kuba-mazurkiewicz
commented
2 months ago Hey @grg1bbs,
looking at your error i think you already have network device with trustsec_device_id sw1. I was able to replicate your issue when I tried to add new network device with same trustsec_device_id:
resource "ise_network_device" "nad_sw1" {
name = "sw1"
authentication_network_protocol = "RADIUS"
authentication_radius_shared_secret = "cisco123"
ips = [
{
ipaddress = "192.168.120.35"
mask = "32"
}
]
trustsec_device_id = "sw1"
trustsec_device_password = "cisco123"
trustsec_download_enviroment_data_every_x_seconds = 86400
trustsec_download_peer_authorization_policy_every_x_seconds = 86400
trustsec_re_authentication_every_x_seconds = 86400
trustsec_download_sgacl_lists_every_x_seconds = 86400
trustsec_other_sga_devices_to_trust_this_device = true
trustsec_send_configuration_to_device = true
trustsec_send_configuration_to_device_using = "ENABLE_USING_COA"
trustsec_include_when_deploying_sgt_updates = true
trustsec_exec_mode_username = "CTS"
trustsec_exec_mode_password = "cisco123"
}
resource "ise_network_device" "nad_sw2" {
name = "sw2"
authentication_network_protocol = "RADIUS"
authentication_radius_shared_secret = "cisco123"
ips = [
{
ipaddress = "192.168.120.36"
mask = "32"
}
]
trustsec_device_id = "sw1"
trustsec_device_password = "cisco123"
trustsec_download_enviroment_data_every_x_seconds = 86400
trustsec_download_peer_authorization_policy_every_x_seconds = 86400
trustsec_re_authentication_every_x_seconds = 86400
trustsec_download_sgacl_lists_every_x_seconds = 86400
trustsec_other_sga_devices_to_trust_this_device = true
trustsec_send_configuration_to_device = true
trustsec_send_configuration_to_device_using = "ENABLE_USING_COA"
trustsec_include_when_deploying_sgt_updates = true
trustsec_exec_mode_username = "CTS"
trustsec_exec_mode_password = "cisco123"
}Error:
ise_network_device.nad_sw1: Refreshing state... [id=a227ac30-2d4f-11ef-9c89-3600f71f26f7]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# ise_network_device.nad_sw2 will be created
+ resource "ise_network_device" "nad_sw2" {
+ authentication_network_protocol = "RADIUS"
+ authentication_radius_shared_secret = "cisco123"
+ coa_port = 1700
+ id = (known after apply)
+ ips = [
+ {
+ ipaddress = "192.168.120.36"
+ mask = "32"
},
]
+ name = "sw2"
+ profile_name = "Cisco"
+ trustsec_device_id = "sw1"
+ trustsec_device_password = "cisco123"
+ trustsec_download_enviroment_data_every_x_seconds = 86400
+ trustsec_download_peer_authorization_policy_every_x_seconds = 86400
+ trustsec_download_sgacl_lists_every_x_seconds = 86400
+ trustsec_exec_mode_password = "cisco123"
+ trustsec_exec_mode_username = "CTS"
+ trustsec_include_when_deploying_sgt_updates = true
+ trustsec_other_sga_devices_to_trust_this_device = true
+ trustsec_re_authentication_every_x_seconds = 86400
+ trustsec_send_configuration_to_device = true
+ trustsec_send_configuration_to_device_using = "ENABLE_USING_COA"
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
ise_network_device.nad_sw2: Creating...
ise_network_device.nad_sw2: Still creating... [10s elapsed]
╷
│ Error: Client Error
│
│ with ise_network_device.nad_sw2,
│ on main.tf line 56, in resource "ise_network_device" "nad_sw2":
│ 56: resource "ise_network_device" "nad_sw2" {
│
│ Failed to configure object (POST), got error: HTTP Request failed: StatusCode 400, Message: Validation Error - Illegal values: [trustsecsettings: sgaNotificationAndUpdates: SGA Device ID should be unique], {
│ "ERSResponse" : {
│ "operation" : "POST-create-networkdevice",
│ "messages" : [ {
│ "title" : "Validation Error - Illegal values: [trustsecsettings: sgaNotificationAndUpdates: SGA Device ID should be unique]",
│ "type" : "ERROR",
│ "code" : "Application resource validation exception"
│ } ],
│ "link" : {
│ "rel" : "related",
│ "href" : "https://10.48.190.181/ers/config/networkdevice",
│ "type" : "application/xml"
│ }
│ }
│ }
╵Please verify that and let me know if you still experience issue.
grg1bbs
ISE version = 3.3 p2 Terraform version = 1.8.4 Provider version = 0.2.1
Issue description
When running a subsequent apply without any changes made to the ise_network_device resource block, TF throws a Client Error due to a non-unique SGA Device ID.
Example TF code
Example error
Error: Client Error │ │ with ise_network_device.nad_sw1, │ on network_devices.tf line 3, in resource "ise_network_device" "nad_sw1": │ 3: resource "ise_network_device" "nad_sw1" { │ │ Failed to configure object (PUT), got error: HTTP Request failed: StatusCode 400, Message: Validation Error - Illegal values: [trustsecsettings: │ sgaNotificationAndUpdates: SGA Device ID should be unique], { │ "ERSResponse" : { │ "operation" : "PUT-update-networkdevice", │ "messages" : [ { │ "title" : "Validation Error - Illegal values: [trustsecsettings: sgaNotificationAndUpdates: SGA Device ID should be unique]", │ "type" : "ERROR", │ "code" : "Application resource validation exception" │ } ], │ "link" : { │ "rel" : "related", │ "href" : "https://ise33-1.ise.trappedunderise.com/ers/config/networkdevice/6ea09a90-1bbe-11ef-904f-005056916233", │ "type" : "application/xml" │ } │ } │ }