search

PaloAltoNetworks / terraform-provider-panos

Terraform Panos provider
https://www.terraform.io/docs/providers/panos/
MIT License
89 stars 71 forks source link

Provider produced inconsistent result after apply #412

Open kdavis5 opened 1 year ago

kdavis5 commented 1 year ago

Describe the bug

When pushing or creating a new administrative tag using the resource panos_panorama_administrative_tag.application_tag I get the error "Provider produced inconsistent result after apply"

When applying changes to panos_panorama_administrative_tag.application_tag, provider "provider[\"registry.terraform.io/paloaltonetworks/panos\"]" produced an unexpected new value: Root resource was present, but now absent.

I get a warning but the tag does look like it installs in panorama. The firewall team commits later. Next time I run the terraform file it looks like the tag never made it into the state file because TF wants to create the tag again. Same error results each time I run it without any changes.

Expected behavior

to get message that tag is created and a clean apply. No errors. since I made no changes to the TF file, I would expect TF reads that state file and i get the message "No changes. Your infrastructure matches the configuration."

Current behavior

the error "Provider produced inconsistent result after apply"

When applying changes to panos_panorama_administrative_tag.application_tag, provider "provider[\"registry.terraform.io/paloaltonetworks/panos\"]" produced an unexpected new value: Root resource was present, but now absent.

each time I run the tf file it wants to build the tag again.

panos_panorama_administrative_tag.application_tag will be created

Here is the terraform resource block

create firewall application tag

resource "panos_panorama_administrative_tag" "application_tag" { name = "hw_app:${local.aci_application_profile_name}" comment = "built by terraform" }

Possible solution

Not sure, error states: This is a bug in the provider, which should be reported in the provider's own issue tracker.

Steps to reproduce

  1. happens every time I use the resource to add an administrative tag to panorama

Screenshots

Screen Shot 2023-09-27 at 12 01 08 PM

Context

I am using this resource to build out administrative tags to panorama so that they can be used as a tag to match components of an application and a predetermined security rule.

welcome-to-palo-alto-networks[bot] commented 1 year ago

:tada: Thanks for opening your first issue here! Welcome to the community!

kdavis5 commented 1 year ago

Upgraded to Terraform 1.5.7 with no difference to outcome. After my initial run, I don't see the resource in my state file. That would explain why it wants to re-create the object on each run. Provider is not adding this to the state file. Also validated that Panorama is in fact installing the tag.

chris3ware commented 11 months ago

I believe this is because of the colon in the tag name.

For example:

app:github produces the error described above even though the tag is added to panorama

but

app-github does not produce an error, the tag is added to panorama and the state file is updated.

kdavis5 commented 11 months ago

chris3ware, I tested that and you are correct. It does appear to be an issue with that colon. So I wonder if this is by design or still a bug. I would love to have that colon since it matches our current conventions.