Refresh of profiles in resource bigip_ltm_virtual_server

[Sh4mSh4m]

Environment

• TMOS/Bigip Version:15.1.6
• Terraform Version: 1.0.7
• Terraform bigip provider Version: 1.15.1

Summary

Once resource bigip_ltm_virtual_server is successfully created with a terraform apply, following plan shows some of the profiles have been removed outside of terraform apply and require to be updated within the resource with the next terraform apply.

However the profiles are present in both state and in the f5 cluster.

Steps To Reproduce

Steps to reproduce the behavior:

1. Provide terraform resource config which you are facing trouble along with the output of it.

   
   # terraform.tfvars
   trigram = "TRI"
   listVIP = [
   { "name" = "vs_DG0D_443", "zone" = "PPRD", "ip" = "10.1.1.1/24", "port" = "443", "protocol" = "tcp", "pool" = "BZK1_pool", "persistence" = "BZK1_COOKIE-HASH", "profile" = ["/Common/bp_http", "bp-fr.intrbp_clientssl", "bp-fr.intrbp_serverssl", "/Common/tcp"] , "irules" = []}

]

```bash
# main.tf
  mapvipdetail = { for vip in var.listVIP : "/${var.trigram}_${vip.zone}/vs_${vip.name}" => merge(vip, { "viprd" = "${var.mapZone[vip.zone].id}", "partpool" = "/${var.trigram}_${vip.zone}/${vip.pool}", "snat" = "/${var.trigram}_${vip.zone}/snatpool_${vip.name}", "ip" = vip.ip }) }

resource "bigip_ltm_virtual_server" "vs" {
  for_each = local.mapvipdetail

  name = each.key

  destination = each.value.ip == "" ? "${split("/", netbox_available_ip_address.vipip[each.key].ip_address)[0]}%${each.value.viprd}" : "${split("/", netbox_ip_address.vipip[each.key].ip_address)[0]}%${each.value.viprd}"
  port        = each.value.port
  pool        = each.value.partpool

  profiles = toset(flatten(
      [
        [
          for protocol in split(",", each.value.protocol) : "/Common/${protocol}"
        ],
        [
          for profile in each.value.profile : profile
        ]
      ]
    ))

  client_profiles            = [for profile in each.value.profile : "/${var.trigram}_${each.value.zone}/${profile}" if lookup(local.map_ssl_profiles, profile, "none") == "client-ssl"]
  server_profiles            = [for profile in each.value.profile : "/${var.trigram}_${each.value.zone}/${profile}" if lookup(local.map_ssl_profiles, profile, "none") == "server-ssl"]
  source_address_translation = "snat"
  snatpool                   = each.value.snat
  translate_address          = "enabled"
  translate_port             = "enabled"
  persistence_profiles       = ["/${var.trigram}_${each.value.zone}/${each.value.persistence}"]
  irules = each.value.irules != [] ? each.value.irules : null
  depends_on = [
    bigip_ltm_pool_attachment.pool_attachments,
    bigip_ltm_snatpool.snatpool_app,
    bigip_ltm_persistence_profile_srcaddr.persist_by_srcaddr,
    bigip_ltm_persistence_profile_cookie.persist_by_cookie,
    bigip_ltm_persistence_profile_ssl.persist_by_ssl,
    bigip_ltm_profile_client_ssl.client_ssl,
    bigip_ltm_profile_server_ssl.server_ssl,
    bigip_ltm_irule.irule
  ]
}

2. To get to know more about the issue, provide terraform debug logs

[svc_se_linux_network@frclw0129001 gep-ago-afa-nw-se-dev]$ terraform plan
2022-09-02T18:38:44.945+0200 [DEBUG] Adding temp file log sink: /tmp/terraform-log364758912
2022-09-02T18:38:44.945+0200 [INFO]  Terraform version: 1.0.7
2022-09-02T18:38:44.945+0200 [INFO]  Go runtime version: go1.16.4
[...]
2022-09-02T18:38:45.408+0200 [DEBUG] ReferenceTransformer: "module.bigipvip.bigip_ltm_virtual_server.vs" references: [module.bigipvip.bigip_ltm_pool_attachment.pool_attachments module.bigipvip.bigip_ltm_snatpool.snatpool_app module.bigipvip.bigip_ltm_persistence_profile_srcaddr.persist_by_srcaddr module.bigipvip.bigip_ltm_persistence_profile_cookie.persist_by_cookie module.bigipvip.bigip_ltm_persistence_profile_ssl.persist_by_ssl module.bigipvip.bigip_ltm_profile_client_ssl.client_ssl module.bigipvip.bigip_ltm_profile_server_ssl.server_ssl module.bigipvip.bigip_ltm_irule.irule module.bigipvip.local.mapvipdetail (expand) module.bigipvip.var.trigram (expand) module.bigipvip.var.trigram (expand) module.bigipvip.local.map_ssl_profiles (expand) module.bigipvip.var.trigram (expand) module.bigipvip.local.map_ssl_profiles (expand) module.bigipvip.netbox_available_ip_address.vipip module.bigipvip.netbox_ip_address.vipip]
2022-09-02T18:38:45.415+0200 [DEBUG] Starting graph walk: walkValidate
2022-09-02T18:38:45.416+0200 [DEBUG] created provider logger: level=debug
2022-09-02T18:38:45.416+0200 [INFO]  provider: configuring client automatic mTLS
2022-09-02T18:38:45.455+0200 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/f5networks/bigip/1.15.1/linux_amd64/terraform-provider-bigip_v1.15.1 args=[.terraform/providers/registry.terraform.io/f5networks/bigip/1.15.1/linux_amd64/terraform-provider-bigip_v1.15.1]
2022-09-02T18:38:45.456+0200 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/f5networks/bigip/1.15.1/linux_amd64/terraform-provider-bigip_v1.15.1 pid=52170
2022-09-02T18:38:45.456+0200 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/f5networks/bigip/1.15.1/linux_amd64/terraform-provider-bigip_v1.15.1
2022-09-02T18:38:45.467+0200 [INFO]  provider.terraform-provider-bigip_v1.15.1: configuring server automatic mTLS: timestamp=2022-09-02T18:38:45.467+0200
2022-09-02T18:38:45.490+0200 [DEBUG] provider.terraform-provider-bigip_v1.15.1: plugin address: network=unix address=/tmp/plugin1640445421 timestamp=2022-09-02T18:38:45.490+0200
2022-09-02T18:38:45.490+0200 [DEBUG] provider: using plugin: version=5
2022-09-02T18:38:45.523+0200 [DEBUG] created provider logger: level=debug
2022-09-02T18:38:45.523+0200 [INFO]  provider: configuring client automatic mTLS
2022-09-02T18:38:45.525+0200 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unimplemented desc = unknown service plugin.GRPCStdio"
2022-09-02T18:38:45.528+0200 [DEBUG] No provider meta schema returned
2022-09-02T18:38:45.567+0200 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/e-breuninger/netbox/2.0.5/linux_amd64/terraform-provider-netbox_v2.0.5 args=[.terraform/providers/registry.terraform.io/e-breuninger/netbox/2.0.5/linux_amd64/terraform-provider-netbox_v2.0.5]
2022-09-02T18:38:45.567+0200 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/e-breuninger/netbox/2.0.5/linux_amd64/terraform-provider-netbox_v2.0.5 pid=52181
2022-09-02T18:38:45.567+0200 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/e-breuninger/netbox/2.0.5/linux_amd64/terraform-provider-netbox_v2.0.5
2022-09-02T18:38:45.581+0200 [INFO]  provider.terraform-provider-netbox_v2.0.5: configuring server automatic mTLS: timestamp=2022-09-02T18:38:45.581+0200
2022-09-02T18:38:45.603+0200 [DEBUG] provider: using plugin: version=5
2022-09-02T18:38:45.603+0200 [DEBUG] provider.terraform-provider-netbox_v2.0.5: plugin address: address=/tmp/plugin1584946907 network=unix timestamp=2022-09-02T18:38:45.603+0200
2022-09-02T18:38:45.652+0200 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2022-09-02T18:38:45.653+0200 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/e-breuninger/netbox/2.0.5/linux_amd64/terraform-provider-netbox_v2.0.5 pid=52181
2022-09-02T18:38:45.653+0200 [DEBUG] provider: plugin exited
2022-09-02T18:38:45.657+0200 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/f5networks/bigip/1.15.1/linux_amd64/terraform-provider-bigip_v1.15.1 pid=52170
2022-09-02T18:38:45.657+0200 [DEBUG] provider: plugin exited
2022-09-02T18:38:45.657+0200 [INFO]  backend/local: plan calling Plan
2022-09-02T18:38:45.657+0200 [INFO]  terraform: building graph: GraphTypePlan
[...]
2022-09-02T18:38:45.659+0200 [DEBUG] ProviderTransformer: "module.bigipvip.bigip_ltm_virtual_server.vs (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/f5networks/bigip"]
2022-09-02T18:38:45.659+0200 [DEBUG] ProviderTransformer: "module.bigipvip.bigip_ltm_pool.pools (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/f5networks/bigip"]
[...]

2022-09-02T18:38:45.664+0200 [DEBUG] ReferenceTransformer: "module.bigipvip.bigip_ltm_virtual_server.vs (expand)" references: [module.bigipvip.bigip_ltm_pool_attachment.pool_attachments (expand) module.bigipvip.bigip_ltm_snatpool.snatpool_app (expand) module.bigipvip.bigip_ltm_persistence_profile_srcaddr.persist_by_srcaddr (expand) module.bigipvip.bigip_ltm_persistence_profile_cookie.persist_by_cookie (expand) module.bigipvip.bigip_ltm_persistence_profile_ssl.persist_by_ssl (expand) module.bigipvip.bigip_ltm_profile_client_ssl.client_ssl (expand) module.bigipvip.bigip_ltm_profile_server_ssl.server_ssl (expand) module.bigipvip.bigip_ltm_irule.irule (expand) module.bigipvip.local.mapvipdetail (expand) module.bigipvip.var.trigram (expand) module.bigipvip.var.trigram (expand) module.bigipvip.local.map_ssl_profiles (expand) module.bigipvip.netbox_available_ip_address.vipip (expand) module.bigipvip.netbox_ip_address.vipip (expand) module.bigipvip.var.trigram (expand) module.bigipvip.local.map_ssl_profiles (expand)]
[...]

2022-09-02T18:38:48.408+0200 [DEBUG] ReferenceTransformer: "module.bigipvip.netbox_ip_address.vipip[\"/TRI_PPRD/vs_BZ2F_80\"]" references: []
2022-09-02T18:38:48.408+0200 [INFO]  ReferenceTransformer: reference not found: "var.listVIP"
2022-09-02T18:38:48.408+0200 [INFO]  ReferenceTransformer: reference not found: "var.trigram"
2022-09-02T18:38:48.408+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:48.408+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:48.408+0200 [DEBUG] ReferenceTransformer: "module.bigipvip.netbox_ip_address.vipip[\"/TRI_PPRD/vs_DG0D_443\"]" references: []
module.bigipvip.netbox_ip_address.vipip["/TRI_PPRD/vs_DG0D_443"]: Refreshing state... [id=6664]
module.bigipvip.netbox_ip_address.vipip["/TRI_PPRD/vs_BZ2F_80"]: Refreshing state... [id=6665]
2022-09-02T18:38:48.552+0200 [WARN]  Provider "registry.terraform.io/e-breuninger/netbox" produced an unexpected new value for module.bigipvip.netbox_ip_address.vipip["/TRI_PPRD/vs_BZ2F_80"] during refresh.
      - .tags: was null, but now cty.SetValEmpty(cty.String)
2022-09-02T18:38:48.554+0200 [WARN]  Provider "registry.terraform.io/e-breuninger/netbox" produced an invalid plan for module.bigipvip.netbox_ip_address.vipip["/TRI_PPRD/vs_BZ2F_80"], but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .tenant_id: planned value cty.NumberIntVal(0) for a non-computed attribute
      - .interface_id: planned value cty.NumberIntVal(0) for a non-computed attribute
      - .tags: planned value cty.SetValEmpty(cty.String) for a non-computed attribute
      - .vrf_id: planned value cty.NumberIntVal(0) for a non-computed attribute
      - .role: planned value cty.StringVal("") for a non-computed attribute
2022-09-02T18:38:48.570+0200 [WARN]  Provider "registry.terraform.io/e-breuninger/netbox" produced an unexpected new value for module.bigipvip.netbox_ip_address.vipip["/TRI_PPRD/vs_DG0D_443"] during refresh.
      - .tags: was null, but now cty.SetValEmpty(cty.String)
2022-09-02T18:38:48.572+0200 [WARN]  Provider "registry.terraform.io/e-breuninger/netbox" produced an invalid plan for module.bigipvip.netbox_ip_address.vipip["/TRI_PPRD/vs_DG0D_443"], but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .interface_id: planned value cty.NumberIntVal(0) for a non-computed attribute
      - .tenant_id: planned value cty.NumberIntVal(0) for a non-computed attribute
      - .tags: planned value cty.SetValEmpty(cty.String) for a non-computed attribute
      - .vrf_id: planned value cty.NumberIntVal(0) for a non-computed attribute
      - .role: planned value cty.StringVal("") for a non-computed attribute
[...]

2022-09-02T18:38:49.522+0200 [DEBUG] ReferenceTransformer: "module.bigipvip.bigip_ltm_pool_attachment.pool_attachments[\"/TRI_PPRD/DG0D_443_pool_10.7.8.5\"]" references: []
2022-09-02T18:38:49.522+0200 [DEBUG] provider.terraform-provider-bigip_v1.15.1: 2022/09/02 18:38:49 [INFO] Checking if iRule (/TRI_PPRD/BZK0111B_iRule) exists
module.bigipvip.bigip_ltm_irule.irule["/TRI_PPRD/BZK0115F_iRuleManual"]: Refreshing state... [id=/TRI_PPRD/BZK0115F_iRuleManual]
module.bigipvip.bigip_ltm_pool_attachment.pool_attachments["/TRI_PPRD/BZ2F_80_POOL_10.8.12.65"]: Refreshing state... [id=/TRI_PPRD/BZ2F_80_POOL-/TRI_PPRD/10.8.12.65:80]
module.bigipvip.bigip_ltm_pool_attachment.pool_attachments["/TRI_PPRD/BZ2F_80_POOL_10.3.2.9"]: Refreshing state... [id=/TRI_PPRD/BZ2F_80_POOL-/TRI_PPRD/10.3.2.9:80]
module.bigipvip.bigip_ltm_irule.irule["/TRI_PPRD/BZK0111C_iRule"]: Refreshing state... [id=/TRI_PPRD/BZK0111C_iRule]
module.bigipvip.bigip_ltm_pool_attachment.pool_attachments["/TRI_PPRD/DG0D_443_pool_10.7.8.5"]: Refreshing state... [id=/TRI_PPRD/DG0D_443_pool-/TRI_PPRD/10.7.8.5:443]
module.bigipvip.bigip_ltm_irule.irule["/TRI_PPRD/BZK0115F_iRule"]: Refreshing state... [id=/TRI_PPRD/BZK0115F_iRule]
[...]
2022-09-02T18:38:49.936+0200 [DEBUG] ReferenceTransformer: "module.bigipvip.bigip_ltm_virtual_server.vs[\"/TRI_PPRD/vs_BZ2F_80\"]" references: []
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "bigip_ltm_pool_attachment.pool_attachments"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "bigip_ltm_snatpool.snatpool_app"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "bigip_ltm_persistence_profile_srcaddr.persist_by_srcaddr"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "bigip_ltm_persistence_profile_cookie.persist_by_cookie"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "bigip_ltm_persistence_profile_ssl.persist_by_ssl"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "bigip_ltm_profile_client_ssl.client_ssl"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "bigip_ltm_profile_server_ssl.server_ssl"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "bigip_ltm_irule.irule"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "local.mapvipdetail"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "var.trigram"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "var.trigram"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "local.map_ssl_profiles"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.key"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "var.trigram"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "local.map_ssl_profiles"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "netbox_available_ip_address.vipip"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.key"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "netbox_ip_address.vipip"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.key"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:49.936+0200 [INFO]  ReferenceTransformer: reference not found: "each.value"
2022-09-02T18:38:49.936+0200 [DEBUG] ReferenceTransformer: "module.bigipvip.bigip_ltm_virtual_server.vs[\"/TRI_PPRD/vs_DG0D_443\"]" references: []
module.bigipvip.bigip_ltm_virtual_server.vs["/TRI_PPRD/vs_DG0D_443"]: Refreshing state... [id=/TRI_PPRD/vs_DG0D_443]
module.bigipvip.bigip_ltm_virtual_server.vs["/TRI_PPRD/vs_BZ2F_80"]: Refreshing state... [id=/TRI_PPRD/vs_BZ2F_80]
2022-09-02T18:38:49.939+0200 [DEBUG] provider.terraform-provider-bigip_v1.15.1: 2022/09/02 18:38:49 [INFO] Fetching virtual server /TRI_PPRD/vs_BZ2F_80
2022-09-02T18:38:49.939+0200 [DEBUG] provider.terraform-provider-bigip_v1.15.1: 2022/09/02 18:38:49 [INFO] Fetching virtual server /TRI_PPRD/vs_DG0D_443
2022-09-02T18:38:50.373+0200 [DEBUG] provider.terraform-provider-bigip_v1.15.1: 2022/09/02 18:38:50 [INFO] Fetching virtual server /TRI_PPRD/vs_DG0D_443
2022-09-02T18:38:50.374+0200 [DEBUG] provider.terraform-provider-bigip_v1.15.1: 2022/09/02 18:38:50 [INFO] Fetching virtual server /TRI_PPRD/vs_BZ2F_80
2022-09-02T18:38:50.944+0200 [WARN]  Provider "registry.terraform.io/f5networks/bigip" produced an unexpected new value for module.bigipvip.bigip_ltm_virtual_server.vs["/TRI_PPRD/vs_BZ2F_80"] during refresh.
      - .vlans: was null, but now cty.SetValEmpty(cty.String)
      - .policies: was null, but now cty.SetValEmpty(cty.String)
      - .security_log_profiles: was null, but now cty.ListValEmpty(cty.String)
2022-09-02T18:38:50.949+0200 [WARN]  Provider "registry.terraform.io/f5networks/bigip" produced an invalid plan for module.bigipvip.bigip_ltm_virtual_server.vs["/TRI_PPRD/vs_BZ2F_80"], but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .server_profiles: planned value cty.NullVal(cty.Set(cty.String)) does not match config value cty.SetValEmpty(cty.String)
      - .client_profiles: planned value cty.NullVal(cty.Set(cty.String)) does not match config value cty.SetValEmpty(cty.String)
      - .description: planned value cty.StringVal("") for a non-computed attribute
      - .state: planned value cty.StringVal("enabled") for a non-computed attribute
      - .vlans_enabled: planned value cty.False for a non-computed attribute
      - .policies: planned value cty.SetValEmpty(cty.String) for a non-computed attribute
      - .security_log_profiles: planned value cty.ListValEmpty(cty.String) for a non-computed attribute
      - .vlans: planned value cty.SetValEmpty(cty.String) for a non-computed attribute
2022-09-02T18:38:50.983+0200 [WARN]  Provider "registry.terraform.io/f5networks/bigip" produced an unexpected new value for module.bigipvip.bigip_ltm_virtual_server.vs["/TRI_PPRD/vs_DG0D_443"] during refresh.
      - .security_log_profiles: was null, but now cty.ListValEmpty(cty.String)
      - .vlans: was null, but now cty.SetValEmpty(cty.String)
      - .policies: was null, but now cty.SetValEmpty(cty.String)
      - .profiles: planned set element cty.StringVal("bp-fr.intrbp_clientssl") does not correlate with any element in actual
      - .profiles: planned set element cty.StringVal("bp-fr.intrbp_serverssl") does not correlate with any element in actual
2022-09-02T18:38:50.987+0200 [WARN]  Provider "registry.terraform.io/f5networks/bigip" produced an invalid plan for module.bigipvip.bigip_ltm_virtual_server.vs["/TRI_PPRD/vs_DG0D_443"], but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .security_log_profiles: planned value cty.ListValEmpty(cty.String) for a non-computed attribute
      - .vlans: planned value cty.SetValEmpty(cty.String) for a non-computed attribute
      - .policies: planned value cty.SetValEmpty(cty.String) for a non-computed attribute
      - .description: planned value cty.StringVal("") for a non-computed attribute
      - .state: planned value cty.StringVal("enabled") for a non-computed attribute
      - .vlans_enabled: planned value cty.False for a non-computed attribute
2022-09-02T18:38:50.989+0200 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/f5networks/bigip/1.15.1/linux_amd64/terraform-provider-bigip_v1.15.1 pid=52190
2022-09-02T18:38:50.989+0200 [DEBUG] provider: plugin exited
2022-09-02T18:38:50.990+0200 [INFO]  backend/local: plan operation completed

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply":

  # module.bigipvip.netbox_ip_address.vipip["/TRI_PPRD/vs_DG0D_443"] has been changed
  ~ resource "netbox_ip_address" "vipip" {
        id           = "6664"
      + tags         = []
        # (6 unchanged attributes hidden)
    }
  # module.bigipvip.netbox_ip_address.vipip["/TRI_PPRD/vs_BZ2F_80"] has been changed
  ~ resource "netbox_ip_address" "vipip" {
        id           = "6665"
      + tags         = []
        # (6 unchanged attributes hidden)
    }
  # module.bigipvip.bigip_ltm_profile_server_ssl.server_ssl["/TRI_PPRD/bp-fr.intrbp_serverssl"] has been changed
  ~ resource "bigip_ltm_profile_server_ssl" "server_ssl" {
      + c3d_cert_extension_custom_oids  = []
      + c3d_cert_extension_includes     = []
        id                              = "/TRI_PPRD/bp-fr.intrbp_serverssl"
        name                            = "/TRI_PPRD/bp-fr.intrbp_serverssl"
        # (38 unchanged attributes hidden)
    }
  # module.bigipvip.bigip_ltm_virtual_server.vs["/TRI_PPRD/vs_DG0D_443"] has been changed
  ~ resource "bigip_ltm_virtual_server" "vs" {
        id                         = "/TRI_PPRD/vs_DG0D_443"
        name                       = "/TRI_PPRD/vs_DG0D_443"
      + policies                   = []
      ~ profiles                   = [
          - "bp-fr.intrbp_clientssl",
          - "bp-fr.intrbp_serverssl",
            # (2 unchanged elements hidden)
        ]
      + security_log_profiles      = []
      + vlans                      = []
        # (16 unchanged attributes hidden)
    }
  # module.bigipvip.bigip_ltm_virtual_server.vs["/TRI_PPRD/vs_BZ2F_80"] has been changed
  ~ resource "bigip_ltm_virtual_server" "vs" {
        id                         = "/TRI_PPRD/vs_BZ2F_80"
        name                       = "/TRI_PPRD/vs_BZ2F_80"
      + policies                   = []
      + security_log_profiles      = []
      + vlans                      = []
        # (15 unchanged attributes hidden)
    }

Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these changes.

────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.bigipvip.bigip_ltm_profile_server_ssl.server_ssl["/TRI_PPRD/bp-fr.intrbp_serverssl"] will be updated in-place
  ~ resource "bigip_ltm_profile_server_ssl" "server_ssl" {
        id                              = "/TRI_PPRD/bp-fr.intrbp_serverssl"
        name                            = "/TRI_PPRD/bp-fr.intrbp_serverssl"
      ~ tm_options                      = [
          - "dont-insert-empty-fragments",
          - "no-tlsv1.3",
        ]
        # (39 unchanged attributes hidden)
    }

  # module.bigipvip.bigip_ltm_virtual_server.vs["/TRI_PPRD/vs_DG0D_443"] will be updated in-place
  ~ resource "bigip_ltm_virtual_server" "vs" {
        id                         = "/TRI_PPRD/vs_DG0D_443"
        name                       = "/TRI_PPRD/vs_DG0D_443"
      ~ profiles                   = [
          + "bp-fr.intrbp_clientssl",
          + "bp-fr.intrbp_serverssl",
            # (2 unchanged elements hidden)
        ]
        # (19 unchanged attributes hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

───────────────────────────────────────────────────

The state shows the profiles

# module.bigipvip.bigip_ltm_virtual_server.vs["/TRI_PPRD/vs_DG0D_443"]:
resource "bigip_ltm_virtual_server" "vs" {
    client_profiles            = [
        "/TRI_PPRD/bp-fr.intrbp_clientssl",
    ]
    destination                = "10.1.1.1%1102"
    id                         = "/TRI_PPRD/vs_DG0D_443"
    ip_protocol                = "tcp"
    irules                     = []
    mask                       = "255.255.255.255"
    name                       = "/TRI_PPRD/vs_DG0D_443"
    persistence_profiles       = [
        "/TRI_PPRD/BZK011B7_COOKIE-HASH",
    ]
    pool                       = "/TRI_PPRD/DG0D_443_pool"
    port                       = 443
    profiles                   = [
        "/Common/bp_http",
        "/Common/tcp",
        "bp-fr.intrbp_clientssl",
        "bp-fr.intrbp_serverssl",
    ]
    server_profiles            = [
        "/TRI_PPRD/bp-fr.intrbp_serverssl",
    ]
    snatpool                   = "/TRI_PPRD/snatpool_DG0D_443"
    source                     = "0.0.0.0%1102/0"
    source_address_translation = "snat"
    state                      = "enabled"
    translate_address          = "enabled"
    translate_port             = "enabled"
    vlans_enabled              = false
}

Also the REST API GET request shows the profiles are present in the f5 cluster:

{
  "kind": "tm:ltm:virtual:profiles:profilescollectionstate",
  "selfLink": "https://localhost/mgmt/tm/ltm/virtual/~TRI_PPRD~vs_DG0D_443/profiles?ver=16.1.3",
  "items":
    [
      {
        "kind": "tm:ltm:virtual:profiles:profilesstate",
        "name": "bp-fr.intrbp_clientssl",
        "partition": "TRI_PPRD",
        "fullPath": "/TRI_PPRD/bp-fr.intrbp_clientssl",
        "generation": 2304,
        "selfLink": "https://localhost/mgmt/tm/ltm/virtual/~TRI_PPRD~vs_DG0D_443/profiles/~TRI_PPRD~bp-fr.intrbp_clientssl?ver=16.1.3",
        "context": "clientside",
      },
      {
        "kind": "tm:ltm:virtual:profiles:profilesstate",
        "name": "bp-fr.intrbp_serverssl",
        "partition": "TRI_PPRD",
        "fullPath": "/TRI_PPRD/bp-fr.intrbp_serverssl",
        "generation": 2304,
        "selfLink": "https://localhost/mgmt/tm/ltm/virtual/~TRI_PPRD~vs_DG0D_443/profiles/~TRI_PPRD~bp-fr.intrbp_serverssl?ver=16.1.3",
        "context": "serverside",
      },
      {
        "kind": "tm:ltm:virtual:profiles:profilesstate",
        "name": "bp_http",
        "partition": "Common",
        "fullPath": "/Common/bp_http",
        "generation": 2304,
        "selfLink": "https://localhost/mgmt/tm/ltm/virtual/~TRI_PPRD~vs_DG0D_443/profiles/~Common~bp_http?ver=16.1.3",
        "context": "all",
      },
      {
        "kind": "tm:ltm:virtual:profiles:profilesstate",
        "name": "tcp",
        "partition": "Common",
        "fullPath": "/Common/tcp",
        "generation": 2304,
        "selfLink": "https://localhost/mgmt/tm/ltm/virtual/~TRI_PPRD~vs_DG0D_443/profiles/~Common~tcp?ver=16.1.3",
        "context": "all",
      },
    ],
}

Expected Behavior

plan should show no change right after a terraform apply.

Actual Behavior

profiles are not detected in the refresh phase and added in the plan

[KrithikaChidambaram]

Hi, thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1105, thanks!

[wojtek0806]

@Sh4mSh4m

It is not reproducible in my env:

on darwin_amd64
+ provider registry.terraform.io/f5networks/bigip v1.7. 

This issue looks like: https://github.com/hashicorp/terraform/issues/28776 https://github.com/hashicorp/terraform/issues/28803

And it seems to be addressed with this PR: https://github.com/hashicorp/terraform/pull/30486

So we recomend trying again after upgrading provider and terraform