We have a SG which only needs to be created in specific environments. For this we use enabled = <condition>.
However, it seems that one resource is not looking at the enabled as it wants to create a null_resource even with enabled = false.
# module.vpn_sg_azure.null_resource.sync_rules_and_sg_lifecycles[0] will be created
+ resource "null_resource" "sync_rules_and_sg_lifecycles" {
+ id = (known after apply)
+ triggers = {
+ "sg_ids" = null
}
}
Not a big problem as this is a null_resource and doesn't create anything in the AWS environment, but since the module is disabled for this environment it should not create this.
Expected Behavior
This module should not be creating any resources if enabled = false.
Steps to Reproduce
Based off the example:
module "sg" {
source = "cloudposse/security-group/aws"
version = "2.0.0"
# Security Group names must be unique within a VPC.
# This module follows Cloud Posse naming conventions and generates the name
# based on the inputs to the null-label module, which means you cannot
# reuse the label as-is for more than one security group in the VPC.
#
# Here we add an attribute to give the security group a unique name.
attributes = ["primary"]
# Allow unlimited egress
allow_all_egress = true
rules = [
{
key = "ssh"
type = "ingress"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
self = null # preferable to self = false
description = "Allow SSH from anywhere"
},
{
key = "HTTP"
type = "ingress"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = []
self = true
description = "Allow HTTP from inside the security group"
}
]
vpc_id = module.vpc.vpc_id
# Disable this module
enabled = false
context = module.label.context
}
Found a bug? Maybe our Slack Community can help.
Describe the Bug
We have a SG which only needs to be created in specific environments. For this we use
enabled = <condition>
. However, it seems that one resource is not looking at theenabled
as it wants to create anull_resource
even withenabled = false
.Not a big problem as this is a
null_resource
and doesn't create anything in the AWS environment, but since the module is disabled for this environment it should not create this.Expected Behavior
This module should not be creating any resources if
enabled = false
.Steps to Reproduce
Based off the example: