tencentcloud_security_group_rule_set without "cidr_block" always produces a new plan

[Jalle19]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v1.9.7
on darwin_arm64
+ provider registry.terraform.io/tencentcloudstack/tencentcloud v1.81.131

Affected Resource(s)

• tencentcloud_security_group_rule_set

Terraform Configuration Files

resource "tencentcloud_security_group_rule_set" "security-group-rule-set" {
  security_group_id = tencentcloud_security_group.security-group.id

  ingress {
    action      = "ACCEPT"
    # cidr_block  = "0.0.0.0/0"
    protocol    = "TCP"
    port        = "22"
    description = "Allow SSH from anywhere"
  }

  egress {
    action      = "ACCEPT"
    # cidr_block  = "0.0.0.0/0"
    description = "Allow all outgoing traffic"
  }
}

Debug Output

I'm not comfortable pasting sensitive debug output anywhere at this point.

Panic Output

Expected Behavior

terraform plan should not have generated a change set

Actual Behavior

terraform plan insists on removing cidr_block. After applying, running terraform plan again will produce the same plan:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # tencentcloud_security_group_rule_set.security-group-rule-set will be updated in-place
  ~ resource "tencentcloud_security_group_rule_set" "security-group-rule-set" {
        id                = "sg-xxxxxx"
        # (2 unchanged attributes hidden)

      ~ egress {
          - cidr_block             = "0.0.0.0/0" -> null
            # (11 unchanged attributes hidden)
        }

      ~ ingress {
          - cidr_block             = "0.0.0.0/0" -> null
            # (11 unchanged attributes hidden)
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

To fix the issue, cidr_block = "0.0.0.0/0" must be defined.

Steps to Reproduce

1. Define a security group rule set that omits cidr_block
2. terraform plan
3. terraform apply
4. terraform plan again

Important Factoids

References

[tongyiming]

Because cidr_block default value is read, but cidr_block is not computed. One of cidr_block、ipv6_cidr_block、source_security_id and address_template_* must be set.

[Jalle19]

Okay, in that case the documentation could be improved:

NOTE: cidr_block, ipv6_cidr_block, source_security_id and addresstemplate* are exclusive and cannot be set in the same time.

I got the impression that none is required, only that they're mutually exclusive.