search

CiscoISE / terraform-provider-ciscoise

Terraform Provider for Cisco ISE
https://registry.terraform.io/providers/CiscoISE/ciscoise/latest/docs
MIT License
10 stars 4 forks source link

Provider should not generate a change plan where there's no change in configuration #36

Closed chetanph closed 2 years ago

chetanph commented 2 years ago

Is your feature request related to a problem? Please describe. After a successful apply, subsequent apply executions perform change for every resource.

It's caused by parameter.id. Resource creation saves its UUID in parameter.id but next apply wants to reset it back to null

terraform apply -auto-approve
ciscoise_network_device_group.device_type_firewall: Refreshing state... [id=id:=4b9c9430-d242-11ec-989c-2ab8e3d60603\name:=Device Type#All Device Types#FIREWALL]
ciscoise_network_device_group.location_rcdn: Refreshing state... [id=id:=4b9ba9d0-d242-11ec-989c-2ab8e3d60603\name:=Location#All Locations#RCDN]
ciscoise_tacacs_profile.asa_priv15: Refreshing state... [id=id:=4b8e6360-d242-11ec-989c-2ab8e3d60603\name:=Permit Access to ASA]
ciscoise_tacacs_command_sets.asa_read_only: Refreshing state... [id=id:=4ba7ded0-d242-11ec-989c-2ab8e3d60603\name:=ASA Operator]
ciscoise_tacacs_command_sets.asa_full_access: Refreshing state... [id=id:=4b9233f0-d242-11ec-989c-2ab8e3d60603\name:=ASA Admin]
ciscoise_device_administration_policy_set.asa: Refreshing state... [id=id:=75063c9a-d4b4-463b-89c8-d5346b7d7b49\name:=ASA Firewalls]
ciscoise_network_device.rcdn_asa: Refreshing state... [id=id:=4c279620-d242-11ec-989c-2ab8e3d60603\name:=RCDN-ASA01]
ciscoise_device_administration_authentication_rules.policy_set_asa_authc_rule_default: Refreshing state... [id=name:=Default\policy_id:=75063c9a-d4b4-463b-89c8-d5346b7d7b49]
ciscoise_device_administration_authorization_rules.policy_set_asa_authz_rule_operator: Refreshing state... [id=id:=d330be9b-d164-4961-8cfa-47a89bb39652\policy_id:=75063c9a-d4b4-463b-89c8-d5346b7d7b49]
ciscoise_device_administration_authorization_rules.policy_set_asa_authz_rule_admin: Refreshing state... [id=id:=31c6377a-f2fa-4e73-8f8a-398bc73e5634\policy_id:=75063c9a-d4b4-463b-89c8-d5346b7d7b49]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # ciscoise_device_administration_authentication_rules.policy_set_asa_authc_rule_default will be updated in-place
  ~ resource "ciscoise_device_administration_authentication_rules" "policy_set_asa_authc_rule_default" {
        id           = "name:=Default\\policy_id:=75063c9a-d4b4-463b-89c8-d5346b7d7b49"
        # (2 unchanged attributes hidden)

      ~ parameters {
          + policy_id            = "75063c9a-d4b4-463b-89c8-d5346b7d7b49"
            # (4 unchanged attributes hidden)

          ~ rule {
              - id         = "4bdf7e5e-c2af-4786-aea8-4bde1a285b54" -> null
                name       = "Default"
                # (4 unchanged attributes hidden)
            }
        }
    }

  # ciscoise_device_administration_authorization_rules.policy_set_asa_authz_rule_admin will be updated in-place
  ~ resource "ciscoise_device_administration_authorization_rules" "policy_set_asa_authz_rule_admin" {
        id           = "id:=31c6377a-f2fa-4e73-8f8a-398bc73e5634\\policy_id:=75063c9a-d4b4-463b-89c8-d5346b7d7b49"
        # (2 unchanged attributes hidden)

      ~ parameters {
          + policy_id = "75063c9a-d4b4-463b-89c8-d5346b7d7b49"
            # (2 unchanged attributes hidden)

          ~ rule {
              - id         = "31c6377a-f2fa-4e73-8f8a-398bc73e5634" -> null
                name       = "Admin"
                # (4 unchanged attributes hidden)

                # (1 unchanged block hidden)
            }
        }
    }

  # ciscoise_device_administration_authorization_rules.policy_set_asa_authz_rule_operator will be updated in-place
  ~ resource "ciscoise_device_administration_authorization_rules" "policy_set_asa_authz_rule_operator" {
        id           = "id:=d330be9b-d164-4961-8cfa-47a89bb39652\\policy_id:=75063c9a-d4b4-463b-89c8-d5346b7d7b49"
        # (2 unchanged attributes hidden)

      ~ parameters {
          + policy_id = "75063c9a-d4b4-463b-89c8-d5346b7d7b49"
            # (2 unchanged attributes hidden)

          ~ rule {
              - id         = "d330be9b-d164-4961-8cfa-47a89bb39652" -> null
                name       = "Operator"
                # (4 unchanged attributes hidden)

                # (1 unchanged block hidden)
            }
        }
    }

  # ciscoise_device_administration_policy_set.asa will be updated in-place
  ~ resource "ciscoise_device_administration_policy_set" "asa" {
        id           = "id:=75063c9a-d4b4-463b-89c8-d5346b7d7b49\\name:=ASA Firewalls"
        # (2 unchanged attributes hidden)

      ~ parameters {
          - default      = "false" -> null
          - id           = "75063c9a-d4b4-463b-89c8-d5346b7d7b49" -> null
          - is_proxy     = "false" -> null
            name         = "ASA Firewalls"
            # (5 unchanged attributes hidden)

            # (1 unchanged block hidden)
        }
    }

  # ciscoise_network_device.rcdn_asa will be updated in-place
  ~ resource "ciscoise_network_device" "rcdn_asa" {
        id           = "id:=4c279620-d242-11ec-989c-2ab8e3d60603\\name:=RCDN-ASA01"
        # (2 unchanged attributes hidden)

      ~ parameters {
          - id                        = "4c279620-d242-11ec-989c-2ab8e3d60603" -> null
            name                      = "RCDN-ASA01"
          ~ network_device_group_list = [
                # (1 unchanged element hidden)
                "Location#All Locations#RCDN",
              - "IPSEC#Is IPSEC Device",
            ]
          - profile_name              = "Cisco" -> null
            # (2 unchanged attributes hidden)

          - authentication_settings {
              - dtls_required       = "false" -> null
              - enable_key_wrap     = "false" -> null
              - enable_multi_secret = "false" -> null
            }

            # (2 unchanged blocks hidden)
        }
    }

  # ciscoise_network_device_group.device_type_firewall will be updated in-place
  ~ resource "ciscoise_network_device_group" "device_type_firewall" {
        id           = "id:=4b9c9430-d242-11ec-989c-2ab8e3d60603\\name:=Device Type#All Device Types#FIREWALL"
        # (2 unchanged attributes hidden)

      ~ parameters {
          - id          = "4b9c9430-d242-11ec-989c-2ab8e3d60603" -> null
            name        = "Device Type#All Device Types#FIREWALL"
            # (2 unchanged attributes hidden)
        }
    }

  # ciscoise_network_device_group.location_rcdn will be updated in-place
  ~ resource "ciscoise_network_device_group" "location_rcdn" {
        id           = "id:=4b9ba9d0-d242-11ec-989c-2ab8e3d60603\\name:=Location#All Locations#RCDN"
        # (2 unchanged attributes hidden)

      ~ parameters {
          - id          = "4b9ba9d0-d242-11ec-989c-2ab8e3d60603" -> null
            name        = "Location#All Locations#RCDN"
            # (2 unchanged attributes hidden)
        }
    }

  # ciscoise_tacacs_command_sets.asa_full_access will be updated in-place
  ~ resource "ciscoise_tacacs_command_sets" "asa_full_access" {
        id           = "id:=4b9233f0-d242-11ec-989c-2ab8e3d60603\\name:=ASA Admin"
        # (2 unchanged attributes hidden)

      ~ parameters {
          - id               = "4b9233f0-d242-11ec-989c-2ab8e3d60603" -> null
            name             = "ASA Admin"
            # (2 unchanged attributes hidden)

          - commands {
            }
        }
    }

  # ciscoise_tacacs_command_sets.asa_read_only will be updated in-place
  ~ resource "ciscoise_tacacs_command_sets" "asa_read_only" {
        id           = "id:=4ba7ded0-d242-11ec-989c-2ab8e3d60603\\name:=ASA Operator"
        # (2 unchanged attributes hidden)

      ~ parameters {
          - id               = "4ba7ded0-d242-11ec-989c-2ab8e3d60603" -> null
            name             = "ASA Operator"
            # (2 unchanged attributes hidden)

            # (1 unchanged block hidden)
        }
    }

  # ciscoise_tacacs_profile.asa_priv15 will be updated in-place
  ~ resource "ciscoise_tacacs_profile" "asa_priv15" {
        id           = "id:=4b8e6360-d242-11ec-989c-2ab8e3d60603\\name:=Permit Access to ASA"
        # (2 unchanged attributes hidden)

      ~ parameters {
          - id          = "4b8e6360-d242-11ec-989c-2ab8e3d60603" -> null
            name        = "Permit Access to ASA"
            # (1 unchanged attribute hidden)

            # (1 unchanged block hidden)
        }
    }

Plan: 0 to add, 10 to change, 0 to destroy.
ciscoise_network_device_group.device_type_firewall: Modifying... [id=id:=4b9c9430-d242-11ec-989c-2ab8e3d60603\name:=Device Type#All Device Types#FIREWALL]
ciscoise_network_device_group.location_rcdn: Modifying... [id=id:=4b9ba9d0-d242-11ec-989c-2ab8e3d60603\name:=Location#All Locations#RCDN]
ciscoise_tacacs_command_sets.asa_read_only: Modifying... [id=id:=4ba7ded0-d242-11ec-989c-2ab8e3d60603\name:=ASA Operator]
ciscoise_tacacs_command_sets.asa_full_access: Modifying... [id=id:=4b9233f0-d242-11ec-989c-2ab8e3d60603\name:=ASA Admin]
ciscoise_tacacs_profile.asa_priv15: Modifying... [id=id:=4b8e6360-d242-11ec-989c-2ab8e3d60603\name:=Permit Access to ASA]
ciscoise_device_administration_policy_set.asa: Modifying... [id=id:=75063c9a-d4b4-463b-89c8-d5346b7d7b49\name:=ASA Firewalls]
ciscoise_tacacs_command_sets.asa_full_access: Modifications complete after 1s [id=id:=4b9233f0-d242-11ec-989c-2ab8e3d60603\name:=ASA Admin]
ciscoise_tacacs_profile.asa_priv15: Modifications complete after 1s [id=id:=4b8e6360-d242-11ec-989c-2ab8e3d60603\name:=Permit Access to ASA]
ciscoise_tacacs_command_sets.asa_read_only: Modifications complete after 1s [id=id:=4ba7ded0-d242-11ec-989c-2ab8e3d60603\name:=ASA Operator]
ciscoise_network_device_group.device_type_firewall: Modifications complete after 1s [id=id:=4b9c9430-d242-11ec-989c-2ab8e3d60603\name:=Device Type#All Device Types#FIREWALL]
ciscoise_network_device_group.location_rcdn: Modifications complete after 1s [id=id:=4b9ba9d0-d242-11ec-989c-2ab8e3d60603\name:=Location#All Locations#RCDN]
ciscoise_network_device.rcdn_asa: Modifying... [id=id:=4c279620-d242-11ec-989c-2ab8e3d60603\name:=RCDN-ASA01]
ciscoise_device_administration_policy_set.asa: Modifications complete after 1s [id=id:=75063c9a-d4b4-463b-89c8-d5346b7d7b49\name:=ASA Firewalls]
ciscoise_device_administration_authentication_rules.policy_set_asa_authc_rule_default: Modifying... [id=name:=Default\policy_id:=75063c9a-d4b4-463b-89c8-d5346b7d7b49]
ciscoise_device_administration_authorization_rules.policy_set_asa_authz_rule_operator: Modifying... [id=id:=d330be9b-d164-4961-8cfa-47a89bb39652\policy_id:=75063c9a-d4b4-463b-89c8-d5346b7d7b49]
ciscoise_network_device.rcdn_asa: Modifications complete after 0s [id=id:=4c279620-d242-11ec-989c-2ab8e3d60603\name:=RCDN-ASA01]
ciscoise_device_administration_authorization_rules.policy_set_asa_authz_rule_operator: Modifications complete after 1s [id=id:=d330be9b-d164-4961-8cfa-47a89bb39652\policy_id:=75063c9a-d4b4-463b-89c8-d5346b7d7b49]
ciscoise_device_administration_authorization_rules.policy_set_asa_authz_rule_admin: Modifying... [id=id:=31c6377a-f2fa-4e73-8f8a-398bc73e5634\policy_id:=75063c9a-d4b4-463b-89c8-d5346b7d7b49]
ciscoise_device_administration_authorization_rules.policy_set_asa_authz_rule_admin: Modifications complete after 1s [id=id:=31c6377a-f2fa-4e73-8f8a-398bc73e5634\policy_id:=75063c9a-d4b4-463b-89c8-d5346b7d7b49]
ciscoise_device_administration_authentication_rules.policy_set_asa_authc_rule_default: Modifications complete after 2s [id=name:=Default\policy_id:=75063c9a-d4b4-463b-89c8-d5346b7d7b49]

Apply complete! Resources: 0 added, 10 changed, 0 destroyed.

Outputs:

device_type_firewall = "id:=4b9c9430-d242-11ec-989c-2ab8e3d60603\\name:=Device Type#All Device Types#FIREWALL"
internal_users_id_store = "9273fe30-8c01-11e6-996c-525400b48521"
location_rcdn = "id:=4b9ba9d0-d242-11ec-989c-2ab8e3d60603\\name:=Location#All Locations#RCDN"
policy_set_asa_id = "75063c9a-d4b4-463b-89c8-d5346b7d7b49"
rcdn_asa = "id:=4c279620-d242-11ec-989c-2ab8e3d60603\\name:=RCDN-ASA01"

This happens every single time even when there's no change made to terraform code. Multiple issues with this:

  1. This will quickly get very annoying for someone actually managing production ISE config from terraform.
  2. Generates many unnecessary API calls
  3. Plan output is always be very long:
    • difficult to review
    • easy to miss any unexpected changes if there are any.

Describe the solution you'd like There should be no change generated by the provider when there's no real change in the configuration.

Describe alternatives you've considered No alternatives here.

Additional context N/A

fmunozmiranda commented 2 years ago

Hey @chetanph , there's a new version (v0.6.1-beta) of terraform-provider-ciscoise, try again with that version and let know us if works for you.

chetanph commented 2 years ago

Hi @fmunozmiranda, thanks for the update. Will test this and update by tomorrow.

chetanph commented 2 years ago

Hi @fmunozmiranda, v0.6.1-beta worked fine. Thanks so much. It runs much cleaner now!!

fmunozmiranda commented 2 years ago

I'm glad to help you @chetanph . Any other problem you report.