search

CiscoDevNet / terraform-provider-aci

Terraform Cisco ACI provider
https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs
Mozilla Public License 2.0
87 stars 100 forks source link

Is aci_epgs_using_function broken or am I doing it wrong #275

Closed aj-cruz closed 3 years ago

aj-cruz commented 3 years ago

Community Note

Terraform Version

Terraform v0.14.7

APIC version and APIC Platform

4.2(3q) on-prem

Affected Resource(s)

aci_epgs_using_function

Terraform Configuration Files

resource "aci_epgs_using_function" "attach_to_aaep" {
  depends_on = [aci_application_epg.epg]
  for_each = var.attach_to_aaeps
  access_generic_dn   = each.value.aaep_dn
  tdn                 = each.value.epg_tdn
  encap               = each.value.encap
  instr_imedcy        = each.value.immediacy
  mode                = each.value.mode
 }

Debug Output

Panic Output

Expected Behavior

Create AAEP to EPG relation

Actual Behavior

Error: unknown property value uni/infra/attentp-ESXi-Compute-AAEP/rsfuncToEpg-[uni/tn-MyTenant/ap-Production-Network/epg-Web-EPG], name dn, class infraRsFuncToEpg [(Dn0)] Dn0=,

on modules/tenants/application-epgs/main.tf line 26, in resource "aci_epgs_using_function" "attach_to_aaep": 26: resource "aci_epgs_using_function" "attach_to_aaep" {

Steps to Reproduce

  1. terraform apply

Important Factoids

I notice a successful raw REST post has this: uni/infra/attentp-ESXi-Compute-AAEP/gen-default/rsfuncToEpg-[uni/tn-MyTenant/ap-Production-Network/epg-Web-EPG]

Is the Terraform version missing "gen-default" ??

References

FrederikSuijs commented 3 years ago

I've tried to recreate your issue and played around with it. It seems you can circumvent this issue by prepending the gen-default in _access_genericdn.

resource "aci_epgs_using_function" "attach_to_aaep" {
  access_generic_dn = format("%s/gen-default",aci_attachable_access_entity_profile.attachable_access_entity_profile_test.id)
  tdn               = aci_application_epg.epg_test.id
  encap             = "vlan-11"
  instr_imedcy      = "immediate"
  mode              = "regular"
}

Documentation on how to use this resource could be better for sure; which is true in general for other resources as well.

aj-cruz commented 3 years ago

Thanks for that. There still seems to be something strange going on, though I'm doing it a little different than you:

resource "aci_epgs_using_function" "example" {
  for_each = var.attach_to_aaeps
  depends_on = [aci_application_epg.epg]
  access_generic_dn   = format("%s/gen-default","uni/infra/attentp-${each.value.aaep_name}")
  tdn                 = each.value.epg_tdn
  annotation          = ""
  encap               = each.value.encap
  instr_imedcy        = each.value.immediacy
  mode                = each.value.mode
  primary_encap       = ""
 }

Since my tenant plan is now in a completely separate plan from the access policies I'm manually constructing the dn until I get around to creating a data output to pull in the DNs. With the above I still get: Error: configured object ((Dn0)) not found Dn0=uni/infra/attentp-Border-AAEP/gen-default/rsfuncToEpg-[uni/tn-MyTenant/ap-MyApp/epg-Web-EPG],

But it looks ok now that "/gen-default" is prepended. I've verified in the object store browser that both "uni/infra/attentp-Border-AAEP" and "uni/tn-MyTenant/ap-MyApp/epg-Web-EPG" exist

FrederikSuijs commented 3 years ago

I had similar behavior, but can't reproduce it anymore after attaching an EPG to the AAEP once in the GUI. Maybe something in the backend in triggered which creates the gen-default object. Can you try getting that object with Postman?

https://{{APIC}}/api/mo/uni/infra/attentp-{{AAEP_name}}/gen-default.json?rsp-subtree=children

aj-cruz commented 3 years ago

I think you're right. In postman that returns 0 items until I attach an EPG to the AAEP in the GUI, then postman returns the item.

I think maybe the resource needs to create the object with: /api/node/mo/uni/infra/attentp-{AAEP_NAME}/gen-default.json using a child attribute in the payload to populate the EPG

instead of: api/node/mo/uni/infra/attentp-{AAEP_NAME}/gen-default/rsfuncToEpg-[{EPG_TDN}].json

but then deletions should use the latter so that the AAEP doesn't get deleted when removing an EPG association.

AshuSoni-crest commented 3 years ago

@aj-cruz I tried to recreate this issue, but could not get any errors and all the resources are created successfully. I think you are skipping one resource in between named as aci_access_generic by which you do not need to explicitly add gen-default and I guess after this resource, you do not need to explicitly attach EPG to AAEP from GUI.

I am attaching my terraform configuration for your reference:

resource "aci_tenant" "tenentcheck" {
  name       = "test"
  annotation = "atag"
  name_alias = "alias_tenant"
}

resource "aci_attachable_access_entity_profile" "example" {
    name        = "demo_entity_prof"
    annotation  = "tag_entity"
}

resource "aci_access_generic" "example" {
  attachable_access_entity_profile_dn   = "${aci_attachable_access_entity_profile.example.id}"
  name                                  = "default"
}

resource "aci_application_profile" "example" {
  tenant_dn  = "${aci_tenant.tenentcheck.id}"
  name       = "demo_ap"
  name_alias = "test_ap"
  prio       = "level1"
}

resource "aci_application_epg" "example" {
  application_profile_dn  = "${aci_application_profile.example.id}"
  name                              = "demo_epg"
}

resource "aci_epgs_using_function" "example" {
  access_generic_dn   = "${aci_access_generic.example.id}"
  tdn                 = "${aci_application_epg.example.id}"
  annotation          = "example"
  encap               = "vlan-5"
  instr_imedcy        = "immediate"
  mode                = "regular"
}

The above configuration works for me.

Let me know if you have any other queries.

aj-cruz commented 3 years ago

Ooooooooh I thought that access_generic_dn was the dn for the AAEP, I didn't even notice the aci_access_generic resource. Thanks.