search

PaloAltoNetworks / terraform-provider-scm

The Terraform provider for Strata Cloud Manager
Apache License 2.0
7 stars 2 forks source link

resource scm_app_override_rule string to int64 conversion errors on apply #7

Closed ancoleman closed 7 months ago

ancoleman commented 8 months ago

Describe the bug

When attempting to generate the resource: _scm_app_overriderule the rules are generated but an error occurs during the apply. This is possibly an issue with the API itself. The bug is specific to the port parameter. You can directly add the integer value to the resource and the problem will occur. Review the current behavior section for error.

Expected behavior

The resource should build without errors. Because the resource builds correctly on the SCM tenant, the assumption is in the post- processing response from the API.

Current behavior

╷
│ Error: Error creating config
│ 
│   with module.security_policy_with_yaml.scm_app_override_rule.this["terraform-app-override-rule-3"],
│   on ../../modules/policy/rules.tf line 131, in resource "scm_app_override_rule" "this":
│  131: resource "scm_app_override_rule" "this" {
│ 
│ json: cannot unmarshal string into Go struct field Config.port of type int64
╵
╷
│ Error: Error creating config
│ 
│   with module.security_policy_with_yaml.scm_app_override_rule.this["terraform-app-override-rule-1"],
│   on ../../modules/policy/rules.tf line 131, in resource "scm_app_override_rule" "this":
│  131: resource "scm_app_override_rule" "this" {
│ 
│ json: cannot unmarshal string into Go struct field Config.port of type int64
╵
╷
│ Error: Error creating config
│ 
│   with module.security_policy_with_yaml.scm_app_override_rule.this["terraform-app-override-rule-2"],
│   on ../../modules/policy/rules.tf line 131, in resource "scm_app_override_rule" "this":
│  131: resource "scm_app_override_rule" "this" {
│ 
│ json: cannot unmarshal string into Go struct field Config.port of type int64
╵

Possible solution

Steps to reproduce

Resource example:

resource "scm_app_override_rule" "this" {
  for_each           = try(var.app_override_rules, {})
  folder             = try(each.value.folder, null) # Required
  name               = each.key                     # Required
  position           = try(each.value.position, "pre")
  description        = try(each.value.description, null)
  application        = try(each.value.application, null) # Required
  destinations       = length(local.app_destination_list[each.key]) == 0 ? ["any"] : local.app_destination_list[each.key]
  sources            = length(local.app_source_list[each.key]) == 0 ? ["any"] : local.app_source_list[each.key] # Source Regions not supported
  port               = 443                                                    # Required
  protocol           = try(each.value.protocol, null)                                                           # Required
  tos                = try(each.value.to, ["untrust"])                                                          # Required
  froms              = try(each.value.from, ["trust"])                                                          # Required
  disabled           = try(each.value.disabled, false)
  group_tag          = try(each.value.group_tag, null)
  negate_destination = try(each.value.negate_destination, false)
  negate_source      = try(each.value.negate_source, false)
  tags               = try(each.value.tags, null)
  device             = null
  snippet            = null
  depends_on = [
    scm_tag.this,
    scm_address_object.this,
    scm_address_group.this,
    scm_external_dynamic_list.this
  ]
}

Context

This renders the _scm_app_overriderule resource useless.

Your Environment

shinmog commented 7 months ago

This is a bug with Strata Cloud Manager. They are returning a string instead of a number.

I could change this on my side, changing port from an int to a string, but then we'd lose the range validation that is done, so this feels like a downgrade in functionality that I don't think I should do.

Going to close this out as the provider is behaving properly, the API is at fault.

ancoleman commented 7 months ago

If we leave this unfixed, the resource can’t be used. So we should either remove support, fix it, or push for a fix in the API asap.

Anton Coleman | Global Solutions Architect - Automation

Palo Alto Networks | 3000 Tannery Way | Santa Clara, CA 95054 | USA

Mobile: 931.267.5326 | www.paloaltonetworks.com

https://www.paloaltonetworks.com/prisma https://www.linkedin.com/company/palo-alto-networks https://www.facebook.com/PaloAltoNetworks/ https://twitter.com/PaloAltoNtwks

The content of this message is the proprietary and confidential property of Palo Alto Networks, and should be treated as such. If you are not the intended recipient and have received this message in error, please delete this message from your computer system and notify me immediately by reply e-mail. Any unauthorized use or distribution of the content of this message is prohibited.

On Wed, Jan 31, 2024 at 8:58 AM Garfield Lee Freeman < @.***> wrote:

Closed #7 https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_PaloAltoNetworks_terraform-2Dprovider-2Dscm_issues_7&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=_EtSCxbADaIxiyvLhURP7SWkG4iOOe2wwhov_lX13Nk&m=m2D5U6iZbubShLpG7DMayKjxYun4yd3HV4O_sK_n6PXohdmeyUMZUiK70l3FaUIW&s=yRxfliWKOciahMiJsLLv1f4n-skWoORiEXAXf7Oy9bk&e= as completed.

— Reply to this email directly, view it on GitHub https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_PaloAltoNetworks_terraform-2Dprovider-2Dscm_issues_7-23event-2D11657023840&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=_EtSCxbADaIxiyvLhURP7SWkG4iOOe2wwhov_lX13Nk&m=m2D5U6iZbubShLpG7DMayKjxYun4yd3HV4O_sK_n6PXohdmeyUMZUiK70l3FaUIW&s=9w8GQrvdbC_qQRQl76BzWwIGmmT6tbZX0_N_uRBEj6M&e=, or unsubscribe https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AHLB5PLV3IMX4AVOR5WYAELYRJLTVAVCNFSM6AAAAABB66JCWSVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJRGY2TOMBSGM4DIMA&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=_EtSCxbADaIxiyvLhURP7SWkG4iOOe2wwhov_lX13Nk&m=m2D5U6iZbubShLpG7DMayKjxYun4yd3HV4O_sK_n6PXohdmeyUMZUiK70l3FaUIW&s=-9F8AuzwMydCh7pHQhwRXr2QmmEgJFTb7f4jM9nosYE&e= . You are receiving this because you authored the thread.Message ID: <PaloAltoNetworks/terraform-provider-scm/issue/7/issue_event/11657023840@ github.com>