search

CiscoISE / terraform-provider-ciscoise

Terraform Provider for Cisco ISE
https://registry.terraform.io/providers/CiscoISE/ciscoise/latest/docs
MIT License
10 stars 4 forks source link

Domain join all nodes schema error #10

Closed ragu2k8 closed 2 years ago

ragu2k8 commented 2 years ago

when trying to join all nodes to active directory it fails, looks the payload format is not right,


data "ciscoise_active_directory_join_domain_with_all_nodes" "example" {
  provider = ciscoise
  id       = "12345"
  additional_data {
    name  = "admin"
    value = "test123"
  }
}

The payload format should be as below,


 {
              "OperationAdditionalData" : {
                  "additionalData" : [ 
                      {
                          "name" : "username",
                          "value" : "admin"
                      },
                      {
                          "name" : "password",
                          "value" : "test123"
                      }
                  ]
              }
          }

error: 2021-12-24T06:09:46.511-0800 [INFO] provider.terraform-provider-ciscoise_v0.0.3-beta: 2021/12/24 06:09:46 [DEBUG] Selected method 1: JoinDomainWithAllNodes: timestamp=2021-12-24T06:09:46.511-0800 2021-12-24T06:09:46.529-0800 [INFO] provider.terraform-provider-ciscoise_v0.0.3-beta: 2021/12/24 06:09:46 [DEBUG] request sent => {"OperationAdditionalData":{"additionalData":[{"value":"test123","name":"admin"}]}}: timestamp=2021-12-24T06:09:46.528-0800 2021-12-24T06:09:46.529-0800 [TRACE] provider.stdio: received data: channel=STDERR len=1024 2021-12-24T06:09:46.529-0800 [TRACE] provider.stdio: waiting for stdio data 2021-12-24T06:09:46.529-0800 [TRACE] vertex "data.ciscoise_active_directory_join_domain_with_all_nodes.domainjoin": visit complete 2021-12-24T06:09:46.529-0800 [TRACE] provider.stdio: received data: channel=STDERR len=12 2021-12-24T06:09:46.529-0800 [TRACE] vertex "data.ciscoise_active_directory_join_domain_with_all_nodes.domainjoin": dynamic subgraph encountered errors: Failure when executing JoinDomainWithAllNodes 2021-12-24T06:09:46.529-0800 [TRACE] vertex "data.ciscoise_active_directory_join_domain_with_all_nodes.domainjoin": visit complete 2021-12-24T06:09:46.529-0800 [TRACE] vertex "data.ciscoise_active_directory_join_domain_with_all_nodes.domainjoin (expand)": dynamic subgraph encountered errors: Failure when executing JoinDomainWithAllNodes 2021-12-24T06:09:46.529-0800 [TRACE] provider.stdio: waiting for stdio data 2021-12-24T06:09:46.529-0800 [TRACE] vertex "data.ciscoise_active_directory_join_domain_with_all_nodes.domainjoin (expand)": visit complete 2021-12-24T06:09:46.529-0800 [TRACE] dag/walk: upstream of "meta.count-boundary (EachMode fixup)" errored, so skipping 2021-12-24T06:09:46.529-0800 [TRACE] dag/walk: upstream of "provider[\"registry.terraform.io/ciscoise/ciscoise\"] (close)" errored, so skipping 2021-12-24T06:09:46.529-0800 [TRACE] dag/walk: upstream of "root" errored, so skipping ╷ │ Error: Failure when executing JoinDomainWithAllNodes │ │ with data.ciscoise_active_directory_join_domain_with_all_nodes.domainjoin, │ on adjoin.tf line 57, in data "ciscoise_active_directory_join_domain_with_all_nodes" "domainjoin": │ 57: data "ciscoise_active_directory_join_domain_with_all_nodes" "domainjoin" { │ │ error with operation JoinDomainWithAllNodes ╵

wastorga commented 2 years ago

Hi, @ragu2k8. The data source should look something like this to represent the payload format.

data "ciscoise_active_directory_join_domain_with_all_nodes" "example" {
  provider = ciscoise
  id       = "12345"
  additional_data {
    name  = "username"
    value = "admin"
  }  
  additional_data {
    name  = "password"
    value = "test123"
  }
}
2021-12-24T08:43:39.204-0600 [INFO]  provider.terraform-provider-ciscoise: 2021/12/24 08:43:39 [DEBUG] Selected
method: JoinDomainWithAllNodes: timestamp=2021-12-24T08:43:39.204-0600
2021-12-24T08:43:39.813-0600 [INFO]  provider.terraform-provider-ciscoise: 2021/12/24 08:43:39 [DEBUG] request
sent => {"OperationAdditionalData":{"additionalData":[{"value":"admin","name":"username"},
{"value":"test123","name":"password"}]}}: timestamp=2021-12-24T08:43:39.813-0600

Hopefully, that clarifies it.

ragu2k8 commented 2 years ago

thanks for clarification. however i dont see any ISE API response 

data "ciscoise_active_directory_join_domain_with_all_nodes" "example"{
  provider = ciscoise
  id = "61c9a1e0-6478-11ec-aa94-f6a74d56418c"
  additional_data {
    name = "username"
    value = "admin"
  }
  additional_data {
    name = "password"
    value = "test123"
  }
}

╷ │ Error: Failure when executing JoinDomainWithAllNodes │ │ with data.ciscoise_active_directory_join_domain_with_all_nodes.example, │ on adjoin.tf line 66, in data "ciscoise_active_directory_join_domain_with_all_nodes" "example": │ 66: data "ciscoise_active_directory_join_domain_with_all_nodes" "example"{ │ │ error with operation JoinDomainWithAllNodes ╵

Log:

2021-12-24T07:29:02.078-0800 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/ciscoise/ciscoise/0.0.3-beta/darwin_amd64/terraform-provider-ciscoise_v0.0.3-beta args=[.terraform/providers/registry.terraform.io/ciscoise/ciscoise/0.0.3-beta/darwin_amd64/terraform-provider-ciscoise_v0.0.3-beta] 2021-12-24T07:29:02.084-0800 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/ciscoise/ciscoise/0.0.3-beta/darwin_amd64/terraform-provider-ciscoise_v0.0.3-beta pid=82731 2021-12-24T07:29:02.084-0800 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/ciscoise/ciscoise/0.0.3-beta/darwin_amd64/terraform-provider-ciscoise_v0.0.3-beta 2021-12-24T07:29:02.101-0800 [INFO] provider.terraform-provider-ciscoise_v0.0.3-beta: configuring server automatic mTLS: timestamp=2021-12-24T07:29:02.101-0800 2021-12-24T07:29:02.132-0800 [DEBUG] provider: using plugin: version=5 2021-12-24T07:29:02.132-0800 [DEBUG] provider.terraform-provider-ciscoise_v0.0.3-beta: plugin address: address=/var/folders/4v/rvvnj2xx3ns7ylg5bdpy6v4c0000gq/T/plugin798887526 network=unix timestamp=2021-12-24T07:29:02.131-0800 2021-12-24T07:29:02.305-0800 [DEBUG] Resource instance state not found for node "data.ciscoise_active_directory_join_domain_with_all_nodes.example", instance data.ciscoise_active_directory_join_domain_with_all_nodes.example 2021-12-24T07:29:02.305-0800 [DEBUG] ReferenceTransformer: "data.ciscoise_active_directory_join_domain_with_all_nodes.example" references: [] 2021-12-24T07:29:02.326-0800 [INFO] provider.terraform-provider-ciscoise_v0.0.3-beta: 2021/12/24 07:29:02 [DEBUG] Selected method 1: JoinDomainWithAllNodes: timestamp=2021-12-24T07:29:02.326-0800 2021-12-24T07:29:05.491-0800 [INFO] provider.terraform-provider-ciscoise_v0.0.3-beta: 2021/12/24 07:29:05 [DEBUG] request sent => {"OperationAdditionalData":{"additionalData":[{"value":"admin","name":"username"},{"value":"test123","name":"password"}]}}: timestamp=2021-12-24T07:29:05.491-0800 2021-12-24T07:29:05.508-0800 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing" 2021-12-24T07:29:05.511-0800 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/ciscoise/ciscoise/0.0.3-beta/darwin_amd64/terraform-provider-ciscoise_v0.0.3-beta pid=82731 2021-12-24T07:29:05.511-0800 [DEBUG] provider: plugin exited

wastorga commented 2 years ago

Three things. First, it seems to me that the nodes could be already joined. In those cases, Cisco ISE returns an error. Second, '[DEBUG] Retrieved response', if you have TF_LOG set, is the line that should give you the ISE response. Third, you could also get the response using an output block

output "join_result" {
  value = data.ciscoise_active_directory_join_domain_with_all_nodes.example
}
ragu2k8 commented 2 years ago

thanks @wastorga,

  1. I am letting the domain join to fail explicitly hoping to see api failed response in logs. expecting something like below but dont see any such response in logs.

    "ERSResponse\" : {\n    \"operation\" : \"PUT-joinAllNodes-activedirectory\",\n    \"messages\" : [ {\n      \"title\" : \"Operation [join] failed [com.cisco.cpm.ers.api.exception.ERSCRUDHandlerException: nodes not able to join/remove : [isetest.cisco.com]\",\n      \"type\" : \"ERROR\",\n      \"code\" : \"CRUD operation exception\"\n    } ],\n    \"link\" : {\n      \"rel\" : \"related\",\n      \"href\" : \"https://isetest.cisco.com/ers/config/activedirectory/61c9a1e0-6478-11ec-aa94-f6a74d56418c/joinAllNodes\",\n      \"type\" : \"application/xml\"\n    }\n  }\n}"
}

  2. have the set TF_LOG='trace' and ise debug to 'true'

however if there is no issue during api call, it works fine.

wastorga commented 2 years ago

I need to look into the debug option of the SDK. The resty logs do not appear in Tf. Currently, Tf only catches the logs from the "log" package. I have added code to display the error responses for the missing data source "actions" on the develop branch. I will later add it to the next version.

ragu2k8 commented 2 years ago

@wastorga appreciate it . thanks for looking.

wastorga commented 2 years ago

I changed the Resty Logger to be Terraform compatible. The Resty logger appears if TF_LOG is set, and the ISE_DEBUG env is true or provider debug param is true.

Version 0.1.0-rc.2 is currently in the process of publishing.