Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default settings are not correct in checkpoint_management_access_rule #90

Closed
harhan opened this issue Nov 29, 2021 · 6 comments
Closed

Default settings are not correct in checkpoint_management_access_rule #90

harhan opened this issue Nov 29, 2021 · 6 comments
Labels
documentation enhancement

Comments

@harhan
Copy link

harhan commented Nov 29, 2021

When applying the HCL from the example in the documentation the subsequent plans propose changes to the applied settings. I've isolated this code/rule, that's why the position is changed.

resource "checkpoint_management_access_rule" "rule3" {
  layer = "cloudPolicy Network"
  #position = { below = checkpoint_management_access_rule.rule2.name }
  position           = { top = "top" }
  name               = "test3"
  action             = "Accept"
  source             = ["DMZNet", "DMZZone", "WirelessZone"]
  enabled            = true
  destination        = ["InternalNet", "CPDShield"]
  destination_negate = true
}

Results in plans:

  # checkpoint_management_access_rule.main will be updated in-place
  ~ resource "checkpoint_management_access_rule" "rule3" {
      ~ action_settings    = {
          - "enable_identity_captive_portal" = "false" -> null
        }
        id                 = "be91e1f6-b06d-41de-9cea-7e7ef0853d34"
        name               = "test3"
      ~ track              = {
          - "accounting"              = "false" -> null
          - "alert"                   = "none" -> null
          - "enable_firewall_session" = "false" -> null
          - "per_connection"          = "false" -> null
          - "per_session"             = "false" -> null
          - "type"                    = "None" -> null
        }
        # (19 unchanged attributes hidden)
    }

One should expect this code in the documentation is tested?
@chkp-alonshev
Copy link
Contributor

hi @harhan,
Thank you for this issue, the documentations will change in the next version.
note that you need to set the default value as shown in the plan. meaning you need to set track, track->accounting, and etc.
We will add the defaults to the documentations examples.

@harhan
Copy link
Author

harhan commented Nov 30, 2021

I rather see you improve the provider by setting the correct default values on optional properties. There should be no need to set these values in HCL if they are not needed.
We need Check Point to make this provider developer friendly, as I requested in #88. This is going the opposite direction.

@chkp-alonshev
Copy link
Contributor

It has upsides and downsides, not asking the user to set the default values results in the state not saving the default values, which leads to the provider's not seeing the changes in the default value as a change in plan, and that is a big downside.
We are trying to make the provider as friendly as possible, but sometimes we are forced to choose proper functioning over friendliness.

@harhan
Copy link
Author

harhan commented Nov 30, 2021

Every provider I use with cloud native, for instance azurerm, uses this approach.
I can inspect the state and see the default values there. If I'm not happy with what the provider has selected as default I can change it in HCL.

@chkp-alonshev
Copy link
Contributor

No problem, We will support this in the next terraform version.

@chkp-alonshev
Copy link
Contributor

Hi @harhan ,
This issue is fixed on the new provider's version, which is available now.

Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@harhan @chkp-alonshev