search

cloudposse / terraform-aws-security-group

Terraform module to provision an AWS Security Group
https://cloudposse.com/accelerate
Apache License 2.0
36 stars 35 forks source link

Security group rules: self conflicts with cidr_blocks #13

Closed cmd-werner-diers closed 3 years ago

cmd-werner-diers commented 3 years ago

Describe the Bug

With the latest provider hashicorp/aws v3.38.0 new restrictions have been added to aws_security_group_rule resource, then when running a terraform plan for

module "security_group" {
  source  = "cloudposse/security-group/aws//examples/complete"
  version = "0.1.4"

  vpc_id = "vpc-123456789"
    rules  = [
        {
            type        = "ingress"
            from_port   = 3389
            to_port     = 3389
            protocol    = "tcp"
            cidr_blocks = ["10.0.0.0/8"]
            description = "RDP"
        },
        {
            type        = "egress"
            from_port   = 433
            to_port     = 433
            protocol    = "tcp"
            cidr_blocks = ["10.0.0.0/8"]
            description = "HTTPS"
        }
    ]
}

I get the following error:

│ Error: ConflictsWith
│ 
│   on .terraform/modules/security_group/main.tf line 54, in resource "aws_security_group_rule" "default":
│   54:   cidr_blocks              = lookup(each.value, "cidr_blocks", null)
│ 
│ "cidr_blocks": conflicts with self

and

│ Error: ConflictsWith
│ 
│   on .terraform/modules/security_group/main.tf line 58, in resource "aws_security_group_rule" "default":
│   58:   self                     = lookup(each.value, "self", null) == null ? false : each.value.self
│ 
│ "self": conflicts with cidr_blocks

Expected Behavior

Plan is executed with no issues.

Steps to Reproduce

Steps to reproduce the behavior:

  1. Create a terraform configuration with above example
  2. Run 'terraform init'
  3. Run 'terraform plan'
  4. See error

Screenshots

NA

Environment (please complete the following information):

Anything that will help us triage the bug will help. Here are some ideas:

syphernl commented 3 years ago

I can confirm this, it appears to be related to this change: https://github.com/hashicorp/terraform-provider-aws/issues/15606

Here is the full changelog for v3.38.0.

defnn commented 3 years ago

self is set to false when it should be null:

https://github.com/cloudposse/terraform-aws-security-group/blob/master/main.tf#L58

sushant-pradhan commented 3 years ago

Related to https://github.com/hashicorp/terraform-provider-aws/issues/19179