When trying to import the prefix-list that is in a vdom, despite being imported successfully, the vdomparam attribute comes as null.

[DanielAtella]

There is a need to update a prefix list that was created before the firewall configuration. It has been identified that within the "fortios_router_prefixlist" resource, configurations can be imported into the state file. During the import process of the prefix list, it was observed that the rule was empty, despite having previously configured prefixes. Additionally, the vdomparam was set to "null".

Below is the import process:

[root@ea73c0ecfb8a fortios-prefix]# ls main.tf terraform.tfstate [root@ea73c0ecfb8a fortios-prefix]# cat terraform.tfstate { "version": 4, "terraform_version": "1.6.6", "serial": 1, "lineage": "c2824fa5-42ea-5030-cf7c-259ef8afc257", "outputs": { "response_clear_bgp_soft_out": { "value": null, "type": "string" } }, "resources": [ { "mode": "managed", "type": "fortios_router_prefixlist", "name": "prefixlist", "provider": "provider["project.local/local/fortios"]", "instances": [ { "schema_version": 0, "attributes": { "comments": "", "dynamic_sort_subtable": null, "get_all_tables": null, "id": "PL-PUBLIC-NETWORKS", "name": "PL-PUBLIC-NETWORKS", "rule": [], "vdomparam": null }, "sensitive_attributes": [], "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" } ] } ], "check_results": null }

However, this leads to a problem when attempting to apply changes from Terraform. When trying to add the vdomparam attribute, Terraform indicates that it will perform a destroy and then add action, resulting in an error:

[root@ea73c0ecfb8a fortios-prefix]# terraform apply fortios_router_prefixlist.prefixlist: Refreshing state... [id=PL-PUBLIC-NETWORKS]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

• create -/+ destroy and then create replacement

Terraform will perform the following actions:

fortios_json_generic_api.clear_bgp_soft_out will be created

• resource "fortios_json_generic_api" "clear_bgp_soft_out" {
  • force_recreate = (known after apply)
  • id = (known after apply)
  • method = "POST"
  • path = "/api/v2/monitor/router/bgp/clear-soft-out"
  • response = (known after apply) }

fortios_router_prefixlist.prefixlist must be replaced

-/+ resource "fortios_router_prefixlist" "prefixlist" { + comments = (known after apply) + dynamic_sort_subtable = "false" + get_all_tables = "false" ~id = "PL-PUBLIC-NETWORKS" -> (known after apply) name = "PL-PUBLIC-NETWORKS" + vdomparam = "FG-traffic" # forces replacement

   + rule {
       + action = "allow"
       + flags = (known after apply)
       + ge = (known after apply)
       + id = (known after apply)
       + le = (known after apply)
       + prefix = "192.168.12.240 255.255.255.248"
     }
   + rule {
       + action = "allow"
       + flags = (known after apply)
       + ge = (known after apply)
       + id = (known after apply)
       + le = (known after apply)
       + prefix = "192.168.12.128 255.255.255.224"
     }
 }

Plan: 2 to add, 0 to change, 1 to destroy.

Changes to Outputs:

• response_clear_bgp_soft_out = (known after apply)

Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve.

Enter a value: yes

fortios_router_prefixlist.prefixlist: Destroying... [id=PL-PUBLIC-NETWORKS] fortios_json_generic_api.clear_bgp_soft_out: Creating... fortios_json_generic_api.clear_bgp_soft_out: Creation complete after 0s [id=JsonGenericApi24d2438e-1ca8-47a2-a955-9c833e0fc677] ╷ │ Error: Error deleting RouterPrefixList resource: Internal Server Error - Internal error when processing the request (500) │ CLI response: │ current vf=FG-traffic:1 │ The entry is used by other 1 entries │ Command fail. Return code -23 │ Command fail. Return code 1

Here is the main.tf file used in the test:

terraform { required_providers { fortios = { source = "project.local/local/fortios" version = "1.19.0" } } }

provider "fortios" { insecure = "true" vdom = "FG-traffic" }

resource "fortios_router_prefixlist" "prefixlist" { name = "PL-PUBLIC-NETWORKS" rule { action = "permit" prefix = "192.168.12.240 255.255.255.248" } rule { action = "permit" prefix = "192.168.12.128 255.255.255.224" } vdomparam = "FG-traffic" }

resource "fortios_json_generic_api" "clear_bgp_soft_out" { force_recreate = uuid() path = "/api/v2/monitor/router/bgp/clear-soft-out" method = "POST" json = "" }

output "response_clear_bgp_soft_out" { value = "${fortios_json_generic_api.clear_bgp_soft_out.response}" }

[MaxxLiu22]

Hi @DanielAtella ,

Thank you for raising this issue. I can reproduce it and have reported it to the development team to see if any improvements can be made.

Thanks, Maxx

[MaxxLiu22]

Hi @DanielAtella

The issue has been fixed in Terraform FOS 1.19.1. Please upgrade to this version and give it a try. Let me know if the issue persists.

Thanks, Maxx

[DanielAtella]

Great! Upgrading to Terraform FOS 1.19.1 has fixed the issue as expected. Glad it worked out! Many thanks