search

linode / terraform-provider-linode

Terraform Linode provider
https://www.terraform.io/docs/providers/linode/
Mozilla Public License 2.0
197 stars 94 forks source link

[Feature]: Add the ability to assign a firewall to a NodeBalancer using Terraform #1198

Closed aslepcev closed 9 months ago

aslepcev commented 9 months ago

Description

At the moment it's not possible to attach a firewall to the nodebalancer like it's possible to do using Cloud Manager.

Terraform plan works, but apply returns an error.

Terraform and Linode provider version:

Terraform v1.6.5 on linux_amd64 + provider registry.terraform.io/linode/linode v2.10.1

Terraform plan:


Terraform will perform the following actions:

  # linode_firewall.my_firewall will be created
  + resource "linode_firewall" "my_firewall" {
      + created         = (known after apply)
      + devices         = (known after apply)
      + disabled        = false
      + id              = (known after apply)
      + inbound_policy  = "DROP"
      + label           = "my_firewall"
      + linodes         = [
          + 495975,
        ]
      + nodebalancers   = (known after apply)
      + outbound_policy = "ACCEPT"
      + status          = (known after apply)
      + updated         = (known after apply)

      + inbound {
          + action   = "ACCEPT"
          + ipv4     = [
              + "0.0.0.0/0",
            ]
          + ipv6     = [
              + "::/0",
            ]
          + label    = "allow-http"
          + ports    = "80"
          + protocol = "TCP"
        }
      + inbound {
          + action   = "ACCEPT"
          + ipv4     = [
              + "0.0.0.0/0",
            ]
          + ipv6     = [
              + "::/0",
            ]
          + label    = "allow-https"
          + ports    = "443"
          + protocol = "TCP"
        }

      + outbound {
          + action   = "DROP"
          + ipv4     = [
              + "0.0.0.0/0",
            ]
          + ipv6     = [
              + "::/0",
            ]
          + label    = "reject-http"
          + ports    = "80"
          + protocol = "TCP"
        }
      + outbound {
          + action   = "DROP"
          + ipv4     = [
              + "0.0.0.0/0",
            ]
          + ipv6     = [
              + "::/0",
            ]
          + label    = "reject-https"
          + ports    = "443"
          + protocol = "TCP"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Terraform apply: 

linode_nodebalancer.foobar: Refreshing state... [id=495975]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # linode_firewall.my_firewall will be created
  + resource "linode_firewall" "my_firewall" {
      + created         = (known after apply)
      + devices         = (known after apply)
      + disabled        = false
      + id              = (known after apply)
      + inbound_policy  = "DROP"
      + label           = "my_firewall"
      + linodes         = [
          + 495975,
        ]
      + nodebalancers   = (known after apply)
      + outbound_policy = "ACCEPT"
      + status          = (known after apply)
      + updated         = (known after apply)

      + inbound {
          + action   = "ACCEPT"
          + ipv4     = [
              + "0.0.0.0/0",
            ]
          + ipv6     = [
              + "::/0",
            ]
          + label    = "allow-http"
          + ports    = "80"
          + protocol = "TCP"
        }
      + inbound {
          + action   = "ACCEPT"
          + ipv4     = [
              + "0.0.0.0/0",
            ]
          + ipv6     = [
              + "::/0",
            ]
          + label    = "allow-https"
          + ports    = "443"
          + protocol = "TCP"
        }

      + outbound {
          + action   = "DROP"
          + ipv4     = [
              + "0.0.0.0/0",
            ]
          + ipv6     = [
              + "::/0",
            ]
          + label    = "reject-http"
          + ports    = "80"
          + protocol = "TCP"
        }
      + outbound {
          + action   = "DROP"
          + ipv4     = [
              + "0.0.0.0/0",
            ]
          + ipv6     = [
              + "::/0",
            ]
          + label    = "reject-https"
          + ports    = "443"
          + protocol = "TCP"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

linode_firewall.my_firewall: Creating...
╷
│ Error: failed to create Firewall: [400] [devices.linodes] Invalid Linode ID: 495975
│
│   with linode_firewall.my_firewall,
│   on node.tf line 10, in resource "linode_firewall" "my_firewall":
│   10: resource "linode_firewall" "my_firewall" {
│
╵

Thank you.

New or Affected Terraform Resources

linode_nodebalancer linode_firewall

Potential Terraform Configuration

resource "linode_nodebalancer" "foobar" { label = "mynodebalancer" region = "us-east" client_conn_throttle = 20 tags = ["foobar"] }

resource "linode_firewall" "my_firewall" { label = "my_firewall"

inbound { label = "allow-http" action = "ACCEPT" protocol = "TCP" ports = "80" ipv4 = ["0.0.0.0/0"] ipv6 = ["::/0"] }

inbound_policy = "DROP"

outbound { label = "reject-https" action = "DROP" protocol = "TCP" ports = "443" ipv4 = ["0.0.0.0/0"] ipv6 = ["::/0"] }

outbound_policy = "ACCEPT"

linodes = [linode_nodebalancer.foobar.id] }

aslepcev commented 9 months ago

NVM, just found the syntax is: nodebalancers = [linode_nodebalancer.foobar.id]