I'm not sure if I'm missing something but there is a data source for aws_iam_instance_profile here:
https://github.com/terraform-providers/terraform-provider-avi/blob/master/examples/aws/aws_resources/aws.tf

I don't see where that data resource for aws_iam_instance_profile is being created in this example?

Hello,

I am unable to create a pool (using the avi_pool resource). I've tested using the latest version of the provider, with both Terraform v0.11.14 and v0.12.10, using AVI provider v0.2.0.

resource "avi_pool" "testpool" {
name = "pool-42"
health_monitor_refs = ["${avi_healthmonitor.openlane_hm_http.id}"]
tenant_ref = "${avi_tenant.openlane.id}"
cloud_ref = "cloud-9b31d623-181b-49c3-b2e1-bb5d87257150"
application_persistence_profile_ref = "System-Persistence-Client-IP"

servers {
ip = {
type = "V4"
addr = "10.90.64.66"
}

port = 8080

}
}

Error I'm seeing:

1 error occurred:
* avi_pool.testpool: 1 error occurred:
* avi_pool.testpool: Encountered an error on POST request to URL https://controller-nonprod.karops.io/api/pool: HTTP code: 400; error from Avi: map[error:Incoming request (v18_2_2) has field (delete_server_on_dns_refresh) introduced in later versions(v18_2_3).]

Describe the bug

According to https://registry.terraform.io/providers/vmware/avi/latest/docs/resources/avi_user#argument-reference the password argument for avi_user resource is optional but if deployed without a password the following error HTTP code: 400; error from Controller: map[error:Password is required] is reported.

Reproduction steps

1. Try do deploy avi_user resource

resource "avi_user" "foo" {
  name               = "terraform-example-foo"
  default_tenant_ref = "/api/tenant/?name=admin"
}

2. Apply
3. Receive error HTTP code: 400; error from Controller: map[error:Password is required]

Expected behavior

Document that the password is required.

Additional context

No response

Issue Description

The Avi provider is incorrectly reporting changes to avi_cloud resources when a nested TypeSet is defined in TF config files.

Steps to Reproduce

1. Create a Kubernetes cloud in the Avi Vantage controller.
2. Initialize the TF with the Avi provider and an (optional) remote backend

   terraform {
     backend "consul" {
       address = var.consul_address
       scheme = var.consul_scheme
       path = var.consul_path
     }
   }
   
   provider "avi" {
     avi_controller = var.avi_controller
     avi_tenant = "admin"
     avi_version = var.avi_version
   }

3. Using valid Avi credentials, import the existing Kubernetes cloud into TF state

   AVI_USERNAME=user AVI_PASSWORD=pass terraform import avi_cloud.default cloud-795da0ff-6758-42ce-b857-5989011c5bdc

4. Update TF config make a few changes to the newly imported Kubernetes cloud.

   resource "avi_cloud" "default" {
     name = "default"
     dhcp_enabled = true
     vtype = "CLOUD_OSHIFT_K8S"
   
     oshiftk8s_configuration {
       disable_auto_backend_service_sync = true
       master_nodes = [var.avi_master_node]
       service_account_token = "secret-key"
   
       se_include_attributes {
         attribute = "avi-se"
         value = "true"
       }
     }
   }

5. Apply the changes to the avi_cloud resource.

   AVI_USERNAME=user AVI_PASSWORD=pass terraform apply

6. After successful apply, immediately execute another plan without making code changes.

   AVI_USERNAME=user AVI_PASSWORD=pass terraform plan

Expected Result

Terraform should report no changes. Console output should be...

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Actual Result

Terraform reports changes to the entire oshiftk8s_configuration dict.

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # avi_cloud.default will be updated in-place
  ~ resource "avi_cloud" "default" {
        apic_mode                    = false
        autoscale_polling_interval   = 60
        dhcp_enabled                 = true
        dns_provider_ref             = "https://avi.local/api/ipamdnsproviderprofile/ipamdnsproviderprofile-e3db518d-274a-4df9-88e4-9c9ac189f23f"
        dns_resolution_on_se         = false
        enable_vip_static_routes     = false
        id                           = "https://avi.local/api/cloud/cloud-795da0ff-6758-42ce-b857-5989011c5bdc"
        ip6_autocfg_enabled          = false
        ipam_provider_ref            = "https://avi.local/api/ipamdnsproviderprofile/ipamdnsproviderprofile-9a15c2ef-adc6-45ef-8625-713770b46638"
        license_tier                 = "ENTERPRISE_18"
        license_type                 = "LIC_CORES"
        mtu                          = 1500
        name                         = "default"
        prefer_static_routes         = false
        state_based_dns_registration = true
        tenant_ref                   = "https://avi.local/api/tenant/admin"
        uuid                         = "cloud-795da0ff-6758-42ce-b857-5989011c5bdc"
        vtype                        = "CLOUD_OSHIFT_K8S"

      - oshiftk8s_configuration {
          - app_sync_frequency                   = 300 -> null
          - auto_assign_fqdn                     = true -> null
          - container_port_match_http_service    = true -> null
          - coredump_directory                   = "/var/lib/systemd/coredump" -> null
          - default_service_as_east_west_service = true -> null
          - disable_auto_backend_service_sync    = true -> null
          - disable_auto_frontend_service_sync   = false -> null
          - disable_auto_gs_sync                 = false -> null
          - disable_auto_se_creation             = false -> null
          - docker_endpoint                      = "/var/run/docker.sock" -> null
          - enable_event_subscription            = true -> null
          - feproxy_vips_enable_proxy_arp        = true -> null
          - http_container_ports                 = [] -> null
          - l4_health_monitoring                 = true -> null
          - master_nodes                         = [
              - "https://default.k8s.local",
            ] -> null
          - num_shards                           = 0 -> null
          - override_service_ports               = true -> null
          - sdn_overlay                          = true -> null
          - se_deployment_method                 = "SE_CREATE_POD" -> null
          - se_restart_batch_size                = 1 -> null
          - se_restart_force                     = false -> null
          - se_volume                            = "/var/lib/avi" -> null
          - secure_egress_mode                   = false -> null
          - service_account_token                = "<sensitive>" -> null
          - shared_virtualservice_namespace      = false -> null
          - sync_not_ready_addresses             = true -> null
          - use_controller_image                 = false -> null
          - use_resource_definition_as_ssot      = false -> null
          - use_scheduling_disabled_nodes        = false -> null
          - use_service_cluster_ip_as_ew_vip     = false -> null

          - avi_bridge_subnet {
              - mask = 16 -> null

              - ip_addr {
                  - addr = "172.18.0.1" -> null
                  - type = "V4" -> null
                }
            }

          - docker_registry_se {
              - private  = false -> null
              - registry = "avinetworks/se" -> null
            }

          - east_west_placement_subnet {
              - mask = 16 -> null

              - ip_addr {
                  - addr = "172.18.0.1" -> null
                  - type = "V4" -> null
                }
            }

          - se_include_attributes {
              - attribute = "avi-se" -> null
              - value     = "true" -> null
            }

          - se_pod_tolerations {
              - effect             = "NO_SCHEDULE" -> null
              - key                = "dedicated" -> null
              - operator           = "EQUAL" -> null
              - toleration_seconds = 0 -> null
              - value              = "se" -> null
            }

          - vip_default_gateway {
              - addr = "10.228.72.1" -> null
              - type = "V4" -> null
            }
        }
      + oshiftk8s_configuration {
          + app_sync_frequency                   = 300
          + auto_assign_fqdn                     = true
          + ca_tls_key_and_certificate_ref       = (known after apply)
          + client_tls_key_and_certificate_ref   = (known after apply)
          + cluster_tag                          = (known after apply)
          + container_port_match_http_service    = true
          + coredump_directory                   = "/var/lib/systemd/coredump"
          + default_service_as_east_west_service = true
          + disable_auto_backend_service_sync    = true
          + disable_auto_frontend_service_sync   = false
          + disable_auto_gs_sync                 = false
          + disable_auto_se_creation             = false
          + docker_endpoint                      = "/var/run/docker.sock"
          + enable_event_subscription            = true
          + feproxy_vips_enable_proxy_arp        = true
          + http_container_ports                 = []
          + l4_health_monitoring                 = true
          + master_nodes                         = [
              + "https://default.k8s.local",
            ]
          + node_availability_zone_label         = (known after apply)
          + num_shards                           = 0
          + override_service_ports               = true
          + sdn_overlay                          = true
          + se_deployment_method                 = "SE_CREATE_POD"
          + se_image_pull_secret                 = (known after apply)
          + se_priority_class                    = (known after apply)
          + se_restart_batch_size                = 1
          + se_restart_force                     = false
          + se_volume                            = "/var/lib/avi"
          + secure_egress_mode                   = false
          + service_account_token                = "secret-key"
          + shard_prefix                         = (known after apply)
          + shared_virtualservice_namespace      = false
          + ssh_user_ref                         = (known after apply)
          + sync_not_ready_addresses             = true
          + use_controller_image                 = false
          + use_resource_definition_as_ssot      = false
          + use_scheduling_disabled_nodes        = false
          + use_service_cluster_ip_as_ew_vip     = false

          + avi_bridge_subnet {
              + mask = (known after apply)

              + ip_addr {
                  + addr = (known after apply)
                  + type = (known after apply)
                }
            }

          + docker_registry_se {
              + password = (known after apply)
              + private  = (known after apply)
              + registry = (known after apply)
              + username = (known after apply)

              + oshift_registry {
                  + registry_namespace = (known after apply)
                  + registry_service   = (known after apply)

                  + registry_vip {
                      + addr = (known after apply)
                      + type = (known after apply)
                    }
                }
            }

          + east_west_placement_subnet {
              + mask = (known after apply)

              + ip_addr {
                  + addr = (known after apply)
                  + type = (known after apply)
                }
            }

          + se_include_attributes {
              + attribute = "avi-se"
              + value     = "true"
            }

          + vip_default_gateway {
              + addr = (known after apply)
              + type = (known after apply)
            }
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Analysis

As you can see, the Avi provider is not doing a proper diff of the nested oshiftk8s_configuration resource. After some research, it appears the issue is related to how the schema for this resource is defined. oshiftk8s_configuration is defined as TypeSet and includes other nested TypeSet attributes, such as avi_bridge_subnet, docker_registry_se, etc. Based on this comment, it appears the usage of nested TypeSet resources is a limitation of the current version of the Terraform SDK. In order to preserve the current config structure, it is recommended to use TypeList with MaxItems: 1 instead of TypeSet. I tried making this change locally, however, I ran into type conversion errors...

panic: interface conversion: interface {} is map[string]interface {}, not []interface {}

This error is thrown within SetDefaultsInAPIRes method in utils.go.

Considering this is common behavior in managing Avi resources via Terraform, I believe this is a critical bug.

Describe the bug

It is not possible to use ako-tenant role with READ_ACCESS to resource PERMISSION_CONTROLLER for user creation:
│ Error: Encountered an error on POST request to URL https://nsx-alb.tld.de/api/user: HTTP code: 400; error from Controller: map[error:Cannot use Role ako-tenant with access to Controller, Role, Tenant or User in non-admin tenant]

This is required by AKO:
ako-0 ako 2024-03-01T10:23:20.483Z WARN lib/avi_api.go:65 msg: Unable to fetch data from uri /api/cluster Encountered an error on GET request to URL https://nsx-alb.tld.de/api/cluster: HTTP code: 403; error from Avi: map[error:User 'ako-test' is not authorized to read on resource System in tenant AKOTEST]

Reproduction steps

1. Create ako-tenant role according to https://github.com/vmware/load-balancer-and-ingress-services-for-kubernetes/blob/master/docs/roles/ako-tenant.json
2. Try to create avi_user with individuel tenants and role refs according to https://github.com/vmware/load-balancer-and-ingress-services-for-kubernetes/blob/master/docs/ako_tenancy.md

resource "avi_user" "avi_user" {
  name = "ako-${var.tenant}"
  access {
    tenant_ref  = avi_tenant.tenant.id
    role_ref    = data.avi_role.ako_tenant.id
    all_tenants = false
  }
  access {
    tenant_ref  = data.avi_tenant.admin.id
    role_ref    = data.avi_role.ako_admin.id
    all_tenants = false
  }
  password           = "SuperSecretPassword!"
  default_tenant_ref = avi_tenant.tenant.id
}

Expected behavior

It is possible to use ako-tenant role with READ_ACCESS to resource PERMISSION_CONTROLLER.

Additional context

No response

Describe the bug

We are running version 22.1.6 of the provider (matching the deployed AVI version).

When running terraform destroy the avi_cluster resource fails to be destroyed returning the error message

Encountered an error on DELETE request to URL https://192.168.0.213/api/cluster/cluster-f2bf8b9d-fa77-41c6-bf84-5409aed50b02: HTTP code: 405; error from Controller: map[detail:Method 'DELETE' not allowed.]

Reproduction steps

using https://github.com/vmware/terraform-provider-avi/tree/eng/examples/vmware/vsphere_steps/04_avi_cluster

1. run terraform apply
2. run terraform destroy

Expected behavior

The avi_cluster resource does not issue a DELETE request to the AVI API, as this is not allowed.
The avi_cluster resource in terraform is removed and not throwing an error.

Additional context

No response

I have below which creates avi gslbservice with a single pool attached to it. I would like to create a second pool created and attached to it. Can any one guide?
I am new to terraform, I saw few tutorials on for_each fn. But not able to figure out, how to apply it for my need.

resource "avi_gslbservice" "avi_gslbservice" {
    name = "helloworldssl-gslb"
    tenant_ref = data.avi_tenant.avi_tenant.id
    domain_names = ["xxxxxxxxx"]
    health_monitor_refs = [avi_healthmonitor.avi_healthmonitor_gslb.id]
    enabled = true
    pool_algorithm = "GSLB_SERVICE_ALGORITHM_GEO"
    ttl = "30"
    created_by = "xxxxxx"
    description = "xxxxxx"
    down_response {
    type = "GSLB_SERVICE_DOWN_RESPONSE_ALL_RECORDS"
                 }
    **groups {
          priority = 10
          members {
                  ip {
                    type = "V4"
                    addr = ""
                     }
              fqdn = "xxxxxxxxxxxxxx"
              vs_uuid = ""
              cluster_uuid = ""
              ratio = 1
              enabled = true
               }
          name = "helloworldssl-gslb-pool1"
         algorithm = "GSLB_ALGORITHM_TOPOLOGY"
          }**
    }

Describe the bug

│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to avi_useraccount.avi_user, provider "provider["registry.terraform.io/vmware/avi"]"
│ produced an unexpected new value: Root resource was present, but now absent.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker

Reproduction steps

When deploying the step on aws example to create staged cluster, i got following error on changing current password.
Module:
2# 2_avi_user_account

Expected behavior

avi_useraccount.avi_user will be created

• resource "avi_useraccount" "avi_user" {
  • id = (known after apply)
  • old_password = (sensitive value)
  • password = (sensitive value)
  • username = "admin"

Additional context

No response

I am trying below,

data "avi_gslb" "avi_gslb" {
    name = "Default"
}

But its giving many fields values as null. Field I am really interested to see data is for third_party_sites.
If I directly hit my controller api page https://xxxxx.xxx.xxxx/api/gslb?name=Default then it gives data for third_party_sites

{
          "schema_version": 0,
          "attributes": {
            "async_interval": null,
            "clear_on_max_retries": null,
            "client_ip_addr_group": [],
            "configpb_attributes": [],
            "description": "Updated by Avi System Settings per xxxxxxxxxxxx.",
            "dns_configs": [
              {
                "domain_name": "xxxxxxxx.xxx.xxx"
              },
              {
                "domain_name": "xxxxxxx.xxxx.xxxx"
              }
            ],
            "enable_config_by_members": null,
            "error_resync_interval": null,
            "id": "xxxxxxxxxxxxxxxxxxxx",
            "is_federated": null,
            "leader_cluster_uuid": "xxxxxxxxxxxxxxxxx",
            "maintenance_mode": null,
            "name": "Default",
            "replication_policy": [],
            "send_interval": "120",
            "send_interval_prior_to_maintenance_mode": null,
            "sites": [
              {
                "address": "",
                "cluster_uuid": "xxxxxxxxxxxxxxxxxxxxxxx",
                "dns_vses": [
                  {
                    "dns_vs_uuid": "xxxxxxxxxxxxxxxxxxxxxxx",
                    "domain_names": []
                  }
                ],
                "enabled": "",
                "hm_proxies": [],
                "hm_shard_enabled": "true",
                "ip_addresses": [
                  {
                    "addr": "xx.xx.xx.xx",
                    "type": "V4"
                  }
                ],
                "location": [
                  {
                    "location": [
                      {
                        "latitude": "xx",
                        "longitude": "xx",
                        "name": "xxxxxxxxxx",
                        "tag": "xxx"
                      }
                    ],
                    "source": "xxxxxxxxxx"
                  }
                ],
                "member_type": "xxxxxxxxxx",
                "name": "xxxxxxxxxx",
                "password": "xxxxxxxxxxxx",
                "port": "",
                "ratio": "",
                "suspend_mode": "",
                "username": "xxxxxxxxxxx",
                "uuid": ""
              },                                         
            ],
            "tenant_ref": "xxxxxxxxxxxxx",
            "tenant_scoped": null,
            "**third_party_sites**": null,
            "uuid": "xxxxxxxxxxxxxxxxx",
            "view_id": "xxxxxxxxxxxxx"
          },
          "sensitive_attributes": []
        }

Is your feature request related to a problem? Please describe.

As of today it is not possible to configure licenses for AVI using terraform.

Describe the solution you'd like

I want to configure licenses on AVI using a terraform resource.

Describe alternatives you've considered

No response

Additional context

No response

Describe the bug

when specifying the provider in the parent module as per https://www.terraform.io/language/modules/develop/providers.
The Child module does not log in to AVI

Reproduction steps

1.parent module code
terraform {
  required_version = ">=1.0.10"
  required_providers {
    avi = {
      source = "vmware/avi"
      version = "22.1.1"
    }
  }
}
provider "avi" {
  alias           = "prod"
  avi_version     = x.y.z
  avi_controller  = "#######"
  avi_username    = "#######"
  avi_password    = "#######"
}
module "avi_lb" {
    source                  = "git::https://some_source"
    providers      = { avi = avi.prod }
    cloud          = "avicloudname"
}
output "alb_cloud" {
  value = module.avi_lb.alb_cloud
}


2.child module code
terraform {
    required_version = ">=1.0.10"
  required_providers {
    avi = {
      source  = "vmware/avi"
      version = "22.1.1"
    }
  }
}
variable "cloud" {
  description = "ALB cloud Name"
  type = string
}
data "avi_cloud" "nsx_cloud" {
  name      = var.cloud
}
output "alb_cloud" {
    value = data.avi_cloud.nsx_cloud
}

3.when executing the above code the output is stuck on keep reading until it times out with a null value
the user does not show an attempt at logging in to the AVI controller

Expected behavior

Being able to connect to AVI with the provider being specified in the parent (root) module section.
https://www.terraform.io/language/modules/develop/providers
A module intended to be called by one or more other modules must not contain any provider blocks. A module containing its own provider configurations is not compatible with the for_each, count, and depends_on arguments that were introduced in Terraform v0.13.

Additional context

The code above works if the provider section is defined in the child module instead of being passed from the parent module.

Today I upgraded to the current release of the Avi Terraform provider (v0.2.1). I tried testing it by running the following command on unchanged Terraform code:

user@computer:[~/Git/laitram_terraform/dev/aws/avi_cluster] λ AVI_VERSION=18.2.4 AWS_PROFILE=dev terraform apply -var-file secrets.tfvars

Error: avi_serviceenginegroup.prod_se_group: : invalid or unknown key: se_routing

I have this attribute configured in my code, which no longer runs. This attribute is valid and is referenced in the official documentation here:
https://www.terraform.io/docs/providers/avi/d/avi_serviceenginegroup.html#se_routing

I went looking for this code in previous version, and as best I can tell it's simply been deleted in the most recent release (see "@@ -621,10 +606,25 @@" in the diff below):

user@computer:[/tmp/terraform-provider-avi] λ git diff v0.1.2..v0.2.1 -- avi/resource_avi_serviceenginegroup.go
diff --git a/avi/resource_avi_serviceenginegroup.go b/avi/resource_avi_serviceenginegroup.go
index fbbd6ba..010655b 100644
--- a/avi/resource_avi_serviceenginegroup.go
+++ b/avi/resource_avi_serviceenginegroup.go
@@ -24,11 +24,6 @@ func ResourceServiceEngineGroupSchema() map[string]*schema.Schema {
                        Optional: true,
                        Default:  false,
                },
-               "advertise_backend_networks": {
-                       Type:     schema.TypeBool,
-                       Optional: true,
-                       Default:  false,
-               },
                "aggressive_failure_detection": {
                        Type:     schema.TypeBool,
                        Optional: true,
@@ -97,7 +92,7 @@ func ResourceServiceEngineGroupSchema() map[string]*schema.Schema {
                "bgp_state_update_interval": {
                        Type:     schema.TypeInt,
                        Optional: true,
-                       Default:  10,
+                       Default:  60,
                },
                "buffer_se": {
                        Type:     schema.TypeInt,
@@ -224,21 +219,11 @@ func ResourceServiceEngineGroupSchema() map[string]*schema.Schema {
                        Optional: true,
                        Default:  false,
                },
-               "enable_routing": {
-                       Type:     schema.TypeBool,
-                       Optional: true,
-                       Default:  false,
-               },
-               "enable_vip_on_all_interfaces": {
+               "enable_pcap_tx_ring": {
                        Type:     schema.TypeBool,
                        Optional: true,
                        Default:  true,
                },
-               "enable_vmac": {
-                       Type:     schema.TypeBool,
-                       Optional: true,
-                       Default:  false,
-               },
                "ephemeral_portrange_end": {
                        Type:     schema.TypeInt,
                        Optional: true,
@@ -259,16 +244,6 @@ func ResourceServiceEngineGroupSchema() map[string]*schema.Schema {
                        Optional: true,
                        Default:  0,
                },
-               "floating_intf_ip": {
-                       Type:     schema.TypeList,
-                       Optional: true,
-                       Elem:     ResourceIpAddrSchema(),
-               },
-               "floating_intf_ip_se_2": {
-                       Type:     schema.TypeList,
-                       Optional: true,
-                       Elem:     ResourceIpAddrSchema(),
-               },
                "flow_table_new_syn_max_entries": {
                        Type:     schema.TypeInt,
                        Optional: true,
@@ -576,6 +551,11 @@ func ResourceServiceEngineGroupSchema() map[string]*schema.Schema {
                        Optional: true,
                        Default:  1500,
                },
+               "se_kni_burst_factor": {
+                       Type:     schema.TypeInt,
+                       Optional: true,
+                       Default:  0,
+               },
                "se_lro": {
                        Type:     schema.TypeBool,
                        Optional: true,
@@ -599,7 +579,12 @@ func ResourceServiceEngineGroupSchema() map[string]*schema.Schema {
                "se_pcap_pkt_sz": {
                        Type:     schema.TypeInt,
                        Optional: true,
-                       Default:  65536,
+                       Default:  69632,
+               },
+               "se_pcap_qdisc_bypass": {
+                       Type:     schema.TypeBool,
+                       Optional: true,
+                       Default:  true,
                },
                "se_pcap_reinit_frequency": {
                        Type:     schema.TypeInt,
@@ -621,10 +606,25 @@ func ResourceServiceEngineGroupSchema() map[string]*schema.Schema {
                        Optional: true,
                        Default:  1501,
                },
-               "se_routing": {
-                       Type:     schema.TypeBool,
+               "se_rum_sampling_nav_interval": {
+                       Type:     schema.TypeInt,
                        Optional: true,
-                       Default:  true,
+                       Default:  1,
+               },
+               "se_rum_sampling_nav_percent": {
+                       Type:     schema.TypeInt,
+                       Optional: true,
+                       Default:  1,
+               },
+               "se_rum_sampling_res_interval": {
+                       Type:     schema.TypeInt,
+                       Optional: true,
+                       Default:  2,
+               },
+               "se_rum_sampling_res_percent": {
+                       Type:     schema.TypeInt,
+                       Optional: true,
+                       Default:  100,
                },
                "se_sb_dedicated_core": {
                        Type:     schema.TypeBool,
@@ -803,7 +803,7 @@ func ResourceServiceEngineGroupSchema() map[string]*schema.Schema {
                "vs_se_scaleout_ready_timeout": {
                        Type:     schema.TypeInt,
                        Optional: true,
-                       Default:  25,
+                       Default:  60,
                },
                "vs_switchover_timeout": {
                        Type:     schema.TypeInt,

There appear to be other things removed too. Was this removal intended?

Describe the bug

lifecycle ignore_changes is not working as expected for avi_virtualservice resource. In my case i have two datascripts attached to VS and if i add ignore lifecycle for datascript is isn't ignoring or validating if someone other tool had changed datascripts on AVI directly. If i got do API call against AVI to change Data script allocation within VS , next terraform apply will change it to state if was per last terraform apply.

Below is the code i am testing this with.

data "avi_sslprofile" "pp_strong" {

name = "pp_strong"

}

data "avi_vsdatascriptset" "healthcheck_disable" {

name = "healthcheck_disable"

}

data "avi_vsdatascriptset" "healthcheck_enable" {

name = "healthcheck_enable"

}

data "avi_vsdatascriptset" "ds_geo_ip" {

name = "ds_geo_ip"

}

resource "avi_virtualservice" "test" {

name = "test"

vsvip_ref = avi_vsvip.test1.id

enabled = true

vs_datascripts {

index = 1

vs_datascript_set_ref = data.avi_vsdatascriptset.healthcheck_disable.id

}

vs_datascripts {

index = 2

vs_datascript_set_ref = data.avi_vsdatascriptset.ds_geo_ip.id

}
lifecycle{ ignore_changes =[ vs_datascripts ] }

services {

port = 80

port_range_end = 80

}

}

Reproduction steps

1. Create VS with datascript attached to it and apply config via terraform.
2. Change Datascript on virtual service either via API calls or via GUI.
3. Add lifecycle ignore to terraform code and perform terraform apply. You will not see terraform making any changes to Datascript in plan or apply command however when apply it complete you will see Datascripts are reverted back to what it was in Terraform git code.
   ...

Expected behavior

Expecting that if any changes were done on datascripts side via direct API's or console terraform should ignore them as we have ignore lifecycle configuration added.

Additional context

No response

Hi team,

I would like to create a DNS entry that refers to avi_virtualservice with auto allocated IP-address.
Would be very grateful if you could provide some advice how to retrieve IP-address of avi_virtualservice.

I am using OpenStack, but I suppose it should be similar for all clouds so here you could find the sample:
https://github.com/terraform-providers/terraform-provider-avi/blob/master/examples/aws/avi_app/avi_config.tf#L395

Unfortunately, output doesn't show the IP-address, so I can't assign it.

avi_virtualservice_vip = [
  {
    "auto_allocate_floating_ip" = false
    "auto_allocate_ip" = true
    "auto_allocate_ip_type" = "V4_ONLY"
    "availability_zone" = ""
    "avi_allocated_fip" = false
    "avi_allocated_vip" = true
    "discovered_networks" = []
    "enabled" = true
    "floating_ip" = []
    "floating_ip6" = []
    "floating_subnet6_uuid" = ""
    "floating_subnet_uuid" = ""
    "ip6_address" = []
    "ip_address" = []
    "ipam_network_subnet" = []
    "network_ref" = ""
    "placement_networks" = []
    "port_uuid" = ""
    "subnet" = [
      {
        "ip_addr" = [
          {
            "addr" = "SUBNET_WAS_HERE"
            "type" = "V4"
          },
        ]
        "mask" = 26
      },
    ]
    "subnet6" = []
    "subnet6_uuid" = ""
    "subnet_uuid" = "SUBNET_UUID_WAS_HERE"
    "vip_id" = "0"
  },
]

Thank you in advance for your help.

Describe the bug

When avi_sslkeyandcertificate is used, it always has changes. Even though neither key or certificate has actually changed.

Reproduction steps

1. Create a self-signed key/certificate pair, e.g. openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout server.key -out server.crt
2. Create a resource like this:

resource "avi_sslkeyandcertificate" "certificate" {
  name = "mycert"

  type       = "SSL_CERTIFICATE_TYPE_VIRTUALSERVICE"
  tenant_ref = var.tenant_id  # pass as variable

  key = file("./server.key")

  certificate {
    self_signed = true
    certificate = file("./server.crt")
  }

}

3. terraform apply.. this creates the expected certificate.
4. terraform apply or plan, shows changes:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.certificate-from-file.avi_sslkeyandcertificate.certificate will be updated in-place
  ~ resource "avi_sslkeyandcertificate" "certificate" {
        id                   = "https://192.168.99.13/api/sslkeyandcertificate/sslkeyandcertificate-667eca56-174f-47ae-af9a-659129d80d70"
      ~ key                  = (sensitive value)
        name                 = "mycert"
        # (11 unchanged attributes hidden)

      - certificate {
          - certificate                 = <<-EOT
                -----BEGIN CERTIFICATE-----
                MIIFHzCCAwegAwIBAgIUIjZ+zzC2h9ipipsZHZWnN4mLFmswDQYJKoZIhvcNAQEL
                BQAwHzEdMBsGA1UEAwwUYWxiLXNlbGYtc2lnbmVkLWNlcnQwHhcNMjQwNDEwMDgz
                NjE1WhcNMjUwNDEwMDgzNjE1WjAfMR0wGwYDVQQDDBRhbGItc2VsZi1zaWduZWQt
                Y2VydDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALrH5pwW1O2Mh7BB
... cut for readability

Expected behavior

If the key or certificate has not changed, nothing should be changed.

Additional context

Possibly related to #510 and/or #522 ? Tested with provider version v22.1.5, NSX ALB version 22.1.5 2p3. The same is true for the Ansible module which is also not idempotent. So I assume this is because the API doesn't reveal information after the certificate is created. If that's the case, IMO, it should be documented and a workaround (implicit ignore?) offered.

Describe the bug

the Avi_pool page in https://registry.terraform.io/providers/vmware/avi/latest/docs/resources/avi_pool is not properly formatted and is missing descriptions as a result.

Reproduction steps

1.Navigate to https://registry.terraform.io/providers/vmware/avi/latest/docs/resources/avi_pool#argument-reference
2. look at page...

Expected behavior

Page should look more like this one for the virtual service

Additional context

No response

This issue was originally opened by @vthinsel as hashicorp/terraform#25099. It was migrated here as a result of the provider split. The original body of the issue is below.

Terraform Version

Terraform v0.12.26

• provider.avi v0.2.2

Terraform Configuration Files

resource "avi_virtualservice" "ReverseProxy" {
  name = "VS-ReverseProvy"
  tenant_ref              = data.avi_tenant.default_tenant.id
  vsvip_ref               = avi_vsvip.test_vsvip.id
  cloud_ref               = data.avi_cloud.default_cloud.id
  application_profile_ref = data.avi_applicationprofile.application_profile1.id
  network_profile_ref     = data.avi_networkprofile.network_profile1.id
  enabled                 = true
  type                    = "VS_TYPE_VH_PARENT"
  services {
    port       = 8443
    enable_ssl = true
  }
}

resource "avi_virtualservice" "ReverseProxyChild01" {
  name           = "VS-ReverseProvy-Child01"
  pool_group_ref = avi_poolgroup.poolgroup01.id
  //pool_ref                = avi_pool.lb_pool01.id
  tenant_ref = data.avi_tenant.default_tenant.id
  //vsvip_ref                    = avi_vsvip.test_vsvip.id
  cloud_ref = data.avi_cloud.default_cloud.id
  //ssl_key_and_certificate_refs = [data.avi_sslkeyandcertificate.ssl_cert1.id]
  //ssl_profile_ref              = data.avi_sslprofile.ssl_profile1.id
  application_profile_ref = data.avi_applicationprofile.application_profile1.id
  network_profile_ref     = data.avi_networkprofile.network_profile1.id
  enabled                 = true
  type                    = "VS_TYPE_VH_CHILD"
  vh_domain_name          = ["rpchild01.domain.com", "rpchild01.domain2.com"]
  vh_parent_vs_uuid       = avi_virtualservice.ReverseProxy.uuid
}
...

Debug Output

Crash Output

https://gist.github.com/vthinsel/180b086ba9a356a3d0fad7ca1e3f3c1d

Expected Behavior

Child Virtual server should be updated.

Actual Behavior

Crashed when trying to modify

avi_virtualservice.ReverseProxyChild01: Modifying... [id=https://10.126.4.31/api/virtualservice/virtualservice-d9bbce25-fef9-4bda-8bce-591e33145660]

Error: rpc error: code = Unavailable desc = transport is closing

Steps to Reproduce

terraform plan => OK
terraform apply => KO

Describe the bug

In the example usage of avi_user from https://registry.terraform.io/providers/vmware/avi/latest/docs/resources/avi_user#example-usage the argument tenant_ref is used. But this is not a supported argument. The correct arguement is default_tenant_ref.

Reproduction steps

1. Try do deploy avi_user resource

resource "avi_user" "foo" {
    name = "terraform-example-foo"
    tenant_ref = "/api/tenant/?name=admin"
}

2. Apply
3. Receive error

│ Error: Unsupported argument
│
│   on 201_t1-001-alb-cloud.tf line 87, in resource "avi_user" "foo":
│   87:     tenant_ref = "/api/tenant/?name=admin"
│
│ An argument named "tenant_ref" is not expected here.

Expected behavior

Adjust example usage with the correct argument.

Additional context

No response

When I add a vcenter_cloud argument to my avi_cloud resource I get

2019/11/22 15:45:17 [ERROR] : eval: *terraform.EvalValidateResource, err: Unsupported argument: An argument named "vcenter_configuration" is not expected here. Did you mean to define a block of type "vcenter_configuration"?
2019/11/22 15:45:17 [ERROR] : eval: *terraform.EvalSequence, err: Unsupported argument: An argument named "vcenter_configuration" is not expected here. Did you mean to define a block of type "vcenter_configuration"?
2019/11/22 15:45:17 [TRACE] [walkValidate] Exiting eval tree: avi_cloud.vcenter
2019/11/22 15:45:17 [TRACE] vertex "avi_cloud.vcenter": visit complete
Error: Unsupported argument
on cloud.tf line 6, in resource "avi_cloud" "vcenter":
6: vcenter_configuration = "${var.vcenter_configuration}"
An argument named "vcenter_configuration" is not expected here. Did you mean
to define a block of type "vcenter_configuration"?

My resource definition looks like this

resource "avi_cloud" "vcenter" {
  name  = "${var.cloud_name}"
  vtype = "${var.vtype}"
  vcenter_configuration = "${var.vcenter_configuration}"
}

the value of ${var.vcenter_configuration}" is

vcenter_configuration = [{
  "datacenter" = "datacenter_name"
  management_ip_subnet = [{
    "ip_addr" = [{
      "addr" = "10.***.***.128"
      "type" = "V4"
    }]
    "mask" = 25
  }]
  "management_network"           = "VM Network"
  "password"                     = "*******"
  "privilege"                    = "write"
  "username"                     = "****"
  "vcenter_template_se_location" = "active-active"
  "vcenter_url"                  = "vcenter01.*******"
}]

Steps to re-produce:

1. Create a vsvip resource

resource "avi_vsvip" "example" {
  name      = "vsvipExample"
  cloud_ref = data.avi_cloud.cloud.id
  vip {
    vip_id           = "1"
    auto_allocate_ip = true
    discovered_networks {
      network_ref = data.avi_network.avi_vip_internal.id
      subnet {
        mask = 24
        ip_addr {
          addr = "192.168.1.0"
          type = "V4"
        }
      }
    }
  }
}

2. Create a virtual service resource and reference the vsvip

resource "avi_virtualservice" "example" {
  name              = "vsExample"
  vrf_context_ref   = data.avi_vrfcontext.internal.id
  cloud_ref         = data.avi_cloud.cloud.id
  cloud_type        = "CLOUD_VCENTER"
  enabled           = true
  type              = "VS_TYPE_VH_PARENT"
  advertise_down_vs = false
  vsvip_ref         = avi_vsvip.example.uuid #Referencing the VS VIP Object created above
  services {
    port       = 80
    enable_ssl = false
  }
  services {
    port       = 443
    enable_ssl = true
  }
  application_profile_ref      = data.avi_applicationprofile.app_profile.id
  network_profile_ref          = data.avi_networkprofile.net_profile.id
  ssl_profile_ref              = data.avi_sslprofile.ssl_profile.id
  ssl_key_and_certificate_refs = [data.avi_sslkeyandcertificate.internal_wildcard.id]
  analytics_profile_ref        = data.avi_analyticsprofile.analytics_profile.id
  analytics_policy {
    metrics_realtime_update {
      enabled  = var.avi_logging_enabled
      duration = 0
    }
    all_headers = false
    full_client_logs {
      enabled  = var.avi_logging_enabled
      duration = 0
    }
  }
}

3. Run terraform plan and then terraform apply
4. Re-run terraform plan and it reports a change needs to occur to match the configuration
   Terraform will perform the following actions:

  # avi_virtualservice.example will be updated in-place
  ~ resource "avi_virtualservice" "example" {
        id                                 = "https://avi.example.com/api/virtualservice/virtualservice-3ce13e73-77e8-4f90-a86c-4d7095a3dc58"
        name                               = "example"
      ~ vsvip_ref                          = "https://avi.example.com/api/vsvip/vsvip-c073cc3b-dd94-428f-84c4-2df7f3c7331f" -> "vsvip-c073cc3b-dd94-428f-84c4-2df7f3c7331f"
        # (35 unchanged attributes hidden)


        # (3 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Desired Behavior:

The subsequent terraform plan should report that no changes are required.

This seems to be an issue where the .uuid property exported from the vsvip resource is just vsvip-{UUID} whereas the vsvip_ref property is automatically converted to the full URL of the API object by the controller post-apply.

In my eyes the fix from the terraform provider side would be to change uuid to export the entire URL rather than just the resource ID.

Describe the bug

Terraform produces following error in create user function
│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to avi_useraccount.avi_user, provider "provider["registry.terraform.io/vmware/avi"]" produced an unexpected new value: Root resource
│ was present, but now absent.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.

Reproduction steps

1. Deploy 3 VMs from template
2. Use following snippet
terraform {
  required_providers {
    vsphere = {
      source  = "hashicorp/vsphere"
      version = "~> 2.0.0"
     }
    avi = {
      source  = "vmware/avi"
      version = "~> 21.1.1"
    }
  }
}

provider "avi" {
  avi_username   = var.avi_username
  avi_password   = var.avi_password      #even tried with var.avi_new_password
  avi_controller = vsphere_virtual_machine.controller[0].default_ip_address
  avi_tenant     = "admin"
}

resource "avi_useraccount" "avi_user" {
  username     = var.avi_username
  old_password = var.avi_password
  password     = var.avi_new_password
}

3. Username tried was both "admin" and non-admin.

Expected behavior

User account would be created

Additional context

No response

Describe the bug

Creating a resource avi_server while omitting the port results in:

╷
│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to avi_server.server_example, provider "provider[\"registry.terraform.io/vmware/avi\"]" produced an unexpected new value: Root resource was present, but now absent.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵

The port should be optional (as stated in the API documentation). Omitting the port is fine as long as there is a default_server_port declared in the avi_pool resource.

Reproduction steps

Minimal TF configuration of the resources:

resource "avi_pool" "pool_example" {
  name = "POOL_example"
  tenant_ref = data.avi_tenant.example.id
  cloud_ref = data.avi_cloud.default.id
  default_server_port = 31400
}

resource "avi_server" "server_example" {
  hostname = "example.org"
  ip = "127.0.0.1"
  pool_ref = avi_pool.pool_example.id
  //port = 31400
}

Step 1: Run terraform apply

Expected behavior

When omitting the port there should be no error and the port of the server should be set to -.

Additional context

• We use a custom tenant
• Provider version: 22.1.4
• NSX version: 22.1.4

I'm attempting to port over a significant amount of bash/curl scripts for configuring Avi over to Terraform and I've run into a roadblock when attempting to set the dns_configuration field in avi_systemconfiguration.

I can clearly see the values imported to the resource when using terraform import.

❯ terraform state show avi_systemconfiguration.avi_system
resource "avi_systemconfiguration" "avi_system" {
...
dns_configuration {
        server_list {
            addr = "8.8.8.8"
            type = "V4"
        }
    }
}

However, when attempting set this value in a module definition, I receive an error that states 'An argument named "dns_configuration" is not expected here'

❯ cat avi.tf
...
resource "avi_systemconfiguration" "avi_system" {
  uuid = "default"
  dns_configuration = ""
  ssh_ciphers               = [
          "aes128-ctr",
          "aes256-ctr",
        ]
  ssh_hmacs                 = [
          "[email protected]",
          "[email protected]",
          "[email protected]",
          "hmac-sha2-512",
        ]
  enable_cors = true
  welcome_workflow_complete = true
}
❯ terraform plan

Error: Unsupported argument

  on avi.tf line 9, in resource "avi_systemconfiguration" "avi_system":
   9:   dns_configuration = {}

An argument named "dns_configuration" is not expected here. Did you mean to
define a block of type "dns_configuration"?

I know for a fact that this value is changeable using the REST API via the /api/systemconfiguration endpoint. The field is also described in the Avi Terraform documentation. I have a running Avi controller versioned at 20.1.4 and am using the 20.1.6 provider.

Describe the bug

When destroying avi_serviceenginegroup resources the provider crashes with the following stacktrace:

avi_serviceenginegroup.default: Destroying... [id=https://xxx.xxx.xxx.xxx/api/serviceenginegroup/serviceenginegroup-12f5a713-21b4-4356-a02a-25c0cf61bde4]
╷
│ Error: Plugin did not respond
│ 
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may contain more details.
╵

Stack trace from the terraform-provider-avi_v21.1.4 plugin:

panic: interface conversion: interface {} is string, not int

goroutine 83 [running]:
github.com/vmware/terraform-provider-avi/avi.resourceAviServiceEngineGroupDelete(0x140005eb698?, {0x1013c7340?, 0x14000075680})
        github.com/vmware/terraform-provider-avi/avi/resource_avi_serviceenginegroup.go:1669 +0x538
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).delete(0x10121f52e?, {0x10158d4e0?, 0x14000650680?}, 0x24?, {0x1013c7340?, 0x14000075680?})
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:369 +0x138
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0x1400010c9a0, {0x10158d4e0, 0x14000650680}, 0x140009d3930, 0x14000311400, {0x1013c7340, 0x14000075680})
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:428 +0x2fc
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0x140003127c8, {0x10158d4e0, 0x14000650680}, 0x140010b2e10)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:977 +0xb40
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0x140001bb080, {0x10158d588?, 0x14000cbbaa0?}, 0x140006c2000?)
        github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:332 +0x68
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x10152f9c0?, 0x140001bb080}, {0x10158d588, 0x14000cbbaa0}, 0x14001242420, 0x0)
        github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:380 +0x174
google.golang.org/grpc.(*Server).processUnaryRPC(0x140002a0e00, {0x10158fea8, 0x14000bce000}, 0x14000374400, 0x14000b48bd0, 0x101a679c0, 0x0)
        google.golang.org/[email protected]/server.go:1194 +0xaf0
google.golang.org/grpc.(*Server).handleStream(0x140002a0e00, {0x10158fea8, 0x14000bce000}, 0x14000374400, 0x0)
        google.golang.org/[email protected]/server.go:1517 +0x840
google.golang.org/grpc.(*Server).serveStreams.func1.2()
        google.golang.org/[email protected]/server.go:859 +0x88
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/[email protected]/server.go:857 +0x298

Error: The terraform-provider-avi_v21.1.4 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Reproduction steps

1. Create avi_serviceenginegroup resource (as well as its dependencies), say it's named group
2. Comment out the avi_serviceenginegroup resource code and run terraform apply -auto-approve
   or
   Run terraform destroy -auto-approve (WARNING: it will destroy everything tracked in the state file)
   or
   Run terraform taint avi_serviceenginegroup.group && terraform apply -auto-approve
3. See the error

Expected behavior

The avi_serviceenginegroup resource gets simply destroyed with no errors.

Additional context

Provider version tested is 21.1.4.

I'm interested in TCP, HTTP, HTTPS and UDP health monitors. avi_healthmonitor resource has tcp_monitor, udp_monitor, http_monitor and https_monitor settings. How are these values set?

Describe the bug

The documentation website does not correctly identify any examples within the resource or data source documentation pages even though sections and samples do exist in the examples folder (although incorrect...)

Furthermore, the documentation is not helpful. There is no description of the correct order resource calls have to be made in for a working Avi system to be created. The only way to determine this is to step through a manual configuration and then reverse engineer the steps into terraform (and only by reading the source code due to a lack of type information in the 'website' documentation - just names, no values, no values examples).

E.g. on https://registry.terraform.io/providers/vmware/avi/latest/docs/resources/avi_systemconfiguration the documentation for ntp_configuration is "(Optional) Dict settings for systemconfiguration." but there is no information on its format, no example, and no link to type information. You have to read the Go source code and then do trial by error when creating a module.

Reproduction steps

1. Read the documentation: https://registry.terraform.io/providers/vmware/avi/latest/docs/resources/avi_systemconfiguration
2.
3.
...

Expected behavior

Clear, concise documentation that gives real examples for each resource/datasource for common usage scenarios with an explanation beyond a single sentence. Also links to type information for dict type elements, again with examples.

There should be a list of which minimum elements post VM creation are required to get a fully configured Avi system - currently this list and order is not available in the terraform provider.

Additional context

No response

Describe the bug

When using Enhanced Virtual Service setup, we always receive the the following error
HTTP code: 400; error from Avi: map[error:{"vh_matches":"{"path":"Field check for path failed : There must be at least 1 path"}"}]

Additionally, when importing an enhanced virtual service with valid vh_matches configuration into local state, the vh_mathes field is always null.

Reproduction steps

1. Configure valid parent VVS resource
2. Configure valid child VVS resource
3. Apply
4. Receive error: HTTP code: 400; error from Avi: map[error:{"vh_matches":"{"path":"Field check for path failed : There must be at least 1 path"}"}]

Expected behavior

Virtual Service creation should succeed with the specified path configurations provided.

Additional context

`
resource "avi_virtualservice" "child" {
name = "example-child"
type = "VS_TYPE_VH_CHILD"
vh_type = "VS_TYPE_VH_ENHANCED"
vh_parent_vs_ref = avi_virtualservice.parent-vs.id

vh_matches {
  host = "test.example.com"
  rules {
    name = "test"
    matches {
      path {
        match_str = ["/test"]
        match_criteria = "BEGINS_WITH"
        match_case = "INSENSITIVE"
      }
    }
  }
}

}
`

I went through the examples provided and could not find a gslb one.
If any one has it, can you please provide?

Describe the bug

Every time terraform apply is executed it is always indicated that the avi_authprofile resource will be changed even when executed immediately after the first execution.

Reproduction steps

1. Execute terraform apply.
   2.Accept changes to avi_authprofile resource
2. Execute terraform apply again.
3. terraform always indicates that the avi_authprofile resource will be updated.

Expected behavior

If no updates are required none should be made.

Additional context

No response

We have compiled the source from https://github.com/vmware/terraform-provider-avi/tree/v21.1.1
and kept the binary locally and provider block looks as below

terraform {
  required_providers {
    avi = {
	  version = "21.1.1"
      source  = "xxx.xxx/edu/avi"      
    }
  }
}

Kept binary at C:\Users\xxxxxxx\AppData\Roaming\terraform.d\plugins\xxx.xxx\edu\avi\21.1.1\windows_amd64\terraform-provider-avi.exe

with above terraform init works fine. terraform providers out put shows as below,

├── provider[xxx.com/edu/avi] 21.1.1
└── module.avi
└── provider[xxx.com/edu/avi] 21.1.1

When we try to rename the provider from avi to something else, for eg xxxavi issue starts,

terraform {
  required_providers {
    xxxavi = {
	  version = "21.1.1"
      source  = "xxx.xxx/edu/avi"      
    }
  }
}

Kept binary at C:\Users\xxxxxxx\AppData\Roaming\terraform.d\plugins\xxx.xxx\edu\xxxavi\21.1.1\windows_amd64\terraform-provider-xxxavi.exe

terraform init command throws below error

Initializing the backend...

Initializing provider plugins...

• Finding fid.com/edu/xxxavi versions matching "21.1.1"...
  - Finding latest version of hashicorp/avi...
• Installing fid.com/edu/xxxavi v21.1.1...
• Installed fid.com/edu/xxxavi v21.1.1 (unauthenticated)
  ╷
  │ Error: Failed to query available provider packages
  │
  │ Could not retrieve the list of available versions for provider hashicorp/avi: provider registry registry.terraform.io does not have a provider named registry.terraform.io/hashicorp/avi
  │

terraform provider output as below

├── provider[xxx.com/edu/xxxavi] 21.1.1
└── module.avi
├── provider[xxx.com/edu/xxxavi] 21.1.1
└── provider[registry.terraform.io/hashicorp/xxxavi]

Any idea, why is it going to hashicorp/avi?

Describe the bug

I am trying to create a NSX-T cloud in AVI with IPAM profile and usable_networks restricted to VIP network. Unfortunatly this leads to the following error:
│ Error: Cycle: avi_vrfcontext.dataVrf, avi_network.network-vip, avi_ipamdnsproviderprofile.ipam, avi_cloud.nsx

Reproduction steps

1. Create avi_cloud with the required resources
2. Create avi_ipamdnsproviderprofile with usable_networks restricted to VIP network

resource "avi_ipamdnsproviderprofile" "ipam" {
  name = "${var.cloudName}-ipam"
  type = "IPAMDNS_TYPE_INTERNAL"

  internal_profile {
    usable_networks {
      nw_ref = avi_network.network-vip.id
    }
  }

  allocate_ip_in_vrf = true
  tenant_ref         = avi_tenant.tenant.id
}

3. Receive error:
   │ Error: Cycle: avi_vrfcontext.dataVrf, avi_network.network-vip, avi_ipamdnsproviderprofile.ipam, avi_cloud.nsx

Expected behavior

It is possible to create a NSX-T cloud in AVI with IPAM profile and usable_networks restricted to VIP network.

Additional context

AVI Controller Version: 22.1.5
NSX-T Version: 4.1.2.3

Describe the bug

While updating the Default Cloud, get the following error after 450 secs -

│ Error: didn't get expected state CLOUD_STATE_PLACEMENT_READY in cloud-inventory. Current State: CLOUD_STATE_PLACEMENT_READY
│
│   with avi_cloud.vmware_cloud_wcp,
│   on main.tf line 168, in resource "avi_cloud" "vmware_cloud_wcp":
│  168: resource "avi_cloud" "vmware_cloud_wcp" {

The controller shows the cloud status as Ready.

Reproduction steps

22.1.3

terraform plan - shows the cloud will be updated

terraform apply - times out in 450 secs with the above error.

resource "avi_cloud" "vmware_cloud_wcp" {
  name                                     = var.cloud_name
  vtype                                     = "CLOUD_VCENTER"
  autoscale_polling_interval  = 60
  dhcp_enabled                      = true
  vmc_deployment                  = false
  dns_resolution_on_se          = false
  enable_vip_on_all_interfaces  = false
  enable_vip_static_routes         = false
  ip6_autocfg_enabled                = false
  maintenance_mode                  = false
  prefer_static_routes                 = false
  state_based_dns_registration = true
  license_tier                                = "ENTERPRISE"
  license_type                              = "LIC_CORES"
  metrics_polling_interval           = 60
  mtu                                             = 1500
  ipam_provider_ref                    = avi_ipamdnsproviderprofile.wcp_ipam.id
#  dns_provider_ref                    = avi_ipamdnsproviderprofile.wcp_dns.id
  se_group_template_ref            = "https://${var.avi_controller_ips[0]}/api/serviceenginegroup/${data.avi_serviceenginegroup.wcp_serviceenginegroup.uuid}"
  tenant_ref                        = data.avi_tenant.tenant.id
  vcenter_configuration {
    privilege               = "WRITE_ACCESS"
    username                = var.vcenter_username
    password                = var.vcenter_password
    vcenter_url             = var.vcenter_url
    datacenter              = var.vcenter_datacenter
    use_content_lib         = true
    deactivate_vm_discovery = false
    is_nsx_environment      = false
    content_lib {
      id = data.vsphere_content_library.library.id
    }
    management_network      = "https://${var.avi_controller_ips[0]}/api/vimgrnwruntime/${data.vsphere_network.wcp_mgmt_network.id}-${data.avi_cloud.default.uuid}"
  }
}

Expected behavior

terraform apply should return back success on successful completion.

Additional context

No response

Describe the bug

The default value for api_version is hardcoded to quite an old version. This means every use of a current release will fail on certain calls (E.g. resource systemconfiguration). The error is here:-

The error message is not clear, stating that a value is provided (even if it isn't, it just has a default value of false, like common_criteria_enabled) that is not supported when it is, because it's documented and implemented in the provider.

Also this error is not picked up in the plan step but only in the apply step.

Reproduction steps

1. Run any non-trivial call against a recent version of Avi Controller
2.
3.
...

Expected behavior

The default version of the API should, by default, match the release version of the provider.

Also this version mismatch should be better documented in all examples. (Anywhere avi_provider is configured)

Please also validate the configuration applicability to api_version in the plan step, not the apply step.

Also please introduce a test between versions to ensure that as api_version is increased, and new elements introduced, that the resources are not deleted and recreated.

Additional context

No response

Describe the bug

We are trying to create a cloud but running into what seems to be an issue with a removed API end point.

AVI version: 22.1.2
Provider version: 22.1.2

When we're trying to add the cloud, the configuration is added but the management network fails to get added correct and our TF outputs the following error:

[ERROR] vertex "avi_cloud.cloud" error: Encountered an error on GET request to URL https://10.100.10.21/api/vimgrvcenterruntime?cloud_uuid=cloud-71fed51a-a442-4fcb-a8d2-3ef8da8cd5be: HTTP code: 404; error from Avi: <nil>

From what we understand, the vimgrvcenterruntime endpoint has been removed in version 22.1.x

Is there something that needs to be updated in the provider or do we need to modify something on this side?

Reproduction steps

1. Create cloud resource
2. Apply terraform

Expected behavior

We should get a working cloud config with no errors.

Additional context

No response

Hello,

I am trying to user terraform avi provider to create a pool using below template, and getting error

Error: Encountered an error on POST request to URL https://xxxxxxxxx/api/pool: HTTP code: 400; error from Avi: map[error:Incoming request (v18_2_8) has field (enable_http2) introduced in later versions(v20_1_1).]

Am I doing something wrong?,

terraform {
required_providers {
avi = {
source = "vmware/avi"
version = "21.1.1-beta1.0"
}
}
}

provider "avi" {
avi_username = ""
avi_password = ""
avi_controller = ""
avi_tenant = ""
}

resource "avi_healthmonitor" "avi_healthmonitor" {
name = "test-443-pool-terraform"
type = "HEALTH_MONITOR_HTTPS"
https_monitor {
http_request = "GET /welcome HTTP/1.1"
http_response_code = ["HTTP_2XX"]
}
}
resource "avi_pool" "avi_pool" {
name = "test-443-pool-terraform"
analytics_profile_ref = System-Analytics-Profile
ssl_profile_ref = serverssl
health_monitor_refs = [avi_healthmonitor.avi_healthmonitor.id]
}

Describe the bug

AVI version :- 21.1.2
Terraform Version :- .13.5

module.avi-config-systemconfiguration.null_resource.ntp_server_key_workaround: Creation complete after 1s [id=6357873502358716222]

Error: Encountered an error on PUT request to URL https://10.171.111.195/api/serviceenginegroup/serviceenginegroup-5b570e8b-7b1a-4426-bdfe-eb4eff5eb5e1?skip_default=true: HTTP code: 500.

Error: Provider produced inconsistent result after apply

When applying changes to
module.avi-config-network.avi_network.networks["avi"], provider
"registry.terraform.io/vmware/avi" produced an unexpected new value: Root
resource was present, but now absent.

This is a bug in the provider, which should be reported in the provider's own
issue tracker.

Reproduction steps

1. re-run the terraform apply ... validate logs on AVi controller 
attaching logs as an attachment

Expected behavior

put call should be 200 response code : https://10.171.111.195/api/serviceenginegroup/serviceenginegroup-5b570e8b-7b1a-4426-bdfe-eb4eff5eb5e1?skip_default=true

Additional context

No response

Describe the bug

The Terraform provider does not throw an error if it is being asked to create a resource that already exists.

For example, if you manually create a health monitor named "TEST123" via GUI, REST or CLI, then use Terraform to create an avi_healthmonitor resource using the same name, Terraform will overwrite the existing TEST123 monitor.

This is in direct conflict to all other Terraform providers which prevent managing existing resources unless they are imported into the TF state fire. Furthermore, it exposes a risk to the infrastructure where multiple development teams could mangle/cross-workspace manage the same objects.

Reproduction steps

1. Create a Ping monitor via the GUI with unusual values (description, high test values etc)
2. Create avi_healthmonitor terraform resource using the same monitor name and type but different values
3. Run terraform apply
4. Confirm only 1 Ping monitor exists with the specified name and that all values have been changed to the Terraform inputs

Expected behavior

Terraform should throw an exception that the resource already exists and that it needs to be imported in to the state file to be managed.

Additional context

I have confirmed this behavior on Monitors and GSLB services but suspect it exists in many other resources.

Describe the bug

None of the existing examples for vsphere can possibly result in a successful deployment for several reasons:-

1. They do not correctly specify that the old_password for an initial avi install is a hardcoded value available to current customers only
2. They do not correctly use depends_on to ensure resources are created in the correct order
3. The avi_useraccount call can never succeed immediately after a controller VM creation - you have to include a (for example) data.avi_systemconfiguration read first in order to ensure the controller on the VM is ready for initialisation
4. The provided vm creation example does not have an ip address in use wait specified, again causing calls to fail
5. No examples show initial configuration of an avi controller post creation
6. No examples show configuring static ip, default gateway, or NTP information (they assume DHCP is used for the management network, but this is not explained anywhere, or documented)
7. The default API version for avi terraform 21.1.4 seems to be API version 18.8 - meaning a basic systemconfiguration resource will fail due to common_criteria_mode being included (even with false) - no mention of api_version being used in the basic set up examples

Reproduction steps

1. Run the examples against a h2o.vmware.com demo environment
2. Observe the failure
3.
...

Expected behavior

There should be a working example that is non trivial in accordance with the VMware avi set up documentation. This should include all aspects including, but not limited to, deploy the controller ova to a content library, creating VMs, joining VMs to a cluster, providing initial system configuration (default gateway, ip, ntp, dns etc.), followed by configuring the CA to include the management IP address(es), setting up a management VIP, configuring the SE group and cloud for vSphere settings.

Additional context

Currently this is only possible, in a hacky way, through reverse engineering

Describe the bug

The Avi terraform provider is a thin wrapper for the Avi Go wrapper, and Avi REST API. It is quite common (resource systemconfiguration) to get HTTP 500 errors with no explanatory text or details.

This makes it impossible to debug any incorrect settings in a terraform module using the avi provider.

Please investigate the possibility of passing these through to the terraform error output by using the diagnostics mechanism, as per hashicorp terraform provider best practice.

Reproduction steps

1. Apply a resource systemconfiguration with a few fields that are non-trivial (E.g. ntp settings)
2. See HTTP 500 returned with no explanatory details
3.
...

Expected behavior

Any error message or details from the remote server should be passed to the terraform CLI output, with full explanation passed on, rather than just a HTTP status returned with no details.

Additional context

No response

Describe the bug

When creating a resource of type avi_pool, leaving the attribute discovered_networks in servers will produce a diff in subsequent plan/apply.

Reproduction steps

resource "avi_pool" "pool2" {
  name                = "additional-pool"
  cloud_ref           = var.cloud_id
  default_server_port = 8200
  health_monitor_refs = [avi_healthmonitor.hm.id]

  servers {
    ip {
      type = "V4"
      addr = "172.17.0.14"
    }
    hostname = "this-is-a-value"
  }

  ssl_profile_ref = avi_sslprofile.pool_profile.id
}

Result in this terraform diff

Terraform will perform the following actions:

  # module.vault_cluster.module.lb[0].avi_pool.pool2 will be updated in-place
  ~ resource "avi_pool" "pool2" {
        id                                    = "https://172.17.0.30/api/pool/pool-feafecc3-1b69-466f-91dd-c4d4c6d8c0a6"
        name                                  = "additional-pool"
        # (38 unchanged attributes hidden)

      ~ servers {
            # (7 unchanged attributes hidden)

          - discovered_networks {
              - network_ref = "https://172.17.0.30/api/network/dvportgroup-4033-cloud-746a7edc-7d79-49f4-bffb-c8cc2a05967b" -> null

              - subnet {
                  - mask = "16" -> null

                  - ip_addr {
                      - addr = "172.17.0.0" -> null
                      - type = "V4" -> null
                    }
                }
            }

            # (1 unchanged block hidden)
        }

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Expected behavior

Terraform should not generate any difference during subsequent plan/apply

Additional context

From my understanding discovered_networks should be an internal-use attribute and it should not even be proposed as an editable attribute in terraform. In this case, leaving the attribute unset will produce the diff posted above.

Describe the bug

Avi Version 20.1.4
NSX 3.1.1.0

When configuring an NSX-T cloud, network segments are automatically created a part of the cloud initialization process. These segments are referenced in the NSX-T cloud connector, so they must either be able to be imported or updated.

When attempting to update the resource, as expected Terraform instead creates a new object

resource "avi_network" "mgmt" {
  name = "avi-mgmt-seg"
  cloud_ref = avi_cloud.nsx-t-cloud.id
}

The resulting configuration is two network segments with the same name in Infrastructure > Cloud Resources > Networks

Alternatively if you attempt to import the network resource, this also fails using both the network segment name or UUID

terraform import avi_network.mgmt avi-mgmt-seg
avi_network.mgmt: Importing from ID "avi-mgmt-seg"...
avi_network.mgmt: Import prepared!
  Prepared avi_network for import
avi_network.mgmt: Refreshing state... [id=avi-mgmt-seg]
╷
│ Error: Cannot import non-existent remote object
│ 
│ While attempting to import an existing object to "avi_network.mgmt", the provider detected that no object exists with the given id.
│ Only pre-existing objects can be imported; check that the id is correct and that it is associated with the provider's configured
│ region or endpoint, or use "terraform apply" to create a new remote object for this resource.

Reproduction steps

1. Attempt to import avi_network resource.

Expected behavior

Some method should exist to work with this resource in Terraform.

Additional context

No response

Describe the bug

When we pass a custom "tenant_ref" to "avi_pool" resource, this one is created within admin tenant.
Then, if we re-run "terraform apply". Terraform wants to update the "tenant_ref" of the "avi_pool" resource. But, the API returns an error because this parameter is immutable.

Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the
following plan may include actions to undo or respond to these changes.

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
  ~ update in-place

Terraform will perform the following actions:

  # avi_pool.waf_pool will be updated in-place
  ~ resource "avi_pool" "waf_pool" {
        id                                    = "https://*****/api/pool/pool-b2c934db-827f-4018-8174-8668b2224365"
        name                                  = "*****"
      ~ tenant_ref                            = "https://*****/api/tenant/admin" -> "/api/tenant/tenant-ccb42242-f9c6-4503-9469-7ef5bc979987"
        # (37 unchanged attributes hidden)

      ~ servers {
            # (7 unchanged attributes hidden)

          + ip {
              + addr = "10.x.y.z"
              + type = "V4"
            }
            # (1 unchanged block hidden)
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

avi_pool.waf_pool: Modifying... [id=https://*****/api/pool/pool-b2c934db-827f-4018-8174-8668b2224365]
╷
│ Error: Encountered an error on PUT request to URL https://*****/api/pool/pool-b2c934db-827f-4018-8174-8668b2224365?skip_default=true: HTTP code: 400; error from Avi: map[error:Tenant can not be updated]
│
│   with avi_pool.waf_pool,
│   on resources.tf line 5, in resource "avi_pool" "waf_pool":
│    5: resource "avi_pool" "waf_pool" {

Reproduction steps

1. Create "avi_pool" resource with tenant_ref parameter set to custom tenant (new resource or data)
2. terraform apply
3. terraform apply
   ...

Expected behavior

When firstly created, the pool must be directly in custom tenant.

Additional context

Terraform 1.3.3
Avi network provider 22.1.2

Describe the bug

Using v21.1.4 of the provider, I am able to create an avi_gslbservice successfully using Terraform. Once created, if someone manually changes details of the service (like pool priority) in the Avi web interface, Terraform does not detect this change of the object or offer to remediate this.

Reproduction steps

1. Create an avi_gslbservice using Terraform
2. Modify the GSLB service entry using the Avi web interface
3. Run a terraform apply
...

Expected behavior

Terraform should detect the config drift and revert the manual change back to the defined Terraform configuration.

Additional context

I have seen this behavior with GSLB service and health monitors so far.

Avi running v20.1.5 on the controller, using the v20.1.6 TerraForm provider

Trying to create a resource of type avi_vsvip throws the error.

Error: Encountered an error on POST request to URL https://avicontroller/api/vsvip: HTTP code: 400; error from Avi: map[error:Incoming request (v18_2_8) has field (prefix_length) introduced in later versions(v20_1_1).]

We're also getting a similar error creating a resource of type avi_pool

Error: Encountered an error on POST request to URL https://avicontroller/api/pool: HTTP code: 400; error from Avi: map[error:Incoming request (v18_2_8) has field (enable_http2) introduced in later versions(v20_1_1).]

Describe the bug

If using wrong credentials and doing a terraform plan there is no error message. The plan will show that all ressources need to be created again.

If you go ahead and try to apply the plan it will break the statefile which is very critical!

Reproduction steps

Deploy any ressources, change password to a wrong value and do a plan again

Expected behavior

Show helpful error message in case the terraform provider cannot authenticate to the avi controller.

Additional context

No response

Description

The AVI Terraform provider seems to be unable to reconcile the state of AVI load balancer resources that are modified outside of Terraform. Normally Terraform is expected to compare the state of the infrastructure to its configured state and reconcile any deltas.

Steps to Reproduce

1. Create a full AVI load balancer stack resembling the example provided in https://github.com/terraform-providers/terraform-provider-avi/blob/master/examples/basic/avi_example.tf (code provided below)

2. Delete the load balancer stack outside of Terraform

3. Attempt a terraform destroy or terraform apply to reconcile the load balancer state.

4. An error is received Error: Encountered an error on GET request to URL https://<controller ip>/api/pool/pool-06468bb7-210b-4dc7-85eb-5929eed094b1: HTTP code: 404; error from Avi: map[error:Pool object not found!]

Expected Behavior

• terraform destroy should succeed in clearing its state of resources when it determines those resources no longer exist in the infrastructure.
• terraform apply should create resources that are missing.

Details

Versions

Terraform v0.12.21
+ provider.avi v0.2.1

The stack.tf file used for this test

provider "avi" {
  avi_username   = var.avi_username
  avi_password   = var.avi_password
  avi_controller = var.avi_controller
  avi_tenant     = "admin"
}

data "avi_tenant" "default_tenant" {
  name = "admin"
}

data "avi_cloud" "default_cloud" {
  name = var.default_cloud
}

data "avi_vrfcontext" "global_vrf" {
  name      = "global"
  cloud_ref = data.avi_cloud.default_cloud.id
}

data "avi_serviceenginegroup" "se_group" {
  name      = var.se_group
  cloud_ref = data.avi_cloud.default_cloud.id
}

resource "avi_vsvip" "testvip" {
  cloud_ref = data.avi_cloud.default_cloud.id
  name      = "testvip"
  vip {
    ip_address {
      type  = "V4"
      addr  = var.testvip
    }
  }
  tenant_ref = data.avi_tenant.default_tenant.id
}

resource "avi_virtualservice" "testvs" {
  name            = "testvs"
  pool_ref        = avi_pool.testpool.id
  cloud_ref       = data.avi_cloud.default_cloud.id
  tenant_ref      = data.avi_tenant.default_tenant.id
  vsvip_ref       = avi_vsvip.testvip.id
  vrf_context_ref = avi_pool.testpool.vrf_ref
  se_group_ref    = data.avi_serviceenginegroup.se_group.id
  services {
    port           = 80
    port_range_end = 80
  }
}

resource "avi_pool" "testpool" {
  name                         = "testpool"
  tenant_ref                   = data.avi_tenant.default_tenant.id
  cloud_ref                    = data.avi_cloud.default_cloud.id
  delete_server_on_dns_refresh = false
}

resource "avi_server" "testserver" {
  ip       = var.testserver
  port     = "80"
  pool_ref = avi_pool.testpool.id
}

Describe the bug

When you change the name or URL of a vSphere cloud in your Terraform configuration, upon running terraform apply, one gets this error:

│ Error: Encountered an error on PUT request to URL https://localhost:8443/api/cloud/cloud-5f580670-c238-44f0-90c2-8c26b26178a5?skip_default=true: HTTP code: 400; error from Avi: map[error:Change of Vcenter URL/Datacenter for a vCenter cloud is not supported. Please delete the cloud and create a new one]
│
│   with avi_cloud.cloud,
│   on avi.tf line 37, in resource "avi_cloud" "cloud":
│   37: resource "avi_cloud" "cloud" {
│

The "Terraform way" of handling this is to taint the resource if immutable properties change and then automatically delete-then-create on the apply.

Reproduction steps

1. Create a `.tf` file to create an `avi_cloud` resource with a `vcenter_configuration` block
2. Run `terraform apply`
3. Change the URL in the `vcenter_configuration` block
4. Run `terraform apply` again

Expected behavior

1. terraform plan should show a +/- against the entire avi_cloud resource
2. terraform apply should delete the cloud then recreate it.

Additional context

No response

Describe the bug

Based on the examples i have seen and also the error i am getting there is a issue with vrf_context_ref between Pool and Virtual Service. If you look at Pool objects or connect there is no vrf_context listed but there is a vrf_ref. If i set the context as so pool and also on virtual service i am getting: error:VRF Context for API_VCENTER_T and pool test_pool_vcenter different]

Here is the code:
Pool:
data "avi_vrfcontext" "vlan" {
name = "mgmt"
}

resource "avi_pool" "pool_2_vcenter" {
name = var.pool_2_name_vcenter
tenant_ref = "/api/tenant/?name=admin"
cloud_ref = data.avi_cloud.avi_cloud_name_vcenter.id
enabled = true
vrf_ref = data.avi_vrfcontext.vlan.id
default_server_port = var.pool_2_default_server_port_vcenter
lb_algorithm = "LB_ALGORITHM_ROUND_ROBIN"
health_monitor_refs = [data.avi_healthmonitor.monitor.id]
placement_networks {
network_ref = data.avi_network.vcenter_network.id
subnet {
ip_addr {
addr = var.avi_vcenter_placement_network
type = "V4"
}
mask = var.avi_vcenter_placement_network_mask
}
}
}

resource "avi_server" "server_2_pool_1_vcenter" {
for_each = var.pool_member_vcenter_list
ip = each.value.ip_address
pool_ref = avi_pool.pool_2_vcenter.id
hostname = each.value.hostname
enabled = true
}
Virtual Service VIP
data "avi_vrfcontext" "vlan" {
name = "mgmt"
}

resource "avi_vsvip" "virtual_service_2_vip_vcenter" {
for_each = var.virtual_service_list_vcenter
name = each.value.virtual_service_name
tenant_ref = "/api/tenant/?name=admin"
cloud_ref = data.avi_cloud.avi_cloud_name_vcenter.id
vrf_context_ref = data.avi_vrfcontext.vlan.id
vip {
vip_id = each.value.virtual_service_id
ip_address {
type = "V4"
addr = each.value.virtual_service_1_vip_ip_addr
}
placement_networks {
network_ref = data.avi_network.vcenter_network.id
subnet {
ip_addr {
addr = var.avi_vcenter_placement_network
type = "V4"
}
mask = var.avi_vcenter_placement_network_mask
}
}
}
}
Virtual Service
data "avi_vrfcontext" "vlan" {
name = "mgmt"
}
data "avi_pool" "vcenter_pool" {
name = var.avi_vcenter_pool_name
}
data "avi_vsvip" "vsvip_2_vcenter" {
name = var.avi_vsvip_1_name_vcenter
}
resource "avi_virtualservice" "vip_1_nsx" {
name = var.avi_virtual_service_name_nsxt
tenant_ref = "/api/tenant/?name=admin"
cloud_ref = data.avi_cloud.nsxt_cloud.id
pool_ref = data.avi_pool.nsxt_pool.id
vrf_context_ref = data.avi_vrfcontext.segment.id
vsvip_ref = data.avi_vsvip.vsvip_1_nsxt.id
application_profile_ref = data.avi_applicationprofile.application_profile_1.id
se_group_ref = data.avi_serviceenginegroup.nsxt_cloud.id
services {
port = var.avi_virtual_service_port_nsxt
}
}

Reproduction steps

1.I have checked other peoples code on GitHub and they don't reference vrf_context but if you don't reference the context it throws the same error
2.
3.
...

Expected behavior

I am expecting it to create the virtual service

Additional context

No response

Describe the bug

I have imported an existing resource

terraform import avi_healthmonitor.healthcheck-tcp-test healthmonitor-e3f60d20 

tf code for said resource:

resource "avi_healthmonitor" "healthcheck-tcp-test" {
    name = "healthcheck-tcp-test"
    tenant_ref = var.tenant_ref
    receive_timeout = 4
    failed_checks = 2
    send_interval = 10
    successful_checks = 2
    type = "HEALTH_MONITOR_TCP"
    tcp_monitor {
        tcp_half_open        = "false"
    }
}

Import successful!

Now run a terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # avi_healthmonitor.healthcheck-tcp-test will be updated in-place
  ~ resource "avi_healthmonitor" "healthcheck-tcp-test" {
      + failed_checks     = "2"
        id                = "https://xyz"
      + is_federated      = "false"
        name              = "healthcheck-tcp-test"
      + receive_timeout   = "4"
      + send_interval     = "10"
      + successful_checks = "2"
        # (4 unchanged attributes hidden)

      + tcp_monitor {
          + maintenance_response = (known after apply)
          + tcp_half_open        = "false"
          + tcp_request          = (known after apply)
          + tcp_response         = (known after apply)
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Running a terraform plan shows that the resource is going to make changes to the resource, even though the resource is already imported and has the correct values.

Resource values in state after a import:
terraform state show avi_healthmonitor.healthcheck-tcp-test

# avi_healthmonitor.healthcheck-tcp-test:
resource "avi_healthmonitor" "healthcheck-tcp-test" {
id = [https://xyz]
monitor_port = "443"
name = "healthcheck-tcp-test"
tenant_ref = [https://xyz]
type = "HEALTH_MONITOR_TCP"
uuid = "healthmonitor-e3f60d20"
}

The avi provider is reading and importing the resource with a minimal set of attributes.

Reproduction steps

1. import resource from avi - health monitor in this case
2. check values of imported resource
   ...

Expected behavior

Import all the existing values that are set in the health monitor. Terraform plan should not attempt to set the values if the values are already in the resource.

Additional context

No response

Describe the bug

When running the avi_cloud resource, the vcenter_configuration always has drift. It looks as though the management_network is getting update with the actual id of the resource in avi where as the argument is simply the name of the network.

In my opinion, the id of the management network should be set as a separate attribute and read in to that when running a plan or refresh

Reproduction steps

1. Create an avi_cloud resource with vcenter_configuration referencing a VSphere network (by name)
2. Apply the terraform
3. Once finished, run a plan and see the vcenter_configuration block having to be reapplied.

Expected behavior

As the underlying is not actually being changed (just merely the reference), I would except the terraform not to want to make any changes.

Additional context

This does apply to many other resources such as avi_sslkeyandcertificate which doesn't allow for updates as the resource now contains certificate data. Perhaps this should force replacement if any values change.