Closed jvankralingen-oss closed 1 year ago
lix-fortinet
commented
2 years ago Hi @jvankralingen-oss,
Thank you for raising this issue. Team are working on this issue. We will fix it in the next release and get back to you once it's resolved.
Thanks, Xing
lix-fortinet
commented
2 years ago Hi @jvankralingen-oss,
This issue has been fixed in the latest release of FortiOS Terraform provider v1.15.0. Please switch to the latest version of FortiOS Terraform provider and try it again.
Please let me know if you have any questions.
Thanks, Xing
lix-fortinet
commented
1 year ago Hi @jvankralingen-oss,
We will close this issue since it has been fixed. Feel free to open a new issue if you have any other questions.
Thanks, Xing
Terraform Version - 13.2 Fortios Version - 1.14.1
Hello,
I have just updated my workspace to use the latest provider version of Fortios (1.14.1).
A number of host fortios firewall address objects are dynamically created during my workspace run using a filter/sdn to populate the address objects from my cloud environment.
These objects are created with a blank 'list' attribute (as the IP information for each object is populated by the sdn after Terraform creates the initial object). The state file also contains no info for each object under the 'list' attribute. Any runs of the workspace wouldn't trigger any changes as this 'list' attribute is managed by the SDN and adjusted depending on filter responses.
In contrast, when switching to the new provider 1.14.1, every run of the terraform workspace wants to delete the 'list' IP associated with each SDN populated host. This has no real effect as the SDN filter re-populates each address object after each run with the correct IP address info. This is annoying though as it means I am bombarded with a list of changes at each workspace run to sift through (approx 13 of the below).
State file object config (note that 'list' is blank) -
"index_key": "6224014", "schema_version": 0, "attributes": { "allow_routing": "disable", "associated_interface": "", "cache_ttl": 0, "clearpass_spt": "unknown", "color": 18, "comment": "vpc-mgmt awsutimx01", "country": "", "dynamic_sort_subtable": "false", "end_ip": "", "end_mac": "00:00:00:00:00:00", "epg_name": "", "fabric_object": "", "filter": "Tag.Hostname=awsutimx01", "fqdn": "", "fsso_group": [], "id": "awsutimx01", "interface": "", "list": [], "macaddr": [], "name": "awsutimx01", "node_ip_only": "", "obj_id": "", "obj_tag": "", "obj_type": "ip", "organization": "", "policy_group": "", "sdn": "apse2-sdn-fortigate", "sdn_addr_type": "private", "sdn_tag": "", "start_ip": "", "start_mac": "00:00:00:00:00:00", "sub_type": "sdn", "subnet": "", "subnet_name": "", "tag_detection_level": "", "tag_type": "", "tagging": [], "tenant": "", "type": "dynamic", "uuid": "redacted", "vdomparam": null, "visibility": "", "wildcard": "", "wildcard_fqdn": ""
Terraform plan response -
fortios_firewall_address.ipam-apse-host["6224014"] will be updated in-place ~ resource "fortios_firewall_address" "apse-host" { allow_routing = "disable" cache_ttl = 0 clearpass_spt = "unknown" color = 18 comment = "vpc-mgmt awsutimx01" dynamic_sort_subtable = "false" end_mac = "00:00:00:00:00:00" filter = "Tag.Hostname=vpc-mgmt awsutimx01" id = "awsutimx01" name = "awsutimx01" obj_type = "ip" sdn = "apse2-sdn-fortigate" sdn_addr_type = "private" start_mac = "00:00:00:00:00:00" sub_type = "sdn" type = "dynamic" uuid = "redacted"
As you can see, the IP is being removed, presumably to stay in line with the state file. This would be fine if the IP information was populated from within the workspace, though in this case the SDN is doing the work.
Any help would be appreciated.