COS Bucket Config : Updating an "allowed_ip" argument with an empty list of ip addresses causing JSON malformed error

[umarali-nagoor]

Problem :

 After COS bucket creation with list of white-listed ip addresses, if we try to remove the IP address filter by making the 
 allowed_ip list empty, JSON malformed error was encountered.

Steps :

1. Create a COS bucket with say one or more white-listed ip addresses ( allowed_ip )
2. Now try to update the bucket configuration by making the allowed_ip list empty and run terraform apply

Result :

ERROR provided JSON was malformed or did not validate against the published schema

SDK Used :

 https://github.com/IBM/ibm-cos-sdk-go-config

Snippet from api doc :

allowed_ip : List of IPv4 or IPv6 addresses in CIDR notation to be affected by firewall in CIDR notation is supported. Passing an empty array will lift the IP address filter. 

Tested in terraform-provider-ibm v1.8.1

[umarali-nagoor]

Api doc reference : https://cloud.ibm.com/apidocs/cos/cos-configuration#make-changes-to-a-bucket-s-configuration

[umarali-nagoor]

Executed following example

https://github.com/IBM/ibm-cos-sdk-go-config/blob/master/examples/resourceconfigurationv1/resourceconfiguration_v1.go

Steps:

1) Configure the allowed_ip list and update the existing COS bucket

Snippet code

// Update allowed_ip uOptions := &rc.UpdateBucketConfigOptions{ Bucket: core.StringPtr(bName), Firewall: &rc.Firewall{ AllowedIp: []string{"192.168.0.0","192.168.0.1"}, }, }

RESULT :

umars-MBP:resourceconfigurationv1 umarali$ go run resourceconfiguration_v1.go &{ 0xc000012280 0xc0000122a0 0xc0004822e0 } { "StatusCode": 200, "Headers": { "Accept-Ranges": [ "bytes" ], "Content-Length": [ "361" ], "Content-Type": [ "application/json" ], "Date": [ "Fri, 10 Jul 2020 06:01:42 GMT" ], "Etag": [ "76286f05-32e3-4ec1-9288-900ce3dbbe47" ], "Ibm-Cos-Config-Api-Ver": [ "1.0" ], "Ibm-Cos-Request-Id": [ "42b48449-6203-4e52-b33d-df5fde89797a" ] }, "Result": { "crn": "crn:v1:bluemix:public:cloud-object-storage:global:a/fcdb764102154c7ea8e1b79d3a64afe0:261372db-39a7-4567-9de3-125be049c756:bucket:test-bucket12345", "service_instance_crn": "crn:v1:bluemix:public:cloud-object-storage:global:a/fcdb764102154c7ea8e1b79d3a64afe0:261372db-39a7-4567-9de3-125be049c756::", "firewall": { "allowed_ip": [ "192.168.0.0", "192.168.0.1" ] } }, "RawResult": null }

2) Try to remove the ip based access by making allowed_ip list empty

// Update Config Options uOptions := &rc.UpdateBucketConfigOptions{ Bucket: core.StringPtr(bName), Firewall: &rc.Firewall{ AllowedIp: []string{}, }, }

RESULT:

The provided JSON was malformed or did not validate against the published schema

[nglange]

@umarali-nagoor I've got a workaround, but it requires a local edit to the SDK until we can release a patched version.

If you can go to line 342 and remove ,omitempty there shouldn't be a problem. Right now the compiler is looking at the empty slice and omitting from the generated JSON, causing the error. Once the omitempty flag is removed, then something like this will work to remove the firewall:

        var newFilter = make([]string, 0)

    uOptions := &rc.UpdateBucketConfigOptions{
        Bucket: core.StringPtr(bName),
        Firewall: &rc.Firewall{
            AllowedIp: newFilter,
        },
    }

[sandersrIBM]

Hi @umarali-nagoor, we are working with our internal team to get this addressed in our code generation tools. In the mean time, could you please try the workaround suggested above by @nglange and let us know if it works for you while we pursue the fix?

[sandersrIBM]

As mentioned we are tracking this issue now internally. Closing issue.

[hkantare]

@nglange @sandersrIBM Do we have any update on this issue...We need to have ETA for this