search

hetznercloud / terraform-provider-hcloud

Terraform Hetzner Cloud provider
https://registry.terraform.io/providers/hetznercloud/hcloud/latest
Mozilla Public License 2.0
511 stars 74 forks source link

[Bug]: Firewall configuration incorrectly registers as a change #653

Closed erikschul closed 1 year ago

erikschul commented 1 year ago

What happened?

for plugin v. 1.37.0,

The official example, with the following configuration, causes Terraform to think that something has changed, even when nothing was changed:

Configuation:

resource "hcloud_firewall" "myfirewall" {
  name = "my-firewall"
  rule {
    direction = "in"
    protocol  = "icmp"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }

  rule {
    direction = "in"
    protocol  = "tcp"
    port      = "80-85"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }
}

Change:


      - rule {
          - destination_ips = [] -> null
          - direction       = "in" -> null
          - protocol        = "icmp" -> null
          - source_ips      = [
              - "0.0.0.0/0",
              - "::/0",
            ] -> null
        }
      - rule {
          - destination_ips = [] -> null
          - direction       = "in" -> null
          - port            = "8085" -> null
          - protocol        = "tcp" -> null
          - source_ips      = [
              - "0.0.0.0/0",
              - "::/0",
            ] -> null
        }
      + rule {
          + destination_ips = []
          + direction       = "in"
          + port            = "80_85"
          + protocol        = "tcp"
          + source_ips      = [
              + "0.0.0.0/0",
              + "::/0",
            ]
        }
      + rule {
          + destination_ips = []
          + direction       = "in"
          + protocol        = "icmp"
          + source_ips      = [
              + "0.0.0.0/0",
              + "::/0",
            ]
        }```

### What did you expect to happen?

No change should be registered.

### Please provide a minimal working example

https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/firewall
apricote commented 1 year ago

What version of terraform are you using? I suspect this has the same root cause as #650

erikschul commented 1 year ago

What version of terraform are you using? I suspect this has the same root cause as #650

Terraform v1.4.4

apricote commented 1 year ago

As a workaround, could you try to set an empty destination_ips = [] on both rules? If it is the same root cause as the other issue, that should calm Terraform down.

apricote commented 1 year ago

Hey @erikschul,

I was unable to reproduce this today, but it still looks like the same bug as #650, caused by nested Sets in the attributes.

Could you run TF_LOG=trace TF_LOG_PATH=653.log terraform apply and send the resulting log file to my email julian.toelle <at> hetzner-cloud.de?

erikschul commented 1 year ago

@apricote Yes, it was consistently reproducible before, but it no longer occurs. I will reopen if the issue reappears. Thanks!