Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Terraform state manipulation with terraform state rm and then terraform import causes firewall error #328

Open
rytswd opened this issue Aug 16, 2024 · 1 comment
Open

[BUG] Terraform state manipulation with terraform state rm and then terraform import causes firewall error #328

rytswd opened this issue Aug 16, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@rytswd
Copy link
Member

rytswd commented Aug 16, 2024
edited
Loading

Description

When a firewall is created using create_default_rules = true flag, the firewall can be created using terraform apply, and any subsequent terraform plan will take that flag into account.

However, once the Terraform state is manually adjusted, such as using terraform state rm and then terraform import, this flag will not be imported (I'm assuming there is no inferring happen, though it is probably technically possible), causing the firewall adjustment will throw an error unless you specifically set create_default_rules = false.

Steps to reproduce:

  1. Create network with something like below
provider "civo" {
  // NOTE: Requires CIVO_TOKEN env variable
  region = var.civo_region
}

resource "civo_network" "network" {
  label  = var.civo_cluster_name
  region = var.civo_region
}

resource "civo_firewall" "firewall" {
  name                 = var.civo_cluster_name
  network_id           = civo_network.network.id
  region               = var.civo_region
  create_default_rules = true
}

  1. Check terraform plan works without any error, and no change needed

  2. Check the ID for the created network

__firewall_id=$(terraform show -json | jq -r '.values.root_module.resources | map(select(.type == "civo_firewall").values.id)[]')
echo $__firewall_id
  1. Remove the state for firewall
terraform state rm civo_firewall.firewall
  1. Import the state
terraform import civo_firewall.firewall $__firewall_id
  1. Try terraform plan, and get error related to create_default_rules and Egress error

I think there is a way to set the create_default_rules to true when we can see the default rule sets.

Acceptance Criteria

  • Ensure that imported resource can set the create_default_rules by looking at the ingress / egress rules
  • Perhaps consider dropping create_default_rules flag, and provide example instead to clarify what the default is
@rytswd rytswd added the bug Something isn't working label Aug 16, 2024
sundaram2021 added a commit to sundaram2021/civogo that referenced this issue Sep 18, 2024
@sundaram2021
Update firewall.go
4ef6e8e 
added helper functions for the fix of 

this issue : civo/terraform-provider-civo#328
sundaram2021 added a commit to sundaram2021/terraform-provider-civo that referenced this issue Sep 18, 2024
@sundaram2021
added fix for the issue civo#328
2375cf3
@sundaram2021
Copy link

hey i have added the fix in this pull request

can you please review into it

thanks

@sundaram2021 sundaram2021 mentioned this issue Sep 18, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rytswd @sundaram2021