Closed yatanasov closed 4 years ago
hi @yatanasov Thanks for the issue and the details. According to the log you provided, you are using the outdated source code to compile the fortios provider. Can you please download the latest master branch source code and recompile it? Or you can directly use the latest release version * provider.fortios: version = "~> 1.2", its state is currently consistent with the master branch.
Latest release version validation:
FOSDEVM292# cat main.tf
provider "fortios" {
hostname = "192.168.52.166"
token = "xxxxxxxxxxxxxxx"
insecure = true
}
resource "fortios_firewall_object_service" "v13" {
category = "AD/DC Auth & Connectivity"
comment = "comment"
iprange = "1.1.1.1-2.2.2.2"
name = "servicetest2"
protocol = "TCP/UDP/SCTP"
sctp_portrange = "66-88"
session_ttl = "0"
tcp_portrange = "22-33"
udp_portrange = "44-55"
}
FOSDEVM292# terraform init
Initializing the backend...
Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "fortios" (terraform-providers/fortios) 1.2.0...
The following providers do not have any version constraints in configuration,
so the latest version was installed.
........................
FOSDEVM292# terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# fortios_firewall_object_service.v13 will be created
+ resource "fortios_firewall_object_service" "v13" {
+ category = "AD/DC Auth & Connectivity"
+ comment = "comment"
+ fqdn = (known after apply)
+ icmpcode = (known after apply)
+ icmptype = (known after apply)
+ id = (known after apply)
+ iprange = "1.1.1.1-2.2.2.2"
+ name = "servicetest2"
+ protocol = "TCP/UDP/SCTP"
+ protocol_number = (known after apply)
+ sctp_portrange = "66-88"
+ session_ttl = "0"
+ tcp_portrange = "22-33"
+ udp_portrange = "44-55"
}
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
FOSDEVM292# terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# fortios_firewall_object_service.v13 will be created
+ resource "fortios_firewall_object_service" "v13" {
+ category = "AD/DC Auth & Connectivity"
+ comment = "comment"
+ fqdn = (known after apply)
+ icmpcode = (known after apply)
+ icmptype = (known after apply)
+ id = (known after apply)
+ iprange = "1.1.1.1-2.2.2.2"
+ name = "servicetest2"
+ protocol = "TCP/UDP/SCTP"
+ protocol_number = (known after apply)
+ sctp_portrange = "66-88"
+ session_ttl = "0"
+ tcp_portrange = "22-33"
+ udp_portrange = "44-55"
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
fortios_firewall_object_service.v13: Creating...
fortios_firewall_object_service.v13: Creation complete after 2s [id=servicetest2]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Latest master branch validation:
# git clone https://frankshen01@github.com/terraform-providers/terraform-provider-fortios.git
Cloning into 'terraform-provider-fortios'...
remote: Enumerating objects: 3301, done.
remote: Counting objects: 100% (3301/3301), done.
........................
# cd $GOPATH/src/github.com/terraform-providers/terraform-provider-fortios
# make build
........................
# cd ~/test/bin
# cat main.tf
provider "fortios" {
hostname = "192.168.52.166"
token = "XXXXXXXXXXXXXXXXXXXXXX"
insecure = true
}
resource "fortios_firewall_object_service" "v13" {
category = "AD/DC Auth & Connectivity"
comment = "comment"
iprange = "1.1.1.1-2.2.2.2"
name = "servicetest2"
protocol = "TCP/UDP/SCTP"
sctp_portrange = "66-88"
session_ttl = "0"
tcp_portrange = "22-33"
udp_portrange = "44-55"
}
# terraform init
Initializing the backend...
Initializing provider plugins...
Terraform has been successfully initialized!
................
# terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# fortios_firewall_object_service.v13 will be created
+ resource "fortios_firewall_object_service" "v13" {
+ category = "AD/DC Auth & Connectivity"
+ comment = "comment"
+ fqdn = (known after apply)
+ icmpcode = (known after apply)
+ icmptype = (known after apply)
+ id = (known after apply)
+ iprange = "1.1.1.1-2.2.2.2"
+ name = "servicetest2"
+ protocol = "TCP/UDP/SCTP"
+ protocol_number = (known after apply)
+ sctp_portrange = "66-88"
+ session_ttl = "0"
+ tcp_portrange = "22-33"
+ udp_portrange = "44-55"
}
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
# terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# fortios_firewall_object_service.v13 will be created
+ resource "fortios_firewall_object_service" "v13" {
+ category = "AD/DC Auth & Connectivity"
+ comment = "comment"
+ fqdn = (known after apply)
+ icmpcode = (known after apply)
+ icmptype = (known after apply)
+ id = (known after apply)
+ iprange = "1.1.1.1-2.2.2.2"
+ name = "servicetest2"
+ protocol = "TCP/UDP/SCTP"
+ protocol_number = (known after apply)
+ sctp_portrange = "66-88"
+ session_ttl = "0"
+ tcp_portrange = "22-33"
+ udp_portrange = "44-55"
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
fortios_firewall_object_service.v13: Creating...
fortios_firewall_object_service.v13: Creation complete after 0s [id=servicetest2]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Thanks!
Hi @frankshen01 ,
Thanks for you input, I have tried your suggestion with the same result:
$ terraform init
Initializing modules...
Initializing the backend...
Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "fortios" (terraform-providers/fortios) 1.2.0...
The following providers do not have any version constraints in configuration,
so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.
* provider.fortios: version = "~> 1.2"
* provider.vault: version = "~> 2.11"
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
$terraform plan
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# module.services.fortios_firewall_object_service.v13 will be created
+ resource "fortios_firewall_object_service" "v13" {
+ category = "AD/DC Auth & Connectivity"
+ comment = "comment"
+ fqdn = (known after apply)
+ icmpcode = (known after apply)
+ icmptype = (known after apply)
+ id = (known after apply)
+ iprange = "1.1.1.1-2.2.2.2"
+ name = "servicetest2"
+ protocol = "TCP/UDP/SCTP"
+ protocol_number = (known after apply)
+ sctp_portrange = "66-88"
+ session_ttl = "0"
+ tcp_portrange = "22-33"
+ udp_portrange = "44-55"
}
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
$ terraform apply
module.services.fortios_firewall_object_service.v13: Creating...
Error: rpc error: code = Unavailable desc = transport is closing
panic: interface conversion: interface {} is string, not float64
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4:
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: goroutine 82 [running]:
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: github.com/fortinetdev/forti-sdk-go/fortios/sdkcore.(*FortiSDKClient).ReadFirewallObjectService(0xc000135680, 0xc00056e160, 0xc, 0xee7480, 0xc00012d1e0, 0x10abe01)
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-fortios/vendor/github.com/fortinetdev/forti-sdk-go/fortios/sdkcore/firewall_object_service.go:301 +0x1702
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: github.com/terraform-providers/terraform-provider-fortios/fortios.resourceFirewallObjectServiceRead(0xc0003ebe30, 0xeb7520, 0xc0004a1c60, 0x0, 0x0)
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-fortios/fortios/resource_firewall_object_service.go:269 +0xeb
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: github.com/terraform-providers/terraform-provider-fortios/fortios.resourceFirewallObjectServiceCreate(0xc0003ebe30, 0xeb7520, 0xc0004a1c60, 0x2, 0x1a7c640)
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-fortios/fortios/resource_firewall_object_service.go:159 +0x847
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: github.com/hashicorp/terraform-plugin-sdk/helper/schema.(*Resource).Apply(0xc0003baa20, 0xc0000d67d0, 0xc0000d08c0, 0xeb7520, 0xc0004a1c60, 0xc0003b2701, 0xc0004fb1d0, 0xc0003b27f0)
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-fortios/vendor/github.com/hashicorp/terraform-plugin-sdk/helper/schema/resource.go:310 +0x365
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: github.com/hashicorp/terraform-plugin-sdk/helper/schema.(*Provider).Apply(0xc00015a980, 0xc0000b39c8, 0xc0000d67d0, 0xc0000d08c0, 0xc000154508, 0xc0001500e0, 0xf3c280)
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-fortios/vendor/github.com/hashicorp/terraform-plugin-sdk/helper/schema/provider.go:294 +0x99
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: github.com/hashicorp/terraform-plugin-sdk/internal/helper/plugin.(*GRPCProviderServer).ApplyResourceChange(0xc0001505d8, 0x130ace0, 0xc0004fa1e0, 0xc0003eb960, 0xc0001505d8, 0xc0004fa1e0, 0xc0004edb30)
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-fortios/vendor/github.com/hashicorp/terraform-plugin-sdk/internal/helper/plugin/grpc_provider.go:885 +0x8b4
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: github.com/hashicorp/terraform-plugin-sdk/internal/tfplugin5._Provider_ApplyResourceChange_Handler(0x1070c60, 0xc0001505d8, 0x130ace0, 0xc0004fa1e0, 0xc0000c47e0, 0x0, 0x130ace0, 0xc0004fa1e0, 0xc00013e480, 0x238)
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-fortios/vendor/github.com/hashicorp/terraform-plugin-sdk/internal/tfplugin5/tfplugin5.pb.go:3305 +0x217
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: google.golang.org/grpc.(*Server).processUnaryRPC(0xc0001fb980, 0x1316320, 0xc00055d200, 0xc00013c000, 0xc0004cd980, 0x1a50560, 0x0, 0x0, 0x0)
2020-06-11T10:38:15.031+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-fortios/vendor/google.golang.org/grpc/server.go:1024 +0x4f4
2020-06-11T10:38:15.032+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: google.golang.org/grpc.(*Server).handleStream(0xc0001fb980, 0x1316320, 0xc00055d200, 0xc00013c000, 0x0)
2020-06-11T10:38:15.032+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-fortios/vendor/google.golang.org/grpc/server.go:1313 +0xd97
2020-06-11T10:38:15.032+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc000158170, 0xc0001fb980, 0x1316320, 0xc00055d200, 0xc00013c000)
2020-06-11T10:38:15.032+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-fortios/vendor/google.golang.org/grpc/server.go:722 +0xbb
2020-06-11T10:38:15.032+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: created by google.golang.org/grpc.(*Server).serveStreams.func1
2020-06-11T10:38:15.032+0200 [DEBUG] plugin.terraform-provider-fortios_v1.2.0_x4: /opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-fortios/vendor/google.golang.org/grpc/server.go:720 +0xa1
2020-06-11T10:38:15.032+0200 [DEBUG] plugin: plugin process exited: path=/mnt/c/Users/M84696/Desktop/workspace/gitlab/terraform-nuudazio/nuudazio/.terraform/plugins/linux_amd64/terraform-provider-fortios_v1.2.0_x4 pid=21534 error="exit status 2"
2020/06/11 10:38:15 [DEBUG] module.services.fortios_firewall_object_service.v13: apply errored, but we're indicating that via the Error pointer rather than returning it: rpc error: code = Unavailable desc = transport is closing
2020/06/11 10:38:15 [TRACE] module.services: eval: *terraform.EvalMaybeTainted
2020/06/11 10:38:15 [TRACE] EvalMaybeTainted: module.services.fortios_firewall_object_service.v13 encountered an error during creation, so it is now marked as tainted
2020/06/11 10:38:15 [TRACE] module.services: eval: *terraform.EvalWriteState
2020/06/11 10:38:15 [TRACE] states.SyncState: pruning module.services because it is empty
2020/06/11 10:38:15 [TRACE] EvalWriteState: removing state object for module.services.fortios_firewall_object_service.v13
2020/06/11 10:38:15 [TRACE] module.services: eval: *terraform.EvalApplyProvisioners
2020/06/11 10:38:15 [TRACE] EvalApplyProvisioners: fortios_firewall_object_service.v13 has no state, so skipping provisioners
2020/06/11 10:38:15 [TRACE] module.services: eval: *terraform.EvalMaybeTainted
2020/06/11 10:38:15 [TRACE] EvalMaybeTainted: module.services.fortios_firewall_object_service.v13 encountered an error during creation, so it is now marked as tainted
2020/06/11 10:38:15 [TRACE] module.services: eval: *terraform.EvalWriteState
2020/06/11 10:38:15 [TRACE] states.SyncState: pruning module.services because it is empty
2020/06/11 10:38:15 [TRACE] EvalWriteState: removing state object for module.services.fortios_firewall_object_service.v13
2020/06/11 10:38:15 [TRACE] module.services: eval: *terraform.EvalIf
2020/06/11 10:38:15 [TRACE] module.services: eval: *terraform.EvalIf
2020/06/11 10:38:15 [TRACE] module.services: eval: *terraform.EvalWriteDiff
2020/06/11 10:38:15 [TRACE] module.services: eval: *terraform.EvalApplyPost
2020/06/11 10:38:15 [ERROR] module.services: eval: *terraform.EvalApplyPost, err: rpc error: code = Unavailable desc = transport is closing
2020/06/11 10:38:15 [ERROR] module.services: eval: *terraform.EvalSequence, err: rpc error: code = Unavailable desc = transport is closing
2020/06/11 10:38:15 [TRACE] [walkApply] Exiting eval tree: module.services.fortios_firewall_object_service.v13
2020/06/11 10:38:15 [TRACE] vertex "module.services.fortios_firewall_object_service.v13": visit complete
2020/06/11 10:38:15 [TRACE] dag/walk: upstream of "meta.count-boundary (EachMode fixup)" errored, so skipping
2020/06/11 10:38:15 [TRACE] dag/walk: upstream of "provider.fortios (close)" errored, so skipping
2020/06/11 10:38:15 [TRACE] dag/walk: upstream of "root" errored, so skipping
2020-06-11T10:38:15.307+0200 [DEBUG] plugin: plugin exited
!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!
Terraform crashed! This is always indicative of a bug within Terraform.
A crash log has been placed at "crash.log" relative to your current
working directory. It would be immensely helpful if you could please
report the crash with Terraform[1] so that we can fix this.
When reporting bugs, please include your terraform version. That
information is available on the first line of crash.log. You can also
get it by running 'terraform --version' on the command line.
SECURITY WARNING: the "crash.log" file that was created may contain
sensitive information that must be redacted before it is safe to share
on the issue tracker.
[1]: https://github.com/hashicorp/terraform/issues
!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!
Looking at the error log, it seems to be pointing to conversion issue with: https://github.com/terraform-providers/terraform-provider-fortios/blob/master/vendor/github.com/fortinetdev/forti-sdk-go/fortios/sdkcore/firewall_object_service.go#L301
Quite strange.. Thank you for your assistance on this !
I can confirm that changing:
if mapTmp["session-ttl"] != nil {
output.SessionTTL = strconv.Itoa(int(mapTmp["session-ttl"].(float64)))
}
to:
if mapTmp["session-ttl"] != nil {
output.SessionTTL = mapTmp["session-ttl"].(string)
}
fixes the issue for me and the resource is created/modified successfully:
Terraform will perform the following actions:
# module.services.fortios_firewall_object_service.v13 will be created
+ resource "fortios_firewall_object_service" "v13" {
+ category = "TDC AD/DC Auth & Connectivity"
+ comment = "comment"
+ fqdn = (known after apply)
+ icmpcode = (known after apply)
+ icmptype = (known after apply)
+ id = (known after apply)
+ iprange = "1.1.1.1-2.2.2.2"
+ name = "servicetest2"
+ protocol = "TCP/UDP/SCTP"
+ protocol_number = (known after apply)
+ sctp_portrange = "66-88"
+ session_ttl = "0"
+ tcp_portrange = "22-33"
+ udp_portrange = "44-55"
}
Plan: 1 to add, 0 to change, 0 to destroy.
$terraform apply
module.services.fortios_firewall_object_service.v13: Creating...
module.services.fortios_firewall_object_service.v13: Creation complete after 0s [id=servicetest2]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Modifying with value bigger than 300 according to FortiOS API docs:
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# module.services.fortios_firewall_object_service.v13 will be updated in-place
~ resource "fortios_firewall_object_service" "v13" {
category = "TDC AD/DC Auth & Connectivity"
comment = "comment"
id = "servicetest2"
iprange = "1.1.1.1-2.2.2.2"
name = "servicetest2"
protocol = "TCP/UDP/SCTP"
sctp_portrange = "66-88"
~ session_ttl = "0" -> "600"
tcp_portrange = "22-33"
udp_portrange = "44-55"
}
Plan: 0 to add, 1 to change, 0 to destroy.
$terraform apply
module.services.fortios_firewall_object_service.v13: Modifying... [id=servicetest2]
module.services.fortios_firewall_object_service.v13: Modifications complete after 0s [id=servicetest2]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
I am not entirely confident that this is the right solution if it works for you, but the API expects a string.
Wonderful! @yatanasov Thank you so much for your insightful feedback! Could you provide me your FortiGate firemware version? (GUI: Dashboard->Status->System Information->Fireware or CLI: get system status->Version) Thank you!
Of course ! Would be great if we can have this fixed in the next release :))
We are running version: FortiGate-3000D v6.2.3,build1066,191218 (GA)
Thank you !
Thank you @yatanasov ! It will be fixed soon.
The fix for this has been merged and will release with version 1.3.0 of the Terraform FortiOS Provider, later next week. Thanks @yatanasov
Hi,
We are unable to create a
fortios_firewall_object_service
as per documentation examples:terraform plan:
The provider fails with:
terraform apply:
The culprit seems to be:
panic: interface conversion: interface {} is string, not float64
We tested different ways - with/without - iprange, tcp/udp range etc. without success. Please note that the resource is created, but it is not stored successfully in the Terraform state, which makes it unusable.
Please look into this and follow up. Thank you :)