terraform-provider-bigip icon indicating copy to clipboard operation
terraform-provider-bigip copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

bigip_ltm_profile_client_ssl does not update property "chain"

Open steina1989 opened this issue 3 years ago • 2 comments

Environment

  • TMOS/Bigip Version: 15.1.5.1
  • Terraform Version: v1.3.1
  • Terraform bigip provider Version: v1.15.1

Summary

When adding a chain certificate to a previously terraformed bigip_ltm_profile_client_ssl, it applies successfully w.r.t. terraform but it isn't actually applied to the profile in F5.

When terraform apply is run again, it want's to apply the chain again but no actual changes get applied.

Steps To Reproduce

Steps to reproduce the behavior:

  1. Provide terraform resource config which you are facing trouble along with the output of it.
resource "bigip_ltm_profile_client_ssl" "edoc" {
  name          = "/Common/edoc-${local.env}"
  defaults_from = "/Common/clientssl-secure"
  tm_options = [
    "dont-insert-empty-fragments",
    "no-tlsv1.1",
    "no-tlsv1.3",
    "no-ssl",
  ]
  cert = "/Common/stjarna.edoc.is_2024"
  key  = "/Common/stjarna.edoc.is_2024"
 # chain = "/Common/DigiCert_TLS_RSA_SHA256_2020_CA1"
}

I have commented out the chain property to verify it successfully applies the ssl profile.

On the next run, I remove the comment, wanting to add the DigiCert chain:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # bigip_ltm_profile_client_ssl.edoc will be updated in-place
  ~ resource "bigip_ltm_profile_client_ssl" "edoc" {
      ~ chain                   = "none" -> "/Common/DigiCert_TLS_RSA_SHA256_2020_CA1"
        id                      = "/Common/edoc-bug"
        name                    = "/Common/edoc-bug"
        # (6 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

This look good and I apply.

Expected Behavior

I should see the chain being added to the ssl profile like this: image

Actual Behavior

Instead I have no changes in F5. image

steina1989 avatar Oct 18 '22 08:10 steina1989

I got the same issue. Once chain is added manually on F5 SSL client profile , it is not even removed by terraform.

slawekww avatar Oct 18 '22 12:10 slawekww

I'm not sure however function getClientSslConfig() is not set "chain" and then it cannot compare it with current state. I've checked that once SSL profile is create with chain setup, chain is setup.

https://github.com/F5Networks/terraform-provider-bigip/blob/cc9255d3ee89b11c2b74d3b8a9ca7509f071772e/bigip/resource_bigip_ltm_profile_ssl_client.go#L917

slawekww avatar Oct 18 '22 14:10 slawekww

Hi, internal ID to track this request is: INFRAANO-935, thanks!

KrithikaChidambaram avatar Nov 08 '22 08:11 KrithikaChidambaram

HI @steina1989 @slawekww, issue fixed in v1.16.0, please check and open new issue for any problem

RavinderReddyF5 avatar Nov 08 '22 12:11 RavinderReddyF5