Thanks Brad for pointing out the issue.
I will cut another rc for the 0.6 release after the PR is merged https://github.com/apache/cloudstack-terraform-provider/pull/239 Regards Kiran From: Brad House <[email protected]> Date: Monday, 6 October 2025 at 8:09 PM To: [email protected] <[email protected]>, Kiran Chavala <[email protected]>, [email protected] <[email protected]> Subject: Re: [VOTE] Release Apache CloudStack Terraform Provider v0.6.0 RC-2 The "quick" workaround for this would be to perform the deletes first then the adds. But the right solution would be to send https://cloudstack.apache.org/api/apidocs-4.21/apis/updateNetworkACLItem.html requests instead. It does get a bit complicated in the fact that the cloudstack terraform provider isn't a 1:1 mapping due the fact that it takes a port list ... and infact, this too would cause an error if you have multiple ports and also a rule_number set since it would generate 2 rules with the same rule number. I'd honestly recommend removing that "feature" to spawn multiple rules and keep the provider a 1:1 mapping with the API. On 10/6/25 10:09 AM, Brad House wrote: > Found a bug in a new feature in 0.6.0. Network ACL rules added 2 > features: > > 1. Ability to add a description > > 2. Ability to set a rule number > > When these are used together, then you update *only* the description, > it does not update the rule in-place, it schedules a removal and > re-add, which results in failures like: > > > * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL item > with number 1201 already exists in ACL: > c1c67ecf-847b-4ef6-a34c-7573a5601beb > │ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL > item with number 1307 already exists in ACL: > c1c67ecf-847b-4ef6-a34c-7573a5601beb > │ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL > item with number 1501 already exists in ACL: > c1c67ecf-847b-4ef6-a34c-7573a5601beb > │ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL > item with number 1305 already exists in ACL: > c1c67ecf-847b-4ef6-a34c-7573a5601beb > │ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL > item with number 1001 already exists in ACL: > c1c67ecf-847b-4ef6-a34c-7573a5601beb > │ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL > item with number 1306 already exists in ACL: > c1c67ecf-847b-4ef6-a34c-7573a5601beb > │ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL > item with number 1101 already exists in ACL: > c1c67ecf-847b-4ef6-a34c-7573a5601beb > │ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL > item with number 1202 already exists in ACL: > c1c67ecf-847b-4ef6-a34c-7573a5601beb > │ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL > item with number 1308 already exists in ACL: > c1c67ecf-847b-4ef6-a34c-7573a5601beb > │ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL > item with number 1102 already exists in ACL: > c1c67ecf-847b-4ef6-a34c-7573a5601beb > │ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL > item with number 1304 already exists in ACL: > c1c67ecf-847b-4ef6-a34c-7573a5601beb > │ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL > item with number 1521 already exists in ACL: > c1c67ecf-847b-4ef6-a34c-7573a5601beb > │ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL > item with number 1301 already exists in ACL: > c1c67ecf-847b-4ef6-a34c-7573a5601beb > │ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL > item with number 1511 already exists in ACL: > c1c67ecf-847b-4ef6-a34c-7573a5601beb > │ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL > item with number 1401 already exists in ACL: > c1c67ecf-847b-4ef6-a34c-7573a5601beb > │ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL > item with number 1302 already exists in ACL: > c1c67ecf-847b-4ef6-a34c-7573a5601beb > │ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL > item with number 1303 already exists in ACL: > c1c67ecf-847b-4ef6-a34c-7573a5601beb > > On 9/30/25 5:30 AM, Kiran Chavala wrote: >> Hi ALL >> >> I've created a CloudStack Terraform Provider release candidate for >> version >> 0.6.0, with the following artefacts up for a vote: >> >> Git Branch and Commit SH: >> >> https://github.com/cloudstack/terraform-provider-cloudstack >> >> Commit: 919a358fcc951724c2364ee363a9a055258b1fc3 >> >> Source release (checksums and signatures are available at the same >> location): >> >> https://dist.apache.org/repos/dist/dev/cloudstack/cloudstack-terraform-provider-0.6.0/ >> >> >> PGP release keys (signed using >> E03379CB066175FAC2BC9E027B3F1C5E93F97FAB): >> >> https://dist.apache.org/repos/dist/release/cloudstack/KEYS >> >> For testing/voting purposes, you can use the provider >> >> terraform { >> required_providers { >> cloudstack = { >> source = "cloudstack/cloudstack" >> version = "0.6.0-rc2" >> } >> } >> } >> >> >> >> Vote will be open for 72 hours. >> >> For sanity in tallying the vote, can PMC members please be sure to >> indicate >> "(binding)" with their vote? >> >> [ ] +1 approve >> [ ] +0 no opinion >> [ ] -1 disapprove (and reason why) >>
