Support managing consent from the account resource

GNUmakefile

@@ -6,7 +6,7 @@ NAMESPACE=terraform-providers
 PKG_NAME=incapsula
 BINARY=terraform-provider-${PKG_NAME}
 # Whenever bumping provider version, please update the version in incapsula/client.go (line 27) as well.
-VERSION=3.16.0
+VERSION=3.16.1
 
 # Mac Intel Chip
 OS_ARCH=darwin_amd64

incapsula/client.go

@@ -34,7 +34,7 @@ type Client struct {
 func NewClient(config *Config) *Client {
 	client := &http.Client{}
 
-	return &Client{config: config, httpClient: client, providerVersion: "3.16.0"}
+	return &Client{config: config, httpClient: client, providerVersion: "3.16.1"}
 }
 
 func (c *Client) CreateFormDataBody(bodyMap map[string]interface{}) ([]byte, string) {

incapsula/client_account.go

@@ -79,6 +79,7 @@ type AccountStatusResponse struct {
 	SupportAllTLSVersions        bool        `json:"supprt_all_tls_versions"`
 	WildcardSANForNewSites       string      `json:"wildcard_san_for_new_sites"`
 	NakedDomainSANForNewWWWSites bool        `json:"naked_domain_san_for_new_www_sites"`
+	ConsentRequired              bool        `json:"consent_required"`
 	Res                          interface{} `json:"res"`
 	ResMessage                   string      `json:"res_message"`
 	DebugInfo                    struct {
@@ -180,7 +181,7 @@ func (c *Client) AccountStatus(accountID int, operation string) (*AccountStatusR
 
 // UpdateAccount will update the specific param/value on the account resource
 func (c *Client) UpdateAccount(accountID, param, value string) (*AccountUpdateResponse, error) {
-	log.Printf("[INFO] Updating Incapsula account for accountID: %s\n", accountID)
+	log.Printf("[INFO] Updating Incapsula account for accountID: %s. Param: %s. Value: %s\n", accountID, param, value)
 
 	values := url.Values{
 		"account_id": {accountID},

incapsula/resource_account.go

@@ -105,6 +105,12 @@ func resourceAccount() *schema.Resource {
 				Optional:     true,
 				ValidateFunc: validation.StringInSlice([]string{"APAC", "EU", "US", "AU"}, false),
 			},
+			"consent_required": {
+				Description: "Blocks Imperva from performing sensitive operations on your behalf. Options are `true`, `false`.",
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Computed:    true,
+			},
 
 			// Computed Attributes
 			"support_level": {
@@ -204,6 +210,7 @@ func resourceAccountRead(d *schema.ResourceData, m interface{}) error {
 	d.Set("support_all_tls_versions", accountStatusResponse.Account.SupportAllTLSVersions)
 	d.Set("wildcard_san_for_new_sites", accountStatusResponse.Account.WildcardSANForNewSites)
 	d.Set("naked_domain_san_for_new_www_sites", accountStatusResponse.Account.NakedDomainSANForNewWWWSites)
+	d.Set("consent_required", accountStatusResponse.ConsentRequired)
 
 	// Get the performance settings for the site
 	defaultAccountDataStorageRegion, err := client.GetAccountDataStorageRegion(d.Id())
@@ -276,18 +283,30 @@ func resourceAccountDelete(d *schema.ResourceData, m interface{}) error {
 }
 
 func updateAdditionalAccountProperties(client *Client, d *schema.ResourceData) error {
-	updateParams := [5]string{"name", "error_page_template", "support_all_tls_versions", "naked_domain_san_for_new_www_sites", "wildcard_san_for_new_sites"}
+	consentRequiredParam := "consent_required"
+	updateParams := [6]string{"name", "error_page_template", "support_all_tls_versions", "naked_domain_san_for_new_www_sites", "wildcard_san_for_new_sites", consentRequiredParam}
 	for i := 0; i < len(updateParams); i++ {
 		param := updateParams[i]
-		if d.HasChange(param) && d.Get(param) != "" {
-			log.Printf("[INFO] Updating Incapsula account param (%s) with value (%s) for account_id: %s\n", param, d.Get(param).(string), d.Id())
-			_, err := client.UpdateAccount(d.Id(), param, d.Get(param).(string))
-			if err != nil {
-				log.Printf("[ERROR] Could not update Incapsula account param (%s) with value (%s) for account_id: %s %s\n", param, d.Get(param).(string), d.Id(), err)
-				return err
+		if d.HasChange(param) {
+			var paramValStr string
+
+			if param == consentRequiredParam {
+				paramValStr = strconv.FormatBool(d.Get(param).(bool))
+			} else {
+				paramValStr = d.Get(param).(string)
+			}
+
+			if paramValStr != "" {
+				log.Printf("[INFO] Updating Incapsula account param (%s) with value (%s) for account_id: %s\n", param, paramValStr, d.Id())
+				_, err := client.UpdateAccount(d.Id(), param, paramValStr)
+				if err != nil {
+					log.Printf("[ERROR] Could not update Incapsula account param (%s) with value (%s) for account_id: %s %s\n", param, paramValStr, d.Id(), err)
+					return err
+				}
 			}
 		}
 	}
+
 	return nil
 }
 

website/docs/r/account.html.markdown

@@ -22,6 +22,7 @@ resource "incapsula_account" "example-account" {
   account_name                       = "Example Account"
   logs_account_id                    = "456"
   log_level                          = "full"
+  consent_required                   = true
 
   data_storage_region                = "US"
 
@@ -42,6 +43,7 @@ The following arguments are supported:
 * `account_name` - (Optional) Account name.
 * `logs_account_id` - (Optional) Account where logs should be stored. Available only for Enterprise Plan customers that purchased the Logs Integration SKU. Numeric identifier of the account that purchased the logs integration SKU and which collects the logs. If not specified, operation will be performed on the account identified by the authentication parameters.
 * `log_level` - (Optional) The log level. Options are `full`, `security`, and `none`.
+* `consent_required` - (Optional) Blocks Imperva from performing sensitive operations on your behalf. You can then activate consent via the Cloud Security Console UI. Options are `true`, `false`.
 * `data_storage_region` - (Optional) Default data region of the account for newly created sites. Options are `APAC`, `EU`, `US` and `AU`. Defaults to `US`.
 * `support_all_tls_versions` - (Optional) Allow sites in the account to support all TLS versions for connectivity between clients (visitors) and the Imperva service.  
                                Note: This argument is deprecated. Use add_naked_domain_san_for_www_sites in the account_ssl_settings resource instead.