Unable to create zscaler credentials | sdwan_cisco_sig_credentials_feature_template

[rrahimm]

We are unable to create SIG credentials for zscaler.

Example data:

---
# Edge feature templates
sdwan:
  edge_feature_templates:
    sig_credentials_templates:
      - name: zscaler
        zscaler_organization: cisco_sac
        zscaler_partner_base_uri_variable: zscaler_partner_base_uri
        zscaler_username: cisco
        zscaler_password_variable: all_new_password
        zscaler_partner_api_key: 7f33d6ee0d56402c83c503a669a80d22

Terraform Error

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.sdwan.sdwan_cisco_sig_credentials_feature_template.cisco_sig_credentials_feature_template["zscaler"] will be created
  + resource "sdwan_cisco_sig_credentials_feature_template" "cisco_sig_credentials_feature_template" {
      + description                       = "Global credentials for zscaler"
      + device_types                      = [
          + "cellular-gateway-CG113-4GW6A",
          + "cellular-gateway-CG113-4GW6B",
          + "cellular-gateway-CG113-4GW6E",
          + "cellular-gateway-CG113-4GW6H",
          + "cellular-gateway-CG113-4GW6Q",
          + "cellular-gateway-CG113-4GW6Z",
          + "cellular-gateway-CG113-W6A",
          + "cellular-gateway-CG113-W6B",
          + "cellular-gateway-CG113-W6E",
          + "cellular-gateway-CG113-W6H",
          + "cellular-gateway-CG113-W6Q",
          + "cellular-gateway-CG113-W6Z",
          + "cellular-gateway-CG418-E",
          + "cellular-gateway-CG522-E",
          + "cellular-gateway-CG522MW-IO-GL",
          + "cellular-gateway-CG522MW-IO-NA",
          + "vedge-ASR-1001-HX",
          + "vedge-ASR-1001-X",
          + "vedge-ASR-1002-HX",
          + "vedge-ASR-1002-X",
          + "vedge-ASR-1006-X",
          + "vedge-C1101-4P",
          + "vedge-C1101-4PLTEP",
          + "vedge-C1101-4PLTEPW",
          + "vedge-C1109-2PLTEGB",
          + "vedge-C1109-2PLTEUS",
          + "vedge-C1109-2PLTEVZ",
          + "vedge-C1109-4PLTE2P",
          + "vedge-C1109-4PLTE2PW",
          + "vedge-C1111-4P",
          + "vedge-C1111-4PLTEEA",
          + "vedge-C1111-4PLTELA",
          + "vedge-C1111-4PW",
          + "vedge-C1111-8P",
          + "vedge-C1111-8PLTEEA",
          + "vedge-C1111-8PLTEEAW",
          + "vedge-C1111-8PLTELA",
          + "vedge-C1111-8PLTELAW",
          + "vedge-C1111-8PW",
          + "vedge-C1111X-8P",
          + "vedge-C1112-8P",
          + "vedge-C1112-8PLTEEA",
          + "vedge-C1112-8PLTEEAWE",
          + "vedge-C1112-8PWE",
          + "vedge-C1113-8P",
          + "vedge-C1113-8PLTEEA",
          + "vedge-C1113-8PLTEEAW",
          + "vedge-C1113-8PLTELA",
          + "vedge-C1113-8PLTELAWZ",
          + "vedge-C1113-8PLTEW",
          + "vedge-C1113-8PM",
          + "vedge-C1113-8PMLTEEA",
          + "vedge-C1113-8PMWE",
          + "vedge-C1113-8PW",
          + "vedge-C1116-4P",
          + "vedge-C1116-4PLTEEA",
          + "vedge-C1116-4PLTEEAWE",
          + "vedge-C1116-4PWE",
          + "vedge-C1117-4P",
          + "vedge-C1117-4PLTEEA",
          + "vedge-C1117-4PLTEEAW",
          + "vedge-C1117-4PLTELA",
          + "vedge-C1117-4PLTELAWZ",
          + "vedge-C1117-4PM",
          + "vedge-C1117-4PMLTEEA",
          + "vedge-C1117-4PMLTEEAWE",
          + "vedge-C1117-4PMWE",
          + "vedge-C1117-4PW",
          + "vedge-C1118-8P",
          + "vedge-C1121-4P",
          + "vedge-C1121-4PLTEP",
          + "vedge-C1121-8P",
          + "vedge-C1121-8PLTEP",
          + "vedge-C1121-8PLTEPW",
          + "vedge-C1121X-8P",
          + "vedge-C1121X-8PLTEP",
          + "vedge-C1121X-8PLTEPW",
          + "vedge-C1126-8PLTEP",
          + "vedge-C1126X-8PLTEP",
          + "vedge-C1127-8PLTEP",
          + "vedge-C1127-8PMLTEP",
          + "vedge-C1127X-8PLTEP",
          + "vedge-C1127X-8PMLTEP",
          + "vedge-C1128-8PLTEP",
          + "vedge-C1131-8PLTEPW",
          + "vedge-C1131-8PW",
          + "vedge-C1131X-8PLTEPW",
          + "vedge-C1131X-8PW",
          + "vedge-C1161-8P",
          + "vedge-C1161-8PLTEP",
          + "vedge-C1161X-8P",
          + "vedge-C1161X-8PLTEP",
          + "vedge-C8000V",
          + "vedge-C8200-1N-4T",
          + "vedge-C8200L-1N-4T",
          + "vedge-C8300-1N1S-4T2X",
          + "vedge-C8300-1N1S-6T",
          + "vedge-C8300-2N2S-4T2X",
          + "vedge-C8300-2N2S-6T",
          + "vedge-C8500-12X",
          + "vedge-C8500-12X4QC",
          + "vedge-C8500-20X6C",
          + "vedge-C8500L-8S4X",
          + "vedge-CSR-1000v",
          + "vedge-ESR-6300",
          + "vedge-ESR-6300-NCP",
          + "vedge-IR-1101",
          + "vedge-IR-1821",
          + "vedge-IR-1831",
          + "vedge-IR-1833",
          + "vedge-IR-1835",
          + "vedge-IR-8140H",
          + "vedge-IR-8140H-P",
          + "vedge-IR-8340",
          + "vedge-ISR-4221",
          + "vedge-ISR-4221X",
          + "vedge-ISR-4321",
          + "vedge-ISR-4331",
          + "vedge-ISR-4351",
          + "vedge-ISR-4431",
          + "vedge-ISR-4451-X",
          + "vedge-ISR-4461",
          + "vedge-ISR1100-4G-XE",
          + "vedge-ISR1100-4GLTEGB-XE",
          + "vedge-ISR1100-4GLTENA-XE",
          + "vedge-ISR1100-6G-XE",
          + "vedge-ISR1100X-4G-XE",
          + "vedge-ISR1100X-6G-XE",
          + "vedge-ISRv",
        ]
      + id                                = (known after apply)
      + name                              = "Cisco-Zscaler-Global-Credentials"
      + template_type                     = (known after apply)
      + version                           = (known after apply)
      + zscaler_organization              = "cisco_sac"
      + zscaler_partner_api_key           = "7f33d6ee0d56402c83c503a669a80d22"
      + zscaler_partner_base_uri_variable = "zscaler_partner_base_uri"
      + zscaler_password_variable         = "all_new_password"
      + zscaler_username                  = "cisco"
    }

Plan: 1 to add, 0 to change, 0 to destroy.
module.sdwan.sdwan_cisco_sig_credentials_feature_template.cisco_sig_credentials_feature_template["zscaler"]: Creating...
╷
│ Error: Client Error
│ 
│   with module.sdwan.sdwan_cisco_sig_credentials_feature_template.cisco_sig_credentials_feature_template["zscaler"],
│   on .terraform/modules/sdwan/sdwan_feature_templates.tf line 877, in resource "sdwan_cisco_sig_credentials_feature_template" "cisco_sig_credentials_feature_template":
│  877: resource "sdwan_cisco_sig_credentials_feature_template" "cisco_sig_credentials_feature_template" {
│ 
│ Failed to configure object (POST), got error: HTTP Request failed: StatusCode 400, {"error":{"type":"error","message":"Data validation failed","details":"Unknown
│ error","code":"GTEMP0007"}}

[rrahimm]

@danischm and @seconroy

Can you take a look at this

[rrahimm]

Hello @danischm and @seconroy

Did you get a chance to review this.

[seconroy]

This issue only seems to be occur when zscaler_password_variable is configured, However this endpoint expect values for both constant (vipValue) and variable (vipVariableName) to be configured which is different to all other API's. Again, this only seems to break with zscaler_password_variable. A solution is still being worked on

{
    "templateName": "Example",
    "templateDescription": "My Example",
    "templateType": "cisco_sig_credentials",
    "deviceType": [
        "vedge-C8000V"
    ],
    "templateMinVersion": "15.0.0",
    "templateDefinition": {
        "zscaler": {
            "organization": {
                "vipObjectType": "object",
                "vipType": "constant",
                "vipValue": "org1",
                "vipVariableName": "system_organization"
            },
            "partner-base-uri": {
                "vipObjectType": "object",
                "vipType": "constant",
                "vipValue": "abc",
                "vipVariableName": "system_partner_base_uri"
            },
            "username": {
                "vipObjectType": "object",
                "vipType": "constant",
                "vipValue": "user2",
                "vipVariableName": "system_username"
            },
            "password": {
                "vipObjectType": "object",
                "vipType": "constant",
                "vipValue": "password123",
                "vipVariableName": "system_password",
                "vipNeedsEncryption": true
            },
            "partner-key": {
                "vipObjectType": "object",
                "vipType": "constant",
                "vipValue": "key123",
                "vipVariableName": "system_partner_key"
            }
        }
    },
    "factoryDefault": false,
    "isGlobal": true
}

[rrahimm]

tested from dev branch and looks good

[danischm]

Released in v0.3.12.