Open kbreit opened 2 years ago
jamesholland-uk
commented
2 years ago Hi @kbreit, I can reproduce this error if I target a NGFW, but if I target Panorama it works fine. panos_panorama_tunnel_interface is designed for Panorama specifically. Are you targeting a NGFW or Panorama?
kbreit
commented
2 years ago @jamesholland-uk - I am definitely targeting Panorama. However, I wonder if the provider is caching some old values and internally pointing to a firewall. Looking into this a bit more. Do you happen to know how I can see the targets in state?
jamesholland-uk
commented
2 years ago @kbreit Your Terraform state is found in the file terraform.tfstate in your working directory if you're executing Terraform from a workstation. It's human readable. If, per the comment string, this is a demo environment, it could be worth testing this in a fresh working directory I guess.
Also, is there anything else in gcp_vpn.tf? Or other Terraform code in the working directory involved etc? I ask because:
When I target a NGFW with your code snippet, I get: interface {} is *pango.Firewall, not *pango.Panorama and the trace first line hass github.com/terraform-providers/terraform-provider-panos/panos.readPanoramaTunnelInterface which makes sense as I am using Panorama resource type panos_panorama_tunnel_interface for a NGFW.
Your pasted error text shows interface {} is *pango.Panorama, not *pango.Firewall and the trace first line contains github.com/terraform-providers/terraform-provider-panos/panos.readTunnelInterface. This is the wrong way around, there is use of the NGFW tunnel interface under the hood, and it is not happy at targeting a Panorama...
kbreit
commented
2 years ago @jamesholland-uk I don't have anything else panos related in the directory and right now the only thing I have enabled is the panos provider. However, if I enable this code snippet...
resource "panos_panorama_tunnel_interface" "gcp_tunnel" {
template = "PAN-template"
name = "tunnel.8"
comment = "Tunnel for GCP, Transform 2022 demo"
lifecycle {
create_before_destroy = true
}
}I get...
Stack trace from the terraform-provider-panos_v1.10.0 plugin:
panic: interface conversion: interface {} is *pango.Panorama, not *pango.Firewall
goroutine 16 [running]:
github.com/terraform-providers/terraform-provider-panos/panos.readTunnelInterface(0xc000b24700, 0x212e7a0, 0xc00000a1e0, 0xc000b24700, 0x0)As you said, it's inverted of what you're seeing. I am specifying the Panorama based resource but it's thinking it's panos. Regarding tstate, we're storing state in Azure so it's not local. But a terraform state show panos_panorama_tunnel_interface.gcp_tunnel isn't showing anything too exciting. It does include the template parameter.
jamesholland-uk
commented
2 years ago You could append this to your .tf file, to make sure it i definitely Panorama?!? No strange DNS resolving you to a NGFW?
data "panos_system_info" "device_info" { }
output "model" {
value = data.panos_system_info.device_info.info.model
}You should see something like:
Changes to Outputs:
+ model = "Panorama"vs a NGFW model like this for VM-Series:
Changes to Outputs:
+ model = "PA-VM"Did that but it's still crashing...
│ Error: Plugin did not respond
│
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ReadResource call. The plugin logs may contain more details.
╵
╷
│ Error: Plugin did not respond
│
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ReadResource call. The plugin logs may contain more details.
╵
╷
│ Error: Plugin did not respond
│
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ReadResource call. The plugin logs may contain more details.
╵
Stack trace from the terraform-provider-panos_v1.10.0 plugin:
panic: interface conversion: interface {} is *pango.Panorama, not *pango.Firewall
goroutine 67 [running]:
github.com/terraform-providers/terraform-provider-panos/panos.readTunnelInterface(0xc000142850, 0x212e7a0, 0xc00000a1e0, 0xc000142850, 0x0)It doesn't make sense somewhere. The error related to readTunnelInterface is coming from (code) from panos_tunnel_interface, but your code is using panos_panorama_tunnel_interface?
Discussing more with others, maybe try reinitialising the plugin, and if that doesn't help, try TF_LOG=trace terraform apply and paste the results so we can get more insight.
kbreit
commented
2 years ago I resolved this today. There were both panos and panos_panorama resources in state. So when it tried to scan the panos ones it got caught up with Panorama.
Is it feasible to catch this exception in code and provide a more friendly error?
jamesholland-uk
commented
2 years ago Glad it is sorted :-) The smoking gun was always interface conversion: interface {} is *pango.Panorama, not *pango.Firewall
If different error messages is an enhancement you would like to request, I'd ask that you open a separate GitHub Issue for it, and we can tag it as an enhancement and track it there. Many thanks
Describe the bug
When running
panos_panorama_tunnel_interfaceI am receiving a crash. This crash only happens if I do aterraform plan. If I do aterraform plan -target=panos_panorama_tunnel_interface.gcp_tunnelit works fine. It also errors out when I include only the provider creation and remove all resources.Expected behavior
It should create a tunnel interface in the proper Panorama template.
Current behavior
See above for crash.
Steps to reproduce
Your Environment