Pearl1594 commented on PR #245:
URL:
https://github.com/apache/cloudstack-terraform-provider/pull/245#issuecomment-3407602769
Thanks @CodeBleu - taking your feedback, I tried to see if it was possible
to map if the rules in the new schema (with port) matches existing ones and
updates it should there be any change, but was hitting multiple issues, so I
went ahead with a workflow of replacing the rules.
So this is how it works now
1. Created an ACL with 4 rules using provider version 0.5.0 - such that this
is how the state looks
```
$ terraform state show cloudstack_network_acl_rule.default
# cloudstack_network_acl_rule.default:
resource "cloudstack_network_acl_rule" "default" {
acl_id = "bc83887d-b84e-45c4-b1ee-8a5de3162368"
id = "bc83887d-b84e-45c4-b1ee-8a5de3162368"
managed = false
parallelism = 2
rule {
action = "allow"
cidr_list = [
"10.0.0.0/24",
]
icmp_code = 0
icmp_type = 0
ports = [
"2222-2224",
"443",
"80-81",
"8080",
]
protocol = "tcp"
traffic_type = "ingress"
uuids = {
"2222-2224" = "ee243655-bcc6-40cf-8596-53c2083fd1de"
"443" = "57bba974-11b5-4dad-a714-7197bd8dd6c7"
"80-81" = "68b1db70-2cde-4912-95b6-4860ca49c2ce"
"8080" = "83b61cf7-45d6-46e1-965a-af08ef8cc0c0"
}
}
}
```
I then applied the new config, where I separated ports to the new schema -
i.e., use `port`: And this is how it looks
```
$ terraform apply
╷
│ Warning: Provider development overrides are in effect
│
│ The following provider development overrides are set in the CLI
configuration:
│ - hashicorp.com/dev/cloudstack in
/home/pdsilva/sb/terraform/local-providers/hashicorp.com/dev/cloudstack/1.0.0/linux_amd64
│
│ The behavior may therefore not match any released version of the provider
and applying changes may cause the state to become incompatible with published
releases.
╵
cloudstack_vpc.default: Refreshing state...
[id=9c3d41ae-95fd-4ec4-929d-e9328c79d2e6]
cloudstack_network_acl.default: Refreshing state...
[id=bc83887d-b84e-45c4-b1ee-8a5de3162368]
cloudstack_network_acl_rule.default: Refreshing state...
[id=bc83887d-b84e-45c4-b1ee-8a5de3162368]
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
# cloudstack_network_acl_rule.default must be replaced
-/+ resource "cloudstack_network_acl_rule" "default" {
~ id = "bc83887d-b84e-45c4-b1ee-8a5de3162368" -> (known after
apply)
# (3 unchanged attributes hidden)
~ rule { # forces replacement
~ icmp_code = 0 -> (known after apply)
~ icmp_type = 0 -> (known after apply)
+ port = "80-81"
- ports = [
- "2222-2224",
- "443",
- "80-81",
- "8080",
] -> null
~ rule_number = 4 -> (known after apply)
~ uuids = {
- "2222-2224" = "ee243655-bcc6-40cf-8596-53c2083fd1de"
- "443" = "57bba974-11b5-4dad-a714-7197bd8dd6c7"
- "80-81" = "68b1db70-2cde-4912-95b6-4860ca49c2ce"
- "8080" = "83b61cf7-45d6-46e1-965a-af08ef8cc0c0"
} -> (known after apply)
# (5 unchanged attributes hidden)
}
+ rule { # forces replacement
+ action = "allow"
+ cidr_list = [
+ "10.0.0.0/24",
]
+ icmp_code = (known after apply)
+ icmp_type = (known after apply)
+ port = "8080"
+ protocol = "tcp"
+ rule_number = (known after apply)
+ traffic_type = "ingress"
+ uuids = (known after apply)
}
+ rule { # forces replacement
+ action = "allow"
+ cidr_list = [
+ "10.0.0.0/24",
]
+ icmp_code = (known after apply)
+ icmp_type = (known after apply)
+ port = "443"
+ protocol = "tcp"
+ rule_number = 5
+ traffic_type = "ingress"
+ uuids = (known after apply)
}
+ rule { # forces replacement
+ action = "allow"
+ cidr_list = [
+ "10.0.0.0/24",
]
+ icmp_code = (known after apply)
+ icmp_type = (known after apply)
+ port = "2222-2224"
+ protocol = "tcp"
+ rule_number = (known after apply)
+ traffic_type = "ingress"
+ uuids = (known after apply)
}
}
Plan: 1 to add, 0 to change, 1 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
cloudstack_network_acl_rule.default: Destroying...
[id=bc83887d-b84e-45c4-b1ee-8a5de3162368]
cloudstack_network_acl_rule.default: Destruction complete after 2s
cloudstack_network_acl_rule.default: Creating...
cloudstack_network_acl_rule.default: Creation complete after 2s
[id=bc83887d-b84e-45c4-b1ee-8a5de3162368]
Apply complete! Resources: 1 added, 0 changed, 1 destroyed.
```
This results in the following in acs:
<img width="1160" height="741" alt="image"
src="https://github.com/user-attachments/assets/8e95cd31-d9bf-45dd-91da-53dbd43938ba";
/>
Then I attempt to update rule number 1:
```
l$ terraform apply
╷
│ Warning: Provider development overrides are in effect
│
│ The following provider development overrides are set in the CLI
configuration:
│ - hashicorp.com/dev/cloudstack in
/home/pdsilva/sb/terraform/local-providers/hashicorp.com/dev/cloudstack/1.0.0/linux_amd64
│
│ The behavior may therefore not match any released version of the provider
and applying changes may cause the state to become incompatible with published
releases.
╵
cloudstack_vpc.default: Refreshing state...
[id=9c3d41ae-95fd-4ec4-929d-e9328c79d2e6]
cloudstack_network_acl.default: Refreshing state...
[id=bc83887d-b84e-45c4-b1ee-8a5de3162368]
cloudstack_network_acl_rule.default: Refreshing state...
[id=bc83887d-b84e-45c4-b1ee-8a5de3162368]
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# cloudstack_network_acl_rule.default will be updated in-place
~ resource "cloudstack_network_acl_rule" "default" {
id = "bc83887d-b84e-45c4-b1ee-8a5de3162368"
# (3 unchanged attributes hidden)
~ rule {
+ description = "updating rule number from 1 -> 7"
~ rule_number = 1 -> 7
# (9 unchanged attributes hidden)
}
# (3 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
cloudstack_network_acl_rule.default: Modifying...
[id=bc83887d-b84e-45c4-b1ee-8a5de3162368]
cloudstack_network_acl_rule.default: Modifications complete after 1s
[id=bc83887d-b84e-45c4-b1ee-8a5de3162368]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
Outputs:
acl_id = "bc83887d-b84e-45c4-b1ee-8a5de3162368"
vpc_id = "9c3d41ae-95fd-4ec4-929d-e9328c79d2e6"
```
Successfully updated rule 1 , and is seen on ACS as well:
<img width="1160" height="741" alt="image"
src="https://github.com/user-attachments/assets/562212f7-117a-4e32-bbbf-60d59038c7f2";
/>
Do you see this as an acceptable workflow @CodeBleu ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
