No management-only switch for physical interface

[rchrabas]

I'm trying to manage the Diagnostic0/0 interface, however it seems there is hardcoded value for 'management-only', which does not seem to be manageable and that makes deployment fail.

╷
│ Error: unable to update physical interface
│ 
│   with fmc_device_physical_interfaces.DeviceVar1PhysicalInterfaceVar9,
│   on 0051-interfaces.tf line 118, in resource "fmc_device_physical_interfaces" "DeviceVar1PhysicalInterfaceVar9":
│  118: resource "fmc_device_physical_interfaces" "DeviceVar1PhysicalInterfaceVar9" {
│ 
│ getting physical interfaces:
│ https://[redacted]/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords/05edadf4-628b-11ee-89e6-9e7c8bc2f790/physicalinterfaces/005056B0-B67D-0ed3-0000-008589939889
│ - wrong status code: 400, error category: FRAMEWORK, error severity: ERROR,
│ error messages: [{Diagnostic0/0: Management-Only field cannot be modified
│ on Management interface.}]

[205101-retr0]

This might happen sometimes when the mapping between the interfaces during the deployment isn't clear. Could you please share the configuration code for this?

[rchrabas]

Sure, this is my code

data "fmc_device_physical_interfaces" "DeviceVar1PhysicalInterfaceVar9" {
  name = "Diagnostic0/0"
  device_id = data.fmc_devices.DeviceVar1.id
}

resource "fmc_device_physical_interfaces" "DeviceVar1PhysicalInterfaceVar9" {
  device_id = data.fmc_devices.DeviceVar1.id
  enabled = true
  ipv6_enforce_eui = false
  mode = "NONE"
  mtu = "1500"
  name = "Diagnostic0/0"
  physical_interface_id = data.fmc_device_physical_interfaces.DeviceVar1PhysicalInterfaceVar9.id
}

[205101-retr0]

Hello again,
Sorry for taking so long to repsond. I have been testing this feature on a private branch for the past few days. Could you share specific scenarios where you envision using the enhanced feature? Understanding your use case will guide our development efforts effectively. Feel free to provide any details or examples that come to mind. Appreciate your input!

[rchrabas]

Hey,
I'm working on small project of my own. It's not super urgent, but at that same time this shouldn't be much complicated as this is directly supported by API?

[205101-retr0]

Hey,
This is a bit weird to explain. For every feature, there is four APIs generally dedicated to CRUD. Physical interfaces has only 2 update and delete, probably because they are physical elements. Diagnostic, which you are trying to control, is a default interface is which cannot be deleted.
Now, this is where terraform starts to make it hard. So when you create a resource, the create func is called. when you update the update is called and so on. But in case of phy int, only update func is called everytime and it tends to mess the terraform's internal state. This "update" essentially deletes the existing one and creates a new one in its place.
So we did code in the management-only feature; And it did let us control the diagnostic interface. But everytime I made a change to it or to any other resource used by it, terraform tried to delete it which is threw error.

Best way is to just change through the UI. If that's not an option for you then you, then you can try using ansible to do the same. FMCAnsible - Follow this link and check it out once. Ansible is not stateful so it's not gonna try to destroy anything, it does what you'll tell it to do.

Hope this helps.

[rchrabas]

Okey, so you basically cannot fix that on Terraform level. Is this what you are trying to tell me ?

[205101-retr0]

No, unless you prefer encountering challenges when making changes, as Terraform can be less optimal compared to ansible in handling such situations.