[ELBv3] Adding a IP from another project as pool member

[MrLuje]

Hi there,

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

Terraform Version

1.1.9

Affected Resource(s)

Please list the resources as a list, for example:

• flexibleengine_lb_loadbalancer_v3
• flexibleengine_lb_listener_v3
• flexibleengine_lb_pool_v2
• flexibleengine_lb_member_v2

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

I have 2 projects :

• one for the LoadBalancer(which is the default project of the terraform below)
• another one in which I have some VMs

I want the LoadBalancer to forward traffic to VMs' from the other project. If I create everything manually, it works fine (Cross-VPC backend, dedicated loadbalaner, listener, member pool and the IP of a VM as member) When I try to reproduce this in terraform, it fails because it doesn't find the subnet of the flexibleengine_lb_member_v2 because, I guess, it tries to find it in the loadbalancer's project whereas I'd like it to search in the VMs' project

Terraform Configuration Files

resource "flexibleengine_vpc_v1" "vpc" {
  name = "vpc"
  cidr = "10.1.128.0/24"
}

resource "flexibleengine_vpc_subnet_v1" "subnet" {
  name = "subnet"
  cidr = "10.1.128.0/25"
  vpc_id     = flexibleengine_vpc_v1.vpc.id
  gateway_ip = "10.1.128.1"
}

data "flexibleengine_elb_flavors" "flavors_l7" {
  type            = "L7"
  max_connections = 200000
  cps             = 2000
  bandwidth       = 50
  #    qps             = 4000
}

data "flexibleengine_elb_flavors" "flavors_l4" {
  type            = "L4"
  max_connections = 500000
  cps             = 10000
  bandwidth       = 50
}

resource "flexibleengine_lb_loadbalancer_v3" "elb_k8s" {
  name              = "elb_k8s"
  cross_vpc_backend = true

  vpc_id         = flexibleengine_vpc_v1.vpc.id
  ipv4_subnet_id = flexibleengine_vpc_subnet_v1.subnet.subnet_id

  l4_flavor_id = data.flexibleengine_elb_flavors.flavors_l4.ids[0]
  l7_flavor_id = data.flexibleengine_elb_flavors.flavors_l7.ids[0]

  availability_zone = [
    "eu-west-0a",
    "eu-west-0b",
  ]

  ipv4_eip_id = flexibleengine_vpc_eip_v1.eip_k8s.id
}

resource "flexibleengine_lb_listener_v3" "istio-https" {
  name            = "https"
  protocol        = "HTTPS"
  protocol_port   = 443
  loadbalancer_id = flexibleengine_lb_loadbalancer_v3.elb_k8s.id

  idle_timeout     = 60
  request_timeout  = 60
  response_timeout = 60

  http2_enable       = true
  tls_ciphers_policy = "tls-1-2"
}

resource "flexibleengine_lb_pool_v2" "nodes" {
  name        = "backend-https"
  protocol    = "HTTP"
  lb_method   = "ROUND_ROBIN"
  listener_id = flexibleengine_lb_listener_v3.istio-https.id
}

resource "flexibleengine_lb_monitor_v2" "nodes" {
  pool_id     = flexibleengine_lb_pool_v2.nodes.id
  type        = "TCP"
  delay       = 5
  timeout     = 3
  max_retries = 5
  port        = 22 # 31390
}

resource "flexibleengine_lb_member_v2" "nodes" {
  address       = "10.1.128.150"    # <--- this IP is from another project/tenant
  protocol_port = 31390
  pool_id       = flexibleengine_lb_pool_v2.nodes.id
  subnet_id     = data.terraform_remote_state.dev-rci_k8s.outputs.subnet_id   # <---- this subnet is from another project/tenant
}

Expected Behavior

What should have happened?

Actual Behavior

flexibleengine_lb_member_v2.nodes: Creating... │ Error: Error creating member: Resource not found: [POST https://elb.eu-west-0.prod-cloud-ocb.orange-business.com/v2.0/lbaas/pools/65f596e5-4078-45a1-8c5d-534efe77debc/members], error message: {"NeutronError": {"detail": "", "message": "Subnet e7cd9b07-7650-4a21-9ed3-a5cac536b70a could not be found.", "type": "NotFound"}} │ │ with flexibleengine_lb_member_v2.nodes, │ on elb.tf line 107, in resource "flexibleengine_lb_member_v2" "k8s_nodes": │ 107: resource "flexibleengine_lb_member_v2" "k8s_nodes" { │

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply

I wondered if the tenant_id property (https://registry.terraform.io/providers/FlexibleEngineCloud/flexibleengine/latest/docs/resources/lb_member_v2#tenant_id) should be used for this case.

resource "flexibleengine_lb_member_v2" "nodes" {
  address       = "10.1.128.150"    # <--- this IP is from another project/tenant
  protocol_port = 31390
  pool_id       = flexibleengine_lb_pool_v2.nodes.id
  subnet_id     = data.terraform_remote_state.dev-rci_k8s.outputs.subnet_id   # <---- this subnet is from another project/tenant
+ tenant_id    =  xxxxxx
}

but when trying it, I have the following message (but I'm already admin of my tenant):

error message: {"NeutronError": {"detail": "", "type": "HTTPBadRequest", "message": "Specifying 'tenant_id' other than authenticated tenant in request requires admin privileges"}}

[ShiChangkuo]

@MrLuje the issue seems to be caused by the API side, suggest to open a service ticket to fix it. also, I'll try to upgrade the API version.

[houpeng80]

you can create pool, monitor and menber with the resource flexibleengine_lb_pool_v3, flexibleengine_lb_monitor_v3 and flexibleengine_lb_member_v3, and don't set the param subnet_id when you create the resource of flexibleengine_lb_member_v3.