Meraki Community

zbuchheit · ‎Aug 13 2024

While using PUT /organizations/{organizationId}/appliance/vpn/thirdPartyVPNPeers I encountered a problem where sending duplicate peers in the put request breaks using the downstream Terraform provider. I encountered this while using the Terraform provider and accidentally sent off duplicate values.

While using the endpoint I think I would expect a bad request or conflict error response.

Oren

Hey Zach,
Can you provide the request you're sending and the response you're getting back?

zbuchheit

Hi Oren,

Sure. As an example
PUT https://api.meraki.com/api/v1/organizations/redacted/appliance/vpn/thirdPartyVPNPeers

with the following body
```

{

"peers": [

{

"name": "Test-1",

"privateSubnets": [

"0.0.0.0/0"

],

"secret": "redacted",

"localId": "test-1.local",

"remoteId": "test-1.local",

"ikeVersion": "2",

"ipsecPolicies": {

"ikeCipherAlgo": [

"aes256"

],

"ikeAuthAlgo": [

"sha256"

],

"ikePrfAlgo": [

"default"

],

"ikeDiffieHellmanGroup": [

"group14"

],

"ikeLifetime": 28800,

"childCipherAlgo": [

"aes256",

"aes192",

"aes128",

"tripledes"

],

"childAuthAlgo": [

"sha256"

],

"childPfsGroup": [

"group2"

],

"childLifetime": 28800

},

"networkTags": [

"Test-1"

],

"publicIp": "192.0.2.1"

},

{

"name": "Test-1",

"privateSubnets": [

"0.0.0.0/0"

],

"secret": "redacted",

"localId": "test-1.local",

"remoteId": "test-1.local",

"ikeVersion": "2",

"ipsecPolicies": {

"ikeCipherAlgo": [

"aes256"

],

"ikeAuthAlgo": [

"sha256"

],

"ikePrfAlgo": [

"default"

],

"ikeDiffieHellmanGroup": [

"group14"

],

"ikeLifetime": 28800,

"childCipherAlgo": [

"aes256",

"aes192",

"aes128",

"tripledes"

],

"childAuthAlgo": [

"sha256"

],

"childPfsGroup": [

"group2"

],

"childLifetime": 28800

},

"networkTags": [

"Test-1"

],

"publicIp": "192.0.2.1"

}

]

}

```
to which the endpoint will respond with a 200 OK and the peers array I sent.

Once the duplicate data is in the peers array it will break the response back to terraform with the following error `Error: Duplicate Set Element`

You can see the terraform error by doing a simple data lookup

```

data "meraki_organizations_appliance_vpn_third_party_vpnpeers" "example" {

organization_id = "redacted"

}

```

Oren

I see. It sounds like the API is behaving as expected, but Terraform is struggling to handle the response. Is that correct?

zbuchheit

well depends on the view. If you would expect the API to allow for duplicate values, then you would say it is a bug with the Terraform provider handling duplicate values and the terraform provider should fix the handling.

If you don't think the API should allow for duplicate values, then it would be considered a bug with the API and the API should fix the handling of duplicate values

Oren

Technically, while the Dashboard (and the API) allow this configuration, having two identical entries wouldn't make sense unless the IDs or availability fields are different.

zbuchheit

got it, I opened a github issues on the terraform provider requesting validation be added in case that is where it should be added.

https://github.com/cisco-open/terraform-provider-meraki/issues/153

Meraki Community

Issue with duplicate values using /organizations/{organizationId}/appliance/vpn/thirdPartyVPNPeers

Issue with duplicate values using /organizations/{organizationId}/appliance/vpn/thirdPartyVPNPeers