Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls_enforce don't work #99

Open
KaiBroeker opened this issue Aug 15, 2024 · 2 comments
Open

tls_enforce don't work #99

KaiBroeker opened this issue Aug 15, 2024 · 2 comments
Assignees
@l-with

Comments

@KaiBroeker
Copy link

KaiBroeker commented Aug 15, 2024
edited
Loading

Hi,

I tried to enable tls_enforce_in and tls_enforce_out for some mailboxes.
I get no error from tf but if I look in the web ui there is no tls enforced. Also if I run tf again the change should be applied again.

Here the logs (same on every run):

\mail_automation> D:\terraform.exe apply
mailcow_mailbox.mailboxes-***-de--default["info"]: Refreshing state... [id=info@***.de]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

 # mailcow_mailbox.mailboxe-***-de--info will be updated in-place
  ~ resource "mailcow_mailbox" "mailboxe-***-de--info" {
        id              = "info@***.de"
      ~ tls_enforce_in  = false -> true
      ~ tls_enforce_out = false -> true
        # (13 unchanged attributes hidden)
    }
Plan: 0 to add, 8 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

mailcow_mailbox.mailboxes-***-de--info: Modifying... [id=info@***.de]

Apply complete! Resources: 0 added, 8 changed, 0 destroyed.
mail_automation>
@KaiBroeker
Copy link
Author

I tested a little bit. The issue only happens if I add the tls_enforce by existing mailboxes.
If I create a new mailbox the configuration is fine.

@l-with l-with self-assigned this Sep 14, 2024
@l-with
Copy link
Owner

l-with commented Sep 14, 2024
edited
Loading

@KaiBroeker I debugged it. The reason is the mailcow api:

  • add mailbox (/api/v1/add/mailbox) sets tls_enforce_out (and others)
  • edit mailbox (/api/v1/edit/mailbox) ignores tls_enforce (and others), but return that it changed it

updating e.g. tls_enforce can be possibly done with the mailcow api edit tls_policies, this api endpoint is not part of the swagger UI. documentation of the api, I found an indication that this api endpoint exists in the mailcow-dockerized source code.

The terraform provider flow will be quirky with this addition. I will update this strangeness to the docs. By now my motivation trying to add this functionality is low. You can try to convince me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@l-with l-with

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@KaiBroeker @l-with