Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

avi_vsvip always detecting changes when utilizing auto_allocate_ip = true #607

Open
jakauppila opened this issue Aug 7, 2024 · 1 comment
Open

avi_vsvip always detecting changes when utilizing auto_allocate_ip = true #607

jakauppila opened this issue Aug 7, 2024 · 1 comment
Labels
bug

Comments

@jakauppila
Copy link

Describe the bug

We are attempting to leverage the avi_vsvip resource to auto-allocate an IP with an IPAM network subnet and while it works successfully, we're hitting an issue where subsequent executions are detecting changes due to the READ operation pulling back more details than what was initially provided.

Reproduction steps

  1. Create a VIP with the following TF:
resource "avi_vsvip" "vdefend-vip" {
  name = "vip"
  cloud_ref = data.avi_cloud.cloud.id
  vip {
    vip_id = "vip"
    auto_allocate_ip = true
    auto_allocate_ip_type = "V4_ONLY"
    enabled = true
    ipam_network_subnet {
      network_ref = data.avi_network.network.id
    }
    placement_networks {
      network_ref = data.avi_network.network.id
      subnet {
        mask = 21
        ip_addr {
          addr = "10.0.0.0"
          type = "V4"
        }
      }
    }
  }
}
  1. Terraform apply
  2. Terraform apply again
  3. Error!
data.avi_cloud.cloud: Reading...
data.avi_cloud.cloud: Read complete after 1s [id=https://AVICONTROLLER/api/cloud/cloud-cf8825c5-7ea9-40e6-84cd-e1b9bccf7495]
data.avi_network.network: Reading...
data.avi_network.network: Read complete after 0s [id=https://AVICONTROLLER/api/network/network-c43cec83-e5f7-4f5d-b81e-5ab299fd9398]
avi_vsvip.vdefend-vip: Refreshing state... [id=https://AVICONTROLLER/api/vsvip/vsvip-f35e17f4-3dfb-4228-b393-78fbfb80db02]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # avi_vsvip.vdefend-vip will be updated in-place
  ~ resource "avi_vsvip" "vdefend-vip" {
        id                  = "https://AVICONTROLLER/api/vsvip/vsvip-f35e17f4-3dfb-4228-b393-78fbfb80db02"
        name                = "vip"
        # (5 unchanged attributes hidden)

      ~ vip {
            # (15 unchanged attributes hidden)

          - ipam_network_subnet {
              - network_ref  = "https://AVICONTROLLER/api/network/network-c43cec83-e5f7-4f5d-b81e-5ab299fd9398" -> null
                # (2 unchanged attributes hidden)

              - subnet {
                  - mask = "21" -> null

                  - ip_addr {
                      - addr = "10.0.0.0" -> null
                      - type = "V4" -> null
                    }
                }
            }
          + ipam_network_subnet {
              + network_ref  = "https://AVICONTROLLER/api/network/network-c43cec83-e5f7-4f5d-b81e-5ab299fd9398"
              + subnet6_uuid = (known after apply)
              + subnet_uuid  = (known after apply)
            }

            # (2 unchanged blocks hidden)
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Expected behavior

The detection of TF defined configuration vs what is pulled back from the API should be a bit more intelligent to know that it doesn't have to take action.

This might be what DiffSuppressFunc should be leveraged for. It could potentially have custom logic for the resource to know that if auto_allocate_ip = true is set, then automatically ignore the additional details that are coming back from the API when determining if it needs to take action.

Additional context

As a workaround for now, I have the following lifecycle block defined, though that's not ideal if we ever had to modify that value in the TF configuration.

lifecycle {
  ignore_changes = [vip.0.ipam_network_subnet]
}
@jakauppila jakauppila added the bug label Aug 7, 2024
@xtala
Copy link

xtala commented Dec 6, 2024
edited
Loading

I came across this issue while troubleshooting something very similar on our environment (although we auto-allocate from infoblox). I noticed during testing that you can just leave out the network_reference altogether without issue. The Swagger spec does not mention it as a required arugment as well. A block like the one below works for us. Since we no longer define a network_ref, there are no changes that are triggered.

resource "avi_vsvip" "vsvip_testnetworkref" {
  name            = "vip_testnetworkref"
  cloud_ref       = data.avi_cloud.nsxmgr.id
  vrf_context_ref = data.avi_vrfcontext.vrf.id
  tier1_lr        = "/infra/tier-1s/${data.nsxt_policy_tier1_gateway.tier1.id}"

  vip {
    vip_id                = 1
    enabled               = true
    auto_allocate_ip      = true
    auto_allocate_ip_type = "V4_ONLY"
    ipam_network_subnet {
      subnet {
        ip_addr {
          addr = "10.0.0.0"
          type = "V4"
        }
        mask = 23
      }
    }
  }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jakauppila @xtala