Meta data deleted on each plan/apply

[iranzoferri]

First, thank you very much for this amazing work, I appreciate it a lot.

I have dns_challenge on all my hosts, this setting is read-only and I can't configure it before the first plan/apply, ok, no problem I will do that after, manually, so... next, in each plan/apply, this "meta" data is deleted.

This is the output when I try to plan each change, making this provider unusable when you have dns_challenge configured:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # nginxproxymanager_proxy_host.fog will be updated in-place
  ~ resource "nginxproxymanager_proxy_host" "fog" {
      ~ forward_host            = "xxx.xxx.xxx.114" -> "xxx.xxx.xxx.14"
        id                      = 56
      ~ meta                    = {
          - "dns_challenge"            = "true"
          - "dns_provider"             = "\"route53\""
          - "dns_provider_credentials" = "\"[default]\\r\\naws_access_key_id=*****redacted******\\r\\naws_secret_access_key=**********redacted**********\""
          - "letsencrypt_agree"        = "true"
          - "letsencrypt_email"        = "\"*****redacted*****@**********.com\""
          - "nginx_err"                = "null"
          - "nginx_online"             = "true"
        } -> (known after apply)
      ~ modified_on             = "2024-02-29T17:07:43.000Z" -> (known after apply)
        # (15 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Obviously, when I try to configure it, I can't, the output is: "Cannot set value for this attribute as the provider has marked it as read-only. Remove the configuration line setting the value."

The question is, is there a way to tell to the provider do not touch this data, or is it really not read-only?
Please, if this a well known fact and there is no way to solve it, it'll a good idea to put a brief note advertising this behavior.

Thanks in advance.

[Sander0542]

Firstly, I am glad to hear you like this provider :)

I am trying to reproduce this issue, but I am unable to get it. Have you imported the resource after manually creating it?

I am correct to assume you already have an SSL certificate setup in the SSL Certificates tab? If so, then you should be able to just copy the ID (can be found by clicking on the 3 dots) and placing that in the certificate_id property of the nginxproxymanager_proxy_host resource.

resource "nginxproxymanager_proxy_host" "fog" {
    ...
    certificate_id = 1
}

After the next apply, you should not receive any changes the next times.

[iranzoferri]

Sorry if I don't explain the situation very well, the steps I follow to arrive to this situation are:

1. I defined the nginxproxymanager_proxy_host like that:

resource "nginxproxymanager_proxy_host" "redacted" {
  domain_names = ["redacted.com", "www.redacted.com"]

  forward_scheme = "https"
  forward_host   = "xxx.xxx.xxx.14"
  forward_port   = 80

  caching_enabled         = true
  allow_websocket_upgrade = true
  block_exploits          = true

  access_list_id = 0 # Publicly Accessible

  certificate_id  = 68
  ssl_forced      = false
  hsts_enabled    = false
  hsts_subdomains = false
  http2_support   = false

  advanced_config = ""
}

2. plan/apply
3. Edit manually to add dns_challenge (At this point I can't import anymore, the object already exist in the state)
4. Now I synced manually the manifest to match the new state (less meta, it is read-only, I can't, or I don't know how to do that)

  ssl_forced      = true
  hsts_enabled    = true
  hsts_subdomains = false
  http2_support   = true

5. Plan/apply (Every thing is in sync, less meta, that will be erased.)

At this point I don't know how to maintain the infra because,

• if I define it with terraform I can'n maintain a dns_challenge between updates, isn't viable
• if I define it completely in a manual way, it's all, the work is already done, if I need to recreate all from a disaster, I need to recreate it again manually to finally import and modify manually... ... seems that if you need dns_challenge, this provider don't worth it.

Please help me, I don't understand, I don't know if I'm doing something wrong.
Thank you very much.

[iranzoferri]

Oh!, I catch the exception,
If every think is the same, I mean, it is in sync, then the terraform output is:

No changes. Your infrastructure matches the configuration.

but, just when you change something, "https" -> "http" in this case, the meta is deleted as is shown below:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
  ~ update in-place

Terraform will perform the following actions:

  # nginxproxymanager_proxy_host.********** will be updated in-place
  ~ resource "nginxproxymanager_proxy_host" "**********" {
      ~ forward_scheme          = "https" -> "http"
        id                      = 53
      ~ meta                    = {
          - "dns_challenge"            = "true"
          - "dns_provider"             = "\"route53\""
          - "dns_provider_credentials" = "\"[default]\\r\\naws_access_key_id=*********************\\r\\naws_secret_access_key=********************************\""
          - "letsencrypt_agree"        = "true"
          - "letsencrypt_email"        = "\"**********@**********.com\""
          - "nginx_err"                = "null"
          - "nginx_online"             = "true"
        } -> (known after apply)
      ~ modified_on             = "2023-12-22T16:41:02.000Z" -> (known after apply)
        # (15 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

I hope that this example helps to understand the issue.
Thanks.
Best regards.

[Sander0542]

I think I understand what your issue is, but there is no need to store the DNS settings in the proxy host. They only need to be stored in the certificate. You can safely let the metadata be removed from the proxy provider.