Provider version 1.21.0 - Undefined attributes being updated

[zippanto]

Hi,

With the new provider version 1.21.0 we are seeing the following behaviour. Presumably this is caused by the fix for #332 / Fix variables could not been removed/reset issue.

When applying the plan resources that have certain attributes undefined are being updated to null value. Some of these will cause an error - for example fortios_system_global > gui_device_lattitude - some others will not cause an error, but will be updated on every subsequent apply - for example fortios_router_ospf > summary_address > id. I don't think this behaviour is intended. Please see below for a few examples where this issue is apparent:

  # fortios_system_global.global will be updated in-place
  ~ resource "fortios_system_global" "global" {
      - alias                                    = "FWF61EXX11111111" -> null
      - gui_device_latitude                      = "12.345678" -> null
      - gui_device_longitude                     = "-1.234567" -> null
        id                                       = "SystemGlobal"
        # (297 unchanged attributes hidden)
    }

  # fortios_router_ospf.ospf will be updated in-place
  ~ resource "fortios_router_ospf" "ospf" {
        id                                = "RouterOspf"
        # (28 unchanged attributes hidden)

      ~ summary_address {
          - id        = 1 -> null
            # (3 unchanged attributes hidden)
        }

        # (6 unchanged blocks hidden)
    }

  # fortios_systemsnmp_community.snmp_community will be updated in-place
  ~ resource "fortios_systemsnmp_community" "snmp_community" {
        id                    = "1"
        name                  = "community_string"
        # (16 unchanged attributes hidden)

      ~ hosts {
          - id                      = 1 -> null
            # (6 unchanged attributes hidden)
        }
    }

  # fortios_user_group.firewall_admins will be updated in-place
  ~ resource "fortios_user_group" "firewall_admins" {
        id                       = "Admins"
        name                     = "Admins"
        # (22 unchanged attributes hidden)

      ~ match {
          - id          = 1 -> null
            # (2 unchanged attributes hidden)
        }

        # (1 unchanged block hidden)
    }

Please advise.

Thanks.

[MaxxLiu22]

Hi @zippanto ,

Thank you for bringing this issue to our attention. You are correct; our provider has recently begun comparing all arguments to support the unset feature, which may have caused this problem. As a temporary solution, you may consider downgrading Terraform FOS to the previous version or ignoring these arguments in the lifecycle configuration. We are actively working on a patch to address this issue and expect to release it soon. We sincerely apologize for any inconvenience this may have caused, and we greatly appreciate your continued support of our product. Let me know if you still have other questions.

resource "fortios_system_global" "trname" {
  admin_sport = 443
  lifecycle {
    ignore_changes = [
      gui_device_latitude
    ]
  }
}

resource "fortios_systemsnmp_community" "trname" {
  events = "cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open faz-disconnect wc-ap-up wc-ap-down fswctl-session-up fswctl-session-down load-balance-real-server-down per-cpu-high"
  fosid  = 1
  name   = "fdsie"
  hosts {
    source_ip = "10.160.88.187"
    ip        = "1.2.3.4/32"
    ha_direct = "enable"
  }
  lifecycle {
    ignore_changes = [
      hosts[0].id
    ]
  }
}

Thanks,
Maxx

[zippanto]

Hi @MaxxLiu22,

Thanks for the swift response. No problem at all we were only testing the new provider version in the lab so there was no inconvenience.

Thanks.