[I] Unable to create egress rules encompassing all ports without explicitly defining them [cloudstack-terraform-provider]

[via GitHub]

bernardodemarco opened a new issue, #202:
URL: https://github.com/apache/cloudstack-terraform-provider/issues/202

   The `createEgressFirewallRule` API allows the creation of TCP/UDP rules 
involving all possible ports by simply omitting the `startport` and `endport` 
parameters. For instance, after the following API call:
   
   ```bash
   🐞 > create egressfirewallrule networkid=bf5b51ae-c1ae-4ec5-951b-35d90d936ba2 
protocol="tcp"
   {
     "firewallrule": {
       "cidrlist": "192.168.50.0/24",
       "destcidrlist": "",
       "id": "fed01adb-ed94-4c60-aede-8ac53cf9aeda",
       "networkid": "bf5b51ae-c1ae-4ec5-951b-35d90d936ba2",
       "protocol": "tcp",
       "state": "Active",
       "tags": [],
       "traffictype": "Egress"
     }
   }
   ```
   
   All ports are encompassed by the egress rule:
   
   <img width="1141" height="276" alt="Image" 
src="https://github.com/user-attachments/assets/27936e77-f350-43b0-9e53-143134b619d2";
 />
   
   ---
   
   However, when defining the following `cloudstack_egress_firewall` resource:
   
   ```hcl
   resource "cloudstack_egress_firewall" "egress_rules" {
     network_id = cloudstack_network.network.id
     rule {
       cidr_list = [cloudstack_network.network.cidr]
       protocol  = "tcp"
     }
     depends_on = [cloudstack_instance.vm]
   }
   ```
   
   The following error is returned by the provider:
   
   ```
   cloudstack_egress_firewall.egress_rules: Creating...
   ╷
   │ Error: Provider produced inconsistent result after apply
   │ 
   │ When applying changes to cloudstack_egress_firewall.egress_rules, provider 
"provider[\"registry.terraform.io/cloudstack/cloudstack\"]" produced an 
unexpected
   │ new value: Root object was present, but now absent.
   │ 
   │ This is a bug in the provider, which should be reported in the provider's 
own issue tracker
   ```
   
   A workaround is to explicitly set the `ports` argument of the `rule` block 
or to specify the value `all` as the protocol.
   
   ---
   
   Thus, the user should be allowed to add a rule involving all ports by simply 
not specifying the `ports` argument, as it is possible via the API and UI.
   
   If not possible to achieve so, then the `cloudstack_egress_firewall` 
documentation should be updated, clarifying that the `ports` argument is 
required for the TCP and UDP protocols. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@cloudstack.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org