Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ibm_is_network_acl wrong rules order creation and terraform crash #1117

Closed
santosrui opened this issue Feb 20, 2020 · 4 comments
Closed

ibm_is_network_acl wrong rules order creation and terraform crash #1117

santosrui opened this issue Feb 20, 2020 · 4 comments
Assignees
@VaishnaviGopal

Comments

@santosrui
Copy link

Hi there,

Terraform Version

Using terraform version v0.12.21 with provider.ibm v1.2.1 and there are some problems working with ACL in VPC gen 1.

Affected Resource(s)

  • ibm_is_network_acl

Problem(s):

  • Problem 1: does not have a way of specify the order of the rules.
  • Problem 2: try to modify, add or remove an rule and terraform plugin crash.

Actual Behaviour

Problem 1: When creating an ACL the order is not repected (in the example to reproduce it will create the deny rules with priority 1)
Problem 2: Change any value, remove or add an rule on a existing ACL and terraform crash.

Steps to Reproduce

Problem 1: just create the following ACL
Problem 2: modify, add or remove an rule

resource "ibm_is_network_acl" "test-acl" {
  name = "test-acl"

  rules {
    name        = "out_ssh_reply"
    action      = "allow"
    source      = "0.0.0.0/0"
    destination = "0.0.0.0/0"
    direction   = "outbound"
    tcp {
      source_port_min = 22
      source_port_max = 22
    }
  }
  rules {
    name        = "out_dns_requests"
    action      = "allow"
    source      = "0.0.0.0/0"
    destination = "161.26.0.10/31"
    direction   = "outbound"
    udp {
      port_min = 53
      port_max = 53
    }
  }
  rules {
    name        = "out_deny_all"
    action      = "deny"
    source      = "0.0.0.0/0"
    destination = "0.0.0.0/0"
    direction   = "outbound"
  }
  rules {
    name        = "in_ssh"
    action      = "allow"
    source      = "0.0.0.0/0"
    destination = "0.0.0.0/0"
    direction   = "inbound"
    tcp {
      port_min = 22
      port_max = 22
    }
  }
  rules {
    name        = "in_dns_requests_reply"
    action      = "allow"
    source      = "161.26.0.10/31"
    destination = "0.0.0.0/0"
    direction   = "inbound"
    udp {
      port_min = 53
      port_max = 53
    }
  }
  rules {
    name        = "in_deny_all"
    action      = "deny"
    source      = "0.0.0.0/0"
    destination = "0.0.0.0/0"
    direction   = "inbound"
  }
}

Panic Output

crash.log
.
@hkantare
Copy link
Collaborator

We are looking into the issues...Will update the fix

@hkantare hkantare mentioned this issue Feb 21, 2020
Closed
VaishnaviGopal added a commit to VaishnaviGopal/terraform-provider-ibm that referenced this issue Feb 24, 2020
@VaishnaviGopal
V11 Fix for issue IBM-Cloud#1117, IBM-Cloud#1102
a17b2a4
VaishnaviGopal added a commit to VaishnaviGopal/terraform-provider-ibm that referenced this issue Feb 24, 2020
@VaishnaviGopal
Fix issue IBM-Cloud#1117 and IBM-Cloud#1102
b0730b8
hkantare pushed a commit that referenced this issue Feb 25, 2020
@VaishnaviGopal @hkantare
Fix issue #1117 and #1102
da002c8
hkantare pushed a commit that referenced this issue Feb 25, 2020
@VaishnaviGopal @hkantare
V11 Fix for issue #1117, #1102
bcb04c7
@hkantare
Copy link
Collaborator

Fix a available in latest releases
https://github.com/IBM-Cloud/terraform-provider-ibm/releases/tag/v1.2.2
https://github.com/IBM-Cloud/terraform-provider-ibm/releases/tag/v0.24.2

@john32443
Copy link

Hey! So it looks like Terraform doesn't crash anymore but the order is still not respected.

@hkantare
Copy link
Collaborator

Can you please try with latest releases
https://github.com/IBM-Cloud/terraform-provider-ibm/releases/tag/v1.2.4
or
https://github.com/IBM-Cloud/terraform-provider-ibm/releases/tag/v1.2.5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@VaishnaviGopal VaishnaviGopal

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@john32443 @hkantare @VaishnaviGopal @santosrui