Provider crashes when trying to modify network group object

[cfergs]

This is the same issue in as #1 I am unable to add or remove objects in an already existing network group.

To test i initially deployed the following which creates 3 ranges and a network group object containing only 2 of the 3 ranges:

resource "fmc_network_objects" "range1" {
  name        = "Sample_Range1"
  value       = "192.168.1.0/24"
  description = "Sample Range 1"
}

resource "fmc_network_objects" "range2" {
  name        = "Sample_Range2"
  value       = "192.168.2.0/24"
  description = "Sample Range 2"
}

resource "fmc_network_objects" "range3" {
  name        = "Sample_Range3"
  value       = "192.168.3.0/24"
  description = "Sample Range 3"
}

resource "fmc_network_group_objects" "group" {
  name = "Sample_Ntwk_Grp"
  description = "Testing Group objects"
  objects {
    id = fmc_network_objects.range1.id
    type = fmc_network_objects.range1.type
  }
  objects {
    id = fmc_network_objects.range2.id
    type = fmc_network_objects.range2.type
  }
}

I then attempted the following:

• Add another object (range3) to network group
• Remove a range (range2) out of a network group

Both these actions failed and got me the following error when doing a TF apply

panic: interface conversion: interface {} is nil, not string

Lastly as per issue #1 i have tried the suggestion of adding the name value:

  objects {
    name = fmc_network_objects.range3.name
    id = fmc_network_objects.range3.id
    type = fmc_network_objects.range3.type
  }

This doesnt work and I get the error and am unable to TF apply:

│ Error: Unsupported argument
│ 
│   on main.tf line 31, in resource "fmc_network_group_objects" "group":
│   31:     name = fmc_network_objects.range3.name
│ 
│ An argument named "name" is not expected here.

Logs: (In addition the logs from issue #1 are also applicable) tf-appendobject-trace-plan.txt tf-appendobject-trace-apply.txt

[jellyBeanz2019]

Is there any way to get this ticket assigned to someone? I’m also having this issue across all 9 of my workspaces. I found a very long workaround, but it’s not sustainable in the long term.

[vladget]

+1 Have the same issue with the network group.

[vladget]

@jellyBeanz2019 what is the workaround? could you please describe it here, because it blocks a lot my stacks

[jellyBeanz2019]

@vladget my issue was a little bigger than this because it involved groups and rules (full details below). However, what ended up working for me was creating the new object and adding it to the group followed by a terraform apply. Then remove the old object from the group and run terraform apply. Finally delete the object completely and run a terraform apply. I had a lot of workspaces I needed this change made in so each step was a separate branch so I could just run thru the changes faster.

My exact issue was trying to swap a network object group from a rule with a whole new group of new objects, delete the old object group, and delete the old network objects. My method is not pretty workaround but it took less time to do this than to do a complete destroy and a fresh apply. I created 3 branches named part 1-3 so I could easily repeat the process if I changed my workspace since I had to do this across every one of my workspaces.

Part 1: create the new objects and new object groups. Don’t attach them to any rules. Run terraform apply. part 2: swap new objects groups in place of old object groups in the rules. Run terraform apply Part 3: delete old objects and object groups from code. Run terraform apply.

It’s not pretty but it’s what worked for me. From what I figured out when running into this issue was that the order of operations doesn’t exist at this granular of a level or it might need tweaking. I say this because terraform recognizes that u want to UPDATE a rule, u also want to DELETE a few objects/groups, and u want to ADD a few objects/groups all at the same time. I think it gets confused with it needing to update, add, and delete all at the “same” time.

[vladget]

This looks like the way I resolve this issue. Thank you!