The "quick" workaround for this would be to perform the deletes first
then the adds. But the right solution would be to send
https://cloudstack.apache.org/api/apidocs-4.21/apis/updateNetworkACLItem.html
requests instead. It does get a bit complicated in the fact that the
cloudstack terraform provider isn't a 1:1 mapping due the fact that it
takes a port list ... and infact, this too would cause an error if you
have multiple ports and also a rule_number set since it would generate 2
rules with the same rule number. I'd honestly recommend removing that
"feature" to spawn multiple rules and keep the provider a 1:1 mapping
with the API.
On 10/6/25 10:09 AM, Brad House wrote:
Found a bug in a new feature in 0.6.0. Network ACL rules added 2
features:
1. Ability to add a description
2. Ability to set a rule number
When these are used together, then you update *only* the description,
it does not update the rule in-place, it schedules a removal and
re-add, which results in failures like:
* CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL item
with number 1201 already exists in ACL:
c1c67ecf-847b-4ef6-a34c-7573a5601beb
│ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL
item with number 1307 already exists in ACL:
c1c67ecf-847b-4ef6-a34c-7573a5601beb
│ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL
item with number 1501 already exists in ACL:
c1c67ecf-847b-4ef6-a34c-7573a5601beb
│ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL
item with number 1305 already exists in ACL:
c1c67ecf-847b-4ef6-a34c-7573a5601beb
│ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL
item with number 1001 already exists in ACL:
c1c67ecf-847b-4ef6-a34c-7573a5601beb
│ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL
item with number 1306 already exists in ACL:
c1c67ecf-847b-4ef6-a34c-7573a5601beb
│ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL
item with number 1101 already exists in ACL:
c1c67ecf-847b-4ef6-a34c-7573a5601beb
│ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL
item with number 1202 already exists in ACL:
c1c67ecf-847b-4ef6-a34c-7573a5601beb
│ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL
item with number 1308 already exists in ACL:
c1c67ecf-847b-4ef6-a34c-7573a5601beb
│ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL
item with number 1102 already exists in ACL:
c1c67ecf-847b-4ef6-a34c-7573a5601beb
│ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL
item with number 1304 already exists in ACL:
c1c67ecf-847b-4ef6-a34c-7573a5601beb
│ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL
item with number 1521 already exists in ACL:
c1c67ecf-847b-4ef6-a34c-7573a5601beb
│ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL
item with number 1301 already exists in ACL:
c1c67ecf-847b-4ef6-a34c-7573a5601beb
│ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL
item with number 1511 already exists in ACL:
c1c67ecf-847b-4ef6-a34c-7573a5601beb
│ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL
item with number 1401 already exists in ACL:
c1c67ecf-847b-4ef6-a34c-7573a5601beb
│ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL
item with number 1302 already exists in ACL:
c1c67ecf-847b-4ef6-a34c-7573a5601beb
│ * CloudStack API error 431 (CSExceptionErrorCode: 4350): ACL
item with number 1303 already exists in ACL:
c1c67ecf-847b-4ef6-a34c-7573a5601beb
On 9/30/25 5:30 AM, Kiran Chavala wrote:
Hi ALL
I've created a CloudStack Terraform Provider release candidate for
version
0.6.0, with the following artefacts up for a vote:
Git Branch and Commit SH:
https://github.com/cloudstack/terraform-provider-cloudstack
Commit: 919a358fcc951724c2364ee363a9a055258b1fc3
Source release (checksums and signatures are available at the same
location):
https://dist.apache.org/repos/dist/dev/cloudstack/cloudstack-terraform-provider-0.6.0/
PGP release keys (signed using
E03379CB066175FAC2BC9E027B3F1C5E93F97FAB):
https://dist.apache.org/repos/dist/release/cloudstack/KEYS
For testing/voting purposes, you can use the provider
terraform {
required_providers {
cloudstack = {
source = "cloudstack/cloudstack"
version = "0.6.0-rc2"
}
}
}
Vote will be open for 72 hours.
For sanity in tallying the vote, can PMC members please be sure to
indicate
"(binding)" with their vote?
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)
