ISE provider have arguments that preserve order of list attributes where it might not be needed. #135
Description
Terraform Version
Terraform v1.12.1
on linux_amd64
- provider registry.terraform.io/ciscodevnet/ise v0.2.1
- provider registry.terraform.io/netascode/utils v0.2.5
ISE version and ISE Platform
The version is not of essence for this issue.
- V 3.2.0.542 and ISE-VM-K9
- V 3.3
Affected Resource(s)
- ise_network_access_authentication_rule
- ise_network_access_policy_set
- ise_network_access_authorization_rule
- ise_authorization_profile
Ok, there might be more resources on this, but the general idea is at it's resources that have "attributes list" where it might be more appropriate to have it as a "set".
Examples:
ise_network_access_authentication_rule -> Children.
ise_authorization_profile -> advanced_attributes
Issue at hand
I'm proposing a change from "attributes list" to "set" to arguments like:
ise_network_access_authentication_rule -> Children (attributes list).
ise_authorization_profile -> advanced_attributes (attributes list)
Because these don't have to be ordered. Ref: https://developer.hashicorp.com/terraform/plugin/framework/handling-data/attributes/set
Steps to Reproduce
FIRST Datamodel configuration
First, we push this configuration to ISE infrastructure with Terraform plan/apply.
ise:
policy:
authentication_policies:
- name: DOT1x_wired
policy_name: Global Policy
rule:
default: false
state: enabled
condition:
condition_type: ConditionAndBlock
is_negate: false
children:
- condition_type: ConditionAttributes
is_negate: false
dictionary_name: SOMEDICT
attribute_name: test attribute name
operator: contains
dictionary_value: null
attribute_value: something.no
- condition_type: ConditionReference
is_negate: false
name: Wired_802.1X
description:
A condition to match 802.1X based authentication requests
from switches, according to the corresponding 802.1x attributes
defined in the device profile.
This is no problem
SECOND Datamodel configuration
Notice that we have changed the order of the children elements.
ise:
policy:
authentication_policies:
- name: DOT1x_wired
policy_name: Global Policy
rule:
default: false
state: enabled
condition:
condition_type: ConditionAndBlock
is_negate: false
children:
- condition_type: ConditionReference
is_negate: false
name: Wired_802.1X
description:
A condition to match 802.1X based authentication requests
from switches, according to the corresponding 802.1x attributes
defined in the device profile.
- condition_type: ConditionAttributes
is_negate: false
dictionary_name: SOMEDICT
attribute_name: test attribute name
operator: contains
dictionary_value: null
attribute_value: something.no
Terraform plan result of second datamodel configuration:
It gives us an unwanted change in Terraform plan:
Expected Behavior
Expected behavior should be a no change operation.
NB! Explanation about the 2 added & 2 destroyed: In our environment we have two local scripts being run every terraform run, they can be ignored.
Apply complete! Resources: 2 added, 0 changed, 2 destroyed.
Actual Behavior
Apply complete! Resources: 2 added, 1 changed, 2 destroyed.