Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Firewall rule attributes cannot be removed / perpetual change plan #1504

Open
kbcz1989 opened this issue Aug 22, 2024 · 1 comment
Open

Firewall rule attributes cannot be removed / perpetual change plan #1504

kbcz1989 opened this issue Aug 22, 2024 · 1 comment
Labels
🐛 bug Something isn't working topic:firewall

Comments

@kbcz1989
Copy link

Describe the bug
Removing attribute(setting it to null or empty string) from firewall rule definition does not remove the attribute and next terraform plan wants to make same changes.

To Reproduce
Steps to reproduce the behavior:

  1. Create a resource proxmox_virtual_environment_firewall_rules
  2. Run terraform apply
  3. Remove one of the attributes from defined rule
  4. Run terraform apply - it "successfully" removes the rule
  5. Next terraform plan wants to remove it again

Please also provide a minimal Terraform configuration that reproduces the issue.

Before the change:

resource "proxmox_virtual_environment_firewall_rules" "inbound" {
  node_name = var.node_name
  vm_id     = var.vm_id

  rule {
    type    = "in"
    action  = "ACCEPT"
    comment = "Allow HTTP"
    dest    = "192.168.1.5"
    dport   = "80"
    proto   = "tcp"
    log     = "info"
  }

  rule {
    type   = "in"
    action = "ACCEPT"
    comment = "Allow HTTPS"
    dest = "192.168.1.5"
    dport   = "443"
    proto   = "tcp"
    log = "info"
  }
}

After the change:

resource "proxmox_virtual_environment_firewall_rules" "inbound" {
  node_name = var.node_name
  vm_id     = var.vm_id

  rule {
    type    = "in"
    action  = "ACCEPT"
    comment = "Allow HTTP"
    dest    = "192.168.1.5"
    dport   = "80"
    proto   = "tcp"
    log     = "info"
  }

  rule {
    type   = "in"
    action = "ACCEPT"
    #comment = "Allow HTTPS"
    dest = "192.168.1.5"
    #dport   = "443"
    #proto   = "tcp"
    log = "info"
  }
}

Expected behavior
Attributes removed from config should be removed from resource.

Screenshots
2024-08-22_13-59

Additional context
I am suspecting this is due to provider not sending null parameters at all. Comparing GUI and provider actions suggests the same:
Provider:
tf_http_req_body="action=ACCEPT&comment=Allow+HTTP&dest=192.168.1.5&dport=80&enable=1&log=info&pos=0&proto=tcp&type=in"

GUI:
type=in&action=ACCEPT&delete=iface&source=&dest=192.168.1.5&enable=1&macro=&proto=&sport=&dport=&comment=&log=info&icmp-type=&digest=0929e8b4b3604b3b14a620d53a5aa86f13c838e4

  • Single or clustered Proxmox: clustered
  • Proxmox version: 8.2.4
  • Provider version (ideally it should be the latest version): 0.62.0
  • Terraform/OpenTofu version: terraform 1.8.3
  • OS (where you run Terraform/OpenTofu from): Ubuntu 22.04
  • Debug logs (TF_LOG=DEBUG terraform apply):
    https://gist.github.com/kbcz1989/78344a82c7a4ee29024b01033673c8df
@kbcz1989 kbcz1989 added the 🐛 bug Something isn't working label Aug 22, 2024
@kbcz1989
Copy link
Author

Possibly related to "omitempty" here:

type BaseRule struct {
Comment *string `json:"comment,omitempty" url:"comment,omitempty"`
Dest *string `json:"dest,omitempty" url:"dest,omitempty"`
Digest *string `json:"digest,omitempty" url:"digest,omitempty"`
DPort *string `json:"dport,omitempty" url:"dport,omitempty"`
Enable *types.CustomBool `json:"enable,omitempty" url:"enable,omitempty,int"`
ICMPType *string `json:"icmp-type,omitempty" url:"icmp-type,omitempty"`
IFace *string `json:"iface,omitempty" url:"iface,omitempty"`
Log *string `json:"log,omitempty" url:"log,omitempty"`
Macro *string `json:"macro,omitempty" url:"macro,omitempty"`
Proto *string `json:"proto,omitempty" url:"proto,omitempty"`
Source *string `json:"source,omitempty" url:"source,omitempty"`
SPort *string `json:"sport,omitempty" url:"sport,omitempty"`
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🐛 bug Something isn't working topic:firewall
Projects
Status: ☑️ Todo
2 participants