topic Re: Publish changes done by terraform in DevSecOps

Publish changes done by terraform

ninixclub — Fri, 19 Feb 2021 17:40:14 GMT

Hello

We would like for our futur architecture to build pour policies via terraform.

So I installed a lab but I have an issue when I try to publish the new change.

I followed this documentation :

As of right now, Terraform does not provide native support for publish and install-policy, so both of them are handled out-of-band.

In order to use post Apply/Destroy commands, the authentication method must be via environment variables.

Publish

Please use the following for publish:

$ cd $GOPATH/src/github.com/terraform-providers/terraform-provider-checkpoint/commands/publish
$ go build publish.go
$ mv publish $GOPATH/src/github.com/terraform-providers/terraform-provider-checkpoint
$ terraform apply && publish

But when i try it i have the following message :

➜ publish git:(master) go build publish.go
go: github.com/terraform-providers/terraform-provider-checkpoint/commands: github.com/terraform-providers/terraform-provider-checkpoint@v1.1.0: parsing go.mod:
module declares its path as: github.com/CheckPointSW/terraform-provider-checkpoint
but was required as: github.com/terraform-providers/terraform-provider-checkpoint

Idem to install policy

➜ install_policy git:(master) go build install_policy.go
go: github.com/terraform-providers/terraform-provider-checkpoint/commands: github.com/terraform-providers/terraform-provider-checkpoint@v1.1.0: parsing go.mod:
module declares its path as: github.com/CheckPointSW/terraform-provider-checkpoint
but was required as: github.com/terraform-providers/terraform-provider-checkpoint

Do you have a fix for me ?

How do you do in order to publish or install policy ?

Thanks for your help 🙂

Regards

Re: Publish changes done by terraform

PhoneBoy — Sun, 21 Feb 2021 18:52:13 GMT

@chkp-royl @Ryan_Darst any suggestions here?

Re: Publish changes done by terraform

GBrembati — Mon, 22 Feb 2021 01:05:38 GMT

Hello,

When you are working with Terraform you can handle the installation as well as the publish of the changes made by Terraform.

I would simply use the resources you can find inside "checkpoint" provider in the registry, my suggestion would also be to use the latest version (as per today 1.3.0) of the provider. So you would set your provider like this:

terraform {
required_providers {
checkpoint = {
source = "CheckPointSW/checkpoint"
version = ">= 1.3.0"
}
}
}

Then in the main you would just need to add the resources to publish the changes at the end, be careful to use the right dependency for that one since you want to be executed after all the changes.

So the policy install would be something like

resource "checkpoint_management_install_policy" "example" {
  policy_package = "standard"
  targets = ["corporate-gateway"]
}

And the publish would be something like, with some "depends_on" statement inside,

resource "checkpoint_management_publish" "example" { }

These examples are the ones in the public documentation of our provider that you can find here: https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs

If you want to see a real example here is a Terraform that I have created to make few action: such as creating few objects, a policy package, connect a datacenter object, install the CME, patch to a certain Jumbo Hotfix, etc https://github.com/gbrembati/terraform/blob/master/azure/mgmt-configuration/mgmtcfg-main.tf

Hope it helps,

Giorgio

Re: Publish changes done by terraform

Simon_Macpherso — Wed, 30 Jun 2021 09:54:39 GMT

Hi Giorgio,

Do you have a working example of using Terraform to verify and deploy a JHF to an on-premise HA cluster?

Regards,

Simon

Re: Publish changes done by terraform

neilmalta — Tue, 22 Feb 2022 09:19:31 GMT

Hey,

I m working with the publish and policy with terraform, thanks also to you : )

But when I do any changes for example just add a host or change just a comment, its not being publish / installed.

What can I do to always publish after every terraform apply? Thanks.