search

F5Networks / terraform-provider-bigip

Terraform resources that can configure F5 BIG-IP products
https://registry.terraform.io/providers/F5Networks/bigip/latest/docs
Mozilla Public License 2.0
103 stars 119 forks source link

Documentation is not updated and a default value for token_auth was changed in version 1.16.1 of the provider #877

Closed rwl50 closed 9 months ago

rwl50 commented 1 year ago

Environment

Summary

This is not a bug per se, but rather an issue with updating the documentation on https://registry.terraform.io/providers/F5Networks/bigip/latest/docs. The issue is that token_auth default value has been changed from false to true in commit https://github.com/F5Networks/terraform-provider-bigip/pull/725/commits/e47ef7fde1d96fbfbe635fd4479bfe585112f8aa

Capture

This causes any previous provider configuration that is missing the explicit token_auth = false to fail with a 401 unauthorized when running terraform plan

Steps To Reproduce

Steps to reproduce the behavior:

  1. Provide terraform resource config which you are facing trouble along with the output of it.

try creating any resource with the following provider configuration (which used to work in version 1.16.0):

provider "bigip" { alias = "bigipX"

address = var.bigip_provider.addresses.bigip username = data.vault_generic_secret.bigip_credentials.data[var.bigip_provider.credentials.username_key] password = data.vault_generic_secret.bigip_credentials.data[var.bigip_provider.credentials.password_key] }

It will produce a 401 unauthorized error.

If you add the token_auth = false to the provider configuration it works again:

provider "bigip" { alias = "bigipX"

address = var.bigip_provider.addresses.bigip username = data.vault_generic_secret.bigip_credentials.data[var.bigip_provider.credentials.username_key] password = data.vault_generic_secret.bigip_credentials.data[var.bigip_provider.credentials.password_key] token_auth = false }

Expected Behavior

I believe the behavior as expected according to the documentation should be that token_auth = false by default and only explicitly setting it to true should activate this functionality

Actual Behavior

The provider code has this set to true by default and when connecting to bigip it throws a 401 unauthorized error even though the user&pass actually work.

Best regards, Raoul

pgouband commented 1 year ago

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1324.

RavinderReddyF5 commented 1 year ago

Hi @rwl50, yes we moved to token based authentication for terraform operation from above v1.16.0 versions. if you are able to authenticate your BIG-IP using token based autherntication ( by default we are using loginReference tmos) we should not run into any issue.

please confirm you are generate token?

https://community.f5.com/t5/technical-forum/how-big-ip-token-authentication-works/m-p/151708#:~:text=In%20case%20you%20want%20to,via%20REST%20as%20shown%20below.