[ISSUE] Policy Bucket in Server Profile Template must be in specific order.

erqiyang commented 1 year ago

Bug Report Checklist

[x] Have you provided a full/minimal configuration to reproduce the issue?
[x] Have you [tested with the latest master] to confirm the issue still exists?
[ ] Have you provided the terraform console logs with environment variable set to TF_LOG=trace?

Description

When using policy_bucket in intersight_server_profile_template (and potentially other profiles as well), it would appear that the policies are pushed into the policy_bucket as an ordered list. Subsequently, when editing this list, it must be presented in the same exact order, or it will show that the configuration does not match the infrastructure.

As a consequence, any new policy added must be added to the end of the list as well, and not at the top or middle of the list.

If this ordered is followed, terraform is able to determine accurately that the infrastructure matches the configuration, and no changes are needed. Otherwise, it will attempt to reorder the policy bucket according to the configuration, only to have the backend changed it back to the order above, resulting in the infrastructure never matching the configuration.

Note : Previously, I tested and assumed there was a specific order we need to place the policy in. That was not true. Further testing confirmed that the sequence is basically whatever order it was created in first.

Terraform-provider-intersight version

Provider Version 1.0.32 Terraform Version 1.3.0

Configuration file

To reproduce the issue, first, create the template with a code like this and do a terraform apply.:

resource "intersight_server_profile_template" "test" {
  name = "test-templ"
  target_platform = "FIAttached"
  uuid_address_type = "POOL"
  uuid_pool {
    moid = intersight_uuidpool_pool.test.moid
  }
  policy_bucket { # IPMI over LAN Policy
    moid = intersight_ipmioverlan_policy.disabled.moid
    object_type = "ipmioverlan.Policy"
  }
  policy_bucket { # Serial over LAN Policy
    moid = intersight_sol_policy.disabled.moid
    object_type = "sol.Policy"
  }
  organization {
    moid = intersight_organization_organization.test.moid
  }
}

Then, change the sequencing of the policy as per below and run terraform apply again.

resource "intersight_server_profile_template" "test" {
  name = "test-templ"
  target_platform = "FIAttached"
  uuid_address_type = "POOL"
  uuid_pool {
    moid = intersight_uuidpool_pool.test.moid
  }
  policy_bucket { # Serial over LAN Policy
    moid = intersight_sol_policy.disabled.moid
    object_type = "sol.Policy"
  }
  policy_bucket { # IPMI over LAN Policy
    moid = intersight_ipmioverlan_policy.disabled.moid
    object_type = "ipmioverlan.Policy"
  }
  organization {
    moid = intersight_organization_organization.test.moid
  }
}

Because the the policy is stored as per the first order, the second time you run the code, it expects the same ordering. It will attempt to re-order, but fails to do so, as evident in the output below.

Actual output (Attach screenshots if applicable)

In the output below, note that the deleted and added policy is exactly the same.

Terraform will perform the following actions:

  # intersight_server_profile_template.test will be updated in-place
  ~ resource "intersight_server_profile_template" "test" {
        id                    = "6351f1ed77696e2d316fa614"
        name                  = "test-templ"
      ~ policy_bucket         = [
          - {
              - additional_properties = ""
              - class_id              = "mo.MoRef"
              - moid                  = "6351f1d46275722d3006f805"
              - object_type           = "ipmioverlan.Policy"
              - selector              = ""
            },
            {
                additional_properties = ""
                class_id              = "mo.MoRef"
                moid                  = "6351f1d46275722d3006f80a"
                object_type           = "sol.Policy"
                selector              = ""
            },
          + {
              + additional_properties = ""
              + class_id              = "mo.MoRef"
              + moid                  = "6351f1d46275722d3006f805"
              + object_type           = "ipmioverlan.Policy"
              + selector              = ""
            },
        ]
        tags                  = []
        # (24 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Related issues/PRs

Not found.

Suggest a fix

A number of ways to fix this. Best way of course, is to compared configuration against an unordered list. Ordering of the list of policy in the policy bucket should not be relevant to the operation, and should thus be unordered. Otherwise, at least publish a note about the consequences of changing the ordering of the policy post creation.

While you are at it, maybe publish the list of object_type as well, so we need not keep searching for it in API.

scotttyso commented 1 year ago

I find this mostly to be a problem when a policy is attached/unattached/attached. The script I have Adds the policies in alphabetical order. It would be good if the API kept it in this way as well.

scotttyso commented 1 year ago

@erqiyang , if you are interested, this is a consumable module that is already written so you don't have to look up the object types. https://github.com/terraform-cisco-modules/easy-imm-profiles-only

erqiyang commented 1 year ago

Yes. It is definitely an issue when attaching or detaching a policy to a profile. It makes it hard to use. Not to mention that this bug makes Terraform kind of imperative when it should have been declarative.

scotttyso commented 4 months ago

@vvb - May we please have an update on this request.

CiscoDevNet / terraform-provider-intersight