browningluke / terraform-provider-opnsense

OPNsense Terraform Provider

Home Page:https://registry.terraform.io/providers/browningluke/opnsense/latest

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Wireguard reconfigure call always fails with no status

ikaruswill opened this issue · comments

Background

I've been struggling with the following error lately when attempting to create wireguard servers and clients.

Unable to create wg server, got error: reconfigure failed. status:

Observations

  • The interesting part is that the wg server is actually created, but the module is unable to determine the success of the add operation.
  • Import of the newly created resource works as expected

Debugging

Tracing the code: https://github.com/browningluke/opnsense-go/blob/main/pkg/api/client.go#L139

        // Validate service restarted correctly
	status := cases.Lower(language.English).String(
		strings.TrimSpace(respJson.Status),
	)

It appears that we are expecting a status field.

Looking at trace logs in terraform, I get the following:

2024-01-31T03:12:21.225+0800 [DEBUG] provider.terraform-provider-opnsense_v0.10.0: HTTP/1.1 200 OK
2024-01-31T03:12:21.225+0800 [DEBUG] provider.terraform-provider-opnsense_v0.10.0: Content-Length: 15
2024-01-31T03:12:21.225+0800 [DEBUG] provider.terraform-provider-opnsense_v0.10.0: Content-Type: application/json; charset=UTF-8
2024-01-31T03:12:21.225+0800 [DEBUG] provider.terraform-provider-opnsense_v0.10.0: Date: Tue, 30 Jan 2024 19:12:20 GMT
2024-01-31T03:12:21.226+0800 [DEBUG] provider.terraform-provider-opnsense_v0.10.0: Server: OPNsense
2024-01-31T03:12:21.226+0800 [DEBUG] provider.terraform-provider-opnsense_v0.10.0: 
2024-01-31T03:12:21.226+0800 [DEBUG] provider.terraform-provider-opnsense_v0.10.0: {"result":"ok"}

It appears that OPNsense is returning a result field.

Root cause

OPNsense is returning result instead of status which is what is expected by the module, and as a result, the terraform module falsely returns a failure, but the resource is actually created.

I have yet to determine which OPNsense version contained this change, but for more clarity, I'm on 23.7.12_5.

Hey @ikaruswill, thanks so much for your detailed write up on this!

I'll work on a fix and get it out soon. I'll also check if this broke because of a version upgrade, since it was working when I published it 😕.

Thanks @browningluke appreciate it! Yeah I think it probably worked before, no doubts about the quality of your work there! Just that I haven't had the chance to dive deeper into which commit/version on OPNsense broke it.

Ah, turns out it's due to the fact that there are 2 different wireguard plugins.

os-wireguardplugin returns the result field.
os-wireguard-go plugin returns the status field.

Unfortunately, it looks like it's the only OPNsense controller I've run into so far that responds with result.

It looks like I developed the plugin with the os-wireguard-go one in mind (since that's what I'm running on my OPNsense).

I'll need to check and see if there are any other API differences, and see if I can handle both with a single set of resources.

Should be fixed now in the latest version. Give it a go and let me know if you run into any more problems!