Selectively Delete Child Objects (Nested) Created With REST

aj-cruz · March 2, 2021, 8:03pm

I am working with Cisco ACI creating switch configurations. Specifically I am creating fabric interface profiles for a set of switches.
Unfortunately the current version of the ACI provider does not have a native module to do this, so I’m using the provider’s generic aci_rest module.

I am creating the switch profiles with one resource, then I have a second resource to associate the interface profiles with the appropriate switch profile.
Here’s what the module looks like:

resource “aci_rest” “leaf_switch_profile” {
for_each = var.leaf_switch_profiles
path = “/api/node/mo/uni/fabric/leprof-{each.value.name}.json" payload = <<EOF { "fabricLeafP": { "attributes": { "dn": "uni/fabric/leprof-{each.value.name}”,
“name”: “{each.value.name}", "descr": "{each.value.description}”,
“rn”: “leprof-${each.value.name}”
},
“children”:
}
}
EOF
}

resource “aci_rest” “leaf_interface_associations” {
depends_on = [aci_rest.leaf_switch_profile]
for_each = var.leaf_interface_associations
path = “/api/node/mo/uni/fabric/leprof-{each.value.switch_profile}.json" payload = <<EOF { "fabricLeafP": { "attributes": { "dn": "uni/fabric/leprof-{each.value.switch_profile}”,
“name”: “{each.value.switch_profile}", "rn": "leprof-{each.value.switch_profile}”,
“status”: “modified”
},
“children”: [
{
“fabricRsLePortP”: {
“attributes”: {
“tDn”: “uni/fabric/leportp-${each.value.name}”
},
“children”:
}
}
]
}
}
EOF
}

Here’s what the plan looks like:

module “leaf-switches” {
source = “./modules/fabric-policies/leaf-switches”
depends_on = [module.leaf-interfaces]

leaf_switch_profiles = {
    profile1 = {
        name = "Leaf201-SwPro"
        description = ""
    }
    profile2 = {
        name = "Leaf202-SwPro"
        description = "test"
    }
}

leaf_interface_associations = {
    interface1 = {
        name = "Leaf201-Fabric-IntPro"
        switch_profile = "Leaf201-SwPro"
    }
    interface2 = {
        name = "Leaf202-Fabric-IntPro"
        switch_profile = "Leaf202-SwPro"
    }
}

This works fine to create all the resources.
The problem is, the switch profile and the interface association use the same REST path, so if I delete just the association (say interface2), it deletes the entire switch profile.

Is there a better approach to creating these resources that would allow me to selectively delete the child objects?

Thanks!

aj-cruz · March 3, 2021, 3:55pm

I figured out how to do this using a REST approach.
I realized the REST post to delete a child must be different than the post to create the child, because I can delete the child manually through the GUI without it affecting the parent. I captured a child delete and sure enough I could see the post come across un-nested.
So instead of using the standard nested post for creating the child, I used the post from the delete operation (but without the status set to “delete”) and I was able to create the child independent of the parent.
I can now delete it independently as well.
For reference, the resource now looks like this:

resource “aci_rest” “leaf_interface_associations” {
depends_on = [aci_rest.leaf_switch_profile]
for_each = var.leaf_interface_associations
path = “/api/node/mo/uni/fabric/leprof-{each.value.switch_profile}/rslePortP-[uni/fabric/leportp-{each.value.name}].json”
payload = <<EOF
{
“fabricRsLePortP”: {
“attributes”: {
“dn”: “uni/fabric/leprof-{each.value.switch_profile}/rslePortP-[uni/fabric/leportp-{each.value.name}]”
},
“children”: [ ]
}
}
EOF
}