FR: Better support for UI toggles

[timkelty]

Affected Resource(s)

• fastly_service_v1

Currently, there are some settings in the UI that are simply shortcuts to other resources, eg:

• 
• 
• 

Currently, if you want those toggles enabled from Terraform, you have to just match the name exactly, which is kind of clumsy:

  condition {
    # Magical name that ties to Fastly defaults
    name = "Generated by synthetic response for 503 page"

    priority  = 0
    statement = "beresp.status == 503"
    type      = "CACHE"
  }

  header {
    # Magical name that ties to Fastly defaults
    name = "Generated by force TLS and enable HSTS"

    action        = "set"
    destination   = "http.Strict-Transport-Security"
    ignore_if_set = false
    priority      = 100
    source        = "\"max-age=31557600\""
    type          = "response"
  }

  response_object {
    # Magical name that ties to Fastly defaults
    name = "Generated by synthetic response for 503 page"

    cache_condition = "Generated by synthetic response for 503 page"
    content         = file("files/503.html")
    content_type    = "text/html"
    response        = "Service Unavailable"
    status          = 503
  }

It would be nice if either:

• these settings were there own dedicated options
• or, there was simply a setting to toggle the UI setting on/off (even if the explicit resources were still required)

It can be alarming looking at the UI, thinking these settings aren't enabled, when in fact they are, but the toggles may not be active.

[timkelty]

Futhermore, the gzip block doesn't seem to be able to be toggled by a matching string like the others:

  gzip {
    name = "Default gzip policy"
    content_types = [
      "application/javascript",
      "application/json",
      "application/vnd.ms-fontobject",
      "application/x-font-opentype",
      "application/x-font-truetype",
      "application/x-font-ttf",
      "application/x-javascript",
      "application/xml",
      "font/eot",
      "font/opentype",
      "font/otf",
      "image/svg+xml",
      "image/vnd.microsoft.icon",
      "text/css",
      "text/html",
      "text/javascript",
      "text/plain",
      "text/xml",
    ]
    extensions = [
      "css", "eot", "html", "ico", "js", "json", "otf", "svg", "ttf"
    ]
  }

…will result in the toggle being "off" in the UI.

[smaeda-ks]

#433

[DanOfir]

How did you manage to enable the toggle for "Force TLS and enable HSTS"? the example above will add the header, but what about Force TLS?

[timkelty]

@DanOfir sorry, didn't include the full example:

locals {
  # Magical names that ties to Fastly defaults
  magic_name_503       = "Generated by synthetic response for 503 page"
  magic_name_robots    = "Generated by synthetic response for robots.txt"
  magic_name_force_tls = "Generated by force TLS and enable HSTS"
}


resource "fastly_service_v1" "this" {
  header {
    name          = local.magic_name_force_tls
    action        = "set"
    destination   = "http.Strict-Transport-Security"
    ignore_if_set = false
    priority      = 100
    source        = "\"max-age=31557600\""
    type          = "response"
  }

  request_setting {
    name          = local.magic_name_force_tls
    force_ssl     = true
    max_stale_age = 0
    xff           = ""
  }
}

[ohookins]

Would also like to see this!

[jonnangle]

Futhermore, the gzip block doesn't seem to be able to be toggled by a matching string like the others:

  gzip {
    name = "Default gzip policy"

This works for me if I use name = "Generated by default gzip policy"

[sjparkinson]

I'd be curious to know if, like gzip and the other settings mentioned so far, the same can be achieved for the apex to www redirect setting?

It seems like that creates snippets for recv and error that are hidden in the UI.

That might be harder to get the resource naming correct in order for the Terraform configuration to align with the UI settings however!

Anyone successfully got that working?

[sjparkinson]

Hit a small snag on the Force TLS option that I figure is worth documenting, we currently define the following:

request_setting {
  name      = "Generated by force TLS and enable HSTS"
  force_ssl = true
  xff       = ""
}

For an existing service with this name with the xff field accidently set to append, this configuration looks to always result in a change in the Terraform plan, with Terraform not actually updating/clearing the value for xff. Can be manually fixed by turning the setting off and on in the UI to reset the request setting.

Likely because a value for xff of "" doesn't match a case at?:

terraform-provider-fastly/fastly/block_fastly_service_requestsetting.go

Lines 293 to 305 in a22ea5f

	xff := strings.ToLower(resource["xff"].(string))
	switch xff {
	case "clear":
	opts.XForwardedFor = gofastly.RequestSettingXFFClear
	case "leave":
	opts.XForwardedFor = gofastly.RequestSettingXFFLeave
	case "append":
	opts.XForwardedFor = gofastly.RequestSettingXFFAppend
	case "append_all":
	opts.XForwardedFor = gofastly.RequestSettingXFFAppendAll
	case "overwrite":
	opts.XForwardedFor = gofastly.RequestSettingXFFOverwrite
	}

It also seems like there's a difference for the value of max_stale_age based on the diff after manually resetting the Force TLS setting, Terraform creating different default values than the UI?: