Cannot specify empty string or null value for routing_policy_name attribute of oci_load_balancer_listener resource

dhoogfr commented 1 year ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version and Provider Version

Terraform v1.5.2
on linux_amd64
+ provider registry.terraform.io/hashicorp/random v3.5.1
+ provider registry.terraform.io/oracle/oci v5.4.0

Your version of Terraform is out of date! The latest version
is 1.5.3. You can update by downloading from https://www.terraform.io/downloads.html

Affected Resource(s)

oci_load_balancer_listener

Terraform Configuration Files

/

Debug Output

When using empty string: https://gist.github.com/dhoogfr/c793b59ef7efe97365d36a9874d274e6 When using null value: https://gist.github.com/dhoogfr/b41698d035ec10a915cccdf3a522f1c1

Panic Output

Expected Behavior

Terraform should update the load balancer without setting a value for the routing policy attribute or should remove the earlier assigned policy from the LB.

Actual Behavior

Apply fails with message that the routing policy name is not valid.

│ Error: 400-InvalidParameter, routingPolicyName must match "^[a-zA-Z_][a-zA-Z_0-9]*$"; routingPolicyName size must be between 1 and 32
│ Suggestion: Please update the parameter(s) in the Terraform config as per error message routingPolicyName must match "^[a-zA-Z_][a-zA-Z_0-9]*$"; routingPolicyName size must be between 1 and 32
│ Documentation: https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/load_balancer_listener 
│ API Reference:  
│ Request Target: PUT https://iaas.eu-amsterdam-1.oraclecloud.com/20170115/loadBalancers/ocid1.loadbalancer.oc1.eu-amsterdam-1.aaaaaaaa4iptlrmi3jtdtwqmugmc3gwb4grjvyuasfdxrphauesuz6nqwdua/listeners/lsnr-apex 
│ Provider version: 5.4.0, released on 2023-07-12.  
│ Service: Load Balancer Listener 
│ Operation Name: UpdateListener 
│ OPC request ID: ffd5e0d6ccc3525b0400826d78eb72bf/B83AF677AB63050D86A39D71FF594FE7/AFDB281E11A3B19141745432FAC9E308 
│ 
│ 
│   with oci_load_balancer_listener.dgpl_tst["lsnr-apex"],
│   on load_balancers_tst.tf line 270, in resource "oci_load_balancer_listener" "dgpl_tst":
│  270: resource "oci_load_balancer_listener" "dgpl_tst" {

Steps to Reproduce

create load balancer, without specifying the routing policy attribute
Add the routing policy attribute (unclear if you need to first set a routing policy and then try to remove it or not)
Run apply

Important Factoids

Note that in my case the load balancer does have other listeners which do use a routing policy I have not tested if this problem is triggered if none of the listeners have a routing policy assigned

When I check the OCI console after the apply failed, I do not see a work request listed for the past apply.

References

dhoogfr commented 1 year ago

I just checked and I'm even getting this error when I remove the routing_policy_name attribute Strangely enough, the state of this resource in the state file does not contain the routing_policy_name attribute:

# oci_load_balancer_listener.dgpl_tst["lsnr-apex"]:
resource "oci_load_balancer_listener" "dgpl_tst" {
    default_backend_set_name = "bs-dgpl-apex-tst"
    hostname_names           = [
        "hs-apex",
    ]
    id                       = "loadBalancers/ocid1.loadbalancer.oc1.eu-amsterdam-1.aaaaaaaa4iptlrmi3jtdtwqmugmc3gwb4grjvyuasfdxrphauesuz6nqwdua/listeners/lsnr-apex"
    load_balancer_id         = "ocid1.loadbalancer.oc1.eu-amsterdam-1.aaaaaaaa4iptlrmi3jtdtwqmugmc3gwb4grjvyuasfdxrphauesuz6nqwdua"
    name                     = "lsnr-apex"
    port                     = 443
    protocol                 = "HTTP"
    rule_set_names           = []
    state                    = "SUCCEEDED"

    connection_configuration {
        backend_tcp_proxy_protocol_version = 0
        idle_timeout_in_seconds            = "600"
    }

    ssl_configuration {
        certificate_ids                   = []
        certificate_name                  = "dhoogfr-eu.202307A"
        cipher_suite_name                 = "oci-modern-ssl-cipher-suite-v1"
        protocols                         = [
            "TLSv1.2",
        ]
        server_order_preference           = "ENABLED"
        trusted_certificate_authority_ids = []
        verify_depth                      = 1
        verify_peer_certificate           = false
    }
}

In the debug output of the apply, I'm seeing the following being returned as actual state

      "lsnr-apex": {
         "name": "lsnr-apex",
         "defaultBackendSetName": "bs-dgpl-apex-tst",
         "port": 443,
         "protocol": "HTTP",
         "hostnameNames": [
            "hs-apex"
         ],
         "serverName": null,
         "pathRouteSetName": null,
         "sslConfiguration": {
            "verifyDepth": 1,
            "verifyPeerCertificate": false,
            "trustedCertificateAuthorityIds": [],
            "certificateIds": [],
            "certificateName": "dhoogfr-eu.202307A",
            "serverOrderPreference": "ENABLED",
            "cipherSuiteName": "oci-modern-ssl-cipher-suite-v1",
            "protocols": [
               "TLSv1.2"
            ]
         },
         "connectionConfiguration": {
            "idleTimeout": 600,
            "backendTcpProxyProtocolVersion": null,
            "backendTcpProxyProtocolOptions": null
         },
         "ruleSetNames": [],
         "routingPolicyName": null
      },

dhoogfr commented 1 year ago

When testing the API itself using Python it seems that the update succeeds when specifying the Python None value. An empty string triggers the same problem.

From this it seems as the OCI Terraform plugin should use the null value in the json body and not an empty string

tf-oci-pub commented 1 year ago

Thank you for reporting the issue. We have raised an internal ticket to track this. Our service engineers will get back to you.

tominovo commented 1 year ago

Seems you cannot even unassign routing policy from listener, still remains in state file when routing_policy_name removed from TF code.

dhoogfr commented 1 year ago

Just tested again with latest versions and it is still a problem

Terraform v1.5.6
on linux_amd64
+ provider registry.terraform.io/hashicorp/random v3.5.1
+ provider registry.terraform.io/oracle/oci v5.10.0

Can you give an update on this issue?

dhoogfr commented 1 year ago

more than two months later, still an issue...


on linux_amd64
+ provider registry.terraform.io/hashicorp/random v3.5.1
+ provider registry.terraform.io/oracle/oci v5.14.0```

mrich14287 commented 7 months ago

Has a workaround for this been found yet or is the issue fixed?

oracle / terraform-provider-oci