search

CiscoDevNet / terraform-provider-ise

Terraform Cisco ISE Provider
https://registry.terraform.io/providers/CiscoDevNet/ise/latest
Mozilla Public License 2.0
4 stars 1 forks source link

Resource 'ise_network_device_group' throws a Client Error #24

Closed grg1bbs closed 7 months ago

grg1bbs commented 8 months ago

TF version = 1.6.6 ISE version = 3.2 patch 4

When using the 'ise_network_device_group' resource block to create a new Root Network Device Group, TF throws a Client Error due to "Resource Initialization Failed: Invalid JSON: Unrecognized field \"ndgtype\" (Class network.NetworkDeviceGroup), not marked as ignorable\n "

Suspect the resource has not been updated since the API was changed - https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd24304

API documentation: https://developer.cisco.com/docs/identity-services-engine/latest/#!networkdevicegroup

TF output

❯ tf apply --auto-approve
ise_certificate_authentication_profile.certprof_ad: Refreshing state... [id=3dede890-b02e-11ee-b966-ead89af9fdb3]
ise_allowed_protocols.mab_eaptls: Refreshing state... [id=1a28ea50-b02d-11ee-b966-ead89af9fdb3]
ise_allowed_protocols.eaptls: Refreshing state... [id=1a27d8e0-b02d-11ee-b966-ead89af9fdb3]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # ise_network_device_group.ndg_deployment_stage will be created
  + resource "ise_network_device_group" "ndg_deployment_stage" {
      + description = "Root Deployment Stage NDG"
      + id          = (known after apply)
      + name        = "Deployment Stage#Deployment Stage"
      + root_group  = "Deployment Stage"
    }

Plan: 1 to add, 0 to change, 0 to destroy.
ise_network_device_group.ndg_deployment_stage: Creating...
╷
│ Error: Client Error
│ 
│   with ise_network_device_group.ndg_deployment_stage,
│   on policy_elements.tf line 95, in resource "ise_network_device_group" "ndg_deployment_stage":
│   95: resource "ise_network_device_group" "ndg_deployment_stage" {
│ 
│ Failed to configure object (POST), got error: HTTP Request failed: StatusCode 400, Message: Resource Initialization Failed: Invalid JSON:
│ Unrecognized field "ndgtype" (Class network.NetworkDeviceGroup), not marked as ignorable
│  , {
│   "ERSResponse" : {
│     "operation" : "POST-create-networkdevicegroup",
│     "messages" : [ {
│       "title" : "Resource Initialization Failed: Invalid JSON: Unrecognized field \"ndgtype\" (Class network.NetworkDeviceGroup), not marked as ignorable\n ",
│       "type" : "ERROR",
│       "code" : "Application resource validation exception"
│     } ],
│     "link" : {
│       "rel" : "related",
│       "href" : "https://192.168.222.53/ers/config/networkdevicegroup",
│       "type" : "application/xml"
│     }
│   }
│ }

TF code example:

resource "ise_network_device_group" "ndg_deployment_stage" {
  description = "Root Deployment Stage NDG"
  name        = "Deployment Stage#Deployment Stage"
  root_group     = "Deployment Stage"
}

API PUT call that results in a 201 Created

{
  "NetworkDeviceGroup": {
        "name": "Deployment Stage#Deployment Stage",
        "description": "Root Deployment Stage NDG",
        "othername": "Deployment Stage"
  }
}

Additional comments Suggest renaming 'root_group' attribute to 'parent_group' as that is how it is named in ISE and NDGs can have multiple tiers of hierarchy

danischm commented 8 months ago

We will change this to work with patch1+. The reason I have named this "root_group" instead of "parent_group" is because if you have nested groups it does not refer to the parent group but rather the name of the root group. For example:

{
    "NetworkDeviceGroup": {
        "name": "Parent#Parent#Child1#NestedChild1",
        "ndgtype": "Parent"
    }
}
danischm commented 8 months ago

https://github.com/CiscoDevNet/terraform-provider-ise/commit/c4ab8bb922290871bd69ce02edb549545bd54efb

danischm commented 7 months ago

Addressed in v0.1.9 .