Giter Site home page Giter Site logo

netascode / terraform-provider-iosxe Goto Github PK

View Code? Open in Web Editor NEW
9.0 2.0 3.0 1.85 MB

Terraform Cisco IOS-XE Provider

Home Page: https://registry.terraform.io/providers/netascode/iosxe

License: Mozilla Public License 2.0

Makefile 0.19% Go 97.28% HCL 2.39% Shell 0.14%
cisco ios-xe iosxe restconf terraform terraform-provider

terraform-provider-iosxe's Introduction

Tests

This provider has been moved to https://github.com/CiscoDevNet/terraform-provider-iosxe.

Terraform Provider IOS-XE

Requirements

Building The Provider

  1. Clone the repository
  2. Enter the repository directory
  3. Build the provider using the Go install command:
go install

Adding Dependencies

This provider uses Go modules. Please see the Go documentation for the most up to date information about using Go modules.

To add a new dependency github.com/author/dependency to your Terraform provider:

go get github.com/author/dependency
go mod tidy

Then commit the changes to go.mod and go.sum.

Using the provider

This Terraform Provider is available to install automatically via terraform init. If you're building the provider, follow the instructions to install it as a plugin. After placing it into your plugins directory, run terraform init to initialize it.

Additional documentation, including available resources and their arguments/attributes can be found on the Terraform documentation website.

Developing the Provider

If you wish to work on the provider, you'll first need Go installed on your machine (see Requirements above).

To compile the provider, run go install. This will build the provider and put the provider binary in the $GOPATH/bin directory.

To generate or update documentation, run go generate.

In order to run the full suite of Acceptance tests, run make testacc. Make sure the respective environment variables are set (e.g., IOSXE_USERNAME, IOSXE_PASSWORD, IOSXE_URL).

Note: Acceptance tests create real resources.

make testacc

terraform-provider-iosxe's People

Contributors

danischm avatar dependabot[bot] avatar poroping avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

freyrinn poroping 0x2a-se

terraform-provider-iosxe's Issues

please add the ability to set ip redirects/ ip unreachables/ ip proxy-arp on interfaces

i need the ability to set the following config on interfaces.

ip redirects
ip unreachables
ip proxy-arp

Here is the restconf reference for these commands set (in a disabled state) on an interface

    "Cisco-IOS-XE-native:GigabitEthernet": [
        {
            "name": "1",
            "description": "My Interface Description",
            "switchport": {
                "Cisco-IOS-XE-switch:trunk": {
                    "native": {
                        "vlan-config": {
                            "tag": true
                        }
                    }
                }
            },
            "ip": {
                "address": {
                    "primary": {
                        "address": "192.168.0.152",
                        "mask": "255.255.255.0"
                    }
                },
                "proxy-arp": false,
                "redirects": false,
                "dhcp": {
                    "Cisco-IOS-XE-dhcp:client": {
                        "client-id": {
                            "ascii": "995FPC0SXD4"
                        }
                    }
                },
                "Cisco-IOS-XE-icmp:unreachables": false
            },
            "logging": {
                "event": {
                    "link-status": [
                        null
                    ]
                }
            },
            "access-session": {
                "host-mode": "multi-auth"
            },
            "Cisco-IOS-XE-ethernet:negotiation": {
                "auto": true
            }
        }

Error: The terraform-provider-iosxe_v0.1.4 plugin crashed!

Terraform Version

$ terraform -v
Terraform v1.1.8
on darwin_amd64
+ provider registry.terraform.io/netascode/iosxe v0.1.4

Your version of Terraform is out of date! The latest version
is 1.1.9. You can update by downloading from https://www.terraform.io/downloads.html

Go Version

$ go version
go version go1.18.2 darwin/amd64

Affected Resource(s)

Please list the resources as a list, for example:

  • iosxe_static_route

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

https://github.com/muhammad-rafi/terraform-iosxe/blob/main/ntc_iosxe/static_routing.tf

terraform {
  required_providers {
    iosxe = {
      source  = "netascode/iosxe"
      version = "0.1.4"
    }
  }
}

# Network To Code iosxe Provider Configuration
provider "iosxe" {
  alias    = "cisco_sandbox"
  username = "developer"
  password = "C1sco12345"
  url      = "https://sandbox-iosxe-recomm-1.cisco.com"
}

resource "iosxe_static_route" "static_route" {
  provider   = iosxe.cisco_sandbox
  device = "sandbox-iosxe-recomm-1.cisco.com"
  prefix = "10.0.0.10"
  mask   = "255.255.255.0"
  next_hops = [
    {
      next_hop  = "10.0.0.1"
      metric    = 10
      global    = false
      name      = "terraform_route"
      permanent = true
      tag       = 100
    }
  ]
}

Debug Output

https://gist.github.com/muhammad-rafi/8c2b8e6ef2fd74d596ed54694fc3991b

Expected Behavior

It should configure the static route on the iosxe device

Actual Behavior

Error: The terraform-provider-iosxe_v0.1.4 plugin crashed!

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform plan
  2. terraform apply -auto-approve

i'm seeing session locked errors when using `iosxe_bgp_ipv4_unicast_neighbor`

when trying to configure the neighbor with iosxe_bgp_ipv4_unicast_neighbor, i keep getting session locked errors.

│ Failed to configure object (PATCH), got error: HTTP Request failed: StatusCode 409, RESTCONF errors {Error:[{ErrorType:application ErrorTag:lock-denied ErrorAppTag:
│ ErrorPath:/Cisco-IOS-XE-native:native/router/Cisco-IOS-XE-bgp:bgp[id='65000']/address-family/no-vrf/ipv4[af-name='unicast']/ipv4-unicast/neighbor ErrorMessage:the configuration database is locked by session 23 yang_mgmt_infra tcp (system from 127.0.0.1) on since 2023-04-15 16:31:44
│    IOS-XE YANG Infrastructure ErrorInfo:}]} {PatchId: GlobalStatus:{Ok:false Errors:{Error:[]}} EditStatus:{Edit:[]}}

using the following hcl

resource "iosxe_bgp_ipv4_unicast_neighbor" "example_neighbor" {
  asn                    = "65000"
  ip                     = "3.3.3.3"
  activate               = true

interface config is not removed when removing resource

Setting the params on an interface works as expected using iosxe_interface_ethernet. However, when removing the resource, i would expect any config set by terraform to be removed or nullified. This does not seem to be the case as the config persists even when the resource is removed

terraform {
  required_providers {
    iosxe = {
      source  = "netascode/iosxe"
      version = "0.1.15"
    }
  }
}

provider "iosxe" {
  username = "<user>"
  password = "<pw>"
  url      = "<url>"
}

resource "iosxe_interface_ethernet" "test" {
  type                           = "GigabitEthernet"
  name                           = "3"
  description                    = "My Interface Description"
  shutdown                       = false
  ipv4_address                   = null
  ipv4_address_mask              = "255.255.255.252"
  ip_dhcp_relay_source_interface = "Loopback100"
  ip_access_group_in             = "1"
  ip_access_group_in_enable      = true
  ip_access_group_out            = "1"
  ip_access_group_out_enable     = true
}

Cisco-IOS-XE-acl:standard ErrorMessage:missing │ element: sequence in /ios:native/ios:ip/ios:access-list/ios-acl:standard[ios-acl:name='SACL1']/ios-acl:access-list-seq-rule

Hi there,

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

Terraform Version

Terraform v1.4.6

Affected Resource(s)

  • iosxe_access_list_standard

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

resource "iosxe_access_list_standard" "example" {
  name = "SACL1"
  entries = [
    {
      sequence         = 10
      remark           = "Description"
      deny_prefix      = "10.0.0.0"
      deny_prefix_mask = "0.0.0.255"
    }
  ]
}

Expected Behavior

Create an ACL SACL1 with 1 entry on sequence 10

Actual Behavior

iosxe_access_list_standard.example: Creating...
╷
│ Error: Client Error
│ 
│   with iosxe_access_list_standard.example,
│   on snmp.tf line 3, in resource "iosxe_access_list_standard" "example":
│    3: resource "iosxe_access_list_standard" "example" {
│ 
│ Failed to configure object (PATCH), got error: HTTP Request failed: StatusCode 400, RESTCONF errors {Error:[{ErrorType:application
│ ErrorTag:malformed-message ErrorAppTag: ErrorPath:/Cisco-IOS-XE-native:native/ip/access-list/Cisco-IOS-XE-acl:standard ErrorMessage:missing
│ element: sequence in /ios:native/ios:ip/ios:access-list/ios-acl:standard[ios-acl:name='SACL1']/ios-acl:access-list-seq-rule ErrorInfo:}]} {PatchId:
│ GlobalStatus:{Ok:false Errors:{Error:[]}} EditStatus:{Edit:[]}}

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply

Iosxe faille to configure object ethernet

Hi
i m very interested in your iosxe provider
I use terraform v 0.1.12 with c9500-48y4c v 17.8.1

some functions are well working.
Ethernet config, port Channel don’t work at all
Acl are created with misconfig

how can i help you
Regards
7810E565-FCF2-4FDC-9AD8-12DBCDC63BF9

deleteing acl entries seems to delete the entire ACL.

When deleting an ACL entry, the resource is deleting the entire ACL. i have to run terraform apply a second time to get the ACL back minus the deleted entry. this seems to be the case with standard and extended access lists.

#main.tf

resource "iosxe_access_list_standard" "example" {
  for_each = {for acl in local.router_acls_standard : acl.key => acl}
  device   = each.value.device
  name     = each.value.name
  entries  = [
    {
      sequence           = each.value.sequence
      remark             = each.value.remark == "" ? null : each.value.remark
      deny_prefix        = each.value.deny_prefix == "" ? null : each.value.deny_prefix
      deny_prefix_mask   = each.value.deny_prefix_mask == "" ? null : each.value.deny_prefix_mask
      permit_prefix      = each.value.permit_prefix == "" ? null : each.value.permit_prefix
      permit_prefix_mask = each.value.permit_prefix_mask == "" ? null : each.value.permit_prefix_mask
      permit_any         = each.value.permit_any == "" ? null : each.value.permit_any
      permit_host        = each.value.permit_host == "" ? null : each.value.permit_host
    }
  ]
}

#locals.tf

  router_acls_standard = flatten([
    for router in local.routers : [
      for acl in router.acls_standard : {
        key                = "${router.name}-${acl.name}-${acl.sequence}"
        device             = router.name
        name               = acl.name
        sequence           = acl.sequence
        remark             = acl.remark
        deny_prefix        = acl.deny_prefix
        deny_prefix_mask   = acl.deny_prefix_mask
        permit_any         = acl.permit_any
        permit_host        = acl.permit_host
        permit_prefix      = acl.permit_prefix
        permit_prefix_mask = acl.permit_prefix_mask
      }
    ]
  ])

Provider not working

Hi,

I'm testing your provider and the official one.
It seems your version is not working.

The resource on which I applied my configuration is the the following :

resource "iosxe_access_list_standard" "example" {
  name = "SACL1"
  entries = [
    {
      sequence         = 10
      remark           = "Description"
      deny_prefix      = "10.0.0.0"
      deny_prefix_mask = "0.0.0.255"
    }
  ]
}

I keep getting the following error message :

iosxe_access_list_standard.example: Creating...
╷
│ Error: Client Error
│ 
│   with iosxe_access_list_standard.example,
│   on provider.tf line 63, in resource "iosxe_access_list_standard" "example":
│   63: resource "iosxe_access_list_standard" "example" {
│ 
│ Failed to configure object (PATCH), got error: HTTP Request failed: StatusCode 401, RESTCONF errors {Error:[{ErrorType:protocol ErrorTag:access-denied ErrorAppTag: ErrorPath: ErrorMessage: ErrorInfo:}]} {PatchId:
│ GlobalStatus:{Ok:false Errors:{Error:[]}} EditStatus:{Edit:[]}}

When I try with the official one, no error message.

Terraform version :

Terraform v1.4.2
on linux_amd64
+ provider terraform.local/local/iosxe v0.1.14

Your version of Terraform is out of date! The latest version
is 1.4.4. You can update by downloading from https://www.terraform.io/downloads.html

Can't seem to set the MTU on interface

As the provider does not seem to have an option to set the MTU on an interface, i tried to make a restconf call using the following:

resource "iosxe_restconf" "ethernet_mtu" {
  path       = "Cisco-IOS-XE-native:native/interface/GigabitEthernet=2/mtu"
  device     = "router_1"
  attributes = {
    "mtu" = 9000
  }
  depends_on = [
    iosxe_interface_ethernet.Ethernet_Interface
  ]
}

But i keep getting the following error:

│ Error: Client Error
│
│   with iosxe_restconf.ethernet_mtu,
│   on main.tf line 290, in resource "iosxe_restconf" "ethernet_mtu":
│  290: resource "iosxe_restconf" "ethernet_mtu" {
│
│ Failed to configure object (PATCH), got error: HTTP Request failed: StatusCode 400, RESTCONF errors {Error:[{ErrorType:application ErrorTag:malformed-message ErrorAppTag: ErrorPath:/Cisco-IOS-XE-native:native/interface/GigabitEthernet[name='2']/mtu ErrorMessage:unknown element: mtu in
│ /ios:native/ios:interface/ios:GigabitEthernet[ios:name='2']/ios:mtu/ios:mtu ErrorInfo:}]} {PatchId: GlobalStatus:{Ok:false Errors:{Error:[]}} EditStatus:{Edit:[]}}

Mind you, this works in Postman when making a call to that path and setting the following in the url/body:
Path https://<IP>/restconf/data/Cisco-IOS-XE-native:native/interface/GigabitEthernet=2/mtu
Body {"mtu": "9000"}

not sure what the issue is here.

Add the ability to assign route-map to a BGP neighbor in address-family (non-VRF and VRF)

Hello,

Reviewing the restconf of my lab C8000v, there seems to be no restconf path for applying a route-map to a bgp neighbor outside an address-family. Like so:

!
router bgp 65000
  neighbor 192.168.0.152 remote-as 65000
  neighbor 192.168.0.152 description Site-04_01
  neighbor 192.168.0.152 route-map RM2 in
!

This may be by design by Cisco as most people use address-families these days. Like so:

!
router bgp 65000
 neighbor 192.168.0.153 remote-as 65000
 neighbor 192.168.0.153 description Site-04_02
 !
 address-family ipv4
  neighbor 192.168.0.153 activate
  neighbor 192.168.0.153 route-map RM1 in
 exit-address-family
!

It appears the way the resource is structured today is that you must specify a VRF if using iosxe_bgp_ipv4_unicast_vrf_neighbor. There should probably be a change to the resource to add the option of "no-vrf" for BGP neighbors that are a part of the address-family but not in a VRF (like my 2nd example above). This is what the RESTCONF looks like for the 2nd example:

    "router": {
      "Cisco-IOS-XE-bgp:bgp": [
        {
          "id": 65000,
          "bgp": {
            "log-neighbor-changes": true
          },
          "neighbor": [
            {
              "id": "192.168.0.152",
              "remote-as": 65000,
              "description": "Site-04_01"
            }
          ],
          "address-family": {
            "with-vrf": {
              "ipv4": [
                {
                  "af-name": "unicast"
                }
              ]
            },
            "no-vrf": {
              "ipv4": [
                {
                  "af-name": "unicast",
                  "ipv4-unicast": {
                    "neighbor": [
                      {
                        "id": "192.168.0.152",
                        "activate": [null],
                        "route-map": [
                          {
                            "inout": "in",
                            "route-map-name": "RM1"
                          }
                        ]
                      }
                    ]
                  }
                }
              ]
            }
          }
        }
      ]
    }

Help with using `iosxe_restconf`

i'm trying to set some attributes on each interface of a router: i'm using the following HCL:

resource "iosxe_restconf" "custom_interface_config" {
  for_each = {
    for interface in local.ethernet_interface_configs : "${interface.device}-${interface.name}" =>interface
  }
  device     = each.value.device
  path       = "Cisco-IOS-XE-native:native/interface/${each.value.type}=${each.value.name}/ip"
  attributes = {
    proxy-arp    = "false"
    redirects    = "false"
    unreachables = "false"
  }
}

but i'm getting the following error:

│ Failed to configure object (PATCH), got error: HTTP Request failed: StatusCode 400, RESTCONF errors {Error:[{ErrorType:application ErrorTag:malformed-message ErrorAppTag: ErrorPath:/Cisco-IOS-XE-native:native/interface/GigabitEthernet[name='3']/ip ErrorMessage:unknown element: unreachables in
│ /ios:native/ios:interface/ios:GigabitEthernet[ios:name='3']/ios:ip/ios:unreachables ErrorInfo:}]} {PatchId: GlobalStatus:{Ok:false Errors:{Error:[]}} EditStatus:{Edit:[]}}

i may be misunderstanding how to craft the path var. can you give me an example of how i should set the path if looping over a much of interfaces?

Request for iosxe_restconf REST Delete option

Hi,

Would like to see a delete/remove options in the iosxe_restconf resource that can ensure items are explicitly not in the config. An example use case would be to use the following to ensure that service call-home is not configured on any devices:

resource "iosxe_restconf" "no_service_call-home" {
for_each = toset([for router in local.routers : router.name])
device = each.key
path = "Cisco-IOS-XE-native:native/service/call-home"
remove = true
}

Feature request: Tunnel configuration

thank you so much for maintaining this useful provider!
Would it be possible to consider adding support for the configuration of tunnels?

thank you

crypto ipsec profile vpn200
 set transform-set ESP-AES-256-MODE-TRANSPORT 
 set ikev2-profile vpn300

crypto ikev2 keyring vpn300
 peer vpn200
  address 1.2.3.4
  identity key-id vpn200
  pre-shared-key local 6 <redacted>
  pre-shared-key remote 6 <redacted>

interface Tunnel3
 description tunnel3
 ip unnumbered Loopback0
 ip mtu 1380
 ip ospf network point-to-point
 ip ospf mtu-ignore
 ip ospf ttl-security hops 2
 ip ospf 10 area 0
 ip ospf cost 10000
 ipv6 enable
 ipv6 mtu 1300
 ipv6 nd ra suppress all
 mpls ip
 mpls mtu max
 ospfv3 network point-to-point
 ospfv3 cost 1000
 ospfv3 10 ipv6 area 0
 tunnel source GigabitEthernet0/2/0
 tunnel destination 1.2.3.4
 tunnel vrf V1
 tunnel protection ipsec profile vpn200
 crypto ipsec df-bit clear
!

interface Virtual-Template123 type tunnel
 description label
 ip unnumbered Loopback0
 no ip redirects
 no ip proxy-arp
 ip mtu 1380
 ip ospf network point-to-point
 ip ospf mtu-ignore
 ip ospf ttl-security hops 2
 ip ospf 10 area 0
 ipv6 unnumbered Loopback0
 ipv6 mtu 1300
 ipv6 nd ra suppress all
 no ipv6 redirects
 mpls ip
 mpls mtu max
 ospfv3 network point-to-point
 ospfv3 10 ipv6 area 0
 tunnel source GigabitEthernet0/2/0
 tunnel vrf V1
 tunnel protection ipsec profile test123
 crypto ipsec df-bit clear
!

Trying to configure NTP Servers and terraform-provider-iosxe_v0.1.17 plugin crashed

Hi there,

Terraform Version

$ terraform version
Terraform v1.5.1

Affected Resource(s)

  • iosxe_restconf

Terraform Configuration Files

I'm trying to convert the following restconf-json config:

    "ntp": {
      "Cisco-IOS-XE-ntp:server": {
        "server-list": [
          {
            "ip-address": "ntp1.domain.com",
            "prefer": [null]
          },
          {
            "ip-address": "ntp2.domain.com"
          }
        ]
      },
      "Cisco-IOS-XE-ntp:source": {
        "GigabitEthernet": "0/0"
      }
    }

to this code:

resource "iosxe_restconf" "ntp_servers" {
  path = "Cisco-IOS-XE-native:native/ntp"
  attributes = {
    "Cisco-IOS-XE-ntp:source/GigabitEthernet" = "0/0"
  }
  lists = [{
    name = "server-list"
    key  = "Cisco-IOS-XE-ntp:server"
    items = [{
      attributes = {
        ip-address = "ntp1.domain.com"
        prefer     = ""
      }
    }]
  }]
}

Debug Output

Stack trace from the terraform-provider-iosxe_v0.1.17 plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0x1773c1f]

goroutine 59 [running]:
github.com/netascode/terraform-provider-iosxe/internal/provider.(*Restconf).fromBody(0xc000260ab0, {0x1c27a00, 0xc0005c7da0}, {0x0, {0x0, 0x0}, {0x0, 0x0}, 0x0, 0x0, ...})
github.com/netascode/terraform-provider-iosxe/internal/provider/model_iosxe_restconf.go:117 +0x1c3f
github.com/netascode/terraform-provider-iosxe/internal/provider.(*RestconfResource).Read(0xc000992000, {0x1c27a00, 0xc0005c7da0}, {{{{0x1c2c8f0, 0xc000714090}, {0x1982d20, 0xc000705140}}, {0x1c2edb0, 0xc0000a58b0}}, 0xc000012048, ...}, ...)
github.com/netascode/terraform-provider-iosxe/internal/provider/resource_iosxe_restconf.go:175 +0x5d5
github.com/hashicorp/terraform-plugin-framework/internal/fwserver.(*Server).ReadResource(0xc000163a20, {0x1c27a00, 0xc0005c7da0}, 0xc0005c7e90, 0xc0008b5610)
github.com/hashicorp/[email protected]/internal/fwserver/server_readresource.go:101 +0x617
github.com/hashicorp/terraform-plugin-framework/internal/proto6server.(*Server).ReadResource(0xc000163a20, {0x1c27a00?, 0xc0005c7c50?}, 0xc000426a00)
github.com/hashicorp/[email protected]/internal/proto6server/server_readresource.go:55 +0x27b
github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server.(*server).ReadResource(0xc0001e25a0, {0x1c27a00?, 0xc00061a420?}, 0xc0006a41e0)
github.com/hashicorp/[email protected]/tfprotov6/tf6server/server.go:749 +0x4b1
github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tfplugin6._Provider_ReadResource_Handler({0x1a3de40?, 0xc0001e25a0}, {0x1c27a00, 0xc00061a420}, 0xc0001e0150, 0x0)
github.com/hashicorp/[email protected]/tfprotov6/internal/tfplugin6/tfplugin6_grpc.pb.go:386 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0001dc1e0, {0x1c2d1d8, 0xc0003a8b60}, 0xc0001f5560, 0xc0002fdd70, 0x211ec10, 0x0)
google.golang.org/[email protected]/server.go:1337 +0xdf0
google.golang.org/grpc.(*Server).handleStream(0xc0001dc1e0, {0x1c2d1d8, 0xc0003a8b60}, 0xc0001f5560, 0x0)
google.golang.org/[email protected]/server.go:1714 +0xa2f
google.golang.org/grpc.(*Server).serveStreams.func1.1()
google.golang.org/[email protected]/server.go:959 +0x98
created by google.golang.org/grpc.(*Server).serveStreams.func1
google.golang.org/[email protected]/server.go:957 +0x18c

Error: The terraform-provider-iosxe_v0.1.17 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Expected Behavior

Generate the same configurations that:
ntp source Gi0/0
ntp server ntp1.domain.com prefer
ntp server ntp2.domain.com

Actual Behavior

Error: The terraform-provider-iosxe_v0.1.17 plugin crashed!

Steps to Reproduce

  1. terraform apply

Important Factoids

I appreciate if you could show the code using resource iosxe_restconf to reproduce the following IOS-XE configuration:

no ntp logging
ntp source Gi0/0
ntp server ntp1.domain.com prefer
ntp server ntp2.domain.com
!
clock timezone TMZ -3
clock summer-time TMZ recurring 3 Sun Oct 0:00 3 Sun Feb 0:00

iosxe_restconf does not seem to support empty json

when you enable static route redistribution on an IOSXE device, the REST ends up looking like so:

{
    "Cisco-IOS-XE-bgp:bgp": [
        {
            "id": 65000,
            "bgp": {
                "log-neighbor-changes": true
            },
            "neighbor": [
                {
                    "id": "192.168.0.153",
                    "remote-as": 65000,
                    "description": "BGP Neighbor 1"
                }
            ],
            "address-family": {
                "no-vrf": {
                    "ipv4": [
                        {
                            "af-name": "unicast",
                            "ipv4-unicast": {
                                "neighbor": [
                                    {
                                        "id": "192.168.0.153",
                                        "activate": [
                                            null
                                        ],
                                        "route-map": [
                                            {
                                                "inout": "in",
                                                "route-map-name": "RM1"
                                            }
                                        ],
                                        "route-reflector-client": [
                                            null
                                        ]
                                    }
                                ],
                                "redistribute": {
                                    "static": {}
                                }
                            }
                        }
                    ]
                }
            }
        }
    ]
}

the issue is i have not found a way to pass an empty json "{}" using iosxe_restconf resource (which is what the routers seems to expect). this is what i'm trying

# BGP static redistribution
resource "iosxe_restconf" "bgp_redistribution" {
  for_each   = {for bgp in local.router_bgp : bgp.key => bgp}
  device     = each.key
  path       = "Cisco-IOS-XE-native:native/router/Cisco-IOS-XE-bgp:bgp=${each.value.asn}/address-family/no-vrf/ipv4=unicast/ipv4-unicast/redistribute/static"
  attributes = {
    "Cisco-IOS-XE-bgp:static" = "{}"
  }
}

when running this, i get the following error:

Stack trace from the terraform-provider-iosxe_v0.1.15.exe plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x1 addr=0x8 pc=0x111f8be]

goroutine 72 [running]:
github.com/netascode/go-restconf.(*Client).Discovery(0x0, {0xb430e5?, 0x1bdaa00?, 0x1?})
        github.com/netascode/[email protected]/client.go:395 +0x3e
github.com/netascode/go-restconf.(*Client).PatchData(0x0?, {0xc0004c4600, 0x80}, {0xc000428240, 0x3c}, {0x0, 0x0, _})
        github.com/netascode/[email protected]/client.go:510 +0x9f
github.com/netascode/terraform-provider-iosxe/internal/provider.(*RestconfResource).Create(0xc00000a7d0, {0x16df320, 0xc000078ea0}, {{{{0x16e4190, 0xc0000c4c00}, {0x143ea20, 0xc0000c4120}}, {0x16e64e8, 0xc0000adef0}}, {{{0x16e4190, ...}, ...}, ...}, ...}, ...)
        google.golang.org/[email protected]/server.go:966 +0x98
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/[email protected]/server.go:964 +0x28a

Error: The terraform-provider-iosxe_v0.1.15.exe plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

any idea how this would be done?

AAA

Hello, I need your help again. Could you add resources for aaa?

!
aaa new-model
!
aaa authentication login default local
aaa authentication login Tacacs-GROUP group Radius-GROUP local
aaa authentication login VTY_authen group Tacacs-GROUP local
aaa authentication dot1x default group Radius-GROUP
aaa authorization exec default local
aaa authorization exec VTY_author group Tacacs-GROUP local if-authenticated
aaa authorization network default group Radius-GROUP
aaa authorization network Tacacs-GROUP group Radius-GROUP
aaa accounting update newinfo periodic 2880
aaa accounting identity default start-stop group Radius-GROUP
aaa accounting exec default start-stop group Tacacs-GROUP
!
!
aaa server radius dynamic-author
client 10.10.15.12 server-key 123
client 10.10.15.13 server-key 123
!
aaa session-id common

!
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server attribute 31 mac format ietf upper-case
radius-server attribute 31 send nas-port-detail mac-only
radius-server dead-criteria time 5 tries 3
radius-server deadtime 3
!
radius server radius_10.10.15.12
address ipv4 10.10.15.12 auth-port 1812 acct-port 1813
timeout 4
retransmit 3
pac key 123
!
radius server radius_10.10.15.13
address ipv4 10.10.15.13 auth-port 1812 acct-port 1813
timeout 4
retransmit 3
pac key 123
!
tacacs server tacacs_10.10.15.12
address ipv4 10.10.15.12
key 123
timeout 4
tacacs server tacacs_10.10.15.13
address ipv4 10.10.15.13
key 123
timeout 4
!
!
aaa group server radius Radius-GROUP
server name radius_10.10.15.12
server name radius_10.10.15.13
ip radius source-interface Loopback0
!
aaa group server tacacs+ Tacacs-GROUP
server name tacacs_10.10.15.12
server name tacacs_10.10.15.13
!
!
cts authorization list dnac-Tacacs-GROUP

Bug: Ethernet interfaces with / in name

Terraform Version

Terraform v1.1.7

Affected Resource(s)

  • iosxe_interface_ethernet

Terraform Configuration Files

resource "iosxe_interface_ethernet" "example" {
  name = "1/0/21"
  type = "TwentyFiveGigE"
  description = "foobar"
}

Debug Output

2022-05-11T13:38:26.249Z [DEBUG] provider.terraform-provider-iosxe: 2022/05/11 13:38:26 [DEBUG] HTTP Request: PATCH, https://172.21.142.23/restconf/data/Cisco-IOS-XE-native:native/interface/TwentyFiveGigE=1/0/21, {{"Cisco-IOS-XE-native:21":{"name":"1/0/21","description":"foobar"}}}
2022-05-11T13:38:26.256Z [DEBUG] provider.terraform-provider-iosxe: 2022/05/11 13:38:26 [DEBUG] HTTP Response: {
2022-05-11T13:38:26.256Z [DEBUG] provider.terraform-provider-iosxe:   "ietf-restconf:errors": {
2022-05-11T13:38:26.256Z [DEBUG] provider.terraform-provider-iosxe:     "error": [
2022-05-11T13:38:26.256Z [DEBUG] provider.terraform-provider-iosxe:       {
2022-05-11T13:38:26.256Z [DEBUG] provider.terraform-provider-iosxe:         "error-type": "application",
2022-05-11T13:38:26.256Z [DEBUG] provider.terraform-provider-iosxe:         "error-tag": "invalid-value",
2022-05-11T13:38:26.256Z [DEBUG] provider.terraform-provider-iosxe:         "error-message": "uri keypath not found"
2022-05-11T13:38:26.256Z [DEBUG] provider.terraform-provider-iosxe:       }
2022-05-11T13:38:26.256Z [DEBUG] provider.terraform-provider-iosxe:     ]
2022-05-11T13:38:26.256Z [DEBUG] provider.terraform-provider-iosxe:   }
2022-05-11T13:38:26.256Z [DEBUG] provider.terraform-provider-iosxe: }
2022-05-11T13:38:26.256Z [DEBUG] provider.terraform-provider-iosxe: 2022/05/11 13:38:26 [ERROR] HTTP Request failed: StatusCode 404, RESTCONF errors {Error:[]} {PatchId: GlobalStatus:{Ok:false Errors:{Error:[]}} EditStatus:{Edit:[]}}
2022-05-11T13:38:26.256Z [DEBUG] provider.terraform-provider-iosxe: 2022/05/11 13:38:26 [DEBUG] Exit from Do method

Expected Behavior

Configure TwentyFiveGigE=1/0/21 interface

Actual Behavior

iosxe_interface_ethernet.example: Creating...
╷
│ Error: Client Error
│ 
│   with iosxe_interface_ethernet.example,
│   on main.tf line 24, in resource "iosxe_interface_ethernet" "example":
│   24: resource "iosxe_interface_ethernet" "example" {
│ 
│ Failed to configure object (PATCH), got error: HTTP Request failed: StatusCode 404, RESTCONF errors {Error:[]} {PatchId: GlobalStatus:{Ok:false Errors:{Error:[]}} EditStatus:{Edit:[]}}

So there are 2 separate issues that having / in the name causes.

Path escaping is required in the URL:

https://172.21.142.23/restconf/data/Cisco-IOS-XE-native:native/interface/TwentyFiveGigE=1/0/21
needs to be
https://172.21.142.23/restconf/data/Cisco-IOS-XE-native:native/interface/TwentyFiveGigE=1%2F0%2F21

I attempted to resolve the path escaping by escaping the value going into the getPath function however this caused issues downstream as this function is used heavily through the resources.

Incorrect payload:

{"Cisco-IOS-XE-native:21":{"name":"1/0/21","description":"foobar"}}

should be

{"Cisco-IOS-XE-native:TwentyFiveGigE":{"name":"1/0/21","description":"foobar"}}

This is an issue with the helpers.LastElement function splitting on the "/".

Add support for route-map and prefix-lists

first off, I wanted to say that I'm a huge fan of provider and the work you guys have done so far. It's been a lifesaver for my projects.

But, I noticed that there are no Route-Map and Prefix-List resources in the provider. I think it would be awesome if we could get those added. They're pretty important for network configuration, and it would be a huge help to have them available in Provider.

I know it might be a lot of work, but I really think it would be worth it. It would save us a ton of time and effort, and make the provider even more useful than it already is.

dynamic block inside resource

i wanted to ask if the resources in your provider supports dynamic blocks. i'm try to put all my locals in a nested list that has decoded csv files. like this:

locals {
  routers = [
    {
      name              = "Site-04_1"
      url               = "https://192.168.0.143"
      config_file_vrf   = csvdecode(file("${path.module}/configs/Site-04_01/vrf_config.csv"))
      vrf_config        = csvdecode(file("${path.module}/configs/Site-04_01/vrf_config.csv"))
      interface_config  = csvdecode(file("${path.module}/configs/Site-04_01/interface_config.csv"))
    }
  ]
}

i will have more than one router in the locals file. i need to be able to loop inside the resource for each router and then loop again to unpack the values of the csv file. i tried the following:

resource "iosxe_static_route" "example" {
  for_each = {for router in local.routers : router.name => router}
  device   = each.key
  dynamic "static_routes" {
    for_each = each.value.static_routes
    content {
      prefix    = static_routes.value.destination_network
      mask      = static_routes.value.subnet_mask
      next_hops = [
        {
          next_hop = static_routes.value.next_hop
        }
      ]
    }
  }
}

but it seems that the resource does not support dynamic blocks. i essentially just want to have all my intent data pulled in from CSV files for each router. any ideas?

IOSXE-ALC

Hi,
I'm appreciate your work! I'm going to use the terraform for my infrastructure where I have to support more 500 switches which will operate as fabric. I'd like ask you add several resources. The first resources is a ACL (We need use a lot of ACL for restrict access between vlan) and the second resources is base configuration (domain name, ssh configuration, enable/disable service,configuration logging) The most important resources is ACL.

iosxe_service not working for timestamps

Hi there,

Terraform Version

$ terraform version
Terraform v1.5.1

Affected Resource(s)

  • iosxe_service

Terraform Configuration Files

resource "iosxe_service" "services" {
  for_each                                = toset([for router in local.routers : router.name])

  device                                  = each.key
  pad                                     = false
  password_encryption                     = true
  timestamps                              = true
  timestamps_debug                        = true
  timestamps_debug_datetime               = true
  timestamps_debug_datetime_msec          = true
  timestamps_debug_datetime_localtime     = true
  timestamps_debug_datetime_show_timezone = true
  timestamps_debug_datetime_year          = true
  timestamps_debug_uptime                 = true
  timestamps_log                          = true
  timestamps_log_datetime                 = true
  timestamps_log_datetime_msec            = true
  timestamps_log_datetime_localtime       = true
  timestamps_log_datetime_show_timezone   = true
  timestamps_log_datetime_year            = true
  timestamps_log_uptime                   = true
  dhcp                                    = true
  tcp_keepalives_in                       = true
  tcp_keepalives_out                      = true
}```

### Debug Output
2023/06/24 22:43:54.914827384 {btman_R0-0}{1}: [utm_main] [8211]: (note): Inserted UTF(2) HT(old):nginx_pmanlog_R0-0[18] lnode /tmp/rp/trace/nginx_pmanlog_R0-0.31893_30.20230624224354.bin PID:31893
2023/06/24 22:43:55.914788733 {btman_R0-0}{1}: [utm_wq] [8211:19126]: (note): Inline sync, enqueue BTF message flags:0x9, PID:19126 BTF:/tmp/rp/trace/nginx_pmanlog_R0-0.31893_29.20230624224337.bin
2023/06/24 22:43:55.928327351 {btman_R0-0}{1}: [utm_wq] [8211]: (note): utm delete /tmp/rp/trace/nginx_pmanlog_R0-0.31893_29.20230624224337.bin
2023/06/24 22:43:56.845263516 {dmiauthd_R0-0}{1}: [errmsg] [29299]: (note): %DMI-5-AUTH_PASSED: R0/0: dmiauthd: User 'admin' authenticated successfully from x.x.x.x:0  for rest over http. External groups: PRIV15
22:49:31: %DMI-5-AUTH_PASSED: R0/0: dmiauthd: User 'admin' authenticated successfully from x.x.x.x:0  for rest over http. External groups: PRIV15
22:49:31: %DMI-5-CONFIG_I: R0/0: dmiauthd: Configured from NETCONF/RESTCONF by admin, transaction-id 686
22:49:31: %SYS-5-CONFIG_P: Configured programmatically by process iosp_dmiauthd_conn_100001_vty_100001 from console as admin on vty62
22:49:31: %DMI-5-SYNC_NEEDED: R0/0: dmiauthd: Configuration change requiring running configuration sync detected - 'service timestamps debug datetime msec localtime show-timezone year'. The running configuration will be synchronized  to the NETCONF running data store.
2023/06/24 22:43:57.003228407 {iosrp_R0-0}{1}: [parser_cmd] [5487]: (note): id= no ip address@vty62:user=admin cmd: ' configure terminal lock' SUCCESS 2023/06/24 22:43:57.002 UTC
2023/06/24 22:43:57.178709740 {iosrp_R0-0}{1}: [parser_cmd] [5487]: (note): id= no ip address@vty62:user=admin cmd: 'no service pad' SUCCESS 2023/06/24 22:43:57.178 UTC
2023/06/24 22:43:57.179108880 {iosrp_R0-0}{1}: [parser_cmd] [5487]: (note): id= no ip address@vty62:user=admin cmd: 'service password-encryption' SUCCESS 2023/06/24 22:43:57.178 UTC
2023/06/24 22:43:57.180176080 {iosrp_R0-0}{1}: [parser_cmd] [5487]: (note): id= no ip address@vty62:user=admin cmd: 'service timestamps debug datetime msec localtime show-timezone year' SUCCESS 2023/06/24 22:43:57.179 UTC
2023/06/24 22:43:57.180550964 {iosrp_R0-0}{1}: [parser_cmd] [5487]: (note): id= no ip address@vty62:user=admin cmd: 'service timestamps debug uptime' SUCCESS 2023/06/24 22:43:57.180 UTC
2023/06/24 22:43:57.182042325 {iosrp_R0-0}{1}: [parser_cmd] [5487]: (note): id= no ip address@vty62:user=admin cmd: 'service timestamps log datetime msec localtime show-timezone year' SUCCESS 2023/06/24 22:43:57.180 UTC
2023/06/24 22:43:57.182571504 {iosrp_R0-0}{1}: [parser_cmd] [5487]: (note): id= no ip address@vty62:user=admin cmd: 'service timestamps log uptime' SUCCESS 2023/06/24 22:43:57.182 UTC
2023/06/24 22:43:57.183023878 {iosrp_R0-0}{1}: [parser_cmd] [5487]: (note): id= no ip address@vty62:user=admin cmd: 'service dhcp' SUCCESS 2023/06/24 22:43:57.182 UTC
2023/06/24 22:43:57.183455110 {iosrp_R0-0}{1}: [parser_cmd] [5487]: (note): id= no ip address@vty62:user=admin cmd: 'service tcp-keepalives-in' SUCCESS 2023/06/24 22:43:57.183 UTC
2023/06/24 22:43:57.183880886 {iosrp_R0-0}{1}: [parser_cmd] [5487]: (note): id= no ip address@vty62:user=admin cmd: 'service tcp-keepalives-out' SUCCESS 2023/06/24 22:43:57.183 UTC
2023/06/24 22:43:57.184586450 {dmiauthd_R0-0}{1}: [errmsg] [29299]: (note): %DMI-5-CONFIG_I: R0/0: dmiauthd: Configured from NETCONF/RESTCONF by admin, transaction-id 686
2023/06/24 22:43:57.185262753 {iosrp_R0-0}{1}: [iosrp] [5487]: (note):  22:49:31: %DMI-5-AUTH_PASSED: R0/0: dmiauthd: User 'admin' authenticated successfully from x.x.x.x:0  for rest over http. External groups: PRIV15
2023/06/24 22:43:57.185361949 {iosrp_R0-0}{1}: [iosrp] [5487]: (note):  22:49:31: %DMI-5-CONFIG_I: R0/0: dmiauthd: Configured from NETCONF/RESTCONF by admin, transaction-id 686
2023/06/24 22:43:57.319566728 {iosrp_R0-0}{1}: [iosrp] [5487]: (note):  22:49:31: %SYS-5-CONFIG_P: Configured programmatically by process iosp_dmiauthd_conn_100001_vty_100001 from console as admin on vty62

### Expected Behavior
Module should be configuring service timestamp options on Catalyst

### Actual Behavior
terraform is informing all configurations set but no configs are present on switches

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
  + create

Terraform will perform the following actions:

  # iosxe_service.services["sw1"] will be created
  + resource "iosxe_service" "services" {
      + device                                  = "sw1"
      + dhcp                                    = true
      + id                                      = (known after apply)
      + pad                                     = false
      + password_encryption                     = true
      + tcp_keepalives_in                       = true
      + tcp_keepalives_out                      = true
      + timestamps                              = true
      + timestamps_debug                        = true
      + timestamps_debug_datetime               = true
      + timestamps_debug_datetime_localtime     = true
      + timestamps_debug_datetime_msec          = true
      + timestamps_debug_datetime_show_timezone = true
      + timestamps_debug_datetime_year          = true
      + timestamps_debug_uptime                 = true
      + timestamps_log                          = true
      + timestamps_log_datetime                 = true
      + timestamps_log_datetime_localtime       = true
      + timestamps_log_datetime_msec            = true
      + timestamps_log_datetime_show_timezone   = true
      + timestamps_log_datetime_year            = true
      + timestamps_log_uptime                   = true
    }

Plan: 1 to add, 0 to change, 0 to destroy.
iosxe_service.services["sw1"]: Creating...
iosxe_service.services["sw1"]: Creation complete after 1s [id=Cisco-IOS-XE-native:native/service]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.


But on switch we have:
sw1#show runn | inc service
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption

Trying all commands directly on switch is working as expected.

### Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
1. `terraform apply`

### Important Factoids
Catalyst Model:
Version: Cisco IOS XE Software [Cupertino], Version 17.09.03

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.