aci_rest_managed - in many instances sets annotation but on re-apply says that it needs to be updated

[scotttyso]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

APIC version and APIC Platform

• V 6.0.2 and on-prem/cloud-aws/cloud-azure/all.

Affected Resource(s)

• aci_rest_managed
• aci_fabric_node_control
• aci_l3_interface_policy
• aci_vlan_pool

Terraform Configuration Files

resource "aci_rest_managed" "fabric_wide_settings_5_2_3" {
    class_name = "infraSetPol"
    content    = {
        "annotation" = "orchestrator:terraform"
        "dampFactor"                     = "1"
        "descr"                          = ""
        "disableEpDampening"             = "no"
        "domainValidation"               = "yes"
        "enableMoStreaming"              = "yes"
        "enableRemoteLeafDirect"         = "yes"
        "enforceSubnetCheck"             = "no"
        "leafOpflexpAuthenticateClients" = "yes"
        "leafOpflexpUseSsl"              = "yes"
        "name"                           = "default"
        "nameAlias"                      = ""
        "opflexpAuthenticateClients"     = "yes"
        "opflexpSslProtocols"            = "TLSv1.2"
        "opflexpUseSsl"                  = "yes"
        "ownerKey"                       = ""
        "ownerTag"                       = ""
        "policySyncNodeBringup"          = "yes"
        "reallocateGipo"                 = "no"
        "restrictInfraVLANTraffic"       = "no"
        "unicastXrEpLearnDisable"        = "yes"
        "userdom"                        = "all"
        "validateOverlappingVlans"       = "no"
    }
    dn         = "uni/infra/settings"
    id         = "uni/infra/settings"
}

Debug Output

Panic Output

Expected Behavior

Actual Behavior

Steps to Reproduce

1. terraform apply

on re-apply even though the api has the value of the annotation, the annotation object is missing from the state file, and it believes it needs to be updated.

  # module.system_settings["default"].aci_rest_managed.fabric_wide_settings_5_2_3["default"] will be updated in-place
  ~ resource "aci_rest_managed" "fabric_wide_settings_5_2_3" {
      ~ content    = {
          + "annotation"                     = "orchestrator:terraform"
            # (22 unchanged elements hidden)
        }
        id         = "uni/infra/settings"
        # (2 unchanged attributes hidden)
    }

A few examples are: infraSetPol latencyPtpMode fabricProtPol vzOOBBrCP mgmtInstP

I may have more in tenant policies and route-maps. But I need to do further testing there.

If I try to add annotation to infraSHPortS I get the following error

│ Error: Admin implicit props cannot be modified, class=infraSHPortS, prop=creator
│ 
│   with module.switch["default"].aci_rest_managed.spine_interface_selectors["102-Eth1/1"],
│   on ../../../terraform-aci-switch/switch_profiles.tf line 249, in resource "aci_rest_managed" "spine_interface_selectors":
│  249: resource "aci_rest_managed" "spine_interface_selectors" {

If I try to add annotation to syslogGroup I get the following error:

╷
│ Error: Admin implicit props cannot be modified, class=syslogGroup, prop=remoteDestCount
│ 
│   with module.admin["default"].aci_rest_managed.syslog_destination_groups["default"],
│   on ../../../terraform-aci-admin/external_data_collectors.tf line 166, in resource "aci_rest_managed" "syslog_destination_groups":
│  166: resource "aci_rest_managed" "syslog_destination_groups" {
│ 

Additional challenges with some more with trying to utilize annotation

╷
│ Error: Admin implicit props cannot be modified, class=dnsProfile, prop=epgDn
│ 
│   with module.fabric["default"].aci_rest_managed.dns_profiles["default"],
│   on ../../../terraform-aci-fabric/policies-global.tf line 10, in resource "aci_rest_managed" "dns_profiles":
│   10: resource "aci_rest_managed" "dns_profiles" {
│ 
╵
│ Error: Admin implicit props cannot be modified, class=snmpTrapDest, prop=epgDn
│ 
│   with module.fabric["default"].aci_rest_managed.snmp_trap_destinations["default:10.101.128.25"],
│   on ../../../terraform-aci-fabric/policies-pod.tf line 279, in resource "aci_rest_managed" "snmp_trap_destinations":
│  279: resource "aci_rest_managed" "snmp_trap_destinations" {
│ 
╵

The following are ignoring annotation all together. snmpSrc snmpTrapFwdServerP snmpGroup snmpPol datetimeFormat datetimePol fabricPodPGrp fabricPodP fabricPodS syslogRemoteDest syslogSrc

With aci_fabric_node_control ignores annotation. aci_l3_interface_policy ignores annotation. aci_vlan_pool isn't by default setting annotation.

In function it is working but annotation is not being added to the state, so it believes it needs to re-apply each time.

On a Side note, outside of the provider and with the GUI, it seems to be inconsistent when the Tag is added to the object or not.

i.e. BGP Route Reflector and COOP Group show it. APIC Connectivity Preference, Fabric-Wide Settings, Global AES, ISIS Policy, Port Tracking, PTP and Latency, qosInstPol, infraSpAccPortGrp, Admin > AAA > Authentication Default Settings/Security Default Settings, do not. Would be nice for the UI to be consistent.

Important Factoids

References

• 0000

[akinross]

Remove annotation in list @ https://github.com/CiscoDevNet/terraform-provider-aci/blob/master/aci/resource_aci_rest_managed.go#L16 should resolve this issue.

Issue is closely related to https://github.com/CiscoDevNet/terraform-provider-aci/issues/1074 where injection into content should be made by global default when not provided to content. Be aware that only class that contain annotation attribute should be injected with a annotation