terraform-provider-bigip
terraform-provider-bigip copied to clipboard
F5Networks
bigip_ltm_policy: can't create new plan when initial creation failed
Environment
- TMOS/Bigip Version:
Sys::Version Main Package Product BIG-IP Version 17.1.1.1 Build 0.0.2 Edition Point Release 1 Date Tue Nov 28 23:06:08 PST 2023
- Terraform Version:
Terraform v1.9.3
- Terraform bigip provider Version:
provider registry.terraform.io/f5networks/bigip v1.22.3
Summary
If creating a bigip_ltm_policy fails, it is kind in a stuck state.
Steps To Reproduce
Steps to reproduce the behavior:
resource "bigip_ltm_policy" "test" {
controls = []
name = "/Common/test"
requires = [
"http",
]
strategy = "all-match"
rule {
name = "Test"
action {
tm_name = "X-Server"
}
condition {
tm_name = "X-Server"
}
}
}
This definition is wrong, because of missing attributes, so of course fails with
╷
│ Error: 01071706:3: Policy '/Common/Drafts/test', rule 'Test'; missing operand.
│
│ with bigip_ltm_policy.test,
│ on policy.tf line 2, in resource "bigip_ltm_policy" "test":
│ 2: resource "bigip_ltm_policy" "test" {
│
╵
Now correcting it
resource "bigip_ltm_policy" "test" {
controls = []
name = "/Common/test"
requires = [
"http",
]
strategy = "all-match"
rule {
name = "Test"
action {
connection = false
remove = true
http_header = true
response = true
tm_name = "X-Server"
}
condition {
response = true
case_insensitive = true
exists = true
http_header = true
tm_name = "X-Server"
}
}
}
fails with
╷
│ Error: 01020036:3: The requested Policy (/Common/test) was not found.
│
│ with bigip_ltm_policy.test,
│ on policy.tf line 2, in resource "bigip_ltm_policy" "test":
│ 2: resource "bigip_ltm_policy" "test" {
│
╵
because there is already sth. in the state
bigip_ltm_policy.test: Refreshing state... [id=/Common/test]
...
# bigip_ltm_policy.test: (tainted)
resource "bigip_ltm_policy" "test" {
id = "/Common/test"
name = "/Common/test"
requires = [
"http",
]
strategy = "all-match"
rule {
description = null
name = "Test"
action {
app_service = null
application = null
asm = false
avr = false
...
But asking F5 about it's state fails with Error: 01020036:3 and this isn't detected automatically as "Ok, doesn't exist so let's create it". Instead we have to remove it from state to know successfully create it.
terraform state rm bigip_ltm_policy.test
Removed bigip_ltm_policy.test
Successfully removed 1 resource instance(s).
...
terraform apply
...
bigip_ltm_policy.test: Creation complete after 2s [id=/Common/test]
Apply complete! Resources: 1 added, 1 changed, 0 destroyed.
Expected Behavior
If creation fails, it still must be possible to create a new plan.
Actual Behavior
│ Error: 01020036:3: The requested Policy (/Common/test) was not found.
