SSL Verify - verify_certificate fails to apply to page_load tests

[PhilipWhiteside]

Hello,

I've been setting the value of verify_certificate to 0 to disable SSL verification on the test. We are monitoring some back end systems which all use self-signed certificates. I can see that this field is in both this provider and the go-thousandeyes, this provider also see's that the value is different during a plan. However, it does not apply the value correctly.

terraform {
  required_providers {
    thousandeyes = {
      source  = "william20111/thousandeyes"
      version = "~> 0.5.2"
    }
  }
  required_version = ">= 1.0"
}

resource "thousandeyes_page_load" "test" {
  test_name             = "Test SSL Ignore Cert"
  url                   = "https://www.thousandeyes.com"
  verify_certificate    = 0 # Ignored
  interval              = 120
  http_interval         = 120
  content_regex         = "" # Required to avoid "NONE" entry
  agents {
    agent_id = data.thousandeyes_agent.internal-mgmt01.agent_id
  }
  lifecycle {
    ignore_changes = [
      api_links,
      custom_headers,
      include_headers,
      bgp_measurements,
      use_public_bgp
    ]
  }
}

For the plan the difference is detected

  # thousandeyes_page_load.test will be updated in-place
  ~ resource "thousandeyes_page_load" "test" {
      + custom_headers         = {}
        id                     = "2154391"
      - page_load_target_time  = 6 -> null
      ~ verify_certificate     = 1 -> 0
        # (32 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

During the apply this comes up during the log

2021-07-05T15:03:10.286+0100 [WARN]  Provider "provider[\"registry.terraform.io/william20111/thousandeyes\"]" produced an unexpected new value for thousandeyes_page_load.test, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .page_load_target_time: was null, but now cty.NumberIntVal(6)
      - .modified_date: was cty.StringVal(""), but now cty.StringVal("2021-07-05 14:03:06")
      - .verify_certificate: was cty.NumberIntVal(0), but now cty.NumberIntVal(1)
      - .modified_by: was cty.StringVal(""), but now cty.StringVal("Philip Whiteside (<redacted>)")
      - .bgp_measurements: was cty.NumberIntVal(1), but now cty.NumberIntVal(0)

The agent level has a disable SSL verify, but this only applies to page load (broswer bot), however this applies to the http server test. The test then does not have a valid "Availability" despite having a completed page load.

[PhilipWhiteside]

My workaround for anyone else who hits this in the mean time. This will run every apply for every resource. I did not see a way of having a resource provisioned run when only modified, only create/delete.

resource "null_resource" "no-ssl-verify" {
  for_each   = local.tests
  depends_on = [thousandeyes_page_load.default]
  provisioner "local-exec" {
    command = "curl --connect-timeout 30 --max-time 30 --retry 5 --retry-delay 30 --retry-max-time 300 --location --request POST 'https://api.thousandeyes.com/v6/tests/page-load/${thousandeyes_page_load.default[each.key].id}/update.json' --header 'Content-Type: application/json' --header 'Authorization: Bearer ${var.TE_TOKEN}' --data-raw '{\"verifyCertificate\": 0}'"
  }
  triggers = {
    always_run = timestamp()
  }
}

[cgascoig]

FYI - I just created #59 which is a different issue but I suspect the underlying cause I outlined there probably applies to this issue as well.