RavinderReddyF5
commented
3 years ago 
Thanks @jakauppila for looking into it, yes read function should be modified and take the as3 json from bigip and update the state.
Open RavinderReddyF5 opened 3 years ago
RavinderReddyF5
commented
3 years ago
Thanks @jakauppila for looking into it, yes read function should be modified and take the as3 json from bigip and update the state.
RavinderReddyF5
commented
3 years ago
@jakauppila fixed in the latest release v1.1.2, can you try it now ?
RavinderReddyF5
commented
3 years ago 
@papineni87 So it does appear to somewhat work, but it introduces another problem because #253 is not addressed. When the resource performs the read at https://github.com/terraform-providers/terraform-provider-bigip/blob/master/bigip/resource_bigip_as3.go#L87 without restricting it to the particular tenant, it pulls back ALL AS3 declarations on the appliance and stores it in the statefile. This should not happen.
RavinderReddyF5
commented
3 years ago RavinderReddyF5
commented
3 years ago 
I noticed this issue to posting the bad state into the state file. My issue is when as3 returns 503 the provider doesn't retry so we get the out of sync state.
If we upgrade to 1.1.2 even though it pulls all the as3 declarations back into the state file it will only cause the as3 declaration defined in terraform resource to be applied right? It won't mess with the other declarations applied outside of terraform right?
RavinderReddyF5
commented
3 years ago 
The updates coming are locking down the state terraform tracks to only Tenants that it created.
RavinderReddyF5
commented
3 years ago
Understood. I guess what I am asking is it safe to use version 1.1.2 until those updates are released. Trying to understand current impact in 1.1.2 if it adds all as3 declarations to state file.
Answered my own question. It deleted all as3 tenants outside of the one being applied. This is really concerning.
RavinderReddyF5
commented
3 years ago 
resourceBigipAs3Read may have a problem on:
GET https://{{host}}/mgmt/shared/appsvcs/declare
I test on postman, the GET return status 204, not 200. but in the source code: https://github.com/terraform-providers/terraform-provider-bigip/blob/15bdcd75ed73079d2b51b9821e914519154ea45e/bigip/resource_bigip_as3.go#L104
......
I always failed with Error while Sending/fetching http request : <nil>
refs: https://github.com/terraform-providers/terraform-provider-bigip/issues/278#issuecomment-624769694
this provider really make me sad 😢
RavinderReddyF5
commented
3 years ago
Thanks for the info @zx1986 . This is part of what is being fixed in the upcoming release.
RavinderReddyF5
commented
3 years ago RavinderReddyF5
commented
3 years ago
I just ran a plan with v1.2.0 and it shows that it will be removing all other tenants still even though the as3 that is being posted has a single tenant. I also tried using tenant_filter but still same result.
RavinderReddyF5
commented
3 years ago 
@strantalis can u please share logs...we did validated scenarios around this...it should not delete all tenants
RavinderReddyF5
commented
3 years ago
@strantalis I Just Verified with One tenant configured using Postman client and another with Terraform, it only Deletes terraform configured One.
HYD-ML-00064448:terraform-provider-bigip chinthalapalli$ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# bigip_as3.as3-example01 will be created
+ resource "bigip_as3" "as3-example01" {
+ as3_json = jsonencode(
{
+ action = "deploy"
+ class = "AS3"
+ declaration = {
+ Sample_new = {
+ Application_1 = {
+ class = "Application"
+ serviceMain = {
+ class = "Service_HTTP"
+ pool = "web_pool"
+ virtualAddresses = [
+ "10.0.1.10",
]
}
+ template = "http"
+ web_pool = {
+ class = "Pool"
+ members = [
+ {
+ serverAddresses = [
+ "192.0.1.100",
+ "192.0.1.110",
]
+ servicePort = 80
},
]
+ monitors = [
+ "http",
]
}
}
+ class = "Tenant"
+ defaultRouteDomain = 0
}
+ class = "ADC"
+ id = "example-declaration-01"
+ label = "Sample 1"
+ remark = "Simple HTTP application with round robin pool"
+ schemaVersion = "3.0.0"
}
+ persist = true
}
)
+ id = (known after apply)
+ tenant_list = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
bigip_as3.as3-example01: Creating...
bigip_as3.as3-example01: Creation complete after 9s [id=Sample_new]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
HYD-ML-00064448:terraform-provider-bigip chinthalapalli$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
bigip_as3.as3-example01: Refreshing state... [id=Sample_new]
------------------------------------------------------------------------
No changes. Infrastructure is up-to-date.
This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.
HYD-ML-00064448:terraform-provider-bigip chinthalapalli$ terraform destroy
bigip_as3.as3-example01: Refreshing state... [id=Sample_new]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# bigip_as3.as3-example01 will be destroyed
- resource "bigip_as3" "as3-example01" {
- as3_json = jsonencode(
{
- action = "deploy"
- class = "AS3"
- declaration = {
- Sample_new = {
- Application_1 = {
- class = "Application"
- serviceMain = {
- class = "Service_HTTP"
- pool = "web_pool"
- virtualAddresses = [
- "10.0.1.10",
]
}
- template = "http"
- web_pool = {
- class = "Pool"
- members = [
- {
- serverAddresses = [
- "192.0.1.100",
- "192.0.1.110",
]
- servicePort = 80
},
]
- monitors = [
- "http",
]
}
}
- class = "Tenant"
- defaultRouteDomain = 0
}
- class = "ADC"
- id = "example-declaration-01"
- label = "Sample 1"
- remark = "Simple HTTP application with round robin pool"
- schemaVersion = "3.0.0"
}
- persist = true
}
) -> null
- id = "Sample_new" -> null
- tenant_list = "Sample_new" -> null
}
Plan: 0 to add, 0 to change, 1 to destroy.
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
bigip_as3.as3-example01: Destroying... [id=Sample_new]
bigip_as3.as3-example01: Destruction complete after 6s
Destroy complete! Resources: 1 destroyed.
@RavinderReddyF5 I can open a support case and upload them there if you want?
RavinderReddyF5
commented
3 years ago RavinderReddyF5
commented
3 years ago
It doesn't appear that the
resourceBigipAs3Readfunction is currently detecting and writing the actual current AS3 declaration into state.According to https://www.terraform.io/docs/extend/best-practices/detecting-drift.html it looks like it should be setting
d.Set("as3_json", <filtered as3 declaration from http request>)As I've been utilizing the resource, I've had scenarios where I had issues with the syntax so the actual HTTP POST with the AS3 declaration failed, but since
Readdoes not pull the actual values back, it simply wrote my errored declaration into state, so subsequent executions "saw" no change despite the declaration on the remote appliance not matching my local.