BUG: Provision VPX VLAN_Allow_List Does Not Work

[adh-cnc]

When provisioning a VPX, specifying a list of VLANs to allow on an interface does not apply correctly and defaults to allowing all available VLANS (2-4094) which then subsequently creates those VLANS on the SDX as well.

 default = [{
    port_name             = "LA/2"
    mac_mode              = "default"
    receiveuntagged       = "true"
    is_vlan_applied       = "false"
    vlan_allow_list       = ""
    vlan_allow_list_array = []
    },
    {
      port_name             = "100/2"
      mac_mode              = "default"
      receiveuntagged       = "false"
      is_vlan_applied       = "true"
      vlan_allow_list       = "4000,4001"
      vlan_allow_list_array = [4000, 4001]
    },
    {
      port_name             = "100/4"
      mac_mode              = "default"
      receiveuntagged       = "false"
      is_vlan_applied       = "true"
      vlan_allow_list       = "4000,4001"
      vlan_allow_list_array = [4000, 4001]
    }
  ]
}

This code will create two data interfaces and I want to only allow a specific list of VLANs to communicate over said interfaces. When running a terraform plan, these options are not even part of the output.

+ network_interfaces         = [
          + {
              + is_vlan_applied = false
              + mac_mode        = "default"
              + port_name       = "LA/2"
              + receiveuntagged = true
            },
          + {
              + is_vlan_applied = true
              + mac_mode        = "default"
              + port_name       = "100/2"
              + receiveuntagged = false
            },
          + {
              + is_vlan_applied = true
              + mac_mode        = "default"
              + port_name       = "100/4"
              + receiveuntagged = false
            },
        ]

Then running an apply to build the VPX, the allowed interface list is set to 2-4094 which seems like a default option in the provider.

We have a need to only allow certain VLANs to communicate over our data interfaces and this current behavior creates every VLAN on the SDX which does not happen when we build a VPX manually using the GUI.

[rohit-myali]

Hey @adh-cnc

Thanks for contacting us. I see that there is no attribute named vlan_allow_list and vlan_allow_list_array under network_interfaces. I guess you may be referring to vlan_whitelist andvlan_whitelist_array. Please check the configuration once.

Link to the docs: https://registry.terraform.io/providers/netscaler/netscalersdx/latest/docs/resources/provision_vpx

API reference: https://developer-docs.netscaler.com/en-us/adc-sdx-nitro-api-reference/current-release/configuration/instances/citrix-adc-vpx/ns

[adh-cnc]

Hey @adh-cnc

Thanks for contacting us. I see that there is no attribute named vlan_allow_list and vlan_allow_list_array under network_interfaces. I guess you may be referring to vlan_whitelist andvlan_whitelist_array. Please check the configuration once.

Link to the docs: https://registry.terraform.io/providers/netscaler/netscalersdx/latest/docs/resources/provision_vpx

API reference: https://developer-docs.netscaler.com/en-us/adc-sdx-nitro-api-reference/current-release/configuration/instances/citrix-adc-vpx/ns

Are the vlan_whitelist and vlan_whitelist_array supposed to both be used? When I attempted to only use values in the vlan_whitelist_array argument, I received the following output on my build. It looks like the VPX provisioned successfully, but I am confused by this error.

Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[1].vlan_whitelist: was
│ cty.StringVal(""), but now cty.StringVal("4000,4001").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.

[adh-cnc]

Just wanted to update that I'm consistently getting the following results when trying to build VPX instances now. I have included the code I'm using for my network interfaces as well.

variable "vpx_network_interfaces" {
  description = "Interface Config for Internal VPX"
  type = list(object({
    port_name            = string
    mac_mode             = string
    receiveuntagged      = string
    is_vlan_applied      = string
    vlan_whitelist       = string
    vlan_whitelist_array = list(string)
  }))
  default = [{
    port_name            = "LA/2"
    mac_mode             = "default"
    receiveuntagged      = "true"
    is_vlan_applied      = "true"
    vlan_whitelist       = ""
    vlan_whitelist_array = [1603]
    },
    {
      port_name            = "100/2"
      mac_mode             = "default"
      receiveuntagged      = "false"
      is_vlan_applied      = "true"
      vlan_whitelist       = ""
      vlan_whitelist_array = [4000, 4001, 4002, 4003, 4004, 4005]
    },
    {
      port_name            = "100/4"
      mac_mode             = "default"
      receiveuntagged      = "false"
      is_vlan_applied      = "true"
      vlan_whitelist       = ""
      vlan_whitelist_array = [4000, 4001, 4002, 4003, 4004, 4005]
    }
  ]
}

Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[0].vlan_whitelist: was
│ cty.StringVal(""), but now cty.StringVal("1603").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[1].vlan_whitelist: was
│ cty.StringVal(""), but now cty.StringVal("4000-4005").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value:
│ .network_interfaces[1].vlan_whitelist_array[0]: was cty.StringVal("4000"), but now cty.StringVal("4000-4005").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[1].vlan_whitelist_array:
│ element 1 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[1].vlan_whitelist_array:
│ element 2 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[1].vlan_whitelist_array:
│ element 3 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[1].vlan_whitelist_array:
│ element 4 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[1].vlan_whitelist_array:
│ element 5 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[2].vlan_whitelist: was
│ cty.StringVal(""), but now cty.StringVal("4000-4005").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value:
│ .network_interfaces[2].vlan_whitelist_array[0]: was cty.StringVal("4000"), but now cty.StringVal("4000-4005").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[2].vlan_whitelist_array:
│ element 1 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[2].vlan_whitelist_array:
│ element 2 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[2].vlan_whitelist_array:
│ element 3 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[2].vlan_whitelist_array:
│ element 4 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[2].vlan_whitelist_array:
│ element 5 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵

[rohit-myali]

Hello @adh-cnc You can remove/comment-out vlan_whitelist = "" from the configuration because As you are setting it to empty, but while in the GET API call, terraform receives value other than empty (what you have set , ""), which is why it complains.

[adh-cnc]

I have removed the vlan_whitelist variable entirely from my module and still getting error messages.

╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value:
│ .network_interfaces[1].vlan_whitelist_array[0]: was cty.StringVal("4000"), but now cty.StringVal("4000-4005").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[1].vlan_whitelist_array:
│ element 1 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[1].vlan_whitelist_array:
│ element 2 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[1].vlan_whitelist_array:
│ element 3 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[1].vlan_whitelist_array:
│ element 4 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[1].vlan_whitelist_array:
│ element 5 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value:
│ .network_interfaces[2].vlan_whitelist_array[0]: was cty.StringVal("4000"), but now cty.StringVal("4000-4005").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[2].vlan_whitelist_array:
│ element 1 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[2].vlan_whitelist_array:
│ element 2 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[2].vlan_whitelist_array:
│ element 3 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[2].vlan_whitelist_array:
│ element 4 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to module.CMH-TM-VPX-INT-PROD-LB-01-A.netscalersdx_provision_vpx.VPX, provider
│ "provider[\"registry.terraform.io/netscaler/netscalersdx\"]" produced an unexpected new value: .network_interfaces[2].vlan_whitelist_array:
│ element 5 has vanished.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵

The VPX provisioning does work, but these error messages are still concerning because I cannot validate that what I am seeing as being built is actually working as intended.

[rohit-myali]

Hi @adh-cnc We have updated docs and example as well. We have explained with the proper example. Please do check that and if you have more queries regarding this issue please update me here. Link to docs HERE

[rohit-myali]

Hey @adh-cnc Please use our latest terraform-provider-netscalersdx v0.5.0. Please update me here on progress