search

opentelekomcloud / terraform-provider-opentelekomcloud

Terraform OpenTelekomCloud provider
https://registry.terraform.io/providers/opentelekomcloud/opentelekomcloud/latest
Mozilla Public License 2.0
87 stars 78 forks source link

[VPC] Modifying fw_rule_v2 without setting source_port #2634

Closed eht16 closed 1 month ago

eht16 commented 1 month ago

Terraform provider version

v1.36.16

Affected Resource(s)

opentelekomcloud_fw_rule_v2

Terraform Configuration Files

resource "opentelekomcloud_fw_rule_v2" "rule_tmp" {
  description            = "Weird source_port behavior"
  action                 = "allow"
  protocol               = "tcp"
  destination_ip_address = "127.0.0.3/32"
  destination_port       = "22"
  source_ip_address      = "127.0.0.2/32"
  enabled                = "false"
}

Steps to Reproduce

  1. terraform apply to create the firewall rule
  2. Change any field in the config, e.g. enabled = "true" 3.terraform apply to modify the firewall rule

Expected Behavior

The firewall rule is activated and the source_port is not modified.

Actual Behavior

Error message via Terraform:

module.firewall.opentelekomcloud_fw_rule_v2.rule_tmp: Modifying... [id=06027ebb-f759-4489-9b65-XXXXXXXXXXXX]
╷
│ Error: Bad request with: [PUT https://vpc.eu-de.otc.t-systems.com/v2.0/fwaas/firewall_rules/06027ebb-f759-4489-9b65-XXXXXXXXXXXX], error message: {"NeutronError":{"message":"'source_port' attribute isn't allowed 'empty'","type":"HTTPBadRequest","detail":""}}
│ 
│   with module.firewall.opentelekomcloud_fw_rule_v2.rule_tmp,
│   on ../modules/firewall/firewall.tf line 92, in resource "opentelekomcloud_fw_rule_v2" "rule_tmp":
│   92: resource "opentelekomcloud_fw_rule_v2" "rule_tmp" {
│

Important Factoids

I also tried the values "all", null, 0, "0", 1-65535 for source_port, none of them works.

The rule in the example above is only for demonstration. In real world, I'm about to modify my existing ingress rules where I do not want to specify a source port but instead have it applied for all source ports. This worked this way until recently, it seems it is broken since 1.3.14. So this might be related to https://github.com/opentelekomcloud/terraform-provider-opentelekomcloud/pull/2571.

anton-sidelnikov commented 1 month ago

Hi @eht16, this error right from API, if you want to change API behaviour please create a demand through customer support.

P.S.: Checked documentation: port number range in the format of a:b, please try 1:65535

eht16 commented 1 month ago

I was confused because it seems to first occur since 1.36.14 and so I assumed that it is related to changes in the provider.

Using "1:65535" works, thanks. Though in the OTC Console it is displayed differently ("1:65535" vs "All"). I guess technically it is probably almost the same.

anton-sidelnikov commented 1 month ago

Hi @eht16 yes, sure, according documentation it should be the same. Closing issue.