ciscoise_device_administration_policy_set creates the policy set in ISE successfully but still fails

[chetanph]

Prerequisites

• [x] Have you tested the operation in the API directly?
• [x] Do you have the latest Terraform provider version?

Describe the bug Policy Set creation in ISE works fine. But the provider still fails.

# main.tf
resource "ciscoise_device_administration_policy_set" "asa" {
  parameters {
    rank        = 0
    state       = "enabled"
    name        = "ASA Firewalls"
    description = "ASA Firewalls"
    condition {
      condition_type  = "ConditionAttributes"
      is_negate       = "false"
      dictionary_name = "DEVICE"
      attribute_name  = "Device Type"
      operator        = "startsWith"
      attribute_value = "All Device Types"
    }
    service_name = "Default Device Admin"
  }
}

$ terraform plan 

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # ciscoise_device_administration_policy_set.asa will be created
  + resource "ciscoise_device_administration_policy_set" "asa" {
      + id           = (known after apply)
      + item         = (known after apply)
      + last_updated = (known after apply)

      + parameters {
          + description  = "ASA Firewalls"
          + name         = "ASA Firewalls"
          + rank         = 0
          + service_name = "Default Device Admin"
          + state        = "enabled"

          + condition {
              + attribute_name  = "Device Type"
              + attribute_value = "All Device Types"
              + condition_type  = "ConditionAttributes"
              + dictionary_name = "DEVICE"
              + is_negate       = "false"
              + operator        = "startsWith"
            }
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.

$ terraform apply -auto-approve

2022-05-10T16:59:39.012-0500 [INFO]  backend/local: apply calling Apply
2022-05-10T16:59:39.012-0500 [DEBUG] Building and walking apply graph for NormalMode plan
2022-05-10T16:59:39.013-0500 [DEBUG] Resource state not found for node "ciscoise_device_administration_policy_set.asa", instance ciscoise_device_administration_policy_set.asa
2022-05-10T16:59:39.013-0500 [DEBUG] ProviderTransformer: "ciscoise_device_administration_policy_set.asa (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2022-05-10T16:59:39.013-0500 [DEBUG] ProviderTransformer: "ciscoise_device_administration_policy_set.asa" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2022-05-10T16:59:39.013-0500 [DEBUG] ReferenceTransformer: "ciscoise_device_administration_policy_set.asa (expand)" references: []
2022-05-10T16:59:39.013-0500 [DEBUG] ReferenceTransformer: "ciscoise_device_administration_policy_set.asa" references: []
2022-05-10T16:59:39.013-0500 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/ciscoise/ciscoise\"]" references: []
2022-05-10T16:59:39.013-0500 [DEBUG] Starting graph walk: walkApply
2022-05-10T16:59:39.014-0500 [DEBUG] created provider logger: level=debug
2022-05-10T16:59:39.014-0500 [INFO]  provider: configuring client automatic mTLS
2022-05-10T16:59:39.023-0500 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/ciscoise/ciscoise/0.5.0-beta/darwin_amd64/terraform-provider-ciscoise_v0.5.0-beta args=[.terraform/providers/registry.terraform.io/ciscoise/ciscoise/0.5.0-beta/darwin_amd64/terraform-provider-ciscoise_v0.5.0-beta]
2022-05-10T16:59:39.027-0500 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/ciscoise/ciscoise/0.5.0-beta/darwin_amd64/terraform-provider-ciscoise_v0.5.0-beta pid=8964
2022-05-10T16:59:39.028-0500 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/ciscoise/ciscoise/0.5.0-beta/darwin_amd64/terraform-provider-ciscoise_v0.5.0-beta
2022-05-10T16:59:39.048-0500 [INFO]  provider.terraform-provider-ciscoise_v0.5.0-beta: configuring server automatic mTLS: timestamp=2022-05-10T16:59:39.048-0500
2022-05-10T16:59:39.058-0500 [DEBUG] provider.terraform-provider-ciscoise_v0.5.0-beta: plugin address: address=/var/folders/rj/hymfyrbs71s52cz1k76wnygw0000gn/T/plugin2608886608 network=unix timestamp=2022-05-10T16:59:39.058-0500
2022-05-10T16:59:39.058-0500 [DEBUG] provider: using plugin: version=5
ciscoise_device_administration_policy_set.asa: Creating...
2022-05-10T16:59:39.184-0500 [INFO]  Starting apply for ciscoise_device_administration_policy_set.asa
2022-05-10T16:59:39.184-0500 [DEBUG] ciscoise_device_administration_policy_set.asa: applying the planned Create change
2022-05-10T16:59:39.185-0500 [INFO]  provider.terraform-provider-ciscoise_v0.5.0-beta: 2022/05/10 16:59:39 [DEBUG] setting computed for "item" from ComputedKeys: timestamp=2022-05-10T16:59:39.185-0500
2022-05-10T16:59:39.185-0500 [INFO]  provider.terraform-provider-ciscoise_v0.5.0-beta: 2022/05/10 16:59:39 [DEBUG] Beginning DeviceAdministrationPolicySet create: timestamp=2022-05-10T16:59:39.185-0500
2022-05-10T16:59:39.185-0500 [INFO]  provider.terraform-provider-ciscoise_v0.5.0-beta: 2022/05/10 16:59:39 [DEBUG] request sent => {"condition":{"conditionType":"ConditionAttributes","isNegate":false,"attributeName":"Device Type","attributeValue":"All Device Types","dictionaryName":"DEVICE","operator":"startsWith"},"description":"ASA Firewalls","name":"ASA Firewalls","rank":0,"serviceName":"Default Device Admin","state":"enabled"}: timestamp=2022-05-10T16:59:39.185-0500
2022-05-10T16:59:40.031-0500 [INFO]  provider.terraform-provider-ciscoise_v0.5.0-beta: 2022/05/10 16:59:40 [DEBUG] Beginning DeviceAdministrationPolicySet read for id=[id:=66a1b258-3db9-486d-b323-204cb2404711\name:=ASA Firewalls]: timestamp=2022-05-10T16:59:40.031-0500
2022-05-10T16:59:40.031-0500 [INFO]  provider.terraform-provider-ciscoise_v0.5.0-beta: 2022/05/10 16:59:40 [DEBUG] Selecting method. Method 1 [true]: timestamp=2022-05-10T16:59:40.031-0500
2022-05-10T16:59:40.031-0500 [INFO]  provider.terraform-provider-ciscoise_v0.5.0-beta: 2022/05/10 16:59:40 [DEBUG] Selecting method. Method 2 [true]: timestamp=2022-05-10T16:59:40.031-0500
2022-05-10T16:59:40.031-0500 [INFO]  provider.terraform-provider-ciscoise_v0.5.0-beta: 2022/05/10 16:59:40 [DEBUG] Selected method: GetDeviceAdminPolicySetByID: timestamp=2022-05-10T16:59:40.031-0500
2022-05-10T16:59:40.284-0500 [INFO]  provider.terraform-provider-ciscoise_v0.5.0-beta: 2022/05/10 16:59:40 [DEBUG] Retrieved response {"response":{"condition":{"conditionType":"ConditionAttributes","isNegate":false,"attributeName":"Device Type","attributeValue":"All Device Types","dictionaryName":"DEVICE","operator":"startsWith"},"default":false,"description":"ASA Firewalls","hitCounts":0,"id":"66a1b258-3db9-486d-b323-204cb2404711","isProxy":false,"link":{"href":"https://mapper.cisco.com/api/v1/policy/device-admin/policy-set/66a1b258-3db9-486d-b323-204cb2404711","rel":"self","type":"application/json"},"name":"ASA Firewalls","rank":0,"serviceName":"Default Device Admin","state":"enabled"},"version":"1.0.0"}: timestamp=2022-05-10T16:59:40.284-0500
2022-05-10T16:59:40.284-0500 [INFO]  provider.terraform-provider-ciscoise_v0.5.0-beta: 2022/05/10 16:59:40 [ERROR] setting state: Invalid address to set: []string{"parameters", "0", "condition", "0", "link"}: timestamp=2022-05-10T16:59:40.284-0500
2022-05-10T16:59:40.313-0500 [ERROR] vertex "ciscoise_device_administration_policy_set.asa" error: Failure when setting GetDeviceAdminPolicySetByID response to parameters
╷
│ Error: Failure when setting GetDeviceAdminPolicySetByID response to parameters
│ 
│   with ciscoise_device_administration_policy_set.asa,
│   on main.tf line 4, in resource "ciscoise_device_administration_policy_set" "asa":
│    4: resource "ciscoise_device_administration_policy_set" "asa" {
│ 
│ Invalid address to set: []string{"parameters", "0", "condition", "0", "link"}
╵
2022-05-10T16:59:40.337-0500 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2022-05-10T16:59:40.339-0500 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/ciscoise/ciscoise/0.5.0-beta/darwin_amd64/terraform-provider-ciscoise_v0.5.0-beta pid=8964
2022-05-10T16:59:40.339-0500 [DEBUG] provider: plugin exited

Error likely caused by https://github.com/CiscoISE/terraform-provider-ciscoise/blob/54f9c1ceaa1ef4bfbb62998d93cb0f3e0c7005f3/ciscoise/resource_device_administration_policy_set.go#L682

Need to remove repsonse -> condition -> link also before setting parameters.

Expected behavior Successful completion by the provider.

Screenshots POST request successful

GET request successful

Environment (please complete the following information):

• ISE version and patch: 3.1 patch 3

Terraform v1.1.9
on darwin_amd64
+ provider registry.terraform.io/ciscoise/ciscoise v0.5.0-beta

• OS version: macOs Big Sur 11.6.5

Additional context N/A

[bvargasre]

Hi @chetanph, we are working on it.

[bvargasre]

Hi @chetanph new versions of ciscoise-go-sdk v1.1.4 and terraform-provider-ciscoise v0.6.0-beta has been released, try with these new versions and let us know if it work for you.

[chetanph]

Yes, it works with newer version. Thank you!! Really appreciate quick response!!!