ciscoise_identity_group can't be destroyed in ISE3.1

[KubaMazurkiewicz]

Prerequisites

• [x] Have you tested the operation in the API directly?
• [x] Do you have the latest Terraform provider version?
• [x] Review the compatibility matrix before opening an issue.

Describe the bug

ciscoise_identity_group cannot destroy group created via following terraform code.

resource "ciscoise_identity_group" "test_group" {
  provider = ciscoise
  parameters {

    description = "test_group"
    name        = "test_group"
    parent      = "NAC Group:NAC:IdentityGroups:User Identity Groups"
  }
}

Based on compatibility matrix ISE version should be in 3.1._patch_1 version, but ERS API in this version doesn't have delete method:

Identity Group

• Overview
• Resource definition
• Revision History
• Get-By-Name
• Get-By-Id
• Update
• Get-All
• Create
• Get Version

which means that terraform destroy would not be able to destroy object.

I upgraded ISE to version 3.2 (3.2.0.542) and ERS API has delete method:

Identity Group

• Overview
• Resource definition
• Revision History
• Patch
• Get-By-Name
• Get-By-Id
• Update
• Get-All
• Delete
• Create
• Get Version

but when I create object using TF code and delete it, object is not being destroyed:

  bugs_ise git:(identity_group) ✗ terraform apply
ciscoise_identity_group.test_group: Refreshing state... [id=id:=dc08e7f0-1b32-11ee-994b-feee0b5272e2\name:=test_group]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # ciscoise_identity_group.test_group will be created
  + resource "ciscoise_identity_group" "test_group" {
      + id           = (known after apply)
      + item         = (known after apply)
      + last_updated = (known after apply)

      + parameters {
          + description = "test_group"
          + id          = (known after apply)
          + link        = (known after apply)
          + name        = "test_group"
          + parent      = "NAC Group:NAC:IdentityGroups:User Identity Groups"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

ciscoise_identity_group.test_group: Creating...
ciscoise_identity_group.test_group: Creation complete after 0s [id=id:=99035360-1b36-11ee-994b-feee0b5272e2\name:=test_group]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
➜  bugs_ise git:(identity_group) ✗ terraform destroy
ciscoise_identity_group.test_group: Refreshing state... [id=id:=99035360-1b36-11ee-994b-feee0b5272e2\name:=test_group]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # ciscoise_identity_group.test_group will be destroyed
  - resource "ciscoise_identity_group" "test_group" {
      - id   = "id:=99035360-1b36-11ee-994b-feee0b5272e2\\name:=test_group" -> null
      - item = [
          - {
              - description = "test_group"
              - id          = "99035360-1b36-11ee-994b-feee0b5272e2"
              - link        = [
                  - {
                      - href = "https://10.48.35.230:9060/ers/config/identitygroup/99035360-1b36-11ee-994b-feee0b5272e2"
                      - rel  = "self"
                      - type = "application/json"
                    },
                ]
              - name        = "test_group"
              - parent      = "NAC Group:NAC:IdentityGroups:User Identity Groups"
            },
        ] -> null

      - parameters {
          - description = "test_group" -> null
          - id          = "99035360-1b36-11ee-994b-feee0b5272e2" -> null
          - link        = [
              - {
                  - href = "https://10.48.35.230:9060/ers/config/identitygroup/99035360-1b36-11ee-994b-feee0b5272e2"
                  - rel  = "self"
                  - type = "application/json"
                },
            ] -> null
          - name        = "test_group" -> null
          - parent      = "NAC Group:NAC:IdentityGroups:User Identity Groups" -> null
        }
    }

Plan: 0 to add, 0 to change, 1 to destroy.

Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes

ciscoise_identity_group.test_group: Destroying... [id=id:=99035360-1b36-11ee-994b-feee0b5272e2\name:=test_group]
ciscoise_identity_group.test_group: Destruction complete after 0s

Destroy complete! Resources: 1 destroyed.

Destroy was completed succesfully but in ISE i can still see this group.

I can destroy this group using postman and DELETE http query.

https://10.48.35.230:9060/ers/config/identitygroup/99035360-1b36-11ee-994b-feee0b5272e2

and im getting 204 - No Content

and group is being delete from ISE 3.2

Question:

Will 3.2 ISE version be included in compatibility matrix so this new DELETE method can be used with TF as well ? I cannot find in release notes for ISE 3.2 what other API enhancements were added.

Environment (please complete the following information):

• ISE version and patch: 3.2.0.542 no_patch
• Terraform version: v.1.5.2
• ISE provider version: v0.6.21-beta
• OS version: MACOS 13.4 (darwin_arm64)

[bvargasre]

Hi @KubaMazurkiewicz, as you mentioned, the destroy method is not compatible with 3.1 patch 1, and we are working on the new version 3.2, when 3.2 is released, the destroy method will work.

[fmunozmiranda]

Hi @KubaMazurkiewicz could you please retry it with last version of ISE provider and update us if bug still there?

[fmunozmiranda]

If we don´t get answer, this issue will be closed in next 24 hours.