Terraform apply is successful however Error 400 is being raised in debug log (DCNE-677) #1443
Description
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version
Terraform v1.11.0
on darwin_arm64
- provider registry.terraform.io/ciscodevnet/aci v2.18.0
APIC version and APIC Platform
any version, example is on:
apic & acisim 6.1.(4h)
Affected Resource(s)
all resources - error logging
Terraform Configuration Files
terraform {
required_providers {
aci = {
source = "CiscoDevNet/aci"
}
}
}
provider "aci" {
username = "xyz"
password = "xyz"
url = "xyz"
insecure = true
}
# resource "aci_physical_domain" "example_pd" {
# name = "example_pd"
# }
resource "aci_tenant" "example_tenant" {
name = "bd_test"
}
resource "aci_application_profile" "example_ap" {
parent_dn = aci_tenant.example_tenant.id
name = "ap_test"
}
resource "aci_application_epg" "example_epg" {
parent_dn = aci_application_profile.example_ap.id
name = "epg_test"
}
resource "aci_epg_to_domain" "example_epg_to_domain" {
application_epg_dn = aci_application_epg.example_epg.id
tdn = "uni/phys-example_pd"
}
Debug Output
2026-02-06T12:09:11.416+0100 [DEBUG] provider.terraform-provider-aci_v2.18.0: 2026/02/06 12:09:11 [DEBUG] Begining Do method https://10.62.188.249:33443/api/node/mo.json
2026-02-06T12:09:11.416+0100 [DEBUG] provider.terraform-provider-aci_v2.18.0: 2026/02/06 12:09:11 [TRACE] HTTP Request Method and URL: POST https://10.62.188.249:33443/api/node/mo.json
2026-02-06T12:09:11.416+0100 [DEBUG] provider.terraform-provider-aci_v2.18.0: 2026/02/06 12:09:11 [TRACE] HTTP Request Body: {{"physDomP":{"attributes":{"dn":"uni/phys-example_pd","status":"deleted"}}}}
2026-02-06T12:09:11.519+0100 [DEBUG] provider.terraform-provider-aci_v2.18.0: 2026/02/06 12:09:11 [TRACE] HTTP Response: 400 400 Bad Request &{400 Bad Request 400 HTTP/1.1 1 1 map[Access-Control-Allow-Credentials:[false] Access-Control-Allow-Headers:[Origin, X-Requested-With, Content-Type, Accept, DevCookie, APIC-challenge, Request-Tag] Access-Control-Allow-Methods:[POST,GET,OPTIONS,DELETE] Access-Control-Allow-Origin:[http://127.0.0.1:8000] Connection:[keep-alive] Content-Length:[212] Content-Security-Policy:[default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.qualtrics.com *.siteintercept.qualtrics.com; style-src blob: 'unsafe-inline' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' *.qualtrics.com *.siteintercept.qualtrics.com; font-src 'self' data:; frame-src 'self' players.brightcove.net *.qualtrics.com; img-src 'self' data: *.qualtrics.com; manifest-src 'self'; media-src 'self'; worker-src blob: 'self';] Content-Type:[application/json] Date:[Fri, 06 Feb 2026 10:18:04 GMT] Server:[Cisco APIC]] 0x1400084e8a0 212 [] false false map[] 0x1400025f540 0x140008a0000}
2026-02-06T12:09:11.519+0100 [DEBUG] provider.terraform-provider-aci_v2.18.0: 2026/02/06 12:09:11 [DEBUG] HTTP response unique string POST https://10.62.188.249:33443/api/node/mo.json {"totalCount":"1","imdata":[{"error":{"attributes":{"code":"107","text":"physDomP policy uni\/phys-example_pd is used by uni\/tn-bd_test\/ap-ap_test\/epg-epg_test. make sure it's not used before deleting it"}}}]}
2026-02-06T12:09:11.519+0100 [DEBUG] provider.terraform-provider-aci_v2.18.0: 2026/02/06 12:09:11 [DEBUG] Exit from Do method
2026-02-06T12:09:11.519+0100 [DEBUG] provider.terraform-provider-aci_v2.18.0: 2026/02/06 12:09:11 [DEBUG] uni/phys-example_pd: Destroy finished successfully
Panic Output
Expected Behavior
terraform output should show Error 400 to the user and stop execution
Actual Behavior
Terraform will perform the following actions:
# aci_physical_domain.example_pd will be destroyed
# (because aci_physical_domain.example_pd is not in configuration)
- resource "aci_physical_domain" "example_pd" {
- annotation = "orchestrator:terraform" -> null
- id = "uni/phys-example_pd" -> null
- name = "example_pd" -> null
# (5 unchanged attributes hidden)
}
Plan: 0 to add, 0 to change, 1 to destroy.
aci_physical_domain.example_pd: Destroying... [id=uni/phys-example_pd]
aci_physical_domain.example_pd: Destruction complete after 1s
Apply complete! Resources: 0 added, 0 changed, 1 destroyed.
Steps to Reproduce
Any action that will produce HTTP Error 400 Bad Request on the APIC.
Above example is due to new limitation in APIC 6.1.x that doesn't allow to remove domain that is used by EPG.
terraform applyall the config together with resource "aci_physical_domain" "example_pd"- comment out/remove resource "aci_physical_domain" "example_pd"
terraform apply
Important Factoids
I think it is similar to NDO's :
CiscoDevNet/terraform-provider-mso#374