search

FlexibleEngineCloud / terraform-provider-flexibleengine

Terraform flexibleengine provider
https://www.terraform.io/docs/providers/flexibleengine/
Mozilla Public License 2.0
30 stars 53 forks source link

Missing "Scenario" param for flexibleengine_nat_dnat_rule_v2 #303

Closed T0m-4s closed 3 years ago

T0m-4s commented 4 years ago

I can't assign the "Scenario" parameter available in the API (https://docs.prod-cloud-ocb.orange-business.com/usermanual/nat/en-us_topic_0127489530.htm). Could you add this new parameter to flexibleengine_nat_dnat_rule_v2?

Terraform Version

Terraform v0.12.20

Affected Resource(s)

flexibleengine_nat_dnat_rule_v2

Thanks

niuzhenguo commented 4 years ago

@T0m-4s not sure what do you mean the parameter on API docs https://docs.prod-cloud-ocb.orange-business.com/usermanual/nat/en-us_topic_0127489530.htm

T0m-4s commented 4 years ago

The Scenario Parameter is missing in flexibleengine_nat_dnat_rule_v2 and i need it because by default it is set to "Direct Connect" and i need "VPC"

Parameter Description
Scenario VPC: indicates the VPC scenario where all servers in the subnet share one EIP to provide services for the public networks through the DNAT rule. Direct Connect: indicates Direct Connect scenario where local servers that are connected to a VPC through Direct Connect or VPN access the public networks through the DNAT rule.
Port Type Specifies the port type, including All ports and Specific port. All ports: indicates the IP mapping method. This method is equivalent to assigning an EIP to a server. Any requests on the EIP will be forwarded by the NAT gateway to your server based on the mapping IP addresses.Specific port: indicates the port mapping method. The NAT gateway forwards the requests with specific protocol and port on the EIP to the corresponding port of the target server.
Protocol The protocol type can be TCP or UDP. This parameter is available if you select Specific port for Port Type. If you select All ports, this parameter is All by default.
EIP Specifies the EIP and port. You can only select an EIP that has not been bound, has been bound to a DNAT rule with Port Type set to Specific port of the current NAT gateway, or has been bound to an SNAT rule of the current NAT gateway.
Private IP Address In the VPC scenario, set this parameter to the IP address of the server in a VPC. This IP address is used by the server to provide external services through DNAT.In the Direct Connect scenario, set this parameter to IP address of the server in the local data center or the user's private IP address. This IP address is used by local servers that are connected to a VPC through Direct Connect or VPN to provide services for the Internet through DNAT.This port of Private IP Address needs to be configured if you select Specific port for Port Type.
ShiChangkuo commented 4 years ago

@T0m-4s I think the VPC scenario and the Direct Connect scenario have no difference for flexibleengine_nat_dnat_rule_v2 except on Private IP Address. According to terraform, we can use port_id param for the VPC scenario while using private_ip param for the Direct Connect scenario.

niuzhenguo commented 4 years ago

@T0m-4s Does the solution above work?

T0m-4s commented 4 years ago

no... but it's close. I don't understand why my action is forbidden. could you help ?

Error: Error creating Dnat: Action Forbidden

on main.tf line 124, in resource "flexibleengine_nat_dnat_rule_v2" "dnat": 124: resource "flexibleengine_nat_dnat_rule_v2" "dnat" {

resource "flexibleengine_nat_dnat_rule_v2" "dnat" { floating_ip_id = flexibleengine_vpc_eip_v1.eip_dnat.id nat_gateway_id = flexibleengine_nat_gateway_v2.nat_gw.id port_id = flexibleengine_networking_port_v2.port_dnat.id internal_service_port = 22 protocol = "tcp" external_service_port = 22 }

niuzhenguo commented 4 years ago

@T0m-4s Can you provide the detailed log by setting OS_DEBUG=1 TF_LOG=DEBUG with the terraform command. And Action Forbidden is usually because something wrong on server side @antonin-a @DafuSHI Can you help with this?

T0m-4s commented 4 years ago

Hello

here is the part of log concerning the dnat rule.

Thank you, Regards,

modu2020/03/04 09:03:05 [DEBUG] module.bastion.flexibleengine_nat_dnat_rule_v2.dnat: applying the planned Create change le.bas2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: 2020/03/04 09:03:05 [DEBUG] FlexibleEngine Region is: na-east-0 tion2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: 2020/03/04 09:03:05 [DEBUG] Creating new Dnat: map[string]interface {}{"nat_gateway_id":"5a232014-157a-4e1a-a7cc-5ddecc439373", "port_id":"43de3690-9600-4133-ad8d-eaab8f0c5517", "protocol":"tcp", "floating_ip_id":"97b115d6-a8f7-4fac-8235-13ef78d1090c", "internal_service_port":22, "external_service_port":22} .f2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: 2020/03/04 09:03:05 [DEBUG] FlexibleEngine Request URL: POST https://nat.na-east-0.prod-cloud-ocb.orange-business.com/v2.0/dnat_rules lex2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: 2020/03/04 09:03:05 [DEBUG] FlexibleEngine Request Headers: 2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: Accept: application/json i2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: Authorization: SDK-HMAC-SHA256 Credential=5WFXNLH3AFRA2YJCCHU4/20200304///sdk_request, SignedHeaders=accept;content-type;host;user-agent;x-sdk-date, Signature=f2360ffbe6cb1e099e1fb050b8929c43511451b80fa74b17bbfe269e2a5697e9 b2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: Content-Type: application/json lee2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: Host: nat.na-east-0.prod-cloud-ocb.orange-business.com n2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: User-Agent: HashiCorp Terraform/0.12.20 (+https://www.terraform.io) Terraform Plugin SDK/1.0.0 golangsdk/2.0.0 g2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: X-Project-Id: 1de1813a7a54401e8d2361ef264a8f03 i2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: X-Sdk-Date: 20200304T080305Z n2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: 2020/03/04 09:03:05 [DEBUG] FlexibleEngine Request Body: { e2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: "dnat_rule": { _2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: "external_service_port": 22, n2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: "floating_ip_id": "97b115d6-a8f7-4fac-8235-13ef78d1090c", a2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: "internal_service_port": 22, t_gin.terraform-provider-flexibleengine_v1.11.0_x4.exe: "nat_gateway_id": "5a232014-157a-4e1a-a7cc-5ddecc439373", d2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: "port_id": "43de3690-9600-4133-ad8d-eaab8f0c5517", n2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: "protocol": "tcp" a2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: } t2020-03-04T09:03:05.371+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: } _rule_v2.dnat: Creating... 2020-03-04T09:03:06.005+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: 2020/03/04 09:03:06 [DEBUG] FlexibleEngine Response Code: 403 2020-03-04T09:03:06.005+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: 2020/03/04 09:03:06 [DEBUG] FlexibleEngine Response Headers: 2020-03-04T09:03:06.005+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: Cache-Control: no-cache 2020-03-04T09:03:06.005+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: Content-Length: 24783 2020-03-04T09:03:06.005+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: Content-Type: text/html 2020-03-04T09:03:06.005+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: Pragma: no-cache 2020-03-04T09:03:06.005+0100 [DEBUG] plugin.terraform-provider-flexibleengine_v1.11.0_x4.exe: 2020/03/04 09:03:06 [DEBUG] Not logging because FlexibleEngine response body isn't JSON 2020/03/04 09:03:06 [DEBUG] module.bastion.flexibleengine_nat_dnat_rule_v2.dnat: apply errored, but we're indicating that via the Error pointer rather than returning it: Error creating Dnat: Action Forbidden 2020/03/04 09:03:06 [ERROR] module.bastion: eval: terraform.EvalApplyPost, err: Error creating Dnat: Action Forbidden 2020/03/04 09:03:06 [ERROR] module.bastion: eval: terraform.EvalSequence, err: Error creating Dnat: Action Forbidden

Error: Error creating Dnat: Action Forbidden

on modules\bastion\main.tf line 124, in resource "flexibleengine_nat_dnat_rule_v2" "dnat": 124: resource "flexibleengine_nat_dnat_rule_v2" "dnat" { 2020-03-04T09:03:06.120+0100 [DEBUG] plugin: plugin process exited: path=C:\applications_GIP\FlexEngineT.terraform\plugins\windows_amd64\terraform-provider-flexibleengine_v1.11.0_x4.exe pid=6436

2020-03-04T09:03:06.120+0100 [DEBUG] plugin: plugin exited

niuzhenguo commented 4 years ago

@T0m-4s It's very clear that the action is rejected by the API, we can't do any help on Terraform side. @antonin-a @DafuSHI need your help here.

antonin-a commented 3 years ago

@niuzhenguo @T0m-4s very late reply (sorry for that) but I discover this one while checking the opened issues. @T0m-4s did you finally find a answer with Flexible Engine support ?

ShiChangkuo commented 3 years ago

@T0m-4s I'm going to close this issue because there is no updates for a long time.

If you have found a problem that seems similar to this, please feel free to open a new issue.