diff --git a/GNUmakefile b/GNUmakefile index 9722be3d..e0029211 100755 --- a/GNUmakefile +++ b/GNUmakefile @@ -6,7 +6,7 @@ NAMESPACE=terraform-providers PKG_NAME=incapsula BINARY=terraform-provider-${PKG_NAME} # Whenever bumping provider version, please update the version in incapsula/client.go (line 27) as well. -VERSION=3.16.0 +VERSION=3.16.1 # Mac Intel Chip OS_ARCH=darwin_amd64 diff --git a/incapsula/client.go b/incapsula/client.go index 42dc018b..ca673461 100644 --- a/incapsula/client.go +++ b/incapsula/client.go @@ -34,7 +34,7 @@ type Client struct { func NewClient(config *Config) *Client { client := &http.Client{} - return &Client{config: config, httpClient: client, providerVersion: "3.16.0"} + return &Client{config: config, httpClient: client, providerVersion: "3.16.1"} } func (c *Client) CreateFormDataBody(bodyMap map[string]interface{}) ([]byte, string) { diff --git a/incapsula/client_account.go b/incapsula/client_account.go index 16414f17..84c55706 100644 --- a/incapsula/client_account.go +++ b/incapsula/client_account.go @@ -79,6 +79,7 @@ type AccountStatusResponse struct { SupportAllTLSVersions bool `json:"supprt_all_tls_versions"` WildcardSANForNewSites string `json:"wildcard_san_for_new_sites"` NakedDomainSANForNewWWWSites bool `json:"naked_domain_san_for_new_www_sites"` + ConsentRequired bool `json:"consent_required"` Res interface{} `json:"res"` ResMessage string `json:"res_message"` DebugInfo struct { @@ -180,7 +181,7 @@ func (c *Client) AccountStatus(accountID int, operation string) (*AccountStatusR // UpdateAccount will update the specific param/value on the account resource func (c *Client) UpdateAccount(accountID, param, value string) (*AccountUpdateResponse, error) { - log.Printf("[INFO] Updating Incapsula account for accountID: %s\n", accountID) + log.Printf("[INFO] Updating Incapsula account for accountID: %s. Param: %s. Value: %s\n", accountID, param, value) values := url.Values{ "account_id": {accountID}, diff --git a/incapsula/resource_account.go b/incapsula/resource_account.go index c19d612f..4c20a35b 100644 --- a/incapsula/resource_account.go +++ b/incapsula/resource_account.go @@ -105,6 +105,12 @@ func resourceAccount() *schema.Resource { Optional: true, ValidateFunc: validation.StringInSlice([]string{"APAC", "EU", "US", "AU"}, false), }, + "consent_required": { + Description: "Blocks Imperva from performing sensitive operations on your behalf. Options are `true`, `false`.", + Type: schema.TypeBool, + Optional: true, + Computed: true, + }, // Computed Attributes "support_level": { @@ -204,6 +210,7 @@ func resourceAccountRead(d *schema.ResourceData, m interface{}) error { d.Set("support_all_tls_versions", accountStatusResponse.Account.SupportAllTLSVersions) d.Set("wildcard_san_for_new_sites", accountStatusResponse.Account.WildcardSANForNewSites) d.Set("naked_domain_san_for_new_www_sites", accountStatusResponse.Account.NakedDomainSANForNewWWWSites) + d.Set("consent_required", accountStatusResponse.ConsentRequired) // Get the performance settings for the site defaultAccountDataStorageRegion, err := client.GetAccountDataStorageRegion(d.Id()) @@ -276,18 +283,30 @@ func resourceAccountDelete(d *schema.ResourceData, m interface{}) error { } func updateAdditionalAccountProperties(client *Client, d *schema.ResourceData) error { - updateParams := [5]string{"name", "error_page_template", "support_all_tls_versions", "naked_domain_san_for_new_www_sites", "wildcard_san_for_new_sites"} + consentRequiredParam := "consent_required" + updateParams := [6]string{"name", "error_page_template", "support_all_tls_versions", "naked_domain_san_for_new_www_sites", "wildcard_san_for_new_sites", consentRequiredParam} for i := 0; i < len(updateParams); i++ { param := updateParams[i] - if d.HasChange(param) && d.Get(param) != "" { - log.Printf("[INFO] Updating Incapsula account param (%s) with value (%s) for account_id: %s\n", param, d.Get(param).(string), d.Id()) - _, err := client.UpdateAccount(d.Id(), param, d.Get(param).(string)) - if err != nil { - log.Printf("[ERROR] Could not update Incapsula account param (%s) with value (%s) for account_id: %s %s\n", param, d.Get(param).(string), d.Id(), err) - return err + if d.HasChange(param) { + var paramValStr string + + if param == consentRequiredParam { + paramValStr = strconv.FormatBool(d.Get(param).(bool)) + } else { + paramValStr = d.Get(param).(string) + } + + if paramValStr != "" { + log.Printf("[INFO] Updating Incapsula account param (%s) with value (%s) for account_id: %s\n", param, paramValStr, d.Id()) + _, err := client.UpdateAccount(d.Id(), param, paramValStr) + if err != nil { + log.Printf("[ERROR] Could not update Incapsula account param (%s) with value (%s) for account_id: %s %s\n", param, paramValStr, d.Id(), err) + return err + } } } } + return nil } diff --git a/website/docs/r/account.html.markdown b/website/docs/r/account.html.markdown index 420033ce..0b376dae 100644 --- a/website/docs/r/account.html.markdown +++ b/website/docs/r/account.html.markdown @@ -22,6 +22,7 @@ resource "incapsula_account" "example-account" { account_name = "Example Account" logs_account_id = "456" log_level = "full" + consent_required = true data_storage_region = "US" @@ -42,6 +43,7 @@ The following arguments are supported: * `account_name` - (Optional) Account name. * `logs_account_id` - (Optional) Account where logs should be stored. Available only for Enterprise Plan customers that purchased the Logs Integration SKU. Numeric identifier of the account that purchased the logs integration SKU and which collects the logs. If not specified, operation will be performed on the account identified by the authentication parameters. * `log_level` - (Optional) The log level. Options are `full`, `security`, and `none`. +* `consent_required` - (Optional) Blocks Imperva from performing sensitive operations on your behalf. You can then activate consent via the Cloud Security Console UI. Options are `true`, `false`. * `data_storage_region` - (Optional) Default data region of the account for newly created sites. Options are `APAC`, `EU`, `US` and `AU`. Defaults to `US`. * `support_all_tls_versions` - (Optional) Allow sites in the account to support all TLS versions for connectivity between clients (visitors) and the Imperva service. Note: This argument is deprecated. Use add_naked_domain_san_for_www_sites in the account_ssl_settings resource instead.