fmunozmiranda
commented
1 year ago Hey @mschedrin , there's a new version (0.6.12-beta) of provider, please try it again and let us know if it works now.
Closed mschedrin closed 1 year ago
fmunozmiranda
commented
1 year ago Hey @mschedrin , there's a new version (0.6.12-beta) of provider, please try it again and let us know if it works now.
mschedrin
commented
1 year ago It works now 👍
mschedrin
commented
1 year ago I was too quick to confirm that resource works as expected. It turns out that terraform state is not handled properly with a resource created with type "ConditionReference" in children section. Terraform now suggests updating the resource in place upon every plan/update action and fails doing that. Based on my understanding the provider fails to match values in API reply with tfstate, additionally it fails to generate correct payload when updating the resource. Parameters in tfstate seem to be correct. Terraform output when running terraform apply:
Terraform will perform the following actions:
# ciscoise_network_access_authorization_rules.complex_condition will be updated in-place
~ resource "ciscoise_network_access_authorization_rules" "complex_condition" {
id = "id:=8079a15a-a14f-47bd-8d8f-37a6710d464f\\name:=rule with complex condition\\policy_id:=ac8db424-5856-468f-a93e-b913d6e8d57a"
# (1 unchanged attribute hidden)
~ parameters {
id = "8079a15a-a14f-47bd-8d8f-37a6710d464f"
# (4 unchanged attributes hidden)
~ rule {
id = "8079a15a-a14f-47bd-8d8f-37a6710d464f"
name = "rule with complex condition"
# (4 unchanged attributes hidden)
~ condition {
# (5 unchanged attributes hidden)
~ children {
+ attribute_name = "LogicalProfile"
+ attribute_value = "APs"
+ dictionary_name = "EndPoints"
+ operator = "equals"
# (3 unchanged attributes hidden)
}
~ children {
+ id = "8bd7ac6e-0910-445e-9d7e-35327cc54e6b"
# (3 unchanged attributes hidden)
}
}
}
}
}
Plan: 0 to add, 1 to change, 0 to destroy.
ciscoise_network_access_authorization_rules.complex_condition: Modifying... [id=id:=8079a15a-a14f-47bd-8d8f-37a6710d464f\name:=rule with complex condition\policy_id:=ac8db424-5856-468f-a93e-b913d6e8d57a]
╷
│ Error: Failure when executing UpdateNetworkAccessAuthorizationRuleByID
│
│ with ciscoise_network_access_authorization_rules.complex_condition,
│ on network_access_authorization_rules.tf line 45, in resource "ciscoise_network_access_authorization_rules" "complex_condition":
│ 45: resource "ciscoise_network_access_authorization_rules" "complex_condition" {
│
│ error with operation UpdateNetworkAccessAuthorizationRuleById
│ {
│ "message" : "request has bad input format in the body",
│ "code" : 400
│ }
╵Terraform state of corresponding resource:
> terraform state show ciscoise_network_access_authorization_rules.complex_condition
# ciscoise_network_access_authorization_rules.complex_condition:
resource "ciscoise_network_access_authorization_rules" "complex_condition" {
id = "id:=8079a15a-a14f-47bd-8d8f-37a6710d464f\\name:=rule with complex condition\\policy_id:=ac8db424-5856-468f-a93e-b913d6e8d57a"
item = [
{
link = [
{
href = "https://100.68.0.137/api/v1/policy/network-access/policy-set/ac8db424-5856-468f-a93e-b913d6e8d57a/authorization/8079a15a-a14f-47bd-8d8f-37a6710d464f"
rel = "self"
type = "application/json"
},
]
profile = [
"APs_tf",
]
rule = [
{
condition = [
{
attribute_name = ""
attribute_value = ""
children = [
{
condition_type = "ConditionAttributes"
id = ""
is_negate = "false"
link = []
},
{
condition_type = "ConditionReference"
id = ""
is_negate = "false"
link = []
},
]
condition_type = "ConditionAndBlock"
dates_range = []
dates_range_exception = []
description = ""
dictionary_name = ""
dictionary_value = ""
hours_range = []
hours_range_exception = []
id = ""
is_negate = "false"
link = []
name = ""
operator = ""
week_days = []
week_days_exception = []
},
]
default = "false"
hit_counts = 0
id = "8079a15a-a14f-47bd-8d8f-37a6710d464f"
name = "rule with complex condition"
rank = 1
state = "enabled"
},
]
security_group = "Network_Services"
},
]
parameters {
id = "8079a15a-a14f-47bd-8d8f-37a6710d464f"
link = [
{
href = "https://100.68.0.137/api/v1/policy/network-access/policy-set/ac8db424-5856-468f-a93e-b913d6e8d57a/authorization/8079a15a-a14f-47bd-8d8f-37a6710d464f"
rel = "self"
type = "application/json"
},
]
policy_id = "ac8db424-5856-468f-a93e-b913d6e8d57a"
profile = [
"APs_tf",
]
security_group = "Network_Services"
rule {
default = "false"
hit_counts = 0
id = "8079a15a-a14f-47bd-8d8f-37a6710d464f"
name = "rule with complex condition"
rank = 1
state = "enabled"
condition {
condition_type = "ConditionAndBlock"
is_negate = "false"
link = []
week_days = []
week_days_exception = []
children {
attribute_name = "LogicalProfile"
attribute_value = "APs"
condition_type = "ConditionAttributes"
dictionary_name = "EndPoints"
is_negate = "false"
link = []
operator = "equals"
}
children {
condition_type = "ConditionReference"
id = "8bd7ac6e-0910-445e-9d7e-35327cc54e6b"
is_negate = "false"
link = []
}
}
}
}
}Relevant terraaform debug log:
==============================================================================
~~~ REQUEST ~~~
GET /api/v1/policy/network-access/policy-set/ac8db424-5856-468f-a93e-b913d6e8d57a/authorization/8079a15a-a14f-47bd-8d8f-37a6710d464f HTTP/1.1
HOST : 100.68.0.137:443
HEADERS:
Accept: application/json
Authorization: Basic YWRtaW46TTBuZXQxMjM=
Content-Type: application/json
User-Agent: go-resty/2.7.0 (https://github.com/go-resty/resty)
BODY :
***** NO CONTENT *****
------------------------------------------------------------------------------
~~~ RESPONSE ~~~
STATUS : 200
PROTO : HTTP/1.1
RECEIVED AT : 2023-01-31T09:39:06.293004224-08:00
TIME DURATION: 253.939723ms
HEADERS :
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
Content-Type: application/json
Date: Tue, 31 Jan 2023 17:38:35 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server:
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: accept-encoding
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: 16c5c080-a18e-11ed-8b18-424b604f84ca
X-Webkit-Csp: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
X-Xss-Protection: 1; mode=block
BODY :
{
"version": "1.0.0",
"response": {
"rule": {
"default": false,
"id": "8079a15a-a14f-47bd-8d8f-37a6710d464f",
"name": "rule with complex condition",
"hitCounts": 0,
"rank": 1,
"state": "enabled",
"condition": {
"link": null,
"conditionType": "ConditionAndBlock",
"isNegate": false,
"children": [
{
"link": null,
"conditionType": "ConditionAttributes",
"isNegate": false,
"dictionaryName": "EndPoints",
"attributeName": "LogicalProfile",
"operator": "equals",
"dictionaryValue": null,
"attributeValue": "APs"
},
{
"link": null,
"conditionType": "ConditionReference",
"isNegate": false,
"name": "Wired_MAB",
"id": "8bd7ac6e-0910-445e-9d7e-35327cc54e6b",
"description": "A condition to match MAC Authentication Bypass service based authentication requests from switches, according to the corresponding MAB attributes defined in the device profile."
}
]
}
},
"profile": [
"APs_tf"
],
"securityGroup": "Network_Services",
"link": {
"rel": "self",
"href": "https://100.68.0.137/api/v1/policy/network-access/policy-set/ac8db424-5856-468f-a93e-b913d6e8d57a/authorization/8079a15a-a14f-47bd-8d8f-37a6710d464f",
"type": "application/json"
}
}
}
==============================================================================: timestamp=2023-01-31T09:39:06.293-0800
2023-01-31T09:39:06.293-0800 [INFO] provider.terraform-provider-ciscoise_v0.6.12-beta: 2023/01/31 09:39:06 [DEBUG] Retrieved response {"response":{"link":{"href":"https://100.68.0.137/api/v1/policy/network-access/policy-set/ac8db424-5856-468f-a93e-b913d6e8d57a/authorization/8079a15a-a14f-47bd-8d8f-37a6710d464f","rel":"self","type":"application/json"},"profile":["APs_tf"],"rule":{"condition":{"conditionType":"ConditionAndBlock","isNegate":false,"children":[{"conditionType":"ConditionAttributes","isNegate":false,"dictionaryName":"EndPoints","attributeName":"LogicalProfile","operator":"equals","attributeValue":"APs"},{"conditionType":"ConditionReference","isNegate":false}]},"default":false,"hitCounts":0,"id":"8079a15a-a14f-47bd-8d8f-37a6710d464f","name":"rule with complex condition","rank":1,"state":"enabled"},"securityGroup":"Network_Services"},"version":"1.0.0"}: timestamp=2023-01-31T09:39:06.293-0800
2023-01-31T09:39:06.298-0800 [WARN] Provider "registry.terraform.io/ciscoise/ciscoise" produced an unexpected new value for ciscoise_network_access_authorization_rules.complex_condition during refresh.
- .parameters[0].rule[0].condition[0].children[0].attribute_name: was cty.StringVal("LogicalProfile"), but now cty.StringVal("")
- .parameters[0].rule[0].condition[0].children[0].attribute_value: was cty.StringVal("APs"), but now cty.StringVal("")
- .parameters[0].rule[0].condition[0].children[0].dictionary_name: was cty.StringVal("EndPoints"), but now cty.StringVal("")
- .parameters[0].rule[0].condition[0].children[0].operator: was cty.StringVal("equals"), but now cty.StringVal("")
- .parameters[0].rule[0].condition[0].children[1].id: was cty.StringVal("8bd7ac6e-0910-445e-9d7e-35327cc54e6b"), but now cty.StringVal("")
2023-01-31T09:39:06.316-0800 [WARN] Provider "registry.terraform.io/ciscoise/ciscoise" produced an invalid plan for ciscoise_network_access_authorization_rules.complex_condition, but we are tolerating it because it is using the legacy plugin SDK.
The following problems may be the cause of any confusing errors from downstream operations:
- .parameters[0].id: planned value cty.StringVal("8079a15a-a14f-47bd-8d8f-37a6710d464f") for a non-computed attribute
2023-01-31T09:39:06.318-0800 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2023-01-31T09:39:06.324-0800 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/ciscoise/ciscoise/0.6.12-beta/linux_amd64/terraform-provider-ciscoise_v0.6.12-beta pid=558022
2023-01-31T09:39:06.324-0800 [DEBUG] provider: plugin exited
2023-01-31T09:39:06.334-0800 [DEBUG] building apply graph to check for errors
2023-01-31T09:39:06.334-0800 [DEBUG] adding implicit provider configuration provider["terraform.io/builtin/terraform"], implied first by data.terraform_remote_state.dnac (expand)
2023-01-31T09:39:06.334-0800 [DEBUG] ProviderTransformer: "ciscoise_authorization_profile.this (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.334-0800 [DEBUG] ProviderTransformer: "ciscoise_network_access_conditions.this (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.334-0800 [DEBUG] ProviderTransformer: "data.ciscoise_network_access_conditions_for_authentication_rule.this (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.334-0800 [DEBUG] ProviderTransformer: "data.ciscoise_network_access_conditions_for_policy_set.this (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.334-0800 [DEBUG] ProviderTransformer: "ciscoise_network_access_authorization_rules.this (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.334-0800 [DEBUG] ProviderTransformer: "data.ciscoise_network_access_conditions_for_authorization_rule.this (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.334-0800 [DEBUG] ProviderTransformer: "ciscoise_network_access_authentication_rules.this (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.334-0800 [DEBUG] ProviderTransformer: "ciscoise_network_access_policy_set.this (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.334-0800 [DEBUG] ProviderTransformer: "data.terraform_remote_state.dnac (expand)" (*terraform.nodeExpandApplyableResource) needs provider["terraform.io/builtin/terraform"]
2023-01-31T09:39:06.334-0800 [DEBUG] ProviderTransformer: "ciscoise_network_access_authorization_rules.complex_condition (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.334-0800 [DEBUG] ProviderTransformer: "ciscoise_network_access_authorization_rules.complex_condition" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.335-0800 [ERROR] AttachSchemaTransformer: No provider config schema available for provider["terraform.io/builtin/terraform"]
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "ciscoise_network_access_policy_set.this (expand)" references: [var.policy_sets]
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "data.terraform_remote_state.dnac (expand)" references: []
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "data.ciscoise_network_access_conditions_for_policy_set.this (expand)" references: []
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "var.authz_profiles" references: []
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "var.authc_rules" references: []
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "local.ciscoise_network_access_conditions_for_policy_set (expand)" references: [data.ciscoise_network_access_conditions_for_policy_set.this (expand)]
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "provider[\"terraform.io/builtin/terraform\"]" references: []
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "ciscoise_network_access_authentication_rules.this (expand)" references: [var.authc_rules]
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "var.authz_rules" references: []
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "ciscoise_network_access_authorization_rules.complex_condition (expand)" references: []
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "data.ciscoise_network_access_conditions_for_authorization_rule.this (expand)" references: []
2023-01-31T09:39:06.335-0800 [INFO] ReferenceTransformer: reference not found: "ciscoise_authorization_profile.this#destroy"
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "ciscoise_network_access_authorization_rules.complex_condition" references: [ciscoise_authorization_profile.this (expand) ciscoise_network_access_policy_set.this (expand)]
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "ciscoise_network_access_authorization_rules.this (expand)" references: [var.authz_rules]
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "ciscoise_network_access_conditions.this (expand)" references: [var.conditions]
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "data.ciscoise_network_access_conditions_for_authentication_rule.this (expand)" references: []
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "var.conditions" references: []
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "var.policy_sets" references: []
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "local.network_access_conditions_for_authc_rule (expand)" references: [data.ciscoise_network_access_conditions_for_authentication_rule.this (expand)]
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "local.network_access_conditions_for_authz_rule (expand)" references: [data.ciscoise_network_access_conditions_for_authorization_rule.this (expand)]
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/ciscoise/ciscoise\"]" references: []
2023-01-31T09:39:06.335-0800 [DEBUG] ReferenceTransformer: "ciscoise_authorization_profile.this (expand)" references: [var.authz_profiles]
2023-01-31T09:39:06.336-0800 [DEBUG] pruneUnusedNodes: data.terraform_remote_state.dnac (expand) is no longer needed, removing
2023-01-31T09:39:06.336-0800 [DEBUG] pruneUnusedNodes: local.ciscoise_network_access_conditions_for_policy_set (expand) is no longer needed, removing
2023-01-31T09:39:06.336-0800 [DEBUG] pruneUnusedNodes: provider["terraform.io/builtin/terraform"] is no longer needed, removing
2023-01-31T09:39:06.336-0800 [DEBUG] pruneUnusedNodes: ciscoise_network_access_authentication_rules.this (expand) is no longer needed, removing
2023-01-31T09:39:06.336-0800 [DEBUG] pruneUnusedNodes: ciscoise_network_access_authorization_rules.this (expand) is no longer needed, removing
2023-01-31T09:39:06.336-0800 [DEBUG] pruneUnusedNodes: ciscoise_network_access_conditions.this (expand) is no longer needed, removing
2023-01-31T09:39:06.336-0800 [DEBUG] pruneUnusedNodes: data.ciscoise_network_access_conditions_for_policy_set.this (expand) is no longer needed, removing
2023-01-31T09:39:06.336-0800 [DEBUG] pruneUnusedNodes: local.network_access_conditions_for_authz_rule (expand) is no longer needed, removing
2023-01-31T09:39:06.336-0800 [DEBUG] pruneUnusedNodes: local.network_access_conditions_for_authc_rule (expand) is no longer needed, removing
2023-01-31T09:39:06.336-0800 [DEBUG] pruneUnusedNodes: data.ciscoise_network_access_conditions_for_authorization_rule.this (expand) is no longer needed, removing
2023-01-31T09:39:06.336-0800 [DEBUG] pruneUnusedNodes: data.ciscoise_network_access_conditions_for_authentication_rule.this (expand) is no longer needed, removing
2023-01-31T09:39:06.341-0800 [INFO] backend/local: apply calling Apply
2023-01-31T09:39:06.341-0800 [DEBUG] Building and walking apply graph for NormalMode plan
2023-01-31T09:39:06.341-0800 [DEBUG] adding implicit provider configuration provider["terraform.io/builtin/terraform"], implied first by data.terraform_remote_state.dnac (expand)
2023-01-31T09:39:06.342-0800 [DEBUG] ProviderTransformer: "ciscoise_network_access_authentication_rules.this (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.342-0800 [DEBUG] ProviderTransformer: "ciscoise_network_access_authorization_rules.complex_condition (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.342-0800 [DEBUG] ProviderTransformer: "data.ciscoise_network_access_conditions_for_authentication_rule.this (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.342-0800 [DEBUG] ProviderTransformer: "data.terraform_remote_state.dnac (expand)" (*terraform.nodeExpandApplyableResource) needs provider["terraform.io/builtin/terraform"]
2023-01-31T09:39:06.342-0800 [DEBUG] ProviderTransformer: "ciscoise_network_access_policy_set.this (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.342-0800 [DEBUG] ProviderTransformer: "ciscoise_authorization_profile.this (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.342-0800 [DEBUG] ProviderTransformer: "ciscoise_network_access_authorization_rules.complex_condition" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.342-0800 [DEBUG] ProviderTransformer: "ciscoise_network_access_conditions.this (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.342-0800 [DEBUG] ProviderTransformer: "data.ciscoise_network_access_conditions_for_policy_set.this (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.342-0800 [DEBUG] ProviderTransformer: "data.ciscoise_network_access_conditions_for_authorization_rule.this (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.342-0800 [DEBUG] ProviderTransformer: "ciscoise_network_access_authorization_rules.this (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/ciscoise/ciscoise"]
2023-01-31T09:39:06.342-0800 [ERROR] AttachSchemaTransformer: No provider config schema available for provider["terraform.io/builtin/terraform"]
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "data.terraform_remote_state.dnac (expand)" references: []
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "var.policy_sets" references: []
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "local.network_access_conditions_for_authc_rule (expand)" references: [data.ciscoise_network_access_conditions_for_authentication_rule.this (expand)]
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "provider[\"terraform.io/builtin/terraform\"]" references: []
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "ciscoise_network_access_authorization_rules.this (expand)" references: [var.authz_rules]
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "ciscoise_network_access_policy_set.this (expand)" references: [var.policy_sets]
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "ciscoise_authorization_profile.this (expand)" references: [var.authz_profiles]
2023-01-31T09:39:06.342-0800 [INFO] ReferenceTransformer: reference not found: "ciscoise_authorization_profile.this#destroy"
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "ciscoise_network_access_authorization_rules.complex_condition" references: [ciscoise_authorization_profile.this (expand) ciscoise_network_access_policy_set.this (expand)]
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "ciscoise_network_access_authentication_rules.this (expand)" references: [var.authc_rules]
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "ciscoise_network_access_conditions.this (expand)" references: [var.conditions]
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "data.ciscoise_network_access_conditions_for_authentication_rule.this (expand)" references: []
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "data.ciscoise_network_access_conditions_for_policy_set.this (expand)" references: []
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "var.authc_rules" references: []
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "var.conditions" references: []
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "local.ciscoise_network_access_conditions_for_policy_set (expand)" references: [data.ciscoise_network_access_conditions_for_policy_set.this (expand)]
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "ciscoise_network_access_authorization_rules.complex_condition (expand)" references: []
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "var.authz_rules" references: []
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "var.authz_profiles" references: []
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "local.network_access_conditions_for_authz_rule (expand)" references: [data.ciscoise_network_access_conditions_for_authorization_rule.this (expand)]
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/ciscoise/ciscoise\"]" references: []
2023-01-31T09:39:06.342-0800 [DEBUG] ReferenceTransformer: "data.ciscoise_network_access_conditions_for_authorization_rule.this (expand)" references: []
2023-01-31T09:39:06.346-0800 [DEBUG] pruneUnusedNodes: ciscoise_network_access_authentication_rules.this (expand) is no longer needed, removing
2023-01-31T09:39:06.346-0800 [DEBUG] pruneUnusedNodes: ciscoise_network_access_conditions.this (expand) is no longer needed, removing
2023-01-31T09:39:06.346-0800 [DEBUG] pruneUnusedNodes: local.ciscoise_network_access_conditions_for_policy_set (expand) is no longer needed, removing
2023-01-31T09:39:06.346-0800 [DEBUG] pruneUnusedNodes: local.network_access_conditions_for_authz_rule (expand) is no longer needed, removing
2023-01-31T09:39:06.346-0800 [DEBUG] pruneUnusedNodes: data.ciscoise_network_access_conditions_for_authorization_rule.this (expand) is no longer needed, removing
2023-01-31T09:39:06.346-0800 [DEBUG] pruneUnusedNodes: ciscoise_network_access_authorization_rules.this (expand) is no longer needed, removing
2023-01-31T09:39:06.346-0800 [DEBUG] pruneUnusedNodes: data.ciscoise_network_access_conditions_for_policy_set.this (expand) is no longer needed, removing
2023-01-31T09:39:06.346-0800 [DEBUG] pruneUnusedNodes: local.network_access_conditions_for_authc_rule (expand) is no longer needed, removing
2023-01-31T09:39:06.346-0800 [DEBUG] pruneUnusedNodes: data.terraform_remote_state.dnac (expand) is no longer needed, removing
2023-01-31T09:39:06.346-0800 [DEBUG] pruneUnusedNodes: provider["terraform.io/builtin/terraform"] is no longer needed, removing
2023-01-31T09:39:06.346-0800 [DEBUG] pruneUnusedNodes: data.ciscoise_network_access_conditions_for_authentication_rule.this (expand) is no longer needed, removing
2023-01-31T09:39:06.346-0800 [DEBUG] Starting graph walk: walkApply
2023-01-31T09:39:06.346-0800 [DEBUG] created provider logger: level=debug
2023-01-31T09:39:06.347-0800 [INFO] provider: configuring client automatic mTLS
2023-01-31T09:39:06.354-0800 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/ciscoise/ciscoise/0.6.12-beta/linux_amd64/terraform-provider-ciscoise_v0.6.12-beta args=[.terraform/providers/registry.terraform.io/ciscoise/ciscoise/0.6.12-beta/linux_amd64/terraform-provider-ciscoise_v0.6.12-beta]
2023-01-31T09:39:06.354-0800 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/ciscoise/ciscoise/0.6.12-beta/linux_amd64/terraform-provider-ciscoise_v0.6.12-beta pid=558032
2023-01-31T09:39:06.354-0800 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/ciscoise/ciscoise/0.6.12-beta/linux_amd64/terraform-provider-ciscoise_v0.6.12-beta
2023-01-31T09:39:06.360-0800 [INFO] provider.terraform-provider-ciscoise_v0.6.12-beta: configuring server automatic mTLS: timestamp=2023-01-31T09:39:06.360-0800
2023-01-31T09:39:06.381-0800 [DEBUG] provider.terraform-provider-ciscoise_v0.6.12-beta: plugin address: network=unix address=/tmp/plugin1800883229 timestamp=2023-01-31T09:39:06.381-0800
2023-01-31T09:39:06.381-0800 [DEBUG] provider: using plugin: version=5
2023-01-31T09:39:06.545-0800 [WARN] ValidateProviderConfig from "provider[\"registry.terraform.io/ciscoise/ciscoise\"]" changed the config value, but that value is unused
2023-01-31T09:39:06.565-0800 [WARN] Provider "registry.terraform.io/ciscoise/ciscoise" produced an invalid plan for ciscoise_network_access_authorization_rules.complex_condition, but we are tolerating it because it is using the legacy plugin SDK.
The following problems may be the cause of any confusing errors from downstream operations:
- .parameters[0].id: planned value cty.StringVal("8079a15a-a14f-47bd-8d8f-37a6710d464f") for a non-computed attribute
2023-01-31T09:39:06.566-0800 [INFO] Starting apply for ciscoise_network_access_authorization_rules.complex_condition
2023-01-31T09:39:06.567-0800 [DEBUG] ciscoise_network_access_authorization_rules.complex_condition: applying the planned Update change
2023-01-31T09:39:06.581-0800 [INFO] provider.terraform-provider-ciscoise_v0.6.12-beta: 2023/01/31 09:39:06 [DEBUG] Beginning NetworkAccessAuthorizationRules update for id=[id:=8079a15a-a14f-47bd-8d8f-37a6710d464f\name:=rule with complex condition\policy_id:=ac8db424-5856-468f-a93e-b913d6e8d57a]: timestamp=2023-01-31T09:39:06.581-0800
2023-01-31T09:39:06.581-0800 [INFO] provider.terraform-provider-ciscoise_v0.6.12-beta: 2023/01/31 09:39:06 [DEBUG] Selecting method. Method 1 [true]: timestamp=2023-01-31T09:39:06.581-0800
2023-01-31T09:39:06.581-0800 [INFO] provider.terraform-provider-ciscoise_v0.6.12-beta: 2023/01/31 09:39:06 [DEBUG] Selecting method. Method 2 [true]: timestamp=2023-01-31T09:39:06.581-0800
2023-01-31T09:39:06.586-0800 [INFO] provider.terraform-provider-ciscoise_v0.6.12-beta: 2023/01/31 09:39:06 [DEBUG] ID used for update operation 8079a15a-a14f-47bd-8d8f-37a6710d464f: timestamp=2023-01-31T09:39:06.586-0800
2023-01-31T09:39:06.587-0800 [INFO] provider.terraform-provider-ciscoise_v0.6.12-beta: 2023/01/31 09:39:06 [DEBUG] request sent => {"link":{"href":"https://100.68.0.137/api/v1/policy/network-access/policy-set/ac8db424-5856-468f-a93e-b913d6e8d57a/authorization/8079a15a-a14f-47bd-8d8f-37a6710d464f","rel":"self","type":"application/json"},"profile":["APs_tf"],"rule":{"condition":{"conditionType":"ConditionAndBlock","isNegate":false,"children":[{"conditionType":"ConditionAttributes","isNegate":false,"dictionaryName":"EndPoints","attributeName":"LogicalProfile","operator":"equals","attributeValue":"APs"},{"conditionType":"ConditionReference","isNegate":false}]},"default":false,"hitCounts":0,"id":"8079a15a-a14f-47bd-8d8f-37a6710d464f","name":"rule with complex condition","rank":1,"state":"enabled"},"securityGroup":"Network_Services"}: timestamp=2023-01-31T09:39:06.587-0800
2023-01-31T09:39:06.686-0800 [INFO] provider.terraform-provider-ciscoise_v0.6.12-beta: 2023/01/31 09:39:06 [DEBUG] [RESTY]
==============================================================================
~~~ REQUEST ~~~
PUT /api/v1/policy/network-access/policy-set/ac8db424-5856-468f-a93e-b913d6e8d57a/authorization/8079a15a-a14f-47bd-8d8f-37a6710d464f HTTP/1.1
HOST : 100.68.0.137:443
HEADERS:
Accept: application/json
Authorization: Basic YWRtaW46TTBuZXQxMjM=
Content-Type: application/json
User-Agent: go-resty/2.7.0 (https://github.com/go-resty/resty)
BODY :
{
"link": {
"href": "https://100.68.0.137/api/v1/policy/network-access/policy-set/ac8db424-5856-468f-a93e-b913d6e8d57a/authorization/8079a15a-a14f-47bd-8d8f-37a6710d464f",
"rel": "self",
"type": "application/json"
},
"profile": [
"APs_tf"
],
"rule": {
"condition": {
"conditionType": "ConditionAndBlock",
"isNegate": false,
"children": [
{
"conditionType": "ConditionAttributes",
"isNegate": false,
"dictionaryName": "EndPoints",
"attributeName": "LogicalProfile",
"operator": "equals",
"attributeValue": "APs"
},
{
"conditionType": "ConditionReference",
"isNegate": false
}
]
},
"default": false,
"hitCounts": 0,
"id": "8079a15a-a14f-47bd-8d8f-37a6710d464f",
"name": "rule with complex condition",
"rank": 1,
"state": "enabled"
},
"securityGroup": "Network_Services"
}
------------------------------------------------------------------------------
~~~ RESPONSE ~~~
STATUS : 400
PROTO : HTTP/1.1
RECEIVED AT : 2023-01-31T09:39:06.685735419-08:00
TIME DURATION: 98.219384ms
HEADERS :
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
Content-Type: application/json
Date: Tue, 31 Jan 2023 17:38:35 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server:
Set-Cookie: JSESSIONIDSSO=BDD7A1F4C2DCDE643AEFA39E281F5612; Path=/; Secure; HttpOnly, APPSESSIONID=9DD2D6A7559A72224868F8D358EE94AD; Path=/api; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: accept-encoding
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: 17278f90-a18e-11ed-8b18-424b604f84ca
X-Webkit-Csp: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
X-Xss-Protection: 1; mode=block
BODY :
{
"message": "request has bad input format in the body",
"code": 400
}
==============================================================================: timestamp=2023-01-31T09:39:06.685-0800
2023-01-31T09:39:06.686-0800 [INFO] provider.terraform-provider-ciscoise_v0.6.12-beta: 2023/01/31 09:39:06 [DEBUG] resty response for update operation => {
"message" : "request has bad input format in the body",
"code" : 400
}: timestamp=2023-01-31T09:39:06.685-0800
2023-01-31T09:39:06.704-0800 [ERROR] vertex "ciscoise_network_access_authorization_rules.complex_condition" error: Failure when executing UpdateNetworkAccessAuthorizationRuleByID
2023-01-31T09:39:06.709-0800 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2023-01-31T09:39:06.713-0800 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/ciscoise/ciscoise/0.6.12-beta/linux_amd64/terraform-provider-ciscoise_v0.6.12-beta pid=558032
2023-01-31T09:39:06.713-0800 [DEBUG] provider: plugin exitedHey @mschedrin, could you pass me a valid request_body for the update?
mschedrin
commented
1 year ago The body generated by the provider is missing id field in children section with "conditionType": "ConditionReference". Correct body that works:
Terraform will perform the following actions:
# ciscoise_network_access_authorization_rules.complex_condition will be updated in-place
~ resource "ciscoise_network_access_authorization_rules" "complex_condition" {
id = "id:=8079a15a-a14f-47bd-8d8f-37a6710d464f\\name:=rule with complex condition\\policy_id:=ac8db424-5856-468f-a93e-b913d6e8d57a"
# (1 unchanged attribute hidden)
~ parameters {
id = "8079a15a-a14f-47bd-8d8f-37a6710d464f"
# (4 unchanged attributes hidden)
~ rule {
id = "8079a15a-a14f-47bd-8d8f-37a6710d464f"
name = "rule with complex condition"
# (4 unchanged attributes hidden)
~ condition {
# (5 unchanged attributes hidden)
~ children {
+ attribute_name = "LogicalProfile"
+ attribute_value = "APs"
+ dictionary_name = "EndPoints"
+ operator = "equals"
# (3 unchanged attributes hidden)
}
~ children {
+ id = "8bd7ac6e-0910-445e-9d7e-35327cc54e6b"
# (3 unchanged attributes hidden)
}
}
}
}
}The same body structure is also used for manipulating conditions in ciscoise_network_access_authentication_rules and ciscoise_network_access_policy_set resources. Could you please make sure that fixes that you make in this bugreport are also applied to former resources?
fmunozmiranda
commented
1 year ago @mschedrin thanks for report, try it again with new provider version v.0.6.13-beta and update us.
mschedrin
commented
1 year ago Tested 0.6.13. Resource in-place update now works and generates valid payload, however state handling still does not work correct. After terraform successfully creates ciscoise_network_access_authorization_rules resource it suggests doing in-place update for that resource each time I run apply/plan action. Terraform output:
> terraform apply -auto-approve
data.terraform_remote_state.dnac: Reading...
data.terraform_remote_state.dnac: Read complete after 0s
ciscoise_authorization_profile.this["APs_tf"]: Refreshing state... [id=id:=55a20160-9b21-11ed-8b18-424b604f84ca\name:=APs_tf]
ciscoise_network_access_conditions.this["Guests"]: Refreshing state... [id=id:=e35a92ba-0a7b-462d-8832-b5bb36a87edb\name:=Guests]
data.ciscoise_network_access_conditions_for_authentication_rule.this: Reading...
data.ciscoise_network_access_conditions_for_authorization_rule.this: Reading...
data.ciscoise_network_access_conditions_for_policy_set.this: Reading...
data.ciscoise_network_access_conditions_for_authentication_rule.this: Read complete after 1s [id=1675340771]
data.ciscoise_network_access_conditions_for_authorization_rule.this: Read complete after 1s [id=1675340771]
data.ciscoise_network_access_conditions_for_policy_set.this: Read complete after 1s [id=1675340771]
ciscoise_network_access_policy_set.this["Wired_MAB_tf"]: Refreshing state... [id=id:=ac8db424-5856-468f-a93e-b913d6e8d57a\name:=Wired_MAB_tf]
ciscoise_network_access_authorization_rules.complex_condition: Refreshing state... [id=id:=de60e4f5-c48c-4e06-bfd2-ac0ad304d82f\name:=rule with complex condition\policy_id:=ac8db424-5856-468f-a93e-b913d6e8d57a]
ciscoise_network_access_authentication_rules.this["MAB"]: Refreshing state... [id=id:=1d2c7e7f-42e8-44ba-b052-b7321902c8af\name:=MAB\policy_id:=ac8db424-5856-468f-a93e-b913d6e8d57a]
ciscoise_network_access_authorization_rules.this["APs"]: Refreshing state... [id=id:=eb65aadb-2372-4ebe-979a-3bf6c64c6378\name:=APs\policy_id:=ac8db424-5856-468f-a93e-b913d6e8d57a]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# ciscoise_network_access_authorization_rules.complex_condition will be updated in-place
~ resource "ciscoise_network_access_authorization_rules" "complex_condition" {
id = "id:=de60e4f5-c48c-4e06-bfd2-ac0ad304d82f\\name:=rule with complex condition\\policy_id:=ac8db424-5856-468f-a93e-b913d6e8d57a"
# (1 unchanged attribute hidden)
~ parameters {
id = "de60e4f5-c48c-4e06-bfd2-ac0ad304d82f"
# (4 unchanged attributes hidden)
~ rule {
id = "de60e4f5-c48c-4e06-bfd2-ac0ad304d82f"
name = "rule with complex condition"
# (4 unchanged attributes hidden)
~ condition {
# (5 unchanged attributes hidden)
~ children {
+ attribute_name = "LogicalProfile"
+ attribute_value = "APs"
+ dictionary_name = "EndPoints"
+ operator = "equals"
# (3 unchanged attributes hidden)
}
~ children {
+ id = "8bd7ac6e-0910-445e-9d7e-35327cc54e6b"
# (3 unchanged attributes hidden)
}
}
}
}
}
# ciscoise_network_access_authorization_rules.this["APs"] will be updated in-place
~ resource "ciscoise_network_access_authorization_rules" "this" {
id = "id:=eb65aadb-2372-4ebe-979a-3bf6c64c6378\\name:=APs\\policy_id:=ac8db424-5856-468f-a93e-b913d6e8d57a"
# (2 unchanged attributes hidden)
~ parameters {
id = "eb65aadb-2372-4ebe-979a-3bf6c64c6378"
# (4 unchanged attributes hidden)
~ rule {
id = "eb65aadb-2372-4ebe-979a-3bf6c64c6378"
name = "APs"
~ rank = 1 -> 0
# (3 unchanged attributes hidden)
# (1 unchanged block hidden)
}
}
}
Plan: 0 to add, 2 to change, 0 to destroy.
ciscoise_network_access_authorization_rules.this["APs"]: Modifying... [id=id:=eb65aadb-2372-4ebe-979a-3bf6c64c6378\name:=APs\policy_id:=ac8db424-5856-468f-a93e-b913d6e8d57a]
ciscoise_network_access_authorization_rules.complex_condition: Modifying... [id=id:=de60e4f5-c48c-4e06-bfd2-ac0ad304d82f\name:=rule with complex condition\policy_id:=ac8db424-5856-468f-a93e-b913d6e8d57a]
ciscoise_network_access_authorization_rules.this["APs"]: Modifications complete after 1s [id=id:=eb65aadb-2372-4ebe-979a-3bf6c64c6378\name:=APs\policy_id:=ac8db424-5856-468f-a93e-b913d6e8d57a]
ciscoise_network_access_authorization_rules.complex_condition: Modifications complete after 1s [id=id:=de60e4f5-c48c-4e06-bfd2-ac0ad304d82f\name:=rule with complex condition\policy_id:=ac8db424-5856-468f-a93e-b913d6e8d57a]
Apply complete! Resources: 0 added, 2 changed, 0 destroyed.Terraform log where I first succesfully create the resource and then run terraform apply a couple times more and terraform does in-place update each time: ise.log
mschedrin
commented
1 year ago @fmunozmiranda, after installing 0.6.14-beta resource ciscoise_network_access_authentication_rules stopped working completely. Here is what happens when I run terraform apply:
ciscoise_network_access_authorization_rules.complex_condition: Creating...
ciscoise_network_access_authentication_rules.this["MAB"]: Creation complete after 0s [id=id:=52c12fa9-83eb-47d0-8820-78b3663ab960\name:=MAB\policy_id:=25fda148-ce05-434a-8894-cd94e52875ec]
╷
│ Error: Failure when setting GetNetworkAccessAuthorizationRuleByID response
│
│ with ciscoise_network_access_authorization_rules.complex_condition,
│ on network_access_authorization_rules.tf line 45, in resource "ciscoise_network_access_authorization_rules" "complex_condition":
│ 45: resource "ciscoise_network_access_authorization_rules" "complex_condition" {
│
│ item.0.rule.0.condition.0.children.0.is_negate: '' expected type 'string', got unconvertible type 'bool', value: '0xc00003ef50'
╵Relevant part of provider debug:
==============================================================================: timestamp=2023-02-13T04:56:22.158-0800
2023-02-13T04:56:22.159-0800 [INFO] provider.terraform-provider-ciscoise_v0.6.14-beta: 2023/02/13 04:56:22 [DEBUG] Beginning NetworkAccessAuthorizationRules read for id=[id:=36b76f9a-9bb4-42b1-a4ec-2d02c769bd32\name:=rule with complex condition\policy_id:=25fda148-ce05-434a-8894-cd94e52875ec]: timestamp=2023-02-13T04:56:22.158-0800
2023-02-13T04:56:22.159-0800 [INFO] provider.terraform-provider-ciscoise_v0.6.14-beta: 2023/02/13 04:56:22 [DEBUG] Selecting method. Method 1 [true]: timestamp=2023-02-13T04:56:22.159-0800
2023-02-13T04:56:22.159-0800 [INFO] provider.terraform-provider-ciscoise_v0.6.14-beta: 2023/02/13 04:56:22 [DEBUG] Selecting method. Method 2 [true]: timestamp=2023-02-13T04:56:22.159-0800
2023-02-13T04:56:22.159-0800 [INFO] provider.terraform-provider-ciscoise_v0.6.14-beta: 2023/02/13 04:56:22 [DEBUG] Selected method: GetNetworkAccessAuthorizationRuleByID: timestamp=2023-02-13T04:56:22.159-0800
2023-02-13T04:56:22.211-0800 [INFO] provider.terraform-provider-ciscoise_v0.6.14-beta: 2023/02/13 04:56:22 [DEBUG] [RESTY]
==============================================================================
~~~ REQUEST ~~~
GET /api/v1/policy/network-access/policy-set/25fda148-ce05-434a-8894-cd94e52875ec/authorization/36b76f9a-9bb4-42b1-a4ec-2d02c769bd32 HTTP/1.1
HOST : 100.68.0.137:443
HEADERS:
Accept: application/json
Authorization: Basic YWRtaW46TTBuZXQxMjM=
Content-Type: application/json
User-Agent: go-resty/2.7.0 (https://github.com/go-resty/resty)
BODY :
***** NO CONTENT *****
------------------------------------------------------------------------------
~~~ RESPONSE ~~~
STATUS : 200
PROTO : HTTP/1.1
RECEIVED AT : 2023-02-13T04:56:22.210638386-08:00
TIME DURATION: 51.569445ms
HEADERS :
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
Content-Type: application/json
Date: Mon, 13 Feb 2023 12:56:15 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server:
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: accept-encoding
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: cd6077e0-ab9d-11ed-8b18-424b604f84ca
X-Webkit-Csp: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
X-Xss-Protection: 1; mode=block
BODY :
{
"version": "1.0.0",
"response": {
"rule": {
"default": false,
"id": "36b76f9a-9bb4-42b1-a4ec-2d02c769bd32",
"name": "rule with complex condition",
"hitCounts": 0,
"rank": 0,
"state": "enabled",
"condition": {
"link": null,
"conditionType": "ConditionAndBlock",
"isNegate": false,
"children": [
{
"link": null,
"conditionType": "ConditionAttributes",
"isNegate": false,
"dictionaryName": "EndPoints",
"attributeName": "LogicalProfile",
"operator": "equals",
"dictionaryValue": null,
"attributeValue": "APs"
},
{
"link": null,
"conditionType": "ConditionReference",
"isNegate": false,
"name": "Wired_MAB",
"id": "8bd7ac6e-0910-445e-9d7e-35327cc54e6b",
"description": "A condition to match MAC Authentication Bypass service based authentication requests from switches, according to the corresponding MAB attributes defined in the device profile."
}
]
}
},
"profile": [
"APs_tf"
],
"securityGroup": "Network_Services",
"link": {
"rel": "self",
"href": "https://100.68.0.137/api/v1/policy/network-access/policy-set/25fda148-ce05-434a-8894-cd94e52875ec/authorization/36b76f9a-9bb4-42b1-a4ec-2d02c769bd32",
"type": "application/json"
}
}
}
==============================================================================: timestamp=2023-02-13T04:56:22.210-0800
2023-02-13T04:56:22.211-0800 [INFO] provider.terraform-provider-ciscoise_v0.6.14-beta: 2023/02/13 04:56:22 [DEBUG] Retrieved response {"response":{"link":{"href":"https://100.68.0.137/api/v1/policy/network-access/policy-set/25fda148-ce05-434a-8894-cd94e52875ec/authorization/36b76f9a-9bb4-42b1-a4ec-2d02c769bd32","rel":"self","type":"application/json"},"profile":["APs_tf"],"rule":{"condition":{"conditionType":"ConditionAndBlock","isNegate":false,"children":[{"conditionType":"ConditionAttributes","isNegate":false,"dictionaryName":"EndPoints","attributeName":"LogicalProfile","operator":"equals","attributeValue":"APs"},{"conditionType":"ConditionReference","isNegate":false,"id":"8bd7ac6e-0910-445e-9d7e-35327cc54e6b"}]},"default":false,"hitCounts":0,"id":"36b76f9a-9bb4-42b1-a4ec-2d02c769bd32","name":"rule with complex condition","rank":0,"state":"enabled"},"securityGroup":"Network_Services"},"version":"1.0.0"}: timestamp=2023-02-13T04:56:22.211-0800
2023-02-13T04:56:22.211-0800 [INFO] provider.terraform-provider-ciscoise_v0.6.14-beta: 2023/02/13 04:56:22 [ERROR] setting state: item.0.rule.0.condition.0.children.0.is_negate: '' expected type 'string', got unconvertible type 'bool', value: '0xc00003ef50': timestamp=2023-02-13T04:56:22.211-0800
2023-02-13T04:56:22.220-0800 [ERROR] vertex "ciscoise_network_access_authorization_rules.complex_condition" error: Failure when setting GetNetworkAccessAuthorizationRuleByID response
2023-02-13T04:56:22.403-0800 [INFO] provider.terraform-provider-ciscoise_v0.6.14-beta: 2023/02/13 04:56:22 [DEBUG] [RESTY]
==============================================================================It works as expected in 0.6.15. Thank you.
Prerequisites
Describe the bug I attempt to create authorization rule and use
condition_type = "ConditionReference"in children section of resource parameters. Here is resource configuration I am using:Terraform provider returns following error:
Apparently parameter
idis not supported in children section, howeveridis essential for creating condition of type ConditionReference. I have confirmed that it works with direct API requests. Request:Response http code is 201 and payload is:
Expected behavior Parameter
idas well as other parameters necessary forcondition_type = "ConditionReference"should be supported in children section.Environment (please complete the following information):