03-27-2024 07:36 AM
Hi guys,
since a few days i have the issue that my terraform apply don't work anymore. A few weeks ago it worked fine and i don't changed any versions.
Anytime when i try to deploy Access Policies is see the following change:
# module.aci.module.aci_mcp[0].aci_rest_managed.mcpInstPol will be updated in-place
~ resource "aci_rest_managed" "mcpInstPol" {
~ content = {
~ "adminSt" = "disabled" -> "enabled"
# (7 unchanged elements hidden)
}
id = "uni/infra/mcpInstP-default"
# (3 unchanged attributes hidden)
}
But i don't configure the MCP Policy in my yaml files and I want it to stay default (disabled).
During the deploy, I got this error:
Error: The post rest request failed
│
│ with module.aci.module.aci_mcp[0].aci_rest_managed.mcpInstPol,
│ on .terraform/modules/aci/modules/terraform-aci-mcp/main.tf line 1, in resource "aci_rest_managed" "mcpInstPol":
│ 1: resource "aci_rest_managed" "mcpInstPol" {
│
│ Code: 400 Response: [map[error:map[attributes:map[code:182 text:Password is required for MCP Instance Policy.]]]], err: %!s(<nil>). Please report this issue to the provider developers.
I know that I need a key for MCP configurations, but I don't even configure anything for MCP. I just want it to stay default.
Can someone help me with this issue?
Here is my main.tf:
terraform {
required_providers {
aci = {
source = "CiscoDevNet/aci"
version = "2.13.2"
}
}
}
provider "aci" {
username = "admin"
password = "xxx"
url = "https://xx.xx.xx.xx/"
}
module "aci" {
source = "netascode/nac-aci/aci"
version = "0.8.1"
yaml_directories = ["data"]
manage_access_policies = true
manage_fabric_policies = false
manage_pod_policies = false
manage_node_policies = true
manage_interface_policies = false
manage_tenants = true
}
Thanks in advance.
Greets,
Mathias
Solved! Go to Solution.
03-28-2024 03:25 AM - edited 03-28-2024 03:25 AM
I have added an explanation to the GitHub issue here: https://github.com/netascode/terraform-aci-nac-aci/issues/64#issuecomment-2024852152
Hopefully this clarifies the behavior.
03-27-2024 10:06 PM - edited 03-27-2024 10:41 PM
hi @matze123
I've got the same issue, I added my 2 cents to the issue already reported, you can see it here: https://github.com/netascode/terraform-aci-nac-aci/issues/64
I'll try to contact the team if no further action is taken since this also blocks me a bit.
But i don't configure the MCP Policy in my yaml files and I want it to stay default (disabled).
The problem is that "defaults" in NAC makes terraform deploy this resource with predefined parameters as shown below:
mcp:
admin_state: true
per_vlan: true
action: true
key: cisco
loop_detection: 3
initial_delay: 180
frequency_sec: 2
frequency_msec: 0
03-28-2024 12:39 AM
Hi Mateusz,
thanks for your reply and for the github issue.. hopefully this will solve our problems.
What surprises me a little is that this problem is occurring now and it wasn't 4 weeks ago (before my vacation). With the same code, same versions and the same aci simulator to test the code.
03-28-2024 03:25 AM - edited 03-28-2024 03:25 AM
I have added an explanation to the GitHub issue here: https://github.com/netascode/terraform-aci-nac-aci/issues/64#issuecomment-2024852152
Hopefully this clarifies the behavior.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide