bigip_ltm_policy: can't create new plan when initial creation failed

[markush81]

Environment

• TMOS/Bigip Version:

Sys::Version
Main Package
Product BIG-IP
Version 17.1.1.1
Build 0.0.2
Edition Point Release 1
Date Tue Nov 28 23:06:08 PST 2023

• Terraform Version:

Terraform v1.9.3

• Terraform bigip provider Version:

provider registry.terraform.io/f5networks/bigip v1.22.3

Summary

If creating a bigip_ltm_policy fails, it is kind in a stuck state.

Steps To Reproduce

Steps to reproduce the behavior:

resource "bigip_ltm_policy" "test" {
  controls = []
  name     = "/Common/test"
  requires = [
    "http",
  ]
  strategy = "all-match"

  rule {
    name = "Test"

    action {
      tm_name = "X-Server"
    }

    condition {
      tm_name = "X-Server"
    }
  }
}

This definition is wrong, because of missing attributes, so of course fails with

╷
│ Error: 01071706:3: Policy '/Common/Drafts/test', rule 'Test'; missing operand.
│ 
│   with bigip_ltm_policy.test,
│   on policy.tf line 2, in resource "bigip_ltm_policy" "test":
│    2: resource "bigip_ltm_policy" "test" {
│ 
╵

Now correcting it

resource "bigip_ltm_policy" "test" {
  controls = []
  name     = "/Common/test"
  requires = [
    "http",
  ]
  strategy = "all-match"

  rule {
    name = "Test"

    action {
      connection  = false
      remove      = true
      http_header = true
      response    = true
      tm_name = "X-Server"
    }

    condition {
      response         = true
      case_insensitive = true
      exists           = true
      http_header      = true
      tm_name = "X-Server"
    }
  }
}

fails with

╷
│ Error: 01020036:3: The requested Policy (/Common/test) was not found.
│ 
│   with bigip_ltm_policy.test,
│   on policy.tf line 2, in resource "bigip_ltm_policy" "test":
│    2: resource "bigip_ltm_policy" "test" {
│ 
╵

because there is already sth. in the state

bigip_ltm_policy.test: Refreshing state... [id=/Common/test]

...

# bigip_ltm_policy.test: (tainted)
resource "bigip_ltm_policy" "test" {
    id       = "/Common/test"
    name     = "/Common/test"
    requires = [
        "http",
    ]
    strategy = "all-match"

    rule {
        description = null
        name        = "Test"

        action {
            app_service          = null
            application          = null
            asm                  = false
            avr                  = false

...

But asking F5 about it's state fails with Error: 01020036:3 and this isn't detected automatically as "Ok, doesn't exist so let's create it". Instead we have to remove it from state to know successfully create it.

terraform state rm bigip_ltm_policy.test
Removed bigip_ltm_policy.test
Successfully removed 1 resource instance(s).

...

terraform apply

...

bigip_ltm_policy.test: Creation complete after 2s [id=/Common/test]

Apply complete! Resources: 1 added, 1 changed, 0 destroyed.

Expected Behavior

If creation fails, it still must be possible to create a new plan.

Actual Behavior

│ Error: 01020036:3: The requested Policy (/Common/test) was not found.

[pgouband]

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1647.

[rwl50]

Hi,

I can confirm that this is happening to us also.

BIGIP version: BIG-IP v15.1.10.3 (Build 0.3.12)
BIGIP tf provider version: 1.20.2
terraform version: v1.7.2

BR,
rwl