terraform-provider-panos
terraform-provider-panos copied to clipboard
PaloAltoNetworks
modifying route with panos_static_route_ipv4 is not successful
Describe the bug
Hi, we can create the route with "panos_static_route_ipv4" successfully , however, when trying to change the name of the route or interface of route , we got the following error message when doing the commit:
"Error in commit: In virtual-router default, the static route DBSpokeNetwork metric value 10 is not unique among static routes to destination 10.10.48.0/20.(Module: routed) | client routed phase 1 failure | Commit failed"
Expected behavior
When updating the "name" value in Terraform module "panos_static_route_ipv4" , it should update the existing configuration with the new one and commit should be successful afterwards.
Current behavior
Terraform module adds the new configuration , however, does not mark delete the existing configuration and we see two entries for the same route but different names as follows:
Possible solution
Update the code to mark the old configuration as "delete" so that commit is successful.
Steps to reproduce
- Create a simple TF module with following config:
resource "panos_static_route_ipv4" "this" { name = "DBNetwork" virtual_router = "default" destination = "10.10.48.0/20" next_hop = "172.16.34.1" interface = "ethernet1/1"
lifecycle {
create_before_destroy = true
}
}
resource "null_resource" "commit_and_sync" { provisioner "local-exec" { command = <<EOF chmod 755 "${path.root}/scripts/firewall-commit" "${path.root}/scripts/firewall-commit" -host "${var.primary_mgmt_ip}" -user "${var.panos_admin}" -pass "${var.panos_password}" -timeout "20" EOF interpreter = ["bash", "-c"] } triggers = { timestamp = "${timestamp()}" } depends_on = [ resource.panos_static_route_ipv4.this ] }
- create the route resource using above and run the TF code , it should successfully create new route and commit successful too.
- now change the name of route to "DBSpokeNetwork" and run the code as follows:
resource "panos_static_route_ipv4" "this" { name = "DBSpokeNetwork" virtual_router = "default" destination = "10.10.48.0/20" next_hop = "172.16.34.1" interface = "ethernet1/1"
lifecycle {
create_before_destroy = true
}
} resource "null_resource" "commit_and_sync" { provisioner "local-exec" { command = <<EOF chmod 755 "${path.root}/scripts/firewall-commit" "${path.root}/scripts/firewall-commit" -host "${var.primary_mgmt_ip}" -user "${var.panos_admin}" -pass "${var.panos_password}" -timeout "20" EOF interpreter = ["bash", "-c"] } triggers = { timestamp = "${timestamp()}" } depends_on = [ resource.panos_static_route_ipv4.this ] }
- It will produce following error:
Error in commit: In virtual-router default, the static route DBSpokeNetwork metric value 10 is not unique among static routes to destination 10.10.48.0/20.(Module: routed) | client routed phase 1 failure | Commit failed
- I have also tried changing the "create_before_destroy = false" but same error.
Screenshots
Context
I created the route with wrong name and was trying to create it with new name and got this error.
Your Environment
Its simple PaloAlto VMs setup with HA configuration. VMs are deployed on OCI cloud.
- Version used:
- PaloAlto VM [VM-Series-11.0.2] sw-version: 11.0.2
- TF paloaltonetworks/panos v1.11.1
- TF hashicorp/null v3.2.1
- Environment name and version (e.g. Chrome 59, node.js 5.4, python 3.7.3): Python 3.10.6
- Operating System and version (desktop or mobile): Ubuntu 22.04.2
- Link to your project:
