Closed stgraber closed 2 weeks ago
According to the Terraform documentation:
Blocks can only be defined on schemas or nested blocks within a schema, not underneath an attribute or nested attribute.
Instead, we could write it like this:
resource "incus_network_acl" "this" {
remote = "my-cluster"
project = "foo"
name = "my_acl"
egress = [
{
action = "allow"
destination = "1.1.1.1,1.0.0.1"
destination_port = "53"
protocol = "udp"
description = "DNS to cloudflare public resolvers (UDP)"
state = "enabled"
},
{
action = "allow"
destination = "1.1.1.1,1.0.0.1"
destination_port = "53"
protocol = "tcp"
description = "DNS to cloudflare public resolvers (TCP)"
state = "enabled"
}
]
ingress = [
{
action = "allow"
source = "@external"
destination_port = "22"
protocol = "tcp"
description = "Incoming SSH connections"
state = "logging"
}
]
}
Would that be fine?
Yeah, that should be perfectly fine.
It'd be great if we could define network ACLs through the provider and then tie those to instance network interfaces or networks.
The basic structure of an ACL can be found here: https://github.com/lxc/incus/blob/main/shared/api/network_acl.go
The top level record basically contains:
With egress and ingress rules being an ordered list of rules that each have:
I think the naive approach of just adding a
incus_network_acl
resource matching this should be fine.