destination_port_range in tcp_options not expected but documentation says it

[pirat8]

Hi, I use TF v0.14.8 and oci provider plugin 4.18.0.

Within the ressource "oci_core_security_list" I get an error when I try to create an ingress_security_rules that uses destination_port_range in tcp_options:

ingress_security_rules {
    #Required
    protocol = "6"
    source   = var.vcn_subnet_svc

    #Optional
    description = "allow ssh"
    stateless = "false"

    tcp_options {
       destination_port_range {
        max = 22
        min = 22
      }
    }
  }

ERROR-Message is:

65:        destination_port_range {

Blocks of type "destination_port_range" are not expected here.

But documentation says it should be possible: See https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/core_security_list

affected_resources = oci_core_security_list

[edvinas31]

Same here

[edvinas31]

After looking at https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/core_security_list documentation more in depth I found out that we do not need to use destination_port_range block. Instead do this:

ingress_security_rules {
    #Required
    protocol = "6"
    source   = var.vcn_subnet_svc

    #Optional
    description = "allow ssh"
    stateless = "false"

    tcp_options {
        max = 22
        min = 22
    }
  }

[pgumeniuk]

IMHO, that's a lack of precise and truly documentation at oci tf provider page https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/core_security_list Documentation tells you to use attributes, like:

tcp_options {
    destination_port_range {
        min = 6443
        max = 6443
    }
}

code example tells you that you should omit "destination_port_range"

[et304383]

This is an unacceptable documentation error.

[DevOpsFu]

This one caught me out too. I manually created a Security List in the portal and then imported the state to see what it looks like in Terraform. For both ingress and egress rules, the port ranges look like this:

tcp_options {
            max = 467
            min = 456

            source_port_range {
                max = 124
                min = 123
            }
        }

In other words, the min/max values contained directly in the tcp_option object is the destination port range. The source port range is always nested in the source_port_range child object.

It's not just bad documentation, it's a badly implemented resource type. It's as if they wrote the documentation first and then forgot to fully implement it in the provider.

[ravinitp]

Thank you for reporting the issue. We observed the affected resources are not provided in the description or it's incorrect. We request you to add it in issue description as mentioned in below format. Example: affected_resources = oci_core_instance , oci_core_instances

If it's not related to any particular resource then mention affected resource as terraform. Example: affected_resources = terraform

As this works through automation, request you to follow exact syntax.

[ravinitp]

Thank you for reporting the issue. We have raised an internal ticket to track this. Our service engineers will get back to you.

[javiernegro]

Please, this seems like a small thing, but it makes people lose precious time when the documentation is wrong. Also, instead of changing the documentation, I would advise making the design more consistent, which means for the provisioner to actually follow the documentation....