[BGP Peer Import] BGP peer import fails

[pritispa]

Importing an ipv4 bgp peer under default or custom vrf fails. While we can generate a half baked config with --generate-config-out flag, the config is not imported in tfstate. The failure logs are exactly the same even if the peer does not use peer template.
See logs and details below:

###################### Terraform error during import ################

       Error: Missing Configuration for Required Attribute
│ 
│   with nxos_bgp_peer.tor1_test_peer_5,
│   on testpeer5.tf line 3:
│   (source code not available)
│ 
│ Must set a configuration value for the asn attribute as the provider has marked it as required.
│ 
│ Refer to the provider documentation or contact the provider developers for additional information about configurable attributes that are required.
╵
╷
│ Error: Invalid Attribute Value
│ 
│   with nxos_bgp_peer.tor1_test_peer_5,
│   on testpeer5.tf line 6:
│   (source code not available)
│ 
│ Attribute ebgp_multihop_ttl value must be between 2 and 255, got: 0
╵
╷
│ Error: Missing Configuration for Required Attribute
│ 
│   with nxos_bgp_peer.tor1_test_peer_5,
│   on testpeer5.tf line 16:
│   (source code not available)
│ 
│ Must set a configuration value for the vrf attribute as the provider has marked it as required.

##################### Generated config (not imported in tfstate)###################

# __generated__ by Terraform
resource "nxos_bgp_peer" "tor1_test_peer_5" {
  provider          = nxos.TOR1
  address           = "192.168.0.10"
  asn               = null
  description       = "test peer 4"
  device            = null
  ebgp_multihop_ttl = 0
  hold_time         = 180
  keepalive         = 60
  password          = null
  password_type     = jsonencode(3)
  peer_control      = null
  peer_template     = "fabric-leaf"
  peer_type         = "fabric-internal"
  remote_asn        = jsonencode(64876)
  source_interface  = "unspecified"
  vrf               = null
}

########## Reference Config:

router bgp 64901
  router-id 198.19.0.1
  log-neighbor-changes
  address-family ipv4 unicast
    network 192.168.1.0/24
    maximum-paths 32
  template peer fabric-leaf
    bfd
    password 3 69b9b4d332f0878efc97e648f8c8cfb9
    timers 10 30
    address-family ipv4 unicast
      allowas-in 3
      send-community
      next-hop-self
      soft-reconfiguration inbound always
  neighbor 10.0.0.1
    inherit peer fabric-leaf
    remote-as 64876
    description terraform imported
    ebgp-multihop 2
  neighbor 10.0.0.3
    inherit peer fabric-leaf
    remote-as 64876
    ebgp-multihop 2
  vrf vrf_blue
    address-family ipv4 unicast
    neighbor 192.168.0.10
      inherit peer fabric-leaf
      remote-as 64876
      description test peer 4
      password 3 57b0f732e30b2ff068dd96b4b506226f
  vrf vrf_red
    address-family ipv4 unicast
    neighbor 192.168.0.1
      inherit peer fabric-leaf
      remote-as 64876
      description test peer 3 tf created
      password 3 57b0f732e30b2ff068dd96b4b506226f

[danischm]

The "asn" attribute is a workaround on the TF side to allow changing the ASN without having to manually destroy and recreate all BGP resources, as NX-OS would otherwise not allow such a change. It does not have a matching attribute in DME and therefore needs to be populated manually. The "ttl" error needs to be fixed on the provider side.

[pritispa]

during the read operation of a resource for import, can it read and derive the values of asn and vrf ? since both of these are not directly a parameter in the dme model.

[danischm]

TTL fix: 892ebcc

[danischm]

during the read operation of a resource for import, can it read and derive the values of asn and vrf ? since both of these are not directly a parameter in the dme model.

Technically yes, though it would require some extra API calls and manual work on the provider side. Practically, I am not sure it is worth it as you don't want to hardcode them in multiple places anyway. You would rather want to reference the respective attributes of its parent resource which is something the current config generator can not do for you.