terraform-provider-fortios icon indicating copy to clipboard operation
terraform-provider-fortios copied to clipboard

Published 20 hours ago verified publisher icon fortinetdev

fortios_system_global: all attributes will be destroyed

Open jalmeroth opened this issue 2 years ago • 2 comments

Hi there 👋,

I am trying to apply an imported certificate (see #230) like this:

resource "fortios_system_global" "system_global" {
  admin_server_cert = fortios_vpncertificate_local.letsencrypt.name
}

Plan

This is the Terraform plan:

  • resource "fortios_system_global" "system_global" {
    • admin_concurrent = (known after apply)
    • admin_console_timeout = (known after apply)
    • admin_forticloud_sso_login = (known after apply) *** snip***
    • admin_server_cert = "letsencrypt" *** snip***
    • wimax_4g_usb = (known after apply)
    • wireless_controller = (known after apply)
    • wireless_controller_port = (known after apply) }

Issue

Applying only the admin_server_cert succeeds and the certificate is beeing used. Unfortunately, all other attributes of fortios_system_global were imported into terraform state, which can be validated by terraform state show fortios_system_global.system_global. This leads to the actual issue on terraform destroy all fortios_system_global-attributes will be affected (deleted).

Versions

Terraform

Terraform v1.1.9 on darwin_amd64

  • provider registry.terraform.io/fortinetdev/fortios v1.14.1
  • provider registry.terraform.io/hashicorp/tls v3.3.0
  • provider registry.terraform.io/vancluever/acme v2.8.0

FortiOS

FortiOS v7.0.5 build0304 (GA)

jalmeroth avatar Apr 29 '22 08:04 jalmeroth

Hi @jalmeroth,

Thank you for raising this issue. Team are working on this issue. We will fix it in the next release, and will get back to you once it's resolved.

Thanks, Xing

lix-fortinet avatar May 04 '22 21:05 lix-fortinet

Hi @jalmeroth,

Our team has discussed this issue, and we decide not handle it for now. Our design logic is to handle all arguments by Terraform if you let the Terraform provider handle this resource. This resource is a non-deletable resource, so the logic it to reset all arguments to default value for the destroy operation. Also, there are some limitations of Terraform SDK to implement this feature due to the Terraform SDK's design. We will keep an eye on this issue, and make some improvements in the future based on the update of Terraform SDK.

Thanks, Xing

lix-fortinet avatar Oct 10 '22 20:10 lix-fortinet