terraform-provider-oci
terraform-provider-oci copied to clipboard
oracle
Cannot specify empty string or null value for routing_policy_name attribute of oci_load_balancer_listener resource
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version and Provider Version
Terraform v1.5.2
on linux_amd64
+ provider registry.terraform.io/hashicorp/random v3.5.1
+ provider registry.terraform.io/oracle/oci v5.4.0
Your version of Terraform is out of date! The latest version
is 1.5.3. You can update by downloading from https://www.terraform.io/downloads.html
Affected Resource(s)
oci_load_balancer_listener
Terraform Configuration Files
/
Debug Output
When using empty string: https://gist.github.com/dhoogfr/c793b59ef7efe97365d36a9874d274e6 When using null value: https://gist.github.com/dhoogfr/b41698d035ec10a915cccdf3a522f1c1
Panic Output
Expected Behavior
Terraform should update the load balancer without setting a value for the routing policy attribute or should remove the earlier assigned policy from the LB.
Actual Behavior
Apply fails with message that the routing policy name is not valid.
│ Error: 400-InvalidParameter, routingPolicyName must match "^[a-zA-Z_][a-zA-Z_0-9]*$"; routingPolicyName size must be between 1 and 32
│ Suggestion: Please update the parameter(s) in the Terraform config as per error message routingPolicyName must match "^[a-zA-Z_][a-zA-Z_0-9]*$"; routingPolicyName size must be between 1 and 32
│ Documentation: https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/load_balancer_listener
│ API Reference:
│ Request Target: PUT https://iaas.eu-amsterdam-1.oraclecloud.com/20170115/loadBalancers/ocid1.loadbalancer.oc1.eu-amsterdam-1.aaaaaaaa4iptlrmi3jtdtwqmugmc3gwb4grjvyuasfdxrphauesuz6nqwdua/listeners/lsnr-apex
│ Provider version: 5.4.0, released on 2023-07-12.
│ Service: Load Balancer Listener
│ Operation Name: UpdateListener
│ OPC request ID: ffd5e0d6ccc3525b0400826d78eb72bf/B83AF677AB63050D86A39D71FF594FE7/AFDB281E11A3B19141745432FAC9E308
│
│
│ with oci_load_balancer_listener.dgpl_tst["lsnr-apex"],
│ on load_balancers_tst.tf line 270, in resource "oci_load_balancer_listener" "dgpl_tst":
│ 270: resource "oci_load_balancer_listener" "dgpl_tst" {
Steps to Reproduce
- create load balancer, without specifying the routing policy attribute
- Add the routing policy attribute (unclear if you need to first set a routing policy and then try to remove it or not)
- Run apply
Important Factoids
Note that in my case the load balancer does have other listeners which do use a routing policy I have not tested if this problem is triggered if none of the listeners have a routing policy assigned
When I check the OCI console after the apply failed, I do not see a work request listed for the past apply.
References
I just checked and I'm even getting this error when I remove the routing_policy_name attribute Strangely enough, the state of this resource in the state file does not contain the routing_policy_name attribute:
# oci_load_balancer_listener.dgpl_tst["lsnr-apex"]:
resource "oci_load_balancer_listener" "dgpl_tst" {
default_backend_set_name = "bs-dgpl-apex-tst"
hostname_names = [
"hs-apex",
]
id = "loadBalancers/ocid1.loadbalancer.oc1.eu-amsterdam-1.aaaaaaaa4iptlrmi3jtdtwqmugmc3gwb4grjvyuasfdxrphauesuz6nqwdua/listeners/lsnr-apex"
load_balancer_id = "ocid1.loadbalancer.oc1.eu-amsterdam-1.aaaaaaaa4iptlrmi3jtdtwqmugmc3gwb4grjvyuasfdxrphauesuz6nqwdua"
name = "lsnr-apex"
port = 443
protocol = "HTTP"
rule_set_names = []
state = "SUCCEEDED"
connection_configuration {
backend_tcp_proxy_protocol_version = 0
idle_timeout_in_seconds = "600"
}
ssl_configuration {
certificate_ids = []
certificate_name = "dhoogfr-eu.202307A"
cipher_suite_name = "oci-modern-ssl-cipher-suite-v1"
protocols = [
"TLSv1.2",
]
server_order_preference = "ENABLED"
trusted_certificate_authority_ids = []
verify_depth = 1
verify_peer_certificate = false
}
}
In the debug output of the apply, I'm seeing the following being returned as actual state
"lsnr-apex": {
"name": "lsnr-apex",
"defaultBackendSetName": "bs-dgpl-apex-tst",
"port": 443,
"protocol": "HTTP",
"hostnameNames": [
"hs-apex"
],
"serverName": null,
"pathRouteSetName": null,
"sslConfiguration": {
"verifyDepth": 1,
"verifyPeerCertificate": false,
"trustedCertificateAuthorityIds": [],
"certificateIds": [],
"certificateName": "dhoogfr-eu.202307A",
"serverOrderPreference": "ENABLED",
"cipherSuiteName": "oci-modern-ssl-cipher-suite-v1",
"protocols": [
"TLSv1.2"
]
},
"connectionConfiguration": {
"idleTimeout": 600,
"backendTcpProxyProtocolVersion": null,
"backendTcpProxyProtocolOptions": null
},
"ruleSetNames": [],
"routingPolicyName": null
},
When testing the API itself using Python it seems that the update succeeds when specifying the Python None value. An empty string triggers the same problem.
From this it seems as the OCI Terraform plugin should use the null value in the json body and not an empty string
Thank you for reporting the issue. We have raised an internal ticket to track this. Our service engineers will get back to you.
Seems you cannot even unassign routing policy from listener, still remains in state file when routing_policy_name removed from TF code.
Just tested again with latest versions and it is still a problem
Terraform v1.5.6
on linux_amd64
+ provider registry.terraform.io/hashicorp/random v3.5.1
+ provider registry.terraform.io/oracle/oci v5.10.0
Can you give an update on this issue?
more than two months later, still an issue...
on linux_amd64
+ provider registry.terraform.io/hashicorp/random v3.5.1
+ provider registry.terraform.io/oracle/oci v5.14.0```
