junos_security_address_book - plan output

[computeracer]

When deploying multiple network_address with the same name under the junos_security_address_book resource the terraform plan will pass, but a terraform deploy will fail. I would expect this to fail during the plan.

Terraform HCL:

resource "junos_security_address_book" "global" {
  name = "global"
  network_address {
      name        = "test1"
      value       = "8.8.8.8/32"
      description = "test1"
  }
  network_address {
      name        = "test1"
      value       = "8.8.8.1/32"
      description = "duplicate of test1"
  }
}

$ terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # junos_security_address_book.global will be created
  + resource "junos_security_address_book" "global" {
      + id   = (known after apply)
      + name = "global"

      + network_address {
          + description = "duplicate of test1"
          + name        = "test1"
          + value       = "8.8.8.1/32"
        }
      + network_address {
          + description = "test1"
          + name        = "test1"
          + value       = "8.8.8.8/32"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
$ terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # junos_security_address_book.global will be created
  + resource "junos_security_address_book" "global" {
      + id   = (known after apply)
      + name = "global"

      + network_address {
          + description = "duplicate of test1"
          + name        = "test1"
          + value       = "8.8.8.1/32"
        }
      + network_address {
          + description = "test1"
          + name        = "test1"
          + value       = "8.8.8.8/32"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

junos_security_address_book.global: Creating...
╷
│ Error: multiple addresses with the same name test1
│ 
│   with junos_security_address_book.global,
│   on main.tf line 41, in resource "junos_security_address_book" "global":
│   41: resource "junos_security_address_book" "global" {

[jeremmfr]

Hi,

This provider uses the Terraform plugin terraform-plugin-sdk/v2 which does not allow validation on Plan between attribute values. It simply allows for adding validations on each value and constraints of addition or conflict between attributes.

The new plugin terraform-plugin-framework allows for adding validations on an entire resource on Plan. But the plugin is still in technical preview and the migration to this new plugin will require a lot of work.

So right now I don't have a solution with the current plugin used, but the problem can be solved when the new framework plugin can be integrated into this provider.