thomas11
commented
1 year ago Hi @kebab-mai-haddi, thank you for reporting this. I tried to repro as follows, based on the example in our API docs:
const policy = new gcp.compute.SecurityPolicy("policy", {rules: [
{
action: "deny(403)",
description: "Deny access to IPs in 9.9.9.0/24",
match: {
config: {
srcIpRanges: ["9.9.9.0/24"],
},
versionedExpr: "SRC_IPS_V1",
},
priority: 1000,
},
{
action: "allow",
description: "default rule",
match: {
config: {
srcIpRanges: ["*"],
},
versionedExpr: "SRC_IPS_V1",
},
priority: 2147483647,
},
]});Then I replaced one rule as follows:
const policy = new gcp.compute.SecurityPolicy("policy", {rules: [
{
action: "deny(403)",
description: "Deny access to IPs in 10.0.0.0/24",
match: {
config: {
srcIpRanges: ["10.0.0.0/24"],
},
versionedExpr: "SRC_IPS_V1",
},
priority: 2000,
},
{
action: "allow",
description: "default rule",
match: {
config: {
srcIpRanges: ["*"],
},
versionedExpr: "SRC_IPS_V1",
},
priority: 2147483647,
},
]});In my case, the outcome was as expected. In the GCP console I saw two security rules that matched what I had defined in code.
Could you provide us with a repro of the issue?
mjeffryes
What happened?
Rules removed from a security policy definition are not removed in reality.
Say, I have rule1 attached to a securty policy S1. Later on, I replace rule1 with rule2. When I check, I get both rule1 and rule2.
Expected Behavior
Ideally, it should remove rule1 and just have rule2
Steps to reproduce
Normal exemplar steps to create policies depict this behaviour.
Output of
pulumi aboutDependencies: NAME VERSION boto3 1.28.1 google-api-python-client 2.86.0 kubernetes 26.1.0 pip 23.1.2 pulumi-aws 5.41.0 pulumi-gcp 6.59.0 pulumi-kubernetes 3.29.1 pulumi-random 4.13.2 wheel 0.40.0
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).