search

CiscoDevNet / terraform-provider-nxos

Terraform Cisco NX-OS Provider
https://registry.terraform.io/providers/netascode/nxos
Mozilla Public License 2.0
9 stars 10 forks source link

Cannot create sys/vpc/inst/dom/if-<id> with nxos_rest #92

Closed aj-cruz closed 1 year ago

aj-cruz commented 2 years ago

Terraform Version

Terraform v1.2.9
on linux_amd64
+ provider registry.terraform.io/netascode/nxos v0.3.21

Affected Resource(s)

nxos_rest

Specifically dn=sys/vpc/inst/dom/if- Class Name = vpcIf

Terraform Configuration Files

resource "nxos_rest" "VPC_Member_Port" {
  device     = "Prod-ACCESS-1"
  dn         = "sys/vpc/inst/dom/if-2"
  class_name = "vpcIf"
  content = {
    id = "2"
  }
}

Debug Output

tftrace.log

Panic Output

Expected Behavior

vpcIf object created in the DME

Actual Behavior

Plan: 1 to add, 0 to change, 0 to destroy.
nxos_rest.VPC_Member_Ports: Creating...
╷
│ Error: Client Error
│ 
│   with nxos_rest.VPC_Member_Ports,
│   on main.tf line 706, in resource "nxos_rest" "VPC_Member_Ports":
│  706: resource "nxos_rest" "VPC_Member_Ports" {
│ 
│ Failed to post object, got error: JSON error: {"imdata":[{"error": {"attributes": {"code": "1","text": "ERROR: vPC configuration does not exist\nfaulty_dn=sys\/vpc\/inst\/dom\/if-2"}}}]}

Of course it doesn't, I'm trying to create it :D

Steps to Reproduce

  1. terraform apply

Important Factoids

Using the NXAPI sandbox, adding the VPC command to port-channel 2 does this:

{
  "topSystem": {
    "children": [
      {
        "vpcEntity": {
          "children": [
            {
              "vpcInst": {
                "children": [
                  {
                    "vpcDom": {
                      "children": [
                        {
                          "vpcIf": {
                            "attributes": {
                              "id": "2"
                            },
                            "children": [
                              {
                                "vpcRsVpcConf": {
                                  "attributes": {
                                    "tDn": "sys/intf/aggr-[po2]"
                                  }
                                }
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              }
            }
          ]
        }
      },
      {
        "interfaceEntity": {
          "children": [
            {
              "pcAggrIf": {
                "attributes": {
                  "id": "po2"
                }
              }
            }
          ]
        }
      }
    ]
  }
}

The vpc dom object is already in the DME, and the port-channel exists, so I'm not sure why it's having trouble adding the vpcIf object.

References

vaneuk commented 2 years ago

Hi, It seems that this is an NX-API limitation/feature. According to the outputs below to create a vpc port-channel the NX-API requires bothvpcIf and vpcRsVpcConf objects at the same time.

nxos_rest can only manage a single API object. Which means that it is not possible to configure vpc port-channel via nxos_rest. This will require a new custom resource. @danischm please correct if I am wrong.

Not working example. POST:

{
  "vpcIf": {
    "attributes": {
      "id": "22"
    }
  }
}

Results in

{
    "imdata": [
        {
            "error": {
                "attributes": {
                    "code": "1",
                    "text": "ERROR: vPC configuration does not exist\nfaulty_dn=sys/vpc/inst/dom/if-22"
                }
            }
        }
    ]
}

Working example. POST:

{
  "vpcIf": {
    "attributes": {
      "id": "21"
    },
    "children": [
      {
        "vpcRsVpcConf": {
          "attributes": {
            "tDn": "sys/intf/aggr-[po21]"
          }
        }
      }
    ]
  }
}
danischm commented 2 years ago

If that is indeed the case (both objects required to be pushed in a single request), then yes, this is currently not supported and would require a custom resource. Did you make sure that the parent object (sys/vpc/inst/dom) already exists?

vaneuk commented 2 years ago

Did you make sure that the parent object (sys/vpc/inst/dom) already exists?

Yes, sys/vpc/inst/dom exists.

aj-cruz commented 2 years ago

Should I open a new issue for a new resource request or will this one be used? Also, maybe we could modify nxos_rest and add an optional "payload" attribute? That way instead of the dn & class you could optionally provide a raw payload to handle cases where multiple objects have to be created simultaneously?

danischm commented 2 years ago

We can keep this one.. the problem with a raw payload is, that we cannot keep track of state and detect config drift.

aj-cruz commented 2 years ago

Ya in one of the other providers I use they just put a big warning in the _rest resource about it. I manage it with a "state" variable. Turns it into Ansible-like behavior for that resource which is a pain but, better than nothing. Though maybe there isn't a lot of instances where you'd run into that with the NXAPI DME and so not worth it.

danischm commented 1 year ago

v0.4.0 enhances nxos_rest to manage child objects and also adds dedicated resources to manage port-channels and vPCs.