search

oci-landing-zones / terraform-oci-modules-networking

This repository contains Terraform OCI (Oracle Cloud Infrastructure) modules for networking related resources that help customers align their OCI implementations with the CIS (Center for Internet Security) OCI Foundations Benchmark recommendations.
Universal Permissive License v1.0
15 stars 5 forks source link

error when default_security_list is empty #35

Open hrvolapeter opened 5 months ago

hrvolapeter commented 5 months ago

Getting error with folowing configuration:

 "default_security_list": {
              "display_name": "sl-fra-oe1-ocvs",
              "egress_rules": [],
              "ingress_rules": []
 },

errors with:

Error: Resource precondition failed

  on .terraform/modules/oci_lz_orchestrator.oci_lz_network/default_security_lists.tf line 172, in resource "oci_core_default_security_list" "these" 

 172:       condition = length([for ir in each.value.ingress_rules : ir if coalesce(ir.dst_port_min, local.TCP_PORT_MIN) <= coalesce(ir.dst_port_max, local.TCP_PORT_MAX)]) > 0

    ├────────────────

    │ each.value.ingress_rules is empty list of object

    │ local.TCP_PORT_MAX is 65535

    │ local.TCP_PORT_MIN is 1

VALIDATION FAILURE: Invalid configuration in Security List

[CUSTOM-DEFAULT-SEC-LIST-VCN-FRA-OE1-PLATFORM-OCVS-KEY]: dst_port_min [] must

be less than or equal to dst_port_max [].

seems like orchestrator doesn't expect empty list