Closed christung16 closed 2 years ago
Do you mind share your terraform provider version and you DCNM/NDFC version, this issue should have been fixed in latest provider.
Thanks, Shangxin
On Aug 21, 2022, at 4:52 AM, christung16 @.***> wrote:
Community Note
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request If you are interested in working on this issue or have submitted a pull request, please leave a comment Terraform Version
DCNM version
V 1.2.6 Affected Resource(s)
dcnm_policy Terraform Configuration Files
Copy-paste your Terraform configurations here - for large Terraform configs,
please use a service like Dropbox and share a link to the ZIP file. For
security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp
resource "dcnm_policy" "customer_bgp_rs" { for_each = { for port in local.switch_port : "${port.switch_key}.${port.port_key}" => port if lookup (port.port_value, "name", null) != "rs-1" && lookup (port.port_value, "name", null) != null } serial_number = data.dcnm_inventory.rs["rs-1"].serial_number template_name = "hkix_bgp_ipv4_peering" template_props = { "BGP_PEER_AS" = each.value.port_value.asn "BGP_PEER_NAME" = each.value.port_value.name "BGP_PEER_IP" = each.value.port_value.peer_ip } description = format("BGP Base policy for %s", each.value.port_value.name) entity_type = "DEVICE" entity_name = each.value.port_value.name priority = 500 depends_on = [ dcnm_network.this ]
} Debug OutputPanic Output
Expected Behavior
I have a BGP peering template, and the above dcnm_policy resource will generate the BGP peering configuration. When I destroy the policy, it should trigger the relative config removal.
When using NDFC UI to delete the same policy, it will trigger the config removal according.
Actual Behavior
When destroy the policy, it only delete the policy in NDFC. It doesn't trigger the config removal. Therefore, the config still remain in the device while NDFC 's policy is deleted.
By sniff the NDFC UI, when delete the policy, it actually use the following REST, it seems that this rest api can trigger the NDFC to remove the relative configuration accordingly.
curl 'https://10.74.175.40/appcenter/cisco/ndfc/api/v1/lan-fabric/rest/control/policies/POLICY-325890/bulk' \ -X 'PUT' \ -H 'Accept: application/json, text/plain, /' \ -H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8' \ -H 'AuthCookie: eyJhbGciOiJSUzI1NiIsImtpZCI6ImRlYThtZjRkNXJnYWo0NTRyYXpvanllNGphNGxrMGJ4IiwidHlwIjoiSldUIn0.eyJhdnBhaXIiOiJzaGVsbDpkb21haW5zPWFsbC9hZG1pbi8iLCJjbHVzdGVyIjoiNmU2NDJkMzItMmQzMi0yZDMxLTY4MDAtMDAwMDAwMDAwMDAwIiwiY3NyZi10b2tlbiI6ImQ0NGI3MjYwYzVkYzRhNzk4YTBhMmExZjcxY2E1ODg5ZGZiODM4MjMyYzJlNGNkM2I2NmZlMTUyMTVjZjdhODQiLCJleHAiOjE2NjEwODAyMTEsImlhdCI6MTY2MTA3OTAxMSwiaWQiOiI0OGQxMDViZGZiYzQ5YTVmY2YzOWExMGI5NjEzODZlNjFkZmU0MDA4NWNiMDMxNWQ4MThiNzYxYzU3MzVkYWZhIiwiaXNzIjoibmQiLCJpc3MtaG9zdCI6IjEwLjc0LjE3NS40MCIsInJiYWMiOlt7ImRvbWFpbiI6ImFsbCIsInJvbGVzIjpbWyJhZG1pbiIsIldyaXRlUHJpdiJdLFsiYXBwLXVzZXIiLCJSZWFkUHJpdiJdXSwicm9sZXNSIjoxNjc3NzIxNiwicm9sZXNXIjoxfV0sInNlc3Npb25pZCI6IkFMczlkcndnOFBrNWVhdnhIaz1FTndIWiIsInVpLWxvZ2luIjp0cnVlLCJ1c2VyZmxhZ3MiOjAsInVzZXJpZCI6MjUwMDIsInVzZXJuYW1lIjoiYWRtaW4iLCJ1c2VydHlwZSI6ImxvY2FsIn0.ZEOIEZt6bMqwvLknIv7V6oT7qnPGfijGk7JStCLZz1SeijPS_8u3S6vGC9JpETJXqhizNy4VtojrBLGKIobVHA2_24vEZExEVQVe7rUaXbKBLWtGZNOGgZ91O0ItmshyN9sWMJGLSgxsMd3jCF3dYAD4A-b9uVfyRS5PybCpOVqL7Gh8b6BMfF-XhuTJLhhZRQHaS5yPG1rgdiJxIdAk8wbpf0Af3DQeTLjiVk2GKoHGig0JYijiVGLmwzGde61P1P3NZeGNG8i6ikpp1ksE1TKyIrhUY_86G0lN-L6-YivwSvVJqGVHKyqy0VoJF215TkcMZgDMLJbUgxgVWEhbTA' \ -H 'Cache-Control: no-cache' \ -H 'Connection: keep-alive' \ -H 'Content-Type: application/json' \ -H 'Cookie: AuthCookie=eyJhbGciOiJSUzI1NiIsImtpZCI6ImRlYThtZjRkNXJnYWo0NTRyYXpvanllNGphNGxrMGJ4IiwidHlwIjoiSldUIn0.eyJhdnBhaXIiOiJzaGVsbDpkb21haW5zPWFsbC9hZG1pbi8iLCJjbHVzdGVyIjoiNmU2NDJkMzItMmQzMi0yZDMxLTY4MDAtMDAwMDAwMDAwMDAwIiwiY3NyZi10b2tlbiI6ImQ0NGI3MjYwYzVkYzRhNzk4YTBhMmExZjcxY2E1ODg5ZGZiODM4MjMyYzJlNGNkM2I2NmZlMTUyMTVjZjdhODQiLCJleHAiOjE2NjEwODAyMTEsImlhdCI6MTY2MTA3OTAxMSwiaWQiOiI0OGQxMDViZGZiYzQ5YTVmY2YzOWExMGI5NjEzODZlNjFkZmU0MDA4NWNiMDMxNWQ4MThiNzYxYzU3MzVkYWZhIiwiaXNzIjoibmQiLCJpc3MtaG9zdCI6IjEwLjc0LjE3NS40MCIsInJiYWMiOlt7ImRvbWFpbiI6ImFsbCIsInJvbGVzIjpbWyJhZG1pbiIsIldyaXRlUHJpdiJdLFsiYXBwLXVzZXIiLCJSZWFkUHJpdiJdXSwicm9sZXNSIjoxNjc3NzIxNiwicm9sZXNXIjoxfV0sInNlc3Npb25pZCI6IkFMczlkcndnOFBrNWVhdnhIaz1FTndIWiIsInVpLWxvZ2luIjp0cnVlLCJ1c2VyZmxhZ3MiOjAsInVzZXJpZCI6MjUwMDIsInVzZXJuYW1lIjoiYWRtaW4iLCJ1c2VydHlwZSI6ImxvY2FsIn0.ZEOIEZt6bMqwvLknIv7V6oT7qnPGfijGk7JStCLZz1SeijPS_8u3S6vGC9JpETJXqhizNy4VtojrBLGKIobVHA2_24vEZExEVQVe7rUaXbKBLWtGZNOGgZ91O0ItmshyN9sWMJGLSgxsMd3jCF3dYAD4A-b9uVfyRS5PybCpOVqL7Gh8b6BMfF-XhuTJLhhZRQHaS5yPG1rgdiJxIdAk8wbpf0Af3DQeTLjiVk2GKoHGig0JYijiVGLmwzGde61P1P3NZeGNG8i6ikpp1ksE1TKyIrhUY_86G0lN-L6-YivwSvVJqGVHKyqy0VoJF215TkcMZgDMLJbUgxgVWEhbTA' \ -H 'Expires: 0' \ -H 'Origin: https://10.74.175.40' \ -H 'Pragma: no-cache' \ -H 'Referer: https://10.74.175.40/appcenter/cisco/ndfc/ui/lan-fabric/fabrics' \ -H 'Sec-Fetch-Dest: empty' \ -H 'Sec-Fetch-Mode: cors' \ -H 'Sec-Fetch-Site: same-origin' \ -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36' \ -H 'X-Csrf-Token: d44b7260c5dc4a798a0a2a1f71ca5889dfb838232c2e4cd3b66fe15215cf7a84' \ -H 'sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'sec-ch-ua-platform: "Windows"' \ --data-raw $'[{"id":325890,"policyId":"POLICY-325890","description":"BGP Base policy for facebook","serialNumber":"9MQ1CP7ZFCJ","switchName":"rs-1","ipAddress":"10.74.174.32","entityType":"DEVICE","entityName":"facebook","templateName":"hkix_bgp_ipv4_peering","templateContentType":"TEMPLATE_CLI","nvPairs":{"BGP_PEER_AS":"32934","BGP_PEER_IP":"123.255.90.79","BGP_PEER_NAME":"facebook"},"generatedConfig":"router bgp 4635\n neighbor 123.255.90.79 remote-as 32934\n neighbor 123.255.90.79 description facebook \n neighbor 123.255.90.79 version 4\n neighbor 123.255.90.79 ha-mode graceful-restart\n \u0021\n address-family ipv4\n neighbor 123.255.90.79 activate\n neighbor 123.255.90.79 send-community both\n neighbor 123.255.90.79 announce rpki state\n neighbor 123.255.90.79 soft-reconfiguration inbound\n neighbor 123.255.90.79 prefix-list facebook in\n\n\n","autoGenerated":false,"deleted":true,"priority":500,"status":"NA","statusOn":1661079740179,"createdOn":1661079740179,"modifiedOn":1661079740179,"fabricName":"chris-external-fabric-terraform","resourcesLinked":"","editable":true}]' \ --compressed \ --insecure ; Steps to Reproduce
terraform apply terraform destroy Important Factoids
References
0000
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.
NDFC: 2.2(1h) Terraform provider: Terraform v1.2.6 on linux_amd64
Community Note
Terraform Version
DCNM version
Affected Resource(s)
Terraform Configuration Files
Debug Output
Panic Output
Expected Behavior
I have a BGP peering template, and the above dcnm_policy resource will generate the BGP peering configuration. When I destroy the policy, it should trigger the relative config removal.
When using NDFC UI to delete the same policy, it will trigger the config removal according.
Actual Behavior
When destroy the policy, it only delete the policy in NDFC. It doesn't trigger the config removal. Therefore, the config still remain in the device while NDFC 's policy is deleted.
By sniff the NDFC UI, when delete the policy, it actually use the following REST, it seems that this rest api can trigger the NDFC to remove the relative configuration accordingly.
Steps to Reproduce
terraform apply
terraform destroy
Important Factoids
References
0000