search

PaloAltoNetworks / terraform-provider-sase

Terraform provider for SASE API
Apache License 2.0
1 stars 2 forks source link

"object not found" with multiple data sources #8

Open ancoleman opened 1 year ago

ancoleman commented 1 year ago

Describe the bug

When performing a read operation with data sources such as:

Terraform Plan or Apply fails with "object not found"

The issue from what I can tell lies in if there is configuration for that specific data source or not. In the case of testing the two above mentioned data sources, the rules do not exist so I assume the response is from the API. We should handle this gracefully in the provider.

Expected behavior

When no configuration is found with a data source, we handle this gracefully by ignoring the state of that data source, since nothing exists.

Current behavior

Configuration:

data "sase_app_override_rules_list" "this" {
#  for_each   = local.folder_position_map
  folder     = "Shared"
  position   = "pre"
  depends_on = []
}

data "sase_decryption_rules_list" "this" {
#  for_each   = local.folder_position_map
  folder     = "Shared"
  position   = "pre"
  depends_on = []
}
(base) (venv) acoleman@M-KGYXTTH2MF tenant_2_tenant % terraform plan
╷
│ Warning: Provider development overrides are in effect
│ 
│ The following provider development overrides are set in the CLI configuration:
│  - paloaltonetworks-local/sase in /Users/acoleman/Documents/Projects/PracticeDevelopment/github/terraform-provider-sase
│ 
│ The behavior may therefore not match any released version of the provider and applying changes may cause the state to become incompatible with published releases.

│ Error: Error getting listing
│ 
│   with module.get_tenant_config.data.sase_app_override_rules_list.this,
│   on ../../modules/config/rules.tf line 24, in data "sase_app_override_rules_list" "this":
│   24: data "sase_app_override_rules_list" "this" {
│ 
│ object not found
╵
╷
│ Error: Error getting listing
│ 
│   with module.get_tenant_config.data.sase_decryption_rules_list.this,
│   on ../../modules/config/rules.tf line 31, in data "sase_decryption_rules_list" "this":
│   31: data "sase_decryption_rules_list" "this" {
│ 
│ object not found

Possible solution

Steps to reproduce

  1. See current behavior
  2. Your tenant must be missing this configuration to receive the error

Screenshots

Context

Your Environment

shinmog commented 1 year ago

Ok, so I think the API is the problem here.

I just tried with sase_objects_address_groups_list and I got no errors. I think the URI endpoints are behaving differently / inconsistently... I can fix this in the provider, but I'd just be enabling bad behavior. Maybe raise this issue internally, see if they're willing and able to fix the API.

ancoleman commented 1 year ago

@shinmog I think, more specifically, it seems the issue here is with missing rules, security, app override, and QoS policy listing all fail with an object not found error. This doesn't happen with typical objects like the one you tested.