Comments (20)
Interesting observation! Thanks for the details ππ»
from terraform-provider-cloudstack.
Iβm going to look into that option then @MRinalducci.
And CloudStack does accept CIDR lists @greut, so itβs only for ports
.
from terraform-provider-cloudstack.
@MRinalducci yeah, good one... Will take that into account. Didn't have time to continue on this today, but will have another look tomorrow.
from terraform-provider-cloudstack.
@greut no, it doesn't: https://github.com/terraform-providers/terraform-provider-cloudstack/blob/master/cloudstack/resource_cloudstack_network_acl_rule.go#L188-L193
from terraform-provider-cloudstack.
@MRinalducci the rules are ordered. That is, they are applied in the order that you defined them in your Terraform config.
But your point is still valid and it should be pretty straightforward to add support for the number
parameter. I will try to find some time for it next week...
from terraform-provider-cloudstack.
@svanharmelen thanks for your quick reply!
@MRinalducci the rules are ordered. That is, they are applied in the order that you defined them in your Terraform config.
Yes, this is true for the first creation, but not when you update them (as I tested).
For example, initially you define 3 rules in your Terraform code:
- Rule 1
- Rule 2
- Rule 3
Then you want to insert a new rule between 1 and 2 in your TF code:
- Rule 1
- Rule 4
- Rule 2
- Rule 3
Because rule 1, 2 and 3 are already existing in the ACL, it will add Rule 4 at the end of the ACL like that:
- Rule 1
- Rule 2
- Rule 3
- Rule 4
Which is not reflecting the TF code in term of order.
But your point is still valid and it should be pretty straightforward to add support for the number parameter. I will try to find some time for it next week...
Yes, I think so, as I could see. This will be great, thank you very much for that!
Let me know if I could do anything for helping.
from terraform-provider-cloudstack.
@MRinalducci it turns out this is a little more complicated then I initially expected.
The problem is that the cloudstack_network_acl_rule
resource allows you to specify a list of ports in a single rule
block, where CloudStack only allows one port (or port range) per rule. So the resource is actually able to generate (and keep track of) multiple rules generated for a single rule
block in the config.
This makes it virtually impossible to assign rule numbers in the rule
blocks. Changing the code to support it would mean introducing breaking changes and changing the (currently expected) behaviour of this resource.
So I see a couple of possible solutions. We could enrich the resource by a number
and a port
parameter and then add restriction so you can either use the ports
parameters, or the port
and number
parameters. But not both in one and the same resource.
Another solution (which I think I prefer) would be to fix the ordering issue you described, so it will always match the order in your Terraform config.
What do you think?
from terraform-provider-cloudstack.
@svanharmelen that's right, I didn't saw that problem at first look.
Another solution (which I think I prefer) would be to fix the ordering issue you described, so it will always match the order in your Terraform config.
Yes, this would be nicest solution of both (I think too). This will also avoid to always put a rule number. But, we have to be aware to keep the right order also when we declare 2 or more cloudstack_network_acl_rule
resources.
I mean the ordered rules declared in the second resource have to be placed after the ordered rules of first resource. I think this will work right away.
from terraform-provider-cloudstack.
cidrlist
has the same kind of behaviour than ports
I guess.
from terraform-provider-cloudstack.
@svanharmelen doesn't it create many rules from the cidrlist
, like it does for the ingress/egress rules.
from terraform-provider-cloudstack.
@svanharmelen I think we have also to be aware of argument parallelism (Optional) Specifies how much rules will be created or deleted concurrently. (defaults 2)
which can sometimes change the ordering (to confirme).
from terraform-provider-cloudstack.
Hello @svanharmelen, any update about this issue?
from terraform-provider-cloudstack.
@MRinalducci, yes... I don't have much dedicated time to work on this, so I try to look at it in lost moments here and there π It turns out to be a little more complex then you would expect, but I think I'm close to a solution. Will keep you posted!
from terraform-provider-cloudstack.
@svanharmelen thank you very much for your update and your work on this issue. Yes, as discussed it is more complex than expected, but it's great that you're near a solution! π
from terraform-provider-cloudstack.
I'm a little sidetracked as I'm switching jobs π But this is still on my radar and will be fixed in the foreseeable future!
from terraform-provider-cloudstack.
Thanks for the update :)
from terraform-provider-cloudstack.
@svanharmelen any update about this issue? :)
from terraform-provider-cloudstack.
Yes and no... There is still an open tab in my browser and the wish to fix it, but without direct access to a running CloudStack API it's a bit harder to work on this then before.
I'll see what I can do to get some API access and take it from there...
from terraform-provider-cloudstack.
Oh I see the problem...
I hope you can get some API access soon for testing.
Thanks for the input!
from terraform-provider-cloudstack.
I'm going to close this issue as I'm about to archive this repository. Development of this provider has been moved to the Apache Foundation. Please find the new home for this provider here: https://github.com/apache/cloudstack-terraform-provider
from terraform-provider-cloudstack.
Related Issues (20)
- Allow creating cloudstack_instance in stopped state HOT 2
- root_disk_size unit changes after creation of instance (GB to Bytes) HOT 4
- Add support for importing cloudstack_* entities HOT 5
- Expected VirtualMachine.ostypeid to be an int64, was a string (on Exoscale) HOT 16
- terraform destroy fails when IP is used for source NAT HOT 3
- cloudstack_network source_nat_ip does not work HOT 12
- Enable VPN on source NAT IP for network HOT 4
- terraform import cloudstack_network does not work
- Tags were removed from resources HOT 2
- Error creating the new instance test: json: cannot unmarshal string into Go struct field DeployVirtualMachineResponse.ostypeid of type int64 HOT 4
- Cannot upload image for template with from URL ending .img HOT 2
- Add new resource: Project HOT 3
- Fix documentation for cloudstack_loadbalancer_rule HOT 1
- API version too old HOT 3
- Error retrieving ID of template: json: cannot unmarshal object into Go struct field alias.childtemplates of type []interface {} HOT 8
- Cannot pass data to custom service-offering HOT 1
- cloudstack_port_forward does not work HOT 4
- Add cloudstack_network datasource HOT 1
- Terraform doesn't work with ASC 4.15 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-cloudstack.