Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AVX-50899: fqdn_lan_interface is not needed for firenet fqdn association #1970

Merged
merged 1 commit into from
Mar 8, 2024
Merged

AVX-50899: fqdn_lan_interface is not needed for firenet fqdn association #1970

merged 1 commit into from
Mar 8, 2024

Conversation

shanxu2017
Copy link
Contributor

@shanxu2017 shanxu2017 commented Mar 7, 2024
edited

Issue

After create Firenet FQDN association, reapply same config, will cause destroy and reapply due to fqdn_lan_interface change

aviatrix_firewall_instance_association.arm_fqdn_gw_association[0] must be replaced
-/+ resource "aviatrix_firewall_instance_association" "arm_fqdn_gw_association" {
      ~ id              = "arm-transit-firenet-vnet:rg-av-arm-transit-firenet-vnet-817240:228a1824-5210-4398-97bb-f7bf5900da65~~arm-transit-firenet-gateway~~arm-fqdn-transit-firenet-gw" -> (known after apply)
      ~ lan_interface   = "av-nic-arm-fqdn-transit-firenet-gw_eth-fqdnlan0" -> "av-nic-arm-fqdn-transit-firenet-gw_eth1" # forces replacement
        # (5 unchanged attributes hidden)
    }

RCA

av-nic-arm-fqdn-transit-firenet-gw_eth1 is from avixtrix_gateway resource, however, this value is hard-coded in terraform code, not from controller API response.
av-nic-arm-fqdn-transit-firenet-gw_eth-fqdnlan0 is from Firenet resouce, which is returned from controller API response.
These 2 values mismatch.

Fix

For Firenet FQDN gateway, this fqdn_lan_interface is not used at all. Controller/copilot UI doesn't use it as well. Only controller backend use it internally.
Therefore, set it to empty value and remove from terraform logic.

@shanxu2017 shanxu2017 marked this pull request as ready for review March 7, 2024 19:00
@inc1t3Ful
Copy link
Contributor

By removing the fqdn_lan_interface from outputting in the gateway resource/data source, there is no way to pass a lan_interface into the aviatrix_firewall_instance_association resource. Is that intended to be unnecessary now as an input for attaching the FQDN gateway to Firenet?

@shanxu2017
Copy link
Contributor Author

By removing the fqdn_lan_interface from outputting in the gateway resource/data source, there is no way to pass a lan_interface into the aviatrix_firewall_instance_association resource. Is that intended to be unnecessary now as an input for attaching the FQDN gateway to Firenet?

You can pass lan_interface into the aviatrix_firewall_instance_association resource. I didn't remove it. I tested, pass in no problem. The code just ignore whatever passed in.

inc1t3Ful
inc1t3Ful approved these changes Mar 7, 2024
View reviewed changes
Copy link
Contributor

@inc1t3Ful inc1t3Ful left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@shanxu2017 shanxu2017 merged commit 1e41ee4 into master Mar 8, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@inc1t3Ful inc1t3Ful inc1t3Ful approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@shanxu2017 @inc1t3Ful