Template / template_stack conflict yet are enforced #294
Comments
|
🎉 Thanks for opening your first issue here! Welcome to the community! |
PaloAltoNetworks#294) The template and template_stack objects are enforced when running plan/apply against imported objects; otherwise the engine would want to completely replace the objects, which would likely cause consistency issues with the rest of the configuration. Since they are both enforced; they can't also be conflicting; that leads to an impossible scenario where you must but can't define both a template and template_stack. Signed-off-by: Mathieu Trudel-Lapierre <mtrudel@stack8.com>
|
Sorry for the delay in looking at this. So looking at your config, your terraform plan file is incorrect, so I believe the provider to be doing the correct thing here. A Panorama Zone will set either in a template or a template stack from an PAN-OS XPATH perspective. If I create a template, Here's my plan file for the import: resource "panos_panorama_zone" "x" {}Here's me trying to import this resource into Terraform: shell$ terraform import panos_panorama_zone.x 'tem1::vsys1:foobar'
panos_panorama_zone.x: Importing from ID "tem1::vsys1:foobar"...
panos_panorama_zone.x: Import prepared!
Prepared panos_panorama_zone for import
panos_panorama_zone.x: Refreshing state... [id=tem1::vsys1:foobar]
Import successful!
The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.
shell$ terraform show
# panos_panorama_zone.x:
resource "panos_panorama_zone" "x" {
enable_user_id = false
exclude_acls = []
id = "tem1::vsys1:foobar"
include_acls = []
interfaces = [
"ethernet1/2",
]
mode = "layer3"
name = "foobar"
template = "tem1"
vsys = "vsys1"
}
shell$ Just copy / pasting that into my plan file (and removing the shell$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
panos_panorama_zone.x: Refreshing state... [id=tem1::vsys1:foobar]
------------------------------------------------------------------------
No changes. Infrastructure is up-to-date.
This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.
shell$ Based on what I see in your config, the correct config for you is possibly The fact that the template |
|
Any chance to get some movement here @PaloAlto? |
Describe the bug
I imported my existing panorama config for zones; those include both a template and template_stack values set. Defining the zones in terraform code to have a snapshot of the existing config (basically, importing, then adjusting terraform code until terraform plan shows no changes to be applied), leads to constraints impossible to satisfy:
Yet:
Expected behavior
It should be possible to define a zone based on its existing imported properties, such that 'terraform plan' is a no-op (as a basis for adding new panorama/panos config).
Current behavior
Terraform plan errors with a schema conflict, or produces a plan which involves potentially destructive changes.
Possible solution
Not making template and template_stack conflict.
Steps to reproduce
See above.
Screenshots
Context
See above
Your Environment
Ubuntu 20.10 / python 3.8.10
Terraform panos provider: 1.8.3
Panorama 9.1
The text was updated successfully, but these errors were encountered: