search

F5Networks / terraform-provider-bigip

Terraform resources that can configure F5 BIG-IP products
https://registry.terraform.io/providers/F5Networks/bigip/latest/docs
Mozilla Public License 2.0
103 stars 119 forks source link

Issue with virtual address deletion or replacement when the name field contains the route domain (f.e. %50) #936

Closed rwl50 closed 6 months ago

rwl50 commented 7 months ago

Environment

Summary

We need to append designated route domains to virtual address names as can be seen in the following manifest snippet:

resource "bigip_ltm_virtual_address" "virtual_address_buc" {
  for_each = { for vs in var.virtual_servers : vs.name_prefix => vs if contains(var.enable_objects_in, "buc") }

  name            = "/${var.partition}/${each.value.destination}%${each.value.rd}"
  advertize_route = "selective"

  provider = bigip.bigip_buc
}

When you populate the name field with values it would look something like this:

resource "bigip_ltm_virtual_address" "virtual_address_buc" {

  name            = "/partition/127.0.0.1%50"
  advertize_route = "selective"

  provider = bigip.bigip_buc
}

When we have to change the RD in our values for a certain virtual server that automatically triggers a need for a replacement to the virtual address due to the name change. As you can see in the following terraform plan snippet:

[2024-02-13 13:24:15]   # module.k8s-devops-devuat.bigip_ltm_virtual_address.virtual_address_buc["whatever1.foo.bar.intra"] must be replaced
[2024-02-13 13:24:15] -/+ resource "bigip_ltm_virtual_address" "virtual_address_buc" {
[2024-02-13 13:24:15]       ~ id              = "/k8s-devops-devuat/172.**.**.**%50" -> (known after apply)
[2024-02-13 13:24:15]       ~ name            = "/k8s-devops-devuat/172.**.**.**%50" -> "/k8s-devops-devuat/172.**.**.**%52" # forces replacement
[2024-02-13 13:24:15]         # (7 unchanged attributes hidden)
[2024-02-13 13:24:15]     }

The issue is that this replacement fails as can be see in the following snippet from terraform apply:

[2024-02-13 13:26:53] module.k8s-devops-devuat.bigip_ltm_virtual_address.virtual_address_buc["whatever1.foo.bar.intra"]: Destroying... [id=/k8s-devops-devuat/172.**.**.**%50]
Error: 01020036:3: The requested Virtual Address (/k8s-devops-devuat/172.**.**.**P) was not found.

And the following terraform debug log:

2024-02-13T13:26:57.233+0200 [ERROR] provider.terraform-provider-bigip_v1.20.2: Unable to Delete Virtual Address  (/k8s-devops-devuat/172.**.**.**%50) (01020036:3: The requested Virtual Address (/k8s-devops-devuat/172.**.**.**P) was not found.): timestamp="2024-02-13T13:26:57.233+0200"
2024-02-13T13:26:57.233+0200 [TRACE] provider.terraform-provider-bigip_v1.20.2: Called downstream: tf_resource_type=bigip_ltm_virtual_address tf_provider_addr=provider tf_req_id=e7a5e8ba-46ab-d994-f8ca-fc9f9bbe9744 tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-sdk/v2@v2.25.0/helper/schema/resource.go:807 @module=sdk.helper_schema timestamp="2024-02-13T13:26:57.233+0200"
2024-02-13T13:26:57.233+0200 [TRACE] provider.terraform-provider-bigip_v1.20.2: Received downstream response: @caller=github.com/hashicorp/terraform-plugin-go@v0.14.3/tfprotov5/internal/tf5serverlogging/downstream_request.go:37 tf_req_duration_ms=3533 diagnostic_error_count=1 tf_proto_version=5.3 tf_provider_addr=provider tf_rpc=ApplyResourceChange @module=sdk.proto diagnostic_warning_count=0 tf_req_id=e7a5e8ba-46ab-d994-f8ca-fc9f9bbe9744 tf_resource_type=bigip_ltm_virtual_address timestamp="2024-02-13T13:26:57.233+0200"
2024-02-13T13:26:57.233+0200 [ERROR] provider.terraform-provider-bigip_v1.20.2: Response contains error diagnostic: @caller=github.com/hashicorp/terraform-plugin-go@v0.14.3/tfprotov5/internal/diag/diagnostics.go:55 diagnostic_summary="01020036:3: The requested Virtual Address (/k8s-devops-devuat/172.**.**.**P) was not found." tf_req_id=e7a5e8ba-46ab-d994-f8ca-fc9f9bbe9744 diagnostic_detail="" @module=sdk.proto diagnostic_severity=ERROR tf_proto_version=5.3 tf_provider_addr=provider tf_resource_type=bigip_ltm_virtual_address tf_rpc=ApplyResourceChange timestamp="2024-02-13T13:26:57.233+0200"
2024-02-13T13:26:57.233+0200 [TRACE] provider.terraform-provider-bigip_v1.20.2: Served request: @module=sdk.proto tf_req_id=e7a5e8ba-46ab-d994-f8ca-fc9f9bbe9744 @caller=github.com/hashicorp/terraform-plugin-go@v0.14.3/tfprotov5/tf5server/server.go:831 tf_proto_version=5.3 tf_provider_addr=provider tf_resource_type=bigip_ltm_virtual_address tf_rpc=ApplyResourceChange timestamp="2024-02-13T13:26:57.233+0200"
2024-02-13T13:26:57.233+0200 [TRACE] terraform.contextPlugins: Schema for provider "registry.terraform.io/f5networks/bigip" is in the global cache
2024-02-13T13:26:57.233+0200 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to workingState for module.k8s-devops-devuat.bigip_ltm_virtual_address.virtual_address_buc["whatever1.foo.bar.intra"]
2024-02-13T13:26:57.233+0200 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: writing state object for module.k8s-devops-devuat.bigip_ltm_virtual_address.virtual_address_buc["whatever1.foo.bar.intra"]
2024-02-13T13:26:57.237+0200 [DEBUG] State storage *remote.State declined to persist a state snapshot
2024-02-13T13:26:57.237+0200 [ERROR] vertex "module.k8s-devops-devuat.bigip_ltm_virtual_address.virtual_address_buc[\"whatever1.foo.bar.intra\"] (destroy)" error: 01020036:3: The requested Virtual Address (/k8s-devops-devuat/172.**.**.**P) was not found.
2024-02-13T13:26:57.237+0200 [TRACE] vertex "module.k8s-devops-devuat.bigip_ltm_virtual_address.virtual_address_buc[\"whatever1.foo.bar.intra\"] (destroy)": visit complete, with errors
2024-02-13T13:26:57.238+0200 [TRACE] dag/walk: upstream of "module.k8s-devops-devuat.bigip_ltm_virtual_address.virtual_address_buc[\"whatever1.foo.bar.intra\"]" errored, so skipping

Upon further investigating this strange situation I have discovered that 50 is also the ASCII code for uppercase P which lead me to the conclusion that somehow the %50 is getting interpreted into P when passed to the bigip API.

Steps To Reproduce

Steps to reproduce the behavior:

  1. Provide terraform resource config which you are facing trouble along with the output of it.

All the information has been provided above

  1. To get to know more about the issue, provide terraform debug logs

All the information has been provided above

Expected Behavior

The expectation was that the virtual address name should not be interpreted if it contains ASCII hex code (as is conducive due to the nature of route domain notation -> %[route-domain-number]

The replacement/deletion of a virtual address is a normal use case that is required for provisioning/deprovisioning operations.

Actual Behavior

As explained above the issue is that the virtual address name is interpreted and a string such 172...%50 becomes 172...P when passed to BIGIP by the provider for checking address existence.

BR, Raoul

pgouband commented 7 months ago

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1466.