Closed apellini closed 8 months ago
seems related to obj_type key if not insert on resource module it works
Now we have done some test and seems that when we modify comments it goes in error:
fortimanager_object_firewall_address.object_firewall_address: Modifying... [id=TERRAFORMTEST]
â•·
│ Error: Error updating ObjectFirewallAddress resource:
│ err -9001: firewall/address/TERRAFORMTEST/visibility : invalid value - prop[visibility]: binary option empty or invalid, argc(0)
│
│ with fortimanager_object_firewall_address.object_firewall_address,
│ on main.tf line 27, in resource "fortimanager_object_firewall_address" "object_firewall_address":
│ 27: resource "fortimanager_object_firewall_address" "object_firewall_address" {
│
╵
Hi @apellini ,
Thank you for raising this issue, I add a depends_on = [fortimanager_exec_workspace_action.lock_adom]
in your firewall address object since lock operation need to be run first, and if you want to lock an adom, target
is not necessary, that would be used with the argument param
when you try to lock a policy or an object Lock Usage Example
provider "fortimanager" {
hostname = "10.160.12.12"
username = "user"
password = "pass"
insecure = "true"
scopetype = "adom"
adom = "root"
}
resource "fortimanager_exec_workspace_action" "lock_adom" {
scopetype = "adom"
adom = "root"
action = "lockbegin"
comment = "Terraform in action"
force_recreate = uuid()
target = ""
param = ""
}
resource "fortimanager_object_firewall_address" "object_firewall_address" {
scopetype = "inherit"
type = "ipmask"
name = "TERRAFORMTEST"
comment = "test"
obj_type = "ip"
subnet = [ "192.168.0.0", "255.255.0.0", ]
color = 0
depends_on = [fortimanager_exec_workspace_action.lock_adom]
}
resource "fortimanager_exec_workspace_action" "unlock_adom" {
scopetype = "adom"
adom = "root"
action = "lockend"
comment = "Terraform end"
force_recreate = uuid()
target = ""
param = ""
depends_on = [fortimanager_object_firewall_address.object_firewall_address]
}
For the later error you mentioned, that is terraform trying to change an argument to null
but that is not allowed in FMG, could you paste terraform plan
result here for me to know which argument is doing such operation? for temporary solution, you can use terraform destroy --target fortimanager_object_firewall_address.object_firewall_address
to delete that issued object, and terraform apply
again, that would solve this issue temporarily.
Thanks,
Maxx
Ok for depends_on but I have tried with also this but it is solved removing obj_type key:
resource "fortimanager_object_firewall_address" "object_firewall_address" {
scopetype = "adom"
adom = var.adom
name = "TERRAFORMTEST"
comment = "Created by Terraform - OK"
type = "ipmask"
subnet = [
"192.168.0.0",
"255.255.0.0",
]
depends_on = [fortimanager_exec_workspace_action.lock_adom]
}
It is not accettable that I have to destroy a resource (that could be referenced from policy or obj groups).
The issue is when I want to modify comment, it works in create object but in update of comments (adding a word to current comment) it goes in hang.
Regards,
Aldo Pellini
The issue seems related to this unwanted change:
# fortimanager_object_firewall_address.object_firewall_address["test_001"] will be updated in-place
~ resource "fortimanager_object_firewall_address" "object_firewall_address" {
id = "test_001"
name = "test_001"
- visibility = "enable" -> null
# (15 unchanged attributes hidden)
}
# fortimanager_object_firewall_address.object_firewall_address["test_002"] will be updated in-place
~ resource "fortimanager_object_firewall_address" "object_firewall_address" {
id = "test_002"
name = "test_002"
- visibility = "enable" -> null
# (15 unchanged attributes hidden)
infact if I put visibility = enable it works.
Hi @apellini ,
Glad to hear that, since there is a defined value in FMG but terraform doesn't define it, so it try to set it to null, is that solution acceptable to you? Let me know if you still have questions.
Thanks, Maxx
Hi @apellini,
This issue has been fixed in the latest release of FortiManager Terraform provider v1.8.0. Please switch to the latest version of FortiManager Terraform provider and try it out.
Please let me know if you have any questions.
Thanks, Xing
Hi @apellini,
We will close this issue since it has been fixed. Feel free to open a new issue if you have any questions.
Thanks, Xing
In this Tf module we are testing to create an object on a specfic adom:
After terraform apply we receive following error:
With DEBUG we have seen:
Terraform version is 1.3.9 Fortimanager version is 6.4.10 Provider Fortimanager 1.7.0
Regards,
Aldo Pellini