Open powellquiring opened 2 years ago
Hi @powellquiring,
Thanks for reporting the issue.
As a first step of my analysis i tried to reproduce the issue in test.cloud.ibm account and creation and destroy worked fine.
Also,
I ran the same test case in prod env i.e cloud.ibm account and still everything worked fine for me.
Please find the attached template and the result of the testing.
Can you please try again with the latest provider and if the issue still persist we can have a call to discus on the issue.
resource "ibm_is_security_group" "cos" {
name = "security-group-testing"
# vpc = "r134-7b4a313e-d8cc-4d50-92ea-7dd315dadd9b"
vpc = "r006-b0031fff-c6bb-4a4d-9afd-6c3fc9b7fb5b"
# resource_group = data.ibm_resource_group.all_rg.id
}
resource "ibm_is_security_group_rule" "cloud_ingress_cos" {
group = ibm_is_security_group.cos.id
direction = "inbound"
remote = "10.0.0.0/8" // on prem and cloud
tcp {
port_min = 443
port_max = 443
}
}
resource "ibm_is_security_group_rule" "cloud_egress_cos" {
group = ibm_is_security_group.cos.id
direction = "outbound"
remote = "10.0.0.0/8" // on prem and cloud
}
resource "ibm_is_virtual_endpoint_gateway" "endpoint_gateway" {
name = "virtual-endpoint-gateway-cos"
target {
name = "ibm-dns-server2"
resource_type = "provider_infrastructure_service"
}
# vpc = "r134-7b4a313e-d8cc-4d50-92ea-7dd315dadd9b"
vpc = "r006-b0031fff-c6bb-4a4d-9afd-6c3fc9b7fb5b"
security_groups = [ibm_is_security_group.cos.id]
}
I was able to reproduce using the steps provided, they are repeated below. Did you try these steps?
cd /tmp
git clone https://github.com/powellquiring/tfbugs
cd tfbugs/bug-vpc-endpoint-gateway-security-group
terraform init
terraform apply
mv sgeg.tf sgeg.tf.bu
terraform apply
`
@powellquiring I followed the steps you have mentioned and i still dont face any issue, can you please help me to reproduce the issue.
Please find the screen shot of the result:
Community Note
Terraform CLI and Terraform IBM Provider Version
Affected Resource(s)
Terraform Configuration Files
Race condition between the destroy of ibm_is_virtual_endpoint_gateway which is reported as destroyed, and later the destroy of the ibm_is_security_group_rule which fails because it is the only SG attached to the endpoint_gateway.
cat sgeg.tf.bu
Debug Output
Steps to Reproduce