Issue with declaring a replace http_uri action inside policy rule

[rwl50]

Environment

• TMOS/Bigip Version: TMOS 15.1.4
• Terraform Version: 1.3.4
• Terraform bigip provider Version: 1.16.0

Summary

I am trying to apply the following modification (adding an action) to an existing rule inside a policy:

[2023-03-22 17:05:29] Terraform used the selected providers to generate the following execution
[2023-03-22 17:05:29] plan. Resource actions are indicated with the following symbols:
[2023-03-22 17:05:29] ~ update in-place
[2023-03-22 17:05:29]
[2023-03-22 17:05:29] Terraform will perform the following actions:
[2023-03-22 17:05:29]
[2023-03-22 17:05:29] # module.k8s-devops-devuat.bigip_ltm_policy.ltm_policies_buc["policy1"] will be updated in-place
[2023-03-22 17:05:29] ~ resource "bigip_ltm_policy" "ltm_policies_buc" {
[2023-03-22 17:05:29] id = "/k8s-devops-devuat/policy1_POLICY"
[2023-03-22 17:05:29] name = "/k8s-devops-devuat/policy1_POLICY"
[2023-03-22 17:05:29] # (3 unchanged attributes hidden)
[2023-03-22 17:05:29]
[2023-03-22 17:05:29] ~ rule {
[2023-03-22 17:05:29] name = "rule1"
[2023-03-22 17:05:29]
[2023-03-22 17:05:29] ~ action {
[2023-03-22 17:05:29] ~ forward = true -> false
[2023-03-22 17:05:29] + path = "tcl:[string map {/wallet/ /wallet-dynamic} [HTTP::uri]]"
[2023-03-22 17:05:29] ~ replace = false -> true
[2023-03-22 17:05:29] # (64 unchanged attributes hidden)
[2023-03-22 17:05:29] }
[2023-03-22 17:05:29] + action {
[2023-03-22 17:05:29] + connection = false
[2023-03-22 17:05:29] + forward = true
[2023-03-22 17:05:29] + pool = "/Common/test_POOL"
[2023-03-22 17:05:29] + request = true
[2023-03-22 17:05:29] }
[2023-03-22 17:05:29]
[2023-03-22 17:05:29] # (2 unchanged blocks hidden)
[2023-03-22 17:05:29] }
[2023-03-22 17:05:29] }
[2023-03-22 17:05:29]
[2023-03-22 17:05:29] # module.k8s-devops-devuat.bigip_ltm_policy.ltm_policies_clj["policy1"] will be updated in-place
[2023-03-22 17:05:29] ~ resource "bigip_ltm_policy" "ltm_policies_clj" {
[2023-03-22 17:05:29] id = "/k8s-devops-devuat/policy1_POLICY"
[2023-03-22 17:05:29] name = "/k8s-devops-devuat/policy1_POLICY"
[2023-03-22 17:05:29] # (3 unchanged attributes hidden)
[2023-03-22 17:05:29]
[2023-03-22 17:05:29] ~ rule {
[2023-03-22 17:05:29] name = "rule1"
[2023-03-22 17:05:29]
[2023-03-22 17:05:29] ~ action {
[2023-03-22 17:05:29] ~ forward = true -> false
[2023-03-22 17:05:29] + path = "tcl:[string map {/wallet/ /wallet-dynamic} [HTTP::uri]]"
[2023-03-22 17:05:29] ~ replace = false -> true
[2023-03-22 17:05:29] # (64 unchanged attributes hidden)
[2023-03-22 17:05:29] }
[2023-03-22 17:05:29] + action {
[2023-03-22 17:05:29] + connection = false
[2023-03-22 17:05:29] + forward = true
[2023-03-22 17:05:29] + pool = "/Common/test_POOL"
[2023-03-22 17:05:29] + request = true
[2023-03-22 17:05:29] }
[2023-03-22 17:05:29]
[2023-03-22 17:05:29] # (2 unchanged blocks hidden)
[2023-03-22 17:05:29] }
[2023-03-22 17:05:29] }
[2023-03-22 17:05:29]
[2023-03-22 17:05:29] Plan: 0 to add, 2 to change, 0 to destroy.

Steps To Reproduce

Steps to reproduce the behavior:

Tried with these two configurations (first one is from @RavinderReddyF5 provided in this issue: #591; the second one has been composed by me using the GUI to simulate the exact type of modification that I want to produce (draft policy -> add rule with condition + actions as below) and using developer tools (f12) to see what parameters are passed in the request)

resource "bigip_ltm_policy" "policy1" {
name = "policy1"
strategy = "first-match"
requires = ["http"]
controls = ["forwarding"]
rules = [
{
name = "rule1"
conditions = [
{
case_insensitive = true
http_uri = true
path = true
request = true
starts_with = true
values = ["/wallet"]
}
]
actions = [
{
http_host = true
replace = true
request = true
connection = false
value = "some_fqdn" <--- redacted real FQDN
},
{
forward = false
http_uri = true
replace = true
request = true
connection = false
path = "tcl:[string map {/wallet/ /wallet-dynamic} [HTTP::uri]]"
},
{
forward = true
request = true
connection = false
pool = "/Common/test_POOL"
}
]
}
]
}

resource "bigip_ltm_policy" "policy1" {
name = "policy1"
strategy = "first-match"
requires = ["http"]
controls = ["forwarding"]
rules = [
{
name = "rule1"
conditions = [
{
case_insensitive = true
http_uri = true
path = true
request = true
starts_with = true
values = ["/wallet"]
}
]
actions = [
{
http_host = true
replace = true
request = true
connection = false
value = "some_fqdn" <--- redacted real FQDN
},
{
forward = false
http_uri = true
replace = true
request = true
connection = false
value = "tcl:[string map {/wallet/ /wallet-dynamic} [HTTP::uri]]"
},
{
forward = true
request = true
connection = false
pool = "/Common/test_POOL"
}
]
}
]
}

2. To get to know more about the issue, provide terraform debug logs
   The first manifest produces this output:

[2023-03-22 17:05:53] module.k8s-devops-devuat.bigip_ltm_policy.ltm_policies_clj["policy1"]: Modifying... [id=/k8s-devops-devuat/policy1_POLICY]
[2023-03-22 17:05:53] module.k8s-devops-devuat.bigip_ltm_policy.ltm_policies_buc["policy"]: Modifying... [id=/k8s-devops-devuat/policy_POLICY]

Error: HTTP 400 :: {"code":400,"message":""select" may not be specified with "replace"","errorStack":[],"apiError":26214401}

with module.k8s-devops-devuat.bigip_ltm_policy.ltm_policies_buc["policy1"],
on .terraform/modules/k8s-devops-devuat/policy.tf line 14, in resource "bigip_ltm_policy" "ltm_policies_buc":
14: resource "bigip_ltm_policy" "ltm_policies_buc" {

Error: HTTP 400 :: {"code":400,"message":""select" may not be specified with "replace"","errorStack":[],"apiError":26214401}

with module.k8s-devops-devuat.bigip_ltm_policy.ltm_policies_clj["policy1"],
on .terraform/modules/k8s-devops-devuat/policy.tf line 82, in resource "bigip_ltm_policy" "ltm_policies_clj":
82: resource "bigip_ltm_policy" "ltm_policies_clj" {

The second manifest produces this output:

[2023-03-22 15:18:02] module.k8s-devops-devuat.bigip_ltm_policy.ltm_policies_clj["policy1"]: Creating...
[2023-03-22 15:18:02] module.k8s-devops-devuat.bigip_ltm_policy.ltm_policies_buc["policy1"]: Creating...

Error: HTTP 400 :: {"code":400,"message":"0107186c:3: Policy '/k8s-devops-devuat/Drafts/policy1_POLICY', rule 'rule1'; missing or invalid target.","errorStack":[],"apiError":3}

with module.k8s-devops-devuat.bigip_ltm_policy.ltm_policies_buc["policy1"],
on .terraform/modules/k8s-devops-devuat/policy.tf line 14, in resource "bigip_ltm_policy" "ltm_policies_buc":
14: resource "bigip_ltm_policy" "ltm_policies_buc" {

Error: HTTP 400 :: {"code":400,"message":"0107186c:3: Policy '/k8s-devops-devuat/Drafts/policy1_POLICY', rule 'rule1'; missing or invalid target.","errorStack":[],"apiError":3}

with module.k8s-devops-devuat.bigip_ltm_policy.ltm_policies_clj["policy1"],
on .terraform/modules/k8s-devops-devuat/policy.tf line 82, in resource "bigip_ltm_policy" "ltm_policies_clj":
82: resource "bigip_ltm_policy" "ltm_policies_clj" {

3. TF_LOG has been set to TRACE. No relevant additional logs have been produced. I have ommited the resource refresh as it is irrelevant to the issue.

Expected Behavior

I was expecting the modifications to go through. I crafted the manifest in accordance to the request that works in the GUI so I was expecting it to work.

After failure with manifest number 2 I started searching for this issue and I came across issue 591 (referenced above) and I tried with the manifest provided by @RavinderReddyF5

Actual Behavior

I am getting the above mentioned errors, without any extra (actionable) info in the output.

[pgouband]

Hi, issue is identified and internal ID to track this request is: INFRAANO-1150, thanks!