fortimanager_object_firewall_address is not create any object

[apellini]

In this Tf module we are testing to create an object on a specfic adom:

terraform {
    required_providers {
        fortimanager = {
            source = "fortinetdev/fortimanager"
        }
    }
}

provider "fortimanager" {
    hostname = var.hostname
    username = var.username
    password = var.password
    insecure = var.insecure
    scopetype = var.scopetype
    adom = var.adom
}

resource "fortimanager_exec_workspace_action" "lock_adom" {
    scopetype = "inherit"
    action = "lockbegin"
    comment = "Terraform in action"
    force_recreate = uuid()
    target = var.lock_target
    param = ""
}

resource "fortimanager_object_firewall_address" "object_firewall_address" {
    scopetype = "inherit"
    type = "ipmask"
    name = "TERRAFORMTEST"
    obj_type = "ip"
    subnet = [ "192.168.0.0", "255.255.0.0", ]
    color = 0
}

resource "fortimanager_exec_workspace_action" "unlock_adom" {
    scopetype = "inherit"
    action = "lockend"
    comment = "Terraform end"
    force_recreate = uuid()
    target = var.lock_target
    param = ""
    depends_on = [fortimanager_object_firewall_address.object_firewall_address]
}

After terraform apply we receive following error:

err -10: The data is invalid for selected url
â•·
│ Error: Error creating ObjectFirewallAddress resource: 
│ err -10: The data is invalid for selected url
│ 
│   with fortimanager_object_firewall_address.object_firewall_address,
│   on main.tf line 27, in resource "fortimanager_object_firewall_address" "object_firewall_address":
│   27: resource "fortimanager_object_firewall_address" "object_firewall_address" {
│ 
╵

With DEBUG we have seen:

2023-03-12T22:36:33.240+0100 [DEBUG] created provider logger: level=debug
2023-03-12T22:36:33.240+0100 [INFO]  provider: configuring client automatic mTLS
2023-03-12T22:36:33.265+0100 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0 args=[.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0]
2023-03-12T22:36:33.265+0100 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0 pid=111629
2023-03-12T22:36:33.265+0100 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0
2023-03-12T22:36:33.274+0100 [INFO]  provider.terraform-provider-fortimanager_v1.7.0: configuring server automatic mTLS: timestamp=2023-03-12T22:36:33.274+0100
2023-03-12T22:36:33.307+0100 [DEBUG] provider.terraform-provider-fortimanager_v1.7.0: plugin address: address=/tmp/plugin3281105904 network=unix timestamp=2023-03-12T22:36:33.307+0100
2023-03-12T22:36:33.307+0100 [DEBUG] provider: using plugin: version=5
2023-03-12T22:36:33.426+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2023-03-12T22:36:33.427+0100 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0 pid=111629
2023-03-12T22:36:33.427+0100 [DEBUG] provider: plugin exited
2023-03-12T22:36:33.427+0100 [DEBUG] Building and walking validate graph
2023-03-12T22:36:33.428+0100 [DEBUG] ProviderTransformer: "fortimanager_exec_workspace_action.unlock_adom" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:33.428+0100 [DEBUG] ProviderTransformer: "fortimanager_exec_workspace_action.lock_adom" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:33.428+0100 [DEBUG] ProviderTransformer: "fortimanager_object_firewall_address.object_firewall_address" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:33.428+0100 [DEBUG] ReferenceTransformer: "var.password" references: []
2023-03-12T22:36:33.428+0100 [DEBUG] ReferenceTransformer: "var.scopetype" references: []
2023-03-12T22:36:33.428+0100 [DEBUG] ReferenceTransformer: "var.lock_target" references: []
2023-03-12T22:36:33.428+0100 [DEBUG] ReferenceTransformer: "fortimanager_exec_workspace_action.unlock_adom" references: [fortimanager_object_firewall_address.object_firewall_address var.lock_target]
2023-03-12T22:36:33.428+0100 [DEBUG] ReferenceTransformer: "fortimanager_object_firewall_address.object_firewall_address" references: [fortimanager_exec_workspace_action.lock_adom]
2023-03-12T22:36:33.428+0100 [DEBUG] ReferenceTransformer: "var.hostname" references: []
2023-03-12T22:36:33.428+0100 [DEBUG] ReferenceTransformer: "var.insecure" references: []
2023-03-12T22:36:33.428+0100 [DEBUG] ReferenceTransformer: "var.adom" references: []
2023-03-12T22:36:33.428+0100 [DEBUG] ReferenceTransformer: "var.username" references: []
2023-03-12T22:36:33.428+0100 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/fortinetdev/fortimanager\"]" references: [var.adom var.hostname var.insecure var.password var.scopetype var.username]
2023-03-12T22:36:33.428+0100 [DEBUG] ReferenceTransformer: "fortimanager_exec_workspace_action.lock_adom" references: [var.lock_target]
2023-03-12T22:36:33.429+0100 [DEBUG] Starting graph walk: walkValidate
2023-03-12T22:36:33.429+0100 [DEBUG] created provider logger: level=debug
2023-03-12T22:36:33.429+0100 [INFO]  provider: configuring client automatic mTLS
2023-03-12T22:36:33.442+0100 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0 args=[.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0]
2023-03-12T22:36:33.443+0100 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0 pid=111649
2023-03-12T22:36:33.443+0100 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0
2023-03-12T22:36:33.451+0100 [INFO]  provider.terraform-provider-fortimanager_v1.7.0: configuring server automatic mTLS: timestamp=2023-03-12T22:36:33.450+0100
2023-03-12T22:36:33.487+0100 [DEBUG] provider.terraform-provider-fortimanager_v1.7.0: plugin address: address=/tmp/plugin3087576835 network=unix timestamp=2023-03-12T22:36:33.487+0100
2023-03-12T22:36:33.487+0100 [DEBUG] provider: using plugin: version=5
2023-03-12T22:36:33.599+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2023-03-12T22:36:33.600+0100 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0 pid=111649
2023-03-12T22:36:33.600+0100 [DEBUG] provider: plugin exited
2023-03-12T22:36:33.600+0100 [INFO]  backend/local: apply calling Plan
2023-03-12T22:36:33.600+0100 [DEBUG] Building and walking plan graph for NormalMode
2023-03-12T22:36:33.601+0100 [DEBUG] ProviderTransformer: "fortimanager_object_firewall_address.object_firewall_address (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:33.601+0100 [DEBUG] ProviderTransformer: "fortimanager_exec_workspace_action.unlock_adom (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:33.601+0100 [DEBUG] ProviderTransformer: "fortimanager_exec_workspace_action.lock_adom (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:33.601+0100 [DEBUG] ReferenceTransformer: "var.password" references: []
2023-03-12T22:36:33.601+0100 [DEBUG] ReferenceTransformer: "fortimanager_exec_workspace_action.unlock_adom (expand)" references: [fortimanager_object_firewall_address.object_firewall_address (expand) var.lock_target]
2023-03-12T22:36:33.601+0100 [DEBUG] ReferenceTransformer: "fortimanager_exec_workspace_action.lock_adom (expand)" references: [var.lock_target]
2023-03-12T22:36:33.601+0100 [DEBUG] ReferenceTransformer: "var.hostname" references: []
2023-03-12T22:36:33.601+0100 [DEBUG] ReferenceTransformer: "var.scopetype" references: []
2023-03-12T22:36:33.601+0100 [DEBUG] ReferenceTransformer: "var.insecure" references: []
2023-03-12T22:36:33.601+0100 [DEBUG] ReferenceTransformer: "var.adom" references: []
2023-03-12T22:36:33.601+0100 [DEBUG] ReferenceTransformer: "var.lock_target" references: []
2023-03-12T22:36:33.601+0100 [DEBUG] ReferenceTransformer: "fortimanager_object_firewall_address.object_firewall_address (expand)" references: [fortimanager_exec_workspace_action.lock_adom (expand)]
2023-03-12T22:36:33.601+0100 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/fortinetdev/fortimanager\"]" references: [var.password var.scopetype var.username var.insecure var.hostname var.adom]
2023-03-12T22:36:33.601+0100 [DEBUG] ReferenceTransformer: "var.username" references: []
2023-03-12T22:36:33.602+0100 [DEBUG] Starting graph walk: walkPlan
2023-03-12T22:36:33.602+0100 [DEBUG] created provider logger: level=debug
2023-03-12T22:36:33.602+0100 [INFO]  provider: configuring client automatic mTLS
2023-03-12T22:36:33.614+0100 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0 args=[.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0]
2023-03-12T22:36:33.614+0100 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0 pid=111670
2023-03-12T22:36:33.614+0100 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0
2023-03-12T22:36:33.627+0100 [INFO]  provider.terraform-provider-fortimanager_v1.7.0: configuring server automatic mTLS: timestamp=2023-03-12T22:36:33.627+0100
2023-03-12T22:36:33.662+0100 [DEBUG] provider.terraform-provider-fortimanager_v1.7.0: plugin address: address=/tmp/plugin2969856216 network=unix timestamp=2023-03-12T22:36:33.662+0100
2023-03-12T22:36:33.662+0100 [DEBUG] provider: using plugin: version=5
2023-03-12T22:36:33.773+0100 [WARN]  ValidateProviderConfig from "provider[\"registry.terraform.io/fortinetdev/fortimanager\"]" changed the config value, but that value is unused
2023-03-12T22:36:33.836+0100 [INFO]  ReferenceTransformer: reference not found: "var.lock_target"
2023-03-12T22:36:33.836+0100 [DEBUG] ReferenceTransformer: "fortimanager_exec_workspace_action.lock_adom" references: []
fortimanager_exec_workspace_action.lock_adom: Refreshing state... [id=workspaceactionadom.ADOM_TESTlock]
2023-03-12T22:36:33.841+0100 [DEBUG] Resource instance state not found for node "fortimanager_object_firewall_address.object_firewall_address", instance fortimanager_object_firewall_address.object_firewall_address
2023-03-12T22:36:33.841+0100 [INFO]  ReferenceTransformer: reference not found: "fortimanager_exec_workspace_action.lock_adom"
2023-03-12T22:36:33.841+0100 [DEBUG] ReferenceTransformer: "fortimanager_object_firewall_address.object_firewall_address" references: []
2023-03-12T22:36:33.841+0100 [DEBUG] refresh: fortimanager_object_firewall_address.object_firewall_address: no state, so not refreshing
2023-03-12T22:36:33.845+0100 [WARN]  Provider "registry.terraform.io/fortinetdev/fortimanager" produced an invalid plan for fortimanager_object_firewall_address.object_firewall_address, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .dynamic_sort_subtable: planned value cty.StringVal("false") for a non-computed attribute
2023-03-12T22:36:33.845+0100 [DEBUG] Resource instance state not found for node "fortimanager_exec_workspace_action.unlock_adom", instance fortimanager_exec_workspace_action.unlock_adom
2023-03-12T22:36:33.845+0100 [INFO]  ReferenceTransformer: reference not found: "fortimanager_object_firewall_address.object_firewall_address"
2023-03-12T22:36:33.845+0100 [INFO]  ReferenceTransformer: reference not found: "var.lock_target"
2023-03-12T22:36:33.845+0100 [DEBUG] ReferenceTransformer: "fortimanager_exec_workspace_action.unlock_adom" references: []
2023-03-12T22:36:33.845+0100 [DEBUG] refresh: fortimanager_exec_workspace_action.unlock_adom: no state, so not refreshing
2023-03-12T22:36:33.847+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2023-03-12T22:36:33.849+0100 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0 pid=111670
2023-03-12T22:36:33.849+0100 [DEBUG] provider: plugin exited
2023-03-12T22:36:33.849+0100 [DEBUG] building apply graph to check for errors
2023-03-12T22:36:33.849+0100 [DEBUG] Resource state not found for node "fortimanager_exec_workspace_action.unlock_adom", instance fortimanager_exec_workspace_action.unlock_adom
2023-03-12T22:36:33.849+0100 [DEBUG] Resource state not found for node "fortimanager_object_firewall_address.object_firewall_address", instance fortimanager_object_firewall_address.object_firewall_address
2023-03-12T22:36:33.849+0100 [DEBUG] ProviderTransformer: "fortimanager_exec_workspace_action.lock_adom (destroy)" (*terraform.NodeDestroyResourceInstance) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:33.849+0100 [DEBUG] ProviderTransformer: "fortimanager_object_firewall_address.object_firewall_address" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:33.849+0100 [DEBUG] ProviderTransformer: "fortimanager_exec_workspace_action.lock_adom (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:33.849+0100 [DEBUG] ProviderTransformer: "fortimanager_object_firewall_address.object_firewall_address (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:33.849+0100 [DEBUG] ProviderTransformer: "fortimanager_exec_workspace_action.unlock_adom" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:33.849+0100 [DEBUG] ProviderTransformer: "fortimanager_exec_workspace_action.unlock_adom (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:33.849+0100 [DEBUG] ProviderTransformer: "fortimanager_exec_workspace_action.lock_adom" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:33.850+0100 [DEBUG] ReferenceTransformer: "fortimanager_exec_workspace_action.lock_adom (expand)" references: []
2023-03-12T22:36:33.850+0100 [DEBUG] ReferenceTransformer: "fortimanager_object_firewall_address.object_firewall_address (expand)" references: []
2023-03-12T22:36:33.850+0100 [DEBUG] ReferenceTransformer: "var.insecure" references: []
2023-03-12T22:36:33.850+0100 [DEBUG] ReferenceTransformer: "var.hostname" references: []
2023-03-12T22:36:33.850+0100 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/fortinetdev/fortimanager\"]" references: [var.adom var.password var.scopetype var.insecure var.hostname var.username]
2023-03-12T22:36:33.850+0100 [DEBUG] ReferenceTransformer: "fortimanager_exec_workspace_action.unlock_adom (expand)" references: []
2023-03-12T22:36:33.850+0100 [DEBUG] ReferenceTransformer: "var.username" references: []
2023-03-12T22:36:33.850+0100 [DEBUG] ReferenceTransformer: "var.scopetype" references: []
2023-03-12T22:36:33.850+0100 [INFO]  ReferenceTransformer: reference not found: "fortimanager_object_firewall_address.object_firewall_address#destroy"
2023-03-12T22:36:33.850+0100 [DEBUG] ReferenceTransformer: "fortimanager_exec_workspace_action.unlock_adom" references: [fortimanager_object_firewall_address.object_firewall_address (expand) fortimanager_object_firewall_address.object_firewall_address fortimanager_object_firewall_address.object_firewall_address var.lock_target]
2023-03-12T22:36:33.850+0100 [DEBUG] ReferenceTransformer: "var.password" references: []
2023-03-12T22:36:33.850+0100 [DEBUG] ReferenceTransformer: "fortimanager_exec_workspace_action.lock_adom" references: [var.lock_target]
2023-03-12T22:36:33.850+0100 [DEBUG] ReferenceTransformer: "var.adom" references: []
2023-03-12T22:36:33.850+0100 [DEBUG] ReferenceTransformer: "var.lock_target" references: []
2023-03-12T22:36:33.850+0100 [DEBUG] ReferenceTransformer: "fortimanager_object_firewall_address.object_firewall_address" references: [fortimanager_exec_workspace_action.lock_adom (expand) fortimanager_exec_workspace_action.lock_adom fortimanager_exec_workspace_action.lock_adom fortimanager_exec_workspace_action.lock_adom (destroy) fortimanager_exec_workspace_action.lock_adom (destroy)]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # fortimanager_exec_workspace_action.lock_adom must be replaced
-/+ resource "fortimanager_exec_workspace_action" "lock_adom" {
      ~ force_recreate = "c14f4f60-8c3d-483a-2996-c74d7d478823" -> (known after apply) # forces replacement
      ~ id             = "workspaceactionadom.ADOM_TESTlock" -> (known after apply)
        # (3 unchanged attributes hidden)
    }

  # fortimanager_exec_workspace_action.unlock_adom will be created
  + resource "fortimanager_exec_workspace_action" "unlock_adom" {
      + action         = "lockend"
      + comment        = "Terraform end"
      + force_recreate = (known after apply)
      + id             = (known after apply)
      + scopetype      = "inherit"
    }

  # fortimanager_object_firewall_address.object_firewall_address will be created
  + resource "fortimanager_object_firewall_address" "object_firewall_address" {
      + allow_routing         = (known after apply)
      + associated_interface  = (known after apply)
      + clearpass_spt         = (known after apply)
      + color                 = 0
      + dirty                 = (known after apply)
      + dynamic_sort_subtable = "false"
      + end_mac               = (known after apply)
      + fabric_object         = (known after apply)
      + id                    = (known after apply)
      + macaddr               = (known after apply)
      + name                  = "TERRAFORMTEST"
      + node_ip_only          = (known after apply)
      + obj_type              = "ip"
      + scopetype             = "inherit"
      + sdn_addr_type         = (known after apply)
      + start_mac             = (known after apply)
      + subnet                = [
          + "192.168.0.0",
          + "255.255.0.0",
        ]
      + type                  = "ipmask"
      + uuid                  = (known after apply)
    }

Plan: 3 to add, 0 to change, 1 to destroy.
2023-03-12T22:36:33.853+0100 [DEBUG] command: asking for input: "\nDo you want to perform these actions?"

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

2023-03-12T22:36:37.653+0100 [INFO]  backend/local: apply calling Apply
2023-03-12T22:36:37.653+0100 [DEBUG] Building and walking apply graph for NormalMode plan
2023-03-12T22:36:37.653+0100 [DEBUG] Resource state not found for node "fortimanager_exec_workspace_action.unlock_adom", instance fortimanager_exec_workspace_action.unlock_adom
2023-03-12T22:36:37.653+0100 [DEBUG] Resource state not found for node "fortimanager_object_firewall_address.object_firewall_address", instance fortimanager_object_firewall_address.object_firewall_address
2023-03-12T22:36:37.654+0100 [DEBUG] ProviderTransformer: "fortimanager_object_firewall_address.object_firewall_address (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:37.654+0100 [DEBUG] ProviderTransformer: "fortimanager_exec_workspace_action.lock_adom" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:37.654+0100 [DEBUG] ProviderTransformer: "fortimanager_exec_workspace_action.unlock_adom" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:37.654+0100 [DEBUG] ProviderTransformer: "fortimanager_exec_workspace_action.unlock_adom (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:37.654+0100 [DEBUG] ProviderTransformer: "fortimanager_exec_workspace_action.lock_adom (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:37.654+0100 [DEBUG] ProviderTransformer: "fortimanager_exec_workspace_action.lock_adom (destroy)" (*terraform.NodeDestroyResourceInstance) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:37.654+0100 [DEBUG] ProviderTransformer: "fortimanager_object_firewall_address.object_firewall_address" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/fortinetdev/fortimanager"]
2023-03-12T22:36:37.654+0100 [DEBUG] ReferenceTransformer: "var.username" references: []
2023-03-12T22:36:37.654+0100 [DEBUG] ReferenceTransformer: "var.hostname" references: []
2023-03-12T22:36:37.654+0100 [DEBUG] ReferenceTransformer: "var.scopetype" references: []
2023-03-12T22:36:37.654+0100 [DEBUG] ReferenceTransformer: "var.insecure" references: []
2023-03-12T22:36:37.654+0100 [DEBUG] ReferenceTransformer: "fortimanager_exec_workspace_action.lock_adom (expand)" references: []
2023-03-12T22:36:37.654+0100 [DEBUG] ReferenceTransformer: "var.adom" references: []
2023-03-12T22:36:37.654+0100 [DEBUG] ReferenceTransformer: "fortimanager_object_firewall_address.object_firewall_address" references: [fortimanager_exec_workspace_action.lock_adom (expand) fortimanager_exec_workspace_action.lock_adom fortimanager_exec_workspace_action.lock_adom fortimanager_exec_workspace_action.lock_adom (destroy) fortimanager_exec_workspace_action.lock_adom (destroy)]
2023-03-12T22:36:37.654+0100 [DEBUG] ReferenceTransformer: "fortimanager_object_firewall_address.object_firewall_address (expand)" references: []
2023-03-12T22:36:37.654+0100 [DEBUG] ReferenceTransformer: "fortimanager_exec_workspace_action.lock_adom" references: [var.lock_target]
2023-03-12T22:36:37.654+0100 [INFO]  ReferenceTransformer: reference not found: "fortimanager_object_firewall_address.object_firewall_address#destroy"
2023-03-12T22:36:37.654+0100 [DEBUG] ReferenceTransformer: "fortimanager_exec_workspace_action.unlock_adom" references: [fortimanager_object_firewall_address.object_firewall_address fortimanager_object_firewall_address.object_firewall_address fortimanager_object_firewall_address.object_firewall_address (expand) var.lock_target]
2023-03-12T22:36:37.654+0100 [DEBUG] ReferenceTransformer: "fortimanager_exec_workspace_action.unlock_adom (expand)" references: []
2023-03-12T22:36:37.654+0100 [DEBUG] ReferenceTransformer: "var.lock_target" references: []
2023-03-12T22:36:37.654+0100 [DEBUG] ReferenceTransformer: "var.password" references: []
2023-03-12T22:36:37.654+0100 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/fortinetdev/fortimanager\"]" references: [var.adom var.password var.scopetype var.insecure var.hostname var.username]
2023-03-12T22:36:37.655+0100 [DEBUG] Starting graph walk: walkApply
2023-03-12T22:36:37.656+0100 [DEBUG] created provider logger: level=debug
2023-03-12T22:36:37.656+0100 [INFO]  provider: configuring client automatic mTLS
2023-03-12T22:36:37.665+0100 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0 args=[.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0]
2023-03-12T22:36:37.665+0100 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0 pid=111692
2023-03-12T22:36:37.665+0100 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0
2023-03-12T22:36:37.674+0100 [INFO]  provider.terraform-provider-fortimanager_v1.7.0: configuring server automatic mTLS: timestamp=2023-03-12T22:36:37.674+0100
2023-03-12T22:36:37.705+0100 [DEBUG] provider.terraform-provider-fortimanager_v1.7.0: plugin address: address=/tmp/plugin2007736968 network=unix timestamp=2023-03-12T22:36:37.705+0100
2023-03-12T22:36:37.705+0100 [DEBUG] provider: using plugin: version=5
2023-03-12T22:36:37.823+0100 [WARN]  ValidateProviderConfig from "provider[\"registry.terraform.io/fortinetdev/fortimanager\"]" changed the config value, but that value is unused
fortimanager_exec_workspace_action.lock_adom: Destroying... [id=workspaceactionadom.ADOM_TESTlock]
2023-03-12T22:36:37.881+0100 [INFO]  Starting apply for fortimanager_exec_workspace_action.lock_adom
2023-03-12T22:36:37.881+0100 [DEBUG] fortimanager_exec_workspace_action.lock_adom: applying the planned Delete change
2023-03-12T22:36:37.882+0100 [INFO]  provider.terraform-provider-fortimanager_v1.7.0: 2023/03/12 22:36:37 [INFO] Request infomation: /dvmdb/adom/ADOM_TEST/workspace/commit:    <nil>: timestamp=2023-03-12T22:36:37.882+0100
2023-03-12T22:36:37.882+0100 [INFO]  provider.terraform-provider-fortimanager_v1.7.0: 2023/03/12 22:36:37 [INFO] Request URL: /dvmdb/adom/ADOM_TEST/workspace/commit: timestamp=2023-03-12T22:36:37.882+0100
2023-03-12T22:36:37.908+0100 [INFO]  provider.terraform-provider-fortimanager_v1.7.0: 2023/03/12 22:36:37 Successful: timestamp=2023-03-12T22:36:37.908+0100
2023-03-12T22:36:37.908+0100 [INFO]  provider.terraform-provider-fortimanager_v1.7.0: 2023/03/12 22:36:37 [INFO] Request infomation: /dvmdb/adom/ADOM_TEST/workspace/unlock:    <nil>: timestamp=2023-03-12T22:36:37.908+0100
2023-03-12T22:36:37.908+0100 [INFO]  provider.terraform-provider-fortimanager_v1.7.0: 2023/03/12 22:36:37 [INFO] Request URL: /dvmdb/adom/ADOM_TEST/workspace/unlock: timestamp=2023-03-12T22:36:37.908+0100
2023-03-12T22:36:37.934+0100 [INFO]  provider.terraform-provider-fortimanager_v1.7.0: 2023/03/12 22:36:37 Successful: timestamp=2023-03-12T22:36:37.934+0100
fortimanager_exec_workspace_action.lock_adom: Destruction complete after 0s
fortimanager_exec_workspace_action.lock_adom: Creating...
2023-03-12T22:36:37.942+0100 [INFO]  Starting apply for fortimanager_exec_workspace_action.lock_adom
2023-03-12T22:36:37.942+0100 [DEBUG] fortimanager_exec_workspace_action.lock_adom: applying the planned Create change
2023-03-12T22:36:37.943+0100 [INFO]  provider.terraform-provider-fortimanager_v1.7.0: 2023/03/12 22:36:37 [INFO] Request infomation: /dvmdb/adom/ADOM_TEST/workspace/lock:    <nil>: timestamp=2023-03-12T22:36:37.943+0100
2023-03-12T22:36:37.943+0100 [INFO]  provider.terraform-provider-fortimanager_v1.7.0: 2023/03/12 22:36:37 [INFO] Request URL: /dvmdb/adom/ADOM_TEST/workspace/lock: timestamp=2023-03-12T22:36:37.943+0100
2023-03-12T22:36:37.992+0100 [INFO]  provider.terraform-provider-fortimanager_v1.7.0: 2023/03/12 22:36:37 Successful: timestamp=2023-03-12T22:36:37.992+0100
fortimanager_exec_workspace_action.lock_adom: Creation complete after 0s [id=workspaceactionadom.ADOM_TESTlock]
2023-03-12T22:36:38.003+0100 [WARN]  Provider "registry.terraform.io/fortinetdev/fortimanager" produced an invalid plan for fortimanager_object_firewall_address.object_firewall_address, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .dynamic_sort_subtable: planned value cty.StringVal("false") for a non-computed attribute
fortimanager_object_firewall_address.object_firewall_address: Creating...
2023-03-12T22:36:38.003+0100 [INFO]  Starting apply for fortimanager_object_firewall_address.object_firewall_address
2023-03-12T22:36:38.003+0100 [DEBUG] fortimanager_object_firewall_address.object_firewall_address: applying the planned Create change
2023-03-12T22:36:38.004+0100 [INFO]  provider.terraform-provider-fortimanager_v1.7.0: 2023/03/12 22:36:38 [DEBUG] setting computed for "macaddr" from ComputedKeys: timestamp=2023-03-12T22:36:38.004+0100
2023-03-12T22:36:38.005+0100 [INFO]  provider.terraform-provider-fortimanager_v1.7.0: 2023/03/12 22:36:38 [Warning] argument map: map[] do not contain argument: {adom}: timestamp=2023-03-12T22:36:38.005+0100
2023-03-12T22:36:38.005+0100 [INFO]  provider.terraform-provider-fortimanager_v1.7.0: 2023/03/12 22:36:38 [INFO] Request infomation: /pm/config/adom/ADOM_TEST/obj/firewall/address:    &map[name:TERRAFORMTEST obj-type:ip subnet:[192.168.0.0 255.255.0.0] type:ipmask]: timestamp=2023-03-12T22:36:38.005+0100
2023-03-12T22:36:38.005+0100 [INFO]  provider.terraform-provider-fortimanager_v1.7.0: 2023/03/12 22:36:38 [INFO] Request URL: /pm/config/adom/ADOM_TEST/obj/firewall/address: timestamp=2023-03-12T22:36:38.005+0100
2023-03-12T22:36:38.051+0100 [ERROR] provider.terraform-provider-fortimanager_v1.7.0: Response contains error diagnostic: tf_proto_version=5.3 tf_req_id=f840862b-73da-06ce-bcdf-af116691c290 tf_resource_type=fortimanager_object_firewall_address tf_rpc=ApplyResourceChange @module=sdk.proto diagnostic_severity=ERROR diagnostic_detail= diagnostic_summary="Error creating ObjectFirewallAddress resource: 
err -10: The data is invalid for selected url" tf_provider_addr=provider @caller=github.com/hashicorp/terraform-plugin-go@v0.14.1/tfprotov5/internal/diag/diagnostics.go:55 timestamp=2023-03-12T22:36:38.051+0100
2023-03-12T22:36:38.058+0100 [ERROR] vertex "fortimanager_object_firewall_address.object_firewall_address" error: Error creating ObjectFirewallAddress resource: 
err -10: The data is invalid for selected url
â•·
│ Error: Error creating ObjectFirewallAddress resource: 
│ err -10: The data is invalid for selected url
│ 
│   with fortimanager_object_firewall_address.object_firewall_address,
│   on main.tf line 27, in resource "fortimanager_object_firewall_address" "object_firewall_address":
│   27: resource "fortimanager_object_firewall_address" "object_firewall_address" {
│ 
╵
2023-03-12T22:36:38.065+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2023-03-12T22:36:38.066+0100 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/fortinetdev/fortimanager/1.7.0/linux_amd64/terraform-provider-fortimanager_v1.7.0 pid=111692
2023-03-12T22:36:38.066+0100 [DEBUG] provider: plugin exited

Terraform version is 1.3.9 Fortimanager version is 6.4.10 Provider Fortimanager 1.7.0

Regards,

Aldo Pellini

[apellini]

seems related to obj_type key if not insert on resource module it works

[apellini]

Now we have done some test and seems that when we modify comments it goes in error:

fortimanager_object_firewall_address.object_firewall_address: Modifying... [id=TERRAFORMTEST]
â•·
│ Error: Error updating ObjectFirewallAddress resource: 
│ err -9001: firewall/address/TERRAFORMTEST/visibility : invalid value - prop[visibility]: binary option empty or invalid, argc(0)
│ 
│   with fortimanager_object_firewall_address.object_firewall_address,
│   on main.tf line 27, in resource "fortimanager_object_firewall_address" "object_firewall_address":
│   27: resource "fortimanager_object_firewall_address" "object_firewall_address" {
│ 
╵

[MaxxLiu22]

Hi @apellini ,

Thank you for raising this issue, I add a depends_on = [fortimanager_exec_workspace_action.lock_adom] in your firewall address object since lock operation need to be run first, and if you want to lock an adom, target is not necessary, that would be used with the argument param when you try to lock a policy or an object Lock Usage Example

provider "fortimanager" {
  hostname       = "10.160.12.12"
  username       = "user"
  password       = "pass"
  insecure       = "true"
  scopetype      = "adom"
  adom           = "root"
}

resource "fortimanager_exec_workspace_action" "lock_adom" {
    scopetype = "adom"
    adom = "root"
    action = "lockbegin"
    comment = "Terraform in action"
    force_recreate = uuid()
    target = ""
    param = ""
}

resource "fortimanager_object_firewall_address" "object_firewall_address" {
    scopetype = "inherit"
    type = "ipmask"
    name = "TERRAFORMTEST"
    comment = "test"
    obj_type = "ip"
    subnet = [ "192.168.0.0", "255.255.0.0", ]
    color = 0
    depends_on = [fortimanager_exec_workspace_action.lock_adom]
}

resource "fortimanager_exec_workspace_action" "unlock_adom" {
    scopetype = "adom"
    adom = "root"
    action = "lockend"
    comment = "Terraform end"
    force_recreate = uuid()
    target = ""
    param = ""
    depends_on = [fortimanager_object_firewall_address.object_firewall_address]
}

For the later error you mentioned, that is terraform trying to change an argument to null but that is not allowed in FMG, could you paste terraform plan result here for me to know which argument is doing such operation? for temporary solution, you can use terraform destroy --target fortimanager_object_firewall_address.object_firewall_address to delete that issued object, and terraform apply again, that would solve this issue temporarily. Thanks, Maxx

[apellini]

Ok for depends_on but I have tried with also this but it is solved removing obj_type key:

resource "fortimanager_object_firewall_address" "object_firewall_address" {
    scopetype = "adom"
    adom = var.adom
    name = "TERRAFORMTEST"
    comment = "Created by Terraform - OK"
    type = "ipmask"
    subnet = [ 
        "192.168.0.0", 
        "255.255.0.0", 
    ]
    depends_on = [fortimanager_exec_workspace_action.lock_adom]
}

It is not accettable that I have to destroy a resource (that could be referenced from policy or obj groups).

The issue is when I want to modify comment, it works in create object but in update of comments (adding a word to current comment) it goes in hang.

Regards,

Aldo Pellini

[apellini]

The issue seems related to this unwanted change:

  # fortimanager_object_firewall_address.object_firewall_address["test_001"] will be updated in-place
  ~ resource "fortimanager_object_firewall_address" "object_firewall_address" {
        id                    = "test_001"
        name                  = "test_001"
      - visibility            = "enable" -> null
        # (15 unchanged attributes hidden)
    }

  # fortimanager_object_firewall_address.object_firewall_address["test_002"] will be updated in-place
  ~ resource "fortimanager_object_firewall_address" "object_firewall_address" {
        id                    = "test_002"
        name                  = "test_002"
      - visibility            = "enable" -> null
        # (15 unchanged attributes hidden)

infact if I put visibility = enable it works.

[MaxxLiu22]

Hi @apellini ,

Glad to hear that, since there is a defined value in FMG but terraform doesn't define it, so it try to set it to null, is that solution acceptable to you? Let me know if you still have questions.

Thanks, Maxx

[lix-fortinet]

Hi @apellini,

This issue has been fixed in the latest release of FortiManager Terraform provider v1.8.0. Please switch to the latest version of FortiManager Terraform provider and try it out.

Please let me know if you have any questions.

Thanks, Xing

[lix-fortinet]

Hi @apellini,

We will close this issue since it has been fixed. Feel free to open a new issue if you have any questions.

Thanks, Xing