When a firewall is created using create_default_rules = true flag, the firewall can be created using terraform apply, and any subsequent terraform plan will take that flag into account.
However, once the Terraform state is manually adjusted, such as using terraform state rm and then terraform import, this flag will not be imported (I'm assuming there is no inferring happen, though it is probably technically possible), causing the firewall adjustment will throw an error unless you specifically set create_default_rules = false.
resource "civo_firewall" "firewall" {
name = var.civo_cluster_name
network_id = civo_network.network.id
region = var.civo_region
create_default_rules = true
}
2. Check `terraform plan` works without any error, and no change needed
3. Check the ID for the created network
```bash
__firewall_id=$(terraform show -json | jq -r '.values.root_module.resources | map(select(.type == "civo_firewall").values.id)[]')
echo $__firewall_id
Description
When a firewall is created using
create_default_rules = true
flag, the firewall can be created usingterraform apply
, and any subsequentterraform plan
will take that flag into account.However, once the Terraform state is manually adjusted, such as using
terraform state rm
and thenterraform import
, this flag will not be imported (I'm assuming there is no inferring happen, though it is probably technically possible), causing the firewall adjustment will throw an error unless you specifically setcreate_default_rules = false
.Steps to reproduce:
resource "civo_network" "network" { label = var.civo_cluster_name region = var.civo_region }
resource "civo_firewall" "firewall" { name = var.civo_cluster_name network_id = civo_network.network.id region = var.civo_region create_default_rules = true }
Remove the state for firewall
Import the state
Try
terraform plan
, and get error related tocreate_default_rules
and Egress errorI think there is a way to set the
create_default_rules
to true when we can see the default rule sets.Acceptance Criteria
create_default_rules
by looking at the ingress / egress rulescreate_default_rules
flag, and provide example instead to clarify what the default is