search

CiscoDevNet / terraform-provider-sdwan

Terraform Cisco SD-WAN Provider
https://registry.terraform.io/providers/CiscoDevNet/sdwan
Mozilla Public License 2.0
17 stars 11 forks source link

Unable to create zscaler credentials | sdwan_cisco_sig_credentials_feature_template #247

Open rrahimm opened 2 months ago

rrahimm commented 2 months ago

We are unable to create SIG credentials for zscaler.

Example data:

---
# Edge feature templates
sdwan:
  edge_feature_templates:
    sig_credentials_templates:
      - name: zscaler
        zscaler_organization: cisco_sac
        zscaler_partner_base_uri_variable: zscaler_partner_base_uri
        zscaler_username: cisco
        zscaler_password_variable: all_new_password
        zscaler_partner_api_key: 7f33d6ee0d56402c83c503a669a80d22

Terraform Error

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.sdwan.sdwan_cisco_sig_credentials_feature_template.cisco_sig_credentials_feature_template["zscaler"] will be created
  + resource "sdwan_cisco_sig_credentials_feature_template" "cisco_sig_credentials_feature_template" {
      + description                       = "Global credentials for zscaler"
      + device_types                      = [
          + "cellular-gateway-CG113-4GW6A",
          + "cellular-gateway-CG113-4GW6B",
          + "cellular-gateway-CG113-4GW6E",
          + "cellular-gateway-CG113-4GW6H",
          + "cellular-gateway-CG113-4GW6Q",
          + "cellular-gateway-CG113-4GW6Z",
          + "cellular-gateway-CG113-W6A",
          + "cellular-gateway-CG113-W6B",
          + "cellular-gateway-CG113-W6E",
          + "cellular-gateway-CG113-W6H",
          + "cellular-gateway-CG113-W6Q",
          + "cellular-gateway-CG113-W6Z",
          + "cellular-gateway-CG418-E",
          + "cellular-gateway-CG522-E",
          + "cellular-gateway-CG522MW-IO-GL",
          + "cellular-gateway-CG522MW-IO-NA",
          + "vedge-ASR-1001-HX",
          + "vedge-ASR-1001-X",
          + "vedge-ASR-1002-HX",
          + "vedge-ASR-1002-X",
          + "vedge-ASR-1006-X",
          + "vedge-C1101-4P",
          + "vedge-C1101-4PLTEP",
          + "vedge-C1101-4PLTEPW",
          + "vedge-C1109-2PLTEGB",
          + "vedge-C1109-2PLTEUS",
          + "vedge-C1109-2PLTEVZ",
          + "vedge-C1109-4PLTE2P",
          + "vedge-C1109-4PLTE2PW",
          + "vedge-C1111-4P",
          + "vedge-C1111-4PLTEEA",
          + "vedge-C1111-4PLTELA",
          + "vedge-C1111-4PW",
          + "vedge-C1111-8P",
          + "vedge-C1111-8PLTEEA",
          + "vedge-C1111-8PLTEEAW",
          + "vedge-C1111-8PLTELA",
          + "vedge-C1111-8PLTELAW",
          + "vedge-C1111-8PW",
          + "vedge-C1111X-8P",
          + "vedge-C1112-8P",
          + "vedge-C1112-8PLTEEA",
          + "vedge-C1112-8PLTEEAWE",
          + "vedge-C1112-8PWE",
          + "vedge-C1113-8P",
          + "vedge-C1113-8PLTEEA",
          + "vedge-C1113-8PLTEEAW",
          + "vedge-C1113-8PLTELA",
          + "vedge-C1113-8PLTELAWZ",
          + "vedge-C1113-8PLTEW",
          + "vedge-C1113-8PM",
          + "vedge-C1113-8PMLTEEA",
          + "vedge-C1113-8PMWE",
          + "vedge-C1113-8PW",
          + "vedge-C1116-4P",
          + "vedge-C1116-4PLTEEA",
          + "vedge-C1116-4PLTEEAWE",
          + "vedge-C1116-4PWE",
          + "vedge-C1117-4P",
          + "vedge-C1117-4PLTEEA",
          + "vedge-C1117-4PLTEEAW",
          + "vedge-C1117-4PLTELA",
          + "vedge-C1117-4PLTELAWZ",
          + "vedge-C1117-4PM",
          + "vedge-C1117-4PMLTEEA",
          + "vedge-C1117-4PMLTEEAWE",
          + "vedge-C1117-4PMWE",
          + "vedge-C1117-4PW",
          + "vedge-C1118-8P",
          + "vedge-C1121-4P",
          + "vedge-C1121-4PLTEP",
          + "vedge-C1121-8P",
          + "vedge-C1121-8PLTEP",
          + "vedge-C1121-8PLTEPW",
          + "vedge-C1121X-8P",
          + "vedge-C1121X-8PLTEP",
          + "vedge-C1121X-8PLTEPW",
          + "vedge-C1126-8PLTEP",
          + "vedge-C1126X-8PLTEP",
          + "vedge-C1127-8PLTEP",
          + "vedge-C1127-8PMLTEP",
          + "vedge-C1127X-8PLTEP",
          + "vedge-C1127X-8PMLTEP",
          + "vedge-C1128-8PLTEP",
          + "vedge-C1131-8PLTEPW",
          + "vedge-C1131-8PW",
          + "vedge-C1131X-8PLTEPW",
          + "vedge-C1131X-8PW",
          + "vedge-C1161-8P",
          + "vedge-C1161-8PLTEP",
          + "vedge-C1161X-8P",
          + "vedge-C1161X-8PLTEP",
          + "vedge-C8000V",
          + "vedge-C8200-1N-4T",
          + "vedge-C8200L-1N-4T",
          + "vedge-C8300-1N1S-4T2X",
          + "vedge-C8300-1N1S-6T",
          + "vedge-C8300-2N2S-4T2X",
          + "vedge-C8300-2N2S-6T",
          + "vedge-C8500-12X",
          + "vedge-C8500-12X4QC",
          + "vedge-C8500-20X6C",
          + "vedge-C8500L-8S4X",
          + "vedge-CSR-1000v",
          + "vedge-ESR-6300",
          + "vedge-ESR-6300-NCP",
          + "vedge-IR-1101",
          + "vedge-IR-1821",
          + "vedge-IR-1831",
          + "vedge-IR-1833",
          + "vedge-IR-1835",
          + "vedge-IR-8140H",
          + "vedge-IR-8140H-P",
          + "vedge-IR-8340",
          + "vedge-ISR-4221",
          + "vedge-ISR-4221X",
          + "vedge-ISR-4321",
          + "vedge-ISR-4331",
          + "vedge-ISR-4351",
          + "vedge-ISR-4431",
          + "vedge-ISR-4451-X",
          + "vedge-ISR-4461",
          + "vedge-ISR1100-4G-XE",
          + "vedge-ISR1100-4GLTEGB-XE",
          + "vedge-ISR1100-4GLTENA-XE",
          + "vedge-ISR1100-6G-XE",
          + "vedge-ISR1100X-4G-XE",
          + "vedge-ISR1100X-6G-XE",
          + "vedge-ISRv",
        ]
      + id                                = (known after apply)
      + name                              = "Cisco-Zscaler-Global-Credentials"
      + template_type                     = (known after apply)
      + version                           = (known after apply)
      + zscaler_organization              = "cisco_sac"
      + zscaler_partner_api_key           = "7f33d6ee0d56402c83c503a669a80d22"
      + zscaler_partner_base_uri_variable = "zscaler_partner_base_uri"
      + zscaler_password_variable         = "all_new_password"
      + zscaler_username                  = "cisco"
    }

Plan: 1 to add, 0 to change, 0 to destroy.
module.sdwan.sdwan_cisco_sig_credentials_feature_template.cisco_sig_credentials_feature_template["zscaler"]: Creating...
╷
│ Error: Client Error
│ 
│   with module.sdwan.sdwan_cisco_sig_credentials_feature_template.cisco_sig_credentials_feature_template["zscaler"],
│   on .terraform/modules/sdwan/sdwan_feature_templates.tf line 877, in resource "sdwan_cisco_sig_credentials_feature_template" "cisco_sig_credentials_feature_template":
│  877: resource "sdwan_cisco_sig_credentials_feature_template" "cisco_sig_credentials_feature_template" {
│ 
│ Failed to configure object (POST), got error: HTTP Request failed: StatusCode 400, {"error":{"type":"error","message":"Data validation failed","details":"Unknown
│ error","code":"GTEMP0007"}}
rrahimm commented 1 month ago

@danischm and @seconroy

Can you take a look at this

rrahimm commented 3 weeks ago

Hello @danischm and @seconroy

Did you get a chance to review this.

seconroy commented 3 weeks ago

This issue only seems to be occur when zscaler_password_variable is configured, However this endpoint expect values for both constant (vipValue) and variable (vipVariableName) to be configured which is different to all other API's. Again, this only seems to break with zscaler_password_variable. A solution is still being worked on

{
    "templateName": "Example",
    "templateDescription": "My Example",
    "templateType": "cisco_sig_credentials",
    "deviceType": [
        "vedge-C8000V"
    ],
    "templateMinVersion": "15.0.0",
    "templateDefinition": {
        "zscaler": {
            "organization": {
                "vipObjectType": "object",
                "vipType": "constant",
                "vipValue": "org1",
                "vipVariableName": "system_organization"
            },
            "partner-base-uri": {
                "vipObjectType": "object",
                "vipType": "constant",
                "vipValue": "abc",
                "vipVariableName": "system_partner_base_uri"
            },
            "username": {
                "vipObjectType": "object",
                "vipType": "constant",
                "vipValue": "user2",
                "vipVariableName": "system_username"
            },
            "password": {
                "vipObjectType": "object",
                "vipType": "constant",
                "vipValue": "password123",
                "vipVariableName": "system_password",
                "vipNeedsEncryption": true
            },
            "partner-key": {
                "vipObjectType": "object",
                "vipType": "constant",
                "vipValue": "key123",
                "vipVariableName": "system_partner_key"
            }
        }
    },
    "factoryDefault": false,
    "isGlobal": true
}
rrahimm commented 6 days ago

tested from dev branch and looks good