feat: Remove prefix_list_ids attribute from _with_cidr_blocks & specific prefix list for each rules on _with_prefix_list_ids

[titouan-joseph]

Description

1. aws_security_group_rule with both resources with cidr blocks and non-empty prefix_list_ids generates multiple entry on the rules (cidr blocks + prefix lists)
2. *_with_prefix_list_ids variables don't take in count the prefix_list_ids in the list of rules see example bellow

module "prefix_list" {
  source = "../../"

  name        = "pl-sg"
  description = "Security group with prefix list"
  vpc_id      = data.aws_vpc.default.id

  ingress_with_prefix_list_ids = [
    {
      from_port       = 9100
      to_port         = 9100
      protocol        = 6 # "tcp"
      description     = "Arbitrary TCP port"
      prefix_list_ids = join(",", ["pl-a", "pl-b"])  # => empty list on the plan
    },
  ]
}

Motivation and Context

Able to create rules with specific prefix list for each rules

Breaking Changes

No more prefix list on the ressources *_with_cidr_blocks

How Has This Been Tested?

• [x] I have updated at least one of the examples/* to demonstrate and validate my change(s)
• [x] I have tested and validated these changes using one or more of the provided examples/* projects
• [x] I have executed pre-commit run -a on my pull request

[titouan-joseph]

@bryantbiggs @antonbabenko One of you can watch this MR. Thank you

[AtanasovMarin]

@bryantbiggs @antonbabenko Is there any progress on this MR?

[bryantbiggs]

just at a glance, I don't think this is an appropriate change. I think we should follow the upstream provider and use the aws_vpc_security_group_ingress_rule/aws_vpc_security_group_egress_rule resources which would mitigate this issue. However, that would be a breaking change and quite a refactor.

In the short term - you can split out your rules to one CIDR blocker per rule entry which should resolve your diff issue

[titouan-joseph]

Yes, sure it's better to used aws_vpc_security_group_ingress_rule/aws_vpc_security_group_egress_rule according AWS. But that isn't the point of this PR.

I want to used the prefix list with this module but I think there's some copy past errors.

I'm not understand what's your suggestions are. Are you saying to not use the prefix list?

For information, my modification is used in production with no issues

[titouan-joseph]

@bryantbiggs if you check #324, the problem is the same for self resources

[bryantbiggs]

I'll let Anton chime in - I'm less familiar with the structure of this project, and maybe I am misunderstanding the issue

[titouan-joseph]

I'll let Anton chime in - I'm less familiar with the structure of this project, and maybe I am misunderstanding the issue

@antonbabenko can you have a look, please ?
Thank you

[titouan-joseph]

Hi @bryantbiggs !

Can anyone other than Anton take a look at this PR ?

Thank you

[titouan-joseph]

@antonbabenko please, can you check this PR ? Thank you

[titouan-joseph]

@antonbabenko please, can you check this PR ? Thank you

[antonbabenko]

This PR is included in version 5.2.0 :tada:

[github-actions[bot]]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.