oliverboehme-ida
commented
3 months ago CC @imrannayer
Closed oliverboehme-ida closed 2 months ago
oliverboehme-ida
commented
3 months ago CC @imrannayer
oliverboehme-ida
commented
2 months ago For anyone who is interested, I solved it like this:
firewall_rules and translate them into ingress_rules and egress_rules.
ranges into source_ranges and destination_ranges depending on if it is an Ingress or Egress rule.rules from Terraform state.
terraform state rm 'module.<module_name>.module.firewall_rules.google_compute_firewall.rulesgcloud compute firewall-rules list --project <project_id> --format='value(name)'rules=$(gcloud compute firewall-rules list --project <project_id> --format='value(name)')
for rule in $rules
do
echo "import {
to = module.<module_name>.module.firewall_rules.google_compute_firewall.rules_ingress_egress[\"$rule\"]
id = \"projects/<project_id>/global/firewalls/$rule\"
}"
done
TL;DR
The field
rulesin firewall-rules module is marked "deprecated". But what is the clean way of transitioning rules to the new fields (ingress_rules,egress_rules) without destroying/re-applying them all?Terraform Resources
Additional information
After painfully re-writing all rules separately to be included in ingress_rules and egress_rules, I found no non-destructive way of transitioning them in Terraform state.
Moved block does not work because the "old" resource "rules" is still existing. Import block does not work because it assumes the resources are not contained in the state (thus destroying the "real" resources too) Manually tf importing has the same effect.
Destroying and re-creating all is too risky.
What now?