terraform-provider-fortios icon indicating copy to clipboard operation
terraform-provider-fortios copied to clipboard

Published 20 hours ago verified publisher icon fortinetdev

fortios_system_automationstitch trying to update in-place in mixed version environment

Open zippanto opened this issue 2 years ago • 2 comments

Hi,

We have a mixed 6.4 / 7.0 environment.

We are using fortios_system_automationstitch resource. It seems in 6.4 you need to use action{} block and in 7.0 you need to use actions{} block. Including both does not cause any errors, however even after applying if we apply again terraform is trying to update the resource in place.

Resource

resource "fortios_system_automationstitch" "ssl_vpn_login_fail" {
  depends_on = [
    fortios_system_automationaction.slack,
    fortios_system_automationtrigger.ssl_vpn_login_fail
  ]
  name    = "SSL VPN login fail"
  trigger = "SSL VPN login fail"
  status  = "enable"
  action {
    name = "Slack"
  }

  # FortiOS 7.0
  actions {
    action = "Slack"
  }
}

Please see below for the output of plan/apply.

6.4

 # fortios_system_automationstitch.ssl_vpn_login_fail will be updated in-place
  ~ resource "fortios_system_automationstitch" "ssl_vpn_login_fail" {
        id                    = "SSL VPN login fail"
        name                  = "SSL VPN login fail"
        # (3 unchanged attributes hidden)

      + actions {
          + action = "Slack"
        }

        # (1 unchanged block hidden)
    }

7.0

  # fortios_system_automationstitch.ssl_vpn_login_fail will be updated in-place
  ~ resource "fortios_system_automationstitch" "ssl_vpn_login_fail" {
        id                    = "SSL VPN login fail"
        name                  = "SSL VPN login fail"
        # (3 unchanged attributes hidden)

      + action {
          + name = "Slack"
        }

        # (1 unchanged block hidden)
    }

Please advise.

Thanks.

zippanto avatar Jun 06 '23 10:06 zippanto

@zippanto,

Thank you for raising this question, that is expected, FGT Terraform is compatible with multiple FOS versions, and there are some feature design differences in varies versions FOS like you said action{} and actions{}, so by now, we can just comment out the unused config when you run on a FOS version, I will report it to the development team to see if there will be a improvement.

Thanks, Maxx

MaxxLiu22 avatar Jun 09 '23 17:06 MaxxLiu22

@MaxxLiu22

Thanks Maxx. We understand where this is coming from as we can see the changes in CLI and API. However we would expect the provider to transparently take care of these differences amongst versions and present no changes as otherwise these would need to be reviewed on every plan/apply and so decrease the usability.

Thank you for raising it with the development team. We are hoping for improvement on this.

zippanto avatar Jun 09 '23 17:06 zippanto

Hi all,

You can now set both arguments in your Terraform script, and Terraform will automatically choose the one compatible with your FOS version. I will go ahead to closet this case since long time no activity, but please don’t hesitate to reach out or open a new case if you have any further questions

Thanks, Maxx

MaxxLiu22 avatar Oct 24 '24 17:10 MaxxLiu22