:52 [DEBUG] Incapsula update site JSON response: {"res":1,"res_message":"Unexpected error","debug_info":{"id-info":"999999","domain_dns":"This site has SANs with domain validation other than dns"}}: timestamp="2024-11-15T16:54:52.232+0100"
2024-11-15T16:54:52.233+0100 [INFO] provider.terraform-provider-incapsula_v3.27.1: 2024/11/15 16:54:52 [ERROR] Could not update Incapsula site param (domain_validation) with value (dns) for site_id: REDACTED Error from Incapsula service when updating site for siteID REDACTED: {"res":1,"res_message":"Unexpected error","debug_info":{"id-info":"999999","domain_dns":"This site has SANs with domain validation other than dns"}}: timestamp="2024-11-15T16:54:52.233+0100"
2024-11-15T16:54:52.235+0100 [ERROR] provider.terraform-provider-incapsula_v3.27.1: Response contains error diagnostic: @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:55 diagnostic_detail="" diagnostic_severity=ERROR diagnostic_summary="Error from Incapsula service when updating site for siteID REDACTED: {"res":1,"res_message":"Unexpected error","debug_info":{"id-info":"999999","domain_dns":"This site has SANs with domain validation other than dns"}}" tf_proto_version=5.3 tf_provider_addr=provider tf_req_id=757cf64c-c78b-4ffe-b309-3879b46e666e @module=sdk.proto tf_rpc=ApplyResourceChange tf_resource_type=incapsula_site timestamp="2024-11-15T16:54:52.235+0100"
2024-11-15T16:54:52.244+0100 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-11-15T16:54:52.244+0100 [ERROR] vertex "incapsula_site.testing" error: Error from Incapsula service when updating site for siteID REDACTED: {"res":1,"res_message":"Unexpected error","debug_info":{"id-info":"999999","domain_dns":"This site has SANs with domain validation other than dns"}}

│ Error: Error from Incapsula service when updating site for siteID REDACTED: {"res":1,"res_message":"Unexpected error","debug_info":{"id-info":"999999","domain_dns":"This site has SANs with domain validation other than dns"}}

│ with incapsula_site.testing,
│ on main.tf line 25, in resource "incapsula_site" "testing":
│ 25: resource "incapsula_site" "testing" {


2024-11-15T16:54:52.248+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-11-15T16:54:52.249+0100 [INFO] provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/imperva/incapsula/3.27.1/linux_amd64/terraform-provider-incapsula_v3.27.1 id=1487
2024-11-15T16:54:52.249+0100 [DEBUG] provider: plugin exited

Panic output

No response

Expected output

The expected output is for the terraform apply method to end correctly.

Actual output

The terraform apply method exited the execution because it generated an Error.

Steps to reproduce

  1. Create a site on whatever domain with a wildcard account certificate using the incapsula_site resource. I.e: "www.domain.com"
  2. Validate the certificate so that its state goes to Approved/Released.
  3. Create a site on that exact same domain using a subdomain covered by the wildcard certificate using the incapsula_site resource. I.e: "thisisadummysubdomain.domain.com"
  4. Face the Error.

Obviously this only works when forcing the SSL checks for certificates to be generated and released automatically. Therefore force_ssl and domain_validation must be set.

Additional factoids

No response

References

No response

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant