cloudstack_network_acl_rule modifies all rules after inserted rule #279
Description
It appears if you insert a rule in the middle of a set of rules, it will rewrite all rules after it. It seems like it should be matching on rule_number if specified to prevent this behavior. I am using the 0.6.0 provider. I should mention the 0.6.0-rc2 provider did not have this issue.
In this case, I added rule 65401 for deny all to 1.2.3.4/32 as an example. All other rules were unchanged.
# module.network_acl_su.cloudstack_network_acl_rule.this will be updated in-place
~ resource "cloudstack_network_acl_rule" "this" {
id = "4185ff3d-3df8-43e6-ae6c-57597ec9a177"
# (3 unchanged attributes hidden)
~ rule {
~ cidr_list = [
~ "0.0.0.0/0" -> "1.2.3.4/32",
]
~ rule_number = 65501 -> 65401
# (9 unchanged attributes hidden)
}
~ rule {
~ cidr_list = [
~ "10.252.0.0/16" -> "0.0.0.0/0",
]
~ description = "disallow VPC subnets from SSHing into bastion: deny ingress" -> "deny egress by default: deny egress"
- port = "22" -> null
~ protocol = "tcp" -> "all"
~ rule_number = 30001 -> 65501
~ traffic_type = "ingress" -> "egress"
# (5 unchanged attributes hidden)
}
~ rule {
~ action = "allow" -> "deny"
~ cidr_list = [
~ "0.0.0.0/0" -> "10.252.0.0/16",
]
~ description = "allow public networks to SSH into bastion: allow ingress" -> "disallow VPC subnets from SSHing into bastion: deny ingress"
~ rule_number = 30002 -> 30001
# (7 unchanged attributes hidden)
}
~ rule {
~ cidr_list = [
~ "10.252.0.0/16" -> "0.0.0.0/0",
]
~ description = "allow bastion connection to network: allow egress" -> "allow public networks to SSH into bastion: allow ingress"
~ rule_number = 30003 -> 30002
~ traffic_type = "egress" -> "ingress"
# (7 unchanged attributes hidden)
}
+ rule {
+ action = "allow"
+ cidr_list = [
+ "10.252.0.0/16",
]
+ description = "allow bastion connection to network: allow egress"
+ port = "22"
+ protocol = "tcp"
+ rule_number = 30003
+ traffic_type = "egress"
+ uuids = (known after apply)
}
# (14 unchanged blocks hidden)
}