F5Networks / terraform-provider-bigip

Terraform resources that can configure F5 BIG-IP products
https://registry.terraform.io/providers/F5Networks/bigip/latest/docs
Mozilla Public License 2.0
105 stars 119 forks source link

Import of bigip_as3 resource results in complete as3 definition in state. #385

Closed ehlomarcus closed 3 years ago

ehlomarcus commented 4 years ago

Is your feature request related to a problem? Please describe.

When working with bigip_as3 resources that aren't managed within a state, I would expect to be able to import that resourse by its ID.

Describe the solution you'd like

By defining resource this resource

resource "bigip_as3" "partition1" {
  as3_json = data.template_file.parition1.rendered
  tenant_list = "Partition1"
  tenant_filter = "Partition1"
}

I would like to be able to import it with terraform import bigip_as3.partition1 Partition1

The attributes tenant_list and tenant_filter only take string value as input, so I would also assume that a single bigip_as3 resource would only support a single tenant/Partition.

With that in mind. I would then assume that to handle multiple tenants/Partitions by using multiple bigip_as3 resources with different as3_json file values.

Describe alternatives you've considered

Additional context

papineni87 commented 3 years ago

Tracking with TER-517

papineni87 commented 3 years ago

@ehlomarcus I am able to import as3 resource from bigip which has single tenant. But if we have multiple tenants, we are seeing all the tenants getting imported even though we have mentioned single tenant id in the terraform import command. Is this the issue you are seeing it ?

Below is the config file which i am able to import successfully with single tenant.

$ terraform import bigip_as3.test Sample_http_01 bigip_as3.test: Importing from ID "Sample_http_01"... bigip_as3.test: Import prepared! Prepared bigip_as3 for import bigip_as3.test: Refreshing state... [id=Sample_http_01]

Import successful!

The resources that were imported are shown above. These resources are now in your Terraform state and will henceforth be managed by Terraform.

$ cat test.tf

resource "bigip_as3" "test" { as3_json = "" tenant_filter = "" }

$ cat terraform.tfstate { "version": 4, "terraform_version": "0.13.5", "serial": 41, "lineage": "3cb4d6f8-0c4b-007c-9094-57589b18781c", "outputs": {}, "resources": [ { "mode": "managed", "type": "bigip_as3", "name": "test", "provider": "provider[\"registry.terraform.io/f5networks/bigip\"]", "instances": [ { "schema_version": 0, "attributes": { "application_list": null, "as3_json": "{\"action\":\"deploy\",\"class\":\"AS3\",\"declaration\":{\"Sample_http_01\":{\"A1\":{\"class\":\"Application\",\"jsessionid\":{\"class\":\"Persist\",\"cookieMethod\":\"hash\",\"cookieName\":\"JSESSIONID\",\"persistenceMethod\":\"cookie\"},\"service\":{\"class\":\"Service_HTTP\",\"persistenceMethods\":[{\"use\":\"jsessionid\"}],\"pool\":\"web_pool\",\"virtualAddresses\":[\"10.0.2.10\"]},\"web_pool\":{\"class\":\"Pool\",\"members\":[{\"serverAddresses\":[\"192.0.2.10\",\"192.0.2.11\"],\"servicePort\":80}],\"monitors\":[\"http\"]}},\"class\":\"Tenant\"},\"class\":\"ADC\",\"id\":\"fghijkl7890\",\"label\":\"Sample 1\",\"remark\":\"HTTP with custom persistence\",\"schemaVersion\":\"3.7.0\",\"target\":{\"address\":\"192.0.2.200\"},\"test\":{\"Application_1\":{\"class\":\"Application\",\"serviceMain\":{\"class\":\"Service_HTTP\",\"pool\":\"web_pool\",\"virtualAddresses\":[\"10.0.1.10\"]},\"template\":\"http\",\"web_pool\":{\"class\":\"Pool\",\"members\":[{\"serverAddresses\":[\"192.0.1.100\",\"192.0.1.110\"],\"servicePort\":80}],\"monitors\":[\"http\"]}},\"class\":\"Tenant\",\"defaultRouteDomain\":0}},\"persist\":true}", "id": "Sample_http_01", "tenant_filter": null, "tenant_list": "", "tenant_name": null }, "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" } ] } ] }

ehlomarcus commented 3 years ago

Hi @papineni87

That is exactly what I'm seeing as well.

Issuing terraform import bigip_as3.test Sample_http_01 should reslut in import of one single tenant.

I guess it is up to you to define if a single bigip_as3 resource should be limited to a single tenant or not. But the way we are using it, then the behaviour of importing just one Tenant is what make most sense.

I would also say that this reflect the behaviour of AS3 in general. It is not clearly defined or documented how you can and should work with multiple tenants, applications and objects within an application. Right now all of them feel to tied to each other.

This project could take ideas from the f5-bigip-ctrl implementation of CRDs. A CRD is essentially an Terraform resource. So you could use that as a base to implement AS3_virtualserver, AS3_pool, AS3_firewall_policiy and others as separate Terraform resources. All of which are created in a single Tenant and Application.

papineni87 commented 3 years ago

@ehlomarcus

we implemented custom import function which handles multiple partitions and with this if we issue import of one tenant it will only import that particular tenant.

terraform import bigip_as3.test Sample_http_01 ----> will import only Sample_http_01 ( though bigip has multiple partitions )

terraform import bigip_as3.test Sample_http_01,Sample_non_http_01. ---> will only import given partitions

we have added documentation with examples, can you clone the latest code and let me know if that solves the issue ? (https://github.com/F5Networks/terraform-provider-bigip/blob/master/website/docs/r/bigip_as3.html.markdown)

ehlomarcus commented 3 years ago

@papineni87

I've just tested it and it worked perfectly!

Big thanks for implementing this. Looking forward to next release. 👍

RavinderReddyF5 commented 3 years ago

Issue Addressed in v1.6.0, please open new issues if you face any problem