bhouse-nexthop opened a new issue, #279:
URL: https://github.com/apache/cloudstack-terraform-provider/issues/279
It appears if you insert a rule in the middle of a set of rules, it will
rewrite all rules after it. It seems like it should be matching on rule_number
if specified to prevent this behavior.
In this case, I added rule 65401 for deny all to 1.2.3.4/32 as an example.
All other rules were unchanged.
```
# module.network_acl_su.cloudstack_network_acl_rule.this will be updated
in-place
~ resource "cloudstack_network_acl_rule" "this" {
id = "4185ff3d-3df8-43e6-ae6c-57597ec9a177"
# (3 unchanged attributes hidden)
~ rule {
~ cidr_list = [
~ "0.0.0.0/0" -> "1.2.3.4/32",
]
~ rule_number = 65501 -> 65401
# (9 unchanged attributes hidden)
}
~ rule {
~ cidr_list = [
~ "10.252.0.0/16" -> "0.0.0.0/0",
]
~ description = "disallow VPC subnets from SSHing into bastion:
deny ingress" -> "deny egress by default: deny egress"
- port = "22" -> null
~ protocol = "tcp" -> "all"
~ rule_number = 30001 -> 65501
~ traffic_type = "ingress" -> "egress"
# (5 unchanged attributes hidden)
}
~ rule {
~ action = "allow" -> "deny"
~ cidr_list = [
~ "0.0.0.0/0" -> "10.252.0.0/16",
]
~ description = "allow public networks to SSH into bastion: allow
ingress" -> "disallow VPC subnets from SSHing into bastion: deny ingress"
~ rule_number = 30002 -> 30001
# (7 unchanged attributes hidden)
}
~ rule {
~ cidr_list = [
~ "10.252.0.0/16" -> "0.0.0.0/0",
]
~ description = "allow bastion connection to network: allow
egress" -> "allow public networks to SSH into bastion: allow ingress"
~ rule_number = 30003 -> 30002
~ traffic_type = "egress" -> "ingress"
# (7 unchanged attributes hidden)
}
+ rule {
+ action = "allow"
+ cidr_list = [
+ "10.252.0.0/16",
]
+ description = "allow bastion connection to network: allow
egress"
+ port = "22"
+ protocol = "tcp"
+ rule_number = 30003
+ traffic_type = "egress"
+ uuids = (known after apply)
}
# (14 unchanged blocks hidden)
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
