Urgent Bug: opentelekomcloud_networking_secgroup_rule_v2 not working

[victorgetz]

Terraform provider version

version = "1.34.3"

It works in 1.32

Description

If you apply a opentelekomcloud_networking_secgroup_rule_v2 you need to specify protocol even when we don't use portrange.

It affects most jumphost modules and RDS.

terraform {
  required_providers {
    opentelekomcloud = {
      source  = "opentelekomcloud/opentelekomcloud"
      version = "1.34.3"
    }
  }
}

module "rds" {
  source  = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/rds"
  version = "5.3.0"

  name                          = "myrds"
  vpc_id                        = data.opentelekomcloud_vpc_v1.vpc_1.id
  subnet_id                     = data.opentelekomcloud_vpc_subnet_v1.subnet_1.id
  sg_allowed_cidr               = ["10.233.4.0/22", "192.168.0.0/16"]
  db_type                       = "PostgreSQL"
  db_version                    = "13"
  db_cpus                       = "4"
  db_memory                     = "16"
  db_high_availability          = false
  db_ha_replication_mode        = "async"
  db_volume_encryption_key_name = "default_kms"
  db_parameters = {
    max_connections = "1000",
  }
}

#it creates such resource
resource "opentelekomcloud_networking_secgroup_rule_v2" "db_allow_out" {
  count             = var.sg_secgroup_id == "" ? 1 : 0
  direction         = "egress"
  ethertype         = "IPv4"
  remote_ip_prefix  = "0.0.0.0/0"
  security_group_id = opentelekomcloud_networking_secgroup_v2.db_secgroup[0].id

  description = "Allow all outgoing communication from the database instances."
}

Error:

$ terraform apply

Initializing modules...
Downloading registry.terraform.io/iits-consulting/project-factory/opentelekomcloud 5.3.0 for rds...
- rds in .terraform/modules/rds/modules/rds
Initializing the backend...
Successfully configured the backend "http"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Finding opentelekomcloud/opentelekomcloud versions matching "1.34.3"...
- Finding latest version of iits-consulting/errorcheck...
- Finding latest version of hashicorp/random...
- Installing opentelekomcloud/opentelekomcloud v1.34.3...
- Installed opentelekomcloud/opentelekomcloud v1.34.3 (self-signed, key ID 3EDA0171114F71DF)
- Installing iits-consulting/errorcheck v3.0.3...
- Installed iits-consulting/errorcheck v3.0.3 (self-signed, key ID B455D9AE9E8CCCD8)
- Installing hashicorp/random v3.5.1...
- Installed hashicorp/random v3.5.1 (signed by HashiCorp)
Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
module.rds.errorcheck_is_valid.db_ha_replication_mode_constraint: Creating...
module.rds.errorcheck_is_valid.db_ha_replication_mode_constraint: Creation complete after 0s [id=Check if a selected HA replication mode is supported on OTC.]
module.rds.random_password.db_root_password: Creating...
module.rds.random_password.db_root_password: Creation complete after 0s [id=none]
module.rds.errorcheck_is_valid.db_availability_zones: Creating...
module.rds.errorcheck_is_valid.db_availability_zones: Creation complete after 0s [id=Check if db_availability_zones is set up correctly.]
module.rds.opentelekomcloud_networking_secgroup_v2.db_secgroup[0]: Creating...
module.rds.errorcheck_is_valid.db_flavor_constraint: Creating...
module.rds.errorcheck_is_valid.db_flavor_constraint: Creation complete after 0s [id=Check if a flavor is found in OTC.]
module.rds.opentelekomcloud_networking_secgroup_v2.db_secgroup[0]: Creation complete after 2s [id=485430d4-c06f-4601-aacf-8f6fefbf83b5]
module.rds.opentelekomcloud_networking_secgroup_rule_v2.db_secgroup_out[0]: Creating...
module.rds.opentelekomcloud_networking_secgroup_rule_v2.db_allow_cidr["192.168.0.0/16"]: Creating...
module.rds.opentelekomcloud_networking_secgroup_rule_v2.db_allow_out[0]: Creating...
module.rds.opentelekomcloud_networking_secgroup_rule_v2.db_secgroup_in[0]: Creating...
module.rds.opentelekomcloud_networking_secgroup_rule_v2.db_allow_cidr["10.233.4.0/22"]: Creating...
module.rds.opentelekomcloud_networking_secgroup_rule_v2.db_allow_cidr["10.233.4.0/22"]: Creation complete after 0s [id=3841d4cd-405a-4446-be81-bb27f14ae4e4]
module.rds.opentelekomcloud_networking_secgroup_rule_v2.db_allow_cidr["192.168.0.0/16"]: Creation complete after 0s [id=04aacbc7-8239-4112-8eb2-a3bef4926421]
module.rds.opentelekomcloud_rds_instance_v3.db_instance: Creating...
module.rds.opentelekomcloud_rds_instance_v3.db_instance: Still creating... [10s elapsed]
module.rds.opentelekomcloud_rds_instance_v3.db_instance: Still creating... [20s elapsed]
...
module.rds.opentelekomcloud_rds_instance_v3.db_instance: Still creating... [8m0s elapsed]
module.rds.opentelekomcloud_rds_instance_v3.db_instance: Creation complete after 8m1s [id=938d72b6cc3446d4881d3bcbce49459din03]
module.rds.opentelekomcloud_ces_alarmrule.db_storage_alarm[0]: Creating...
module.rds.opentelekomcloud_ces_alarmrule.db_storage_alarm[0]: Creation complete after 0s [id=al16836167366[28]
╷
│ Error: Bad request with: [POST https://vpc.eu-de.otc.t-systems.com/v2.0/security-group-rules], error message: {"NeutronError":{"message":"Must also specify protocol if port range is given.","type":"SecurityGroupProtocolRequiredWithPorts","detail":""}}
│ 
│   with module.rds.opentelekomcloud_networking_secgroup_rule_v2.db_secgroup_in[0],
│   on .terraform/modules/rds/modules/rds/security.tf line 8, in resource "opentelekomcloud_networking_secgroup_rule_v2" "db_secgroup_in":
│    8: resource "opentelekomcloud_networking_secgroup_rule_v2" "db_secgroup_in" {
│ 
╵
╷
│ Error: Bad request with: [POST https://vpc.eu-de.otc.t-systems.com/v2.0/security-group-rules], error message: {"NeutronError":{"message":"Must also specify protocol if port range is given.","type":"SecurityGroupProtocolRequiredWithPorts","detail":""}}
│ 
│   with module.rds.opentelekomcloud_networking_secgroup_rule_v2.db_secgroup_out[0],
│   on .terraform/modules/rds/modules/rds/security.tf line 19, in resource "opentelekomcloud_networking_secgroup_rule_v2" "db_secgroup_out":
│   19: resource "opentelekomcloud_networking_secgroup_rule_v2" "db_secgroup_out" {
│ 
╵
╷
│ Error: Bad request with: [POST https://vpc.eu-de.otc.t-systems.com/v2.0/security-group-rules], error message: {"NeutronError":{"message":"Must also specify protocol if port range is given.","type":"SecurityGroupProtocolRequiredWithPorts","detail":""}}
│ 
│   with module.rds.opentelekomcloud_networking_secgroup_rule_v2.db_allow_out[0],
│   on .terraform/modules/rds/modules/rds/security.tf line [30], in resource "opentelekomcloud_networking_secgroup_rule_v2" "db_allow_out":
│   30: resource "opentelekomcloud_networking_secgroup_rule_v2" "db_allow_out" {
│ 
´´´

[john-funk]

We are facing the same issue.

[artem-lifshits]

@victorgetz @Jay-Funk please check latest release