Re: Terraform simple_cluster member state import

Harald_Hansen · ‎2021-10-17

In Terraform the provider should support importing all properties. At the moment it seems like the 1.4 provider does not import cluster members, and any attempt to plan an existing cluster fails due to trying to add new members.

resource "checkpoint_management_simple_cluster" "core-1" {
  name                = "core-1"
  ipv4_address        = "1.2.3.4"
  version             = "R80.40"
  hardware            = "Open server"
  send_logs_to_server = ["gaia-r81-mgmt"]
  firewall            = true
  members {
    name       = "member-1"
    ip_address = "1.2.3.3"
  }
  members {
    name       = "member-2"
    ip_address = "1.2.3.2"
  }
}

This code should be enough to get the state imported, though there is no sign of the members in the state.

PhoneBoy · ‎2021-10-19

@chkp-royl any idea?

Harald_Hansen · ‎2021-10-28

I'll have to expand on this;

Due to the lack of import support, the CP-provider is not able to monitor changes in simple cluster objects, for instance when something changes on the smart center, this is not reflected in the state. So there is no guarantee the code will match reality after getting deployed.

chkp-royl · ‎2021-10-28

It should save in state all the fields covered by 'show-simple-cluster' API command. There might be changes on smart center that are not reflect in state since the API command doesn't support all object attributes so these will not be seen by terraform. If you are talking about data we receive by 'show-simple-cluster' then we will make sure it's being save to state file correctly.

Harald_Hansen · ‎2021-10-28

The show command displays every cluster interface with interface-type, for instance.

Changing that in SmartCenter is not reflected in terraform plan.

I'm running latest version on SmartCenter and TF/provider, freshly installed in my lab (no interference with production or large rulebases).

There are other issues with the simple-cluster resource, for instance is the member ip not set correctly in many instances.

chkp-royl · ‎2021-10-28

Hi @Harald_Hansen,

Thanks for your report.

We are investigating this issue and hope to fix it ASAP.

Regards,

Roy

Pavel_Krejci · ‎2023-05-09

Hi Roy,

any update regarding this issue?
We are trying to use terraform import to get TF syntax for creating simple cluster. The issue is that members are missing in the output even though they are defined under cluster object in SmartConsole:

# # checkpoint_management_simple_cluster.bc-demo-ext:

# resource "checkpoint_management_simple_cluster" "bc-demo-ext" {

#   anti_bot                   = false
#   anti_virus                 = false
#   application_control        = true
#   cluster_mode               = "cluster-xl-ha"
#   color                      = "pink"
#   content_awareness          = false
#   #dynamic_ip                 = false
#   fetch_policy               = []
#   firewall                   = true
#   hardware                   = "Open server"
#   #id                         = "bc-demo-ext"
#   identity_awareness         = false
#   ips                        = true
#   ipv4_address               = "20.1.2.3"
#   name                       = "bc-demo-ext"
#   nat_settings               = {}
#   os_name                    = "Gaia"
#   proxy_settings             = {}
#   save_logs_locally          = false
#   send_alerts_to_server      = []
#   send_logs_to_backup_server = []
#   send_logs_to_server = [
#     "bc-demo-mgmt",
#   ]
#   tags             = []
#   threat_emulation = false
#   url_filtering    = false
#   version          = "R81.10"
#   vpn              = false
#   platform_portal_settings {
#     accessibility {
#       allow_access_from = "RULE_BASE"
#     }
#     portal_web_settings {
#       aliases  = []
#       main_url = "https://20.1.2.3/"
#     }
#   }
# }

Are you a member of CheckMates?

Terraform simple_cluster member state import