Closed grg1bbs closed 7 months ago
hey @grg1bbs ,
I was playing around with this sgt value -1 and there are a lot of complications with this. Once you create resource with value =-1 then this resource cannot be modified, and this object on ISE is getting random value assigned. That's why you are getting plan showing that update is required to change value from 17 to -1.
The easiest solution is to add following block to your TF code:
resource "ise_trustsec_security_group" "sgt_corp_user" {
name = var.sgt_corp_user
description = "Corporate Users"
value = -1
propogate_to_apic = false
is_read_only = false
lifecycle {
ignore_changes = [value]
}
}
This way running terraform plan or apply second time will work fine:
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Let me know if this is sufficient solution for you.
Hi @kuba-mazurkiewicz ... of course, I forgot about using the lifecycle block for that. That's a viable workaround. Another workaround I was using was just setting a static value, which is probably more likely for a large organization anyway to ensure no SGT overlap across environments.
ISE version = 3.2 p4 Terraform version = 1.6.6 Provider version = 0.1.11
Issue description When creating a Security Group using the 'ise_trustsec_security_group' resource with value = -1 to auto-generate the SGT number, the resource creates fine the first time. If the terraform apply is run a second time, however, it attempts to change the value and throws a client error.
Example TF code
Resulting client error
Expected behaviour If possible, the provider should exempt the "-1" value from being seen as a change in state. You should be able to run the apply multiple times without an error.