Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[dedicated elb] IP group #2277

Closed
sfhl opened this issue Aug 23, 2023 · 5 comments
Closed

[dedicated elb] IP group #2277

sfhl opened this issue Aug 23, 2023 · 5 comments
Assignees
@anton-sidelnikov
Labels
bug

Comments

@sfhl
Copy link

sfhl commented Aug 23, 2023
edited

Hi there,

when configuring an ELBv3 (dedicated) via ip_group for whitelisting, i am not able to reset this config.

Terraform provider version

Terraform v1.5.2
on linux_amd64
+ provider registry.terraform.io/hashicorp/local v2.4.0
+ provider registry.terraform.io/hashicorp/template v2.2.0
+ provider registry.terraform.io/terraform-providers/opentelekomcloud v1.35.5

Affected Resource(s)

opentelekomcloud_lb_listener_v3

Terraform Configuration Files

...
resource "opentelekomcloud_lb_listener_v3" "cceelb-testing-test-443" {
  name            = "xxxxxxxxxxxxxxxxx-443"
  protocol        = "TCP"
  protocol_port   = "443"
  loadbalancer_id = opentelekomcloud_lb_loadbalancer_v3.cceelb-testing-test-cce.id
  depends_on      = [opentelekomcloud_lb_loadbalancer_v3.cceelb-testing-test-cce]

  ip_group {
    id     = ""
    enable = false
    type   = ""
  }

}
...
Terraform will perform the following actions:

  # opentelekomcloud_lb_listener_v3.cceelb-testing-test-443 will be updated in-place
  ~ resource "opentelekomcloud_lb_listener_v3" "cceelb-testing-test-443" {
        id                  = "XXXXXXXXXXXXXXXXXXXXXXXXXXX"
        name                = "xxxxxxxxxxxxxxxxx-443"
        tags                = {}
        # (13 unchanged attributes hidden)

      ~ ip_group {
          ~ enable = true -> false
          - id     = "XXXXXXXXXXXXXXXXXXXXXXXX" -> null
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

Steps to Reproduce

  1. terraform apply

Expected Behavior

The listeners ACL config is resetted and/or disabled.

Actual Behavior

The listeners ACL config is not changed, terraform wants to change it again when running again
@anton-sidelnikov anton-sidelnikov self-assigned this Aug 23, 2023
@anton-sidelnikov anton-sidelnikov mentioned this issue Aug 24, 2023
Merged
5 tasks
otc-zuul bot pushed a commit that referenced this issue Aug 24, 2023
@anton-sidelnikov
[ELB] posibility to disable ip_group in `resource/opentelekomcloud_lb…
90523da 
…_listener_v3` (#2282)

[ELB] posibility to disable ip_group in `resource/opentelekomcloud_lb_listener_v3`

Summary of the Pull Request
PR Checklist

 Refers to: #2277
 Tests added/passed.
 Documentation updated.
 Schema updated.
 Release notes added.

Acceptance Steps Performed
=== RUN   TestAccLBV3Listener_ipGroup
=== PAUSE TestAccLBV3Listener_ipGroup
=== CONT  TestAccLBV3Listener_ipGroup
--- PASS: TestAccLBV3Listener_ipGroup (72.26s)
PASS


Debugger finished with the exit code 0

Reviewed-by: Artem Lifshits
Reviewed-by: Aloento
@anton-sidelnikov
Copy link
Member

@sfhl Check on latest please

@sfhl
Copy link
Author

sfhl commented Aug 25, 2023

@anton-sidelnikov nearly. access control is disabled, but the ip group is not reset to "All addresses", so i am not able to delete the whitelist ip group, because it is still in use

@anton-sidelnikov anton-sidelnikov mentioned this issue Aug 25, 2023
Merged
5 tasks
otc-zuul bot pushed a commit that referenced this issue Aug 28, 2023
@anton-sidelnikov
[ELB] possibility to remove all addresses in `resource/opentelekomclo…
add96c0 
…ud_lb_ipgroup_v3` (#2285)

[ELB] possibility to remove all addresses in `resource/opentelekomcloud_lb_ipgroup_v3`

Summary of the Pull Request
PR Checklist

 Refers to: #2277
 Tests added/passed.
 Documentation updated.
 Schema updated.
 Release notes added.

Acceptance Steps Performed
=== RUN   TestAccLBV3Listener_basic
=== PAUSE TestAccLBV3Listener_basic
=== RUN   TestAccLBV3Listener_TCP
=== PAUSE TestAccLBV3Listener_TCP
=== RUN   TestAccLBV3Listener_HTTP_to_TCP
=== PAUSE TestAccLBV3Listener_HTTP_to_TCP
=== RUN   TestAccLBV3Listener_ipGroup
=== PAUSE TestAccLBV3Listener_ipGroup
=== RUN   TestAccLBV3Listener_import
=== PAUSE TestAccLBV3Listener_import
=== CONT  TestAccLBV3Listener_basic
=== CONT  TestAccLBV3Listener_import
=== CONT  TestAccLBV3Listener_TCP
=== CONT  TestAccLBV3Listener_ipGroup
=== CONT  TestAccLBV3Listener_HTTP_to_TCP
--- PASS: TestAccLBV3Listener_import (50.34s)
--- PASS: TestAccLBV3Listener_TCP (81.81s)
--- PASS: TestAccLBV3Listener_HTTP_to_TCP (81.99s)
--- PASS: TestAccLBV3Listener_basic (82.27s)
--- PASS: TestAccLBV3Listener_ipGroup (117.79s)

PASS


Process finished with the exit code 0



=== RUN   TestAccLBV3IpGroup_basic
--- PASS: TestAccLBV3IpGroup_basic (86.50s)
=== RUN   TestAccLBV3IpGroup_import
--- PASS: TestAccLBV3IpGroup_import (41.28s)
PASS


Process finished with the exit code 0

Reviewed-by: Aloento
Reviewed-by: Artem Lifshits
Reviewed-by: Vladimir Vshivkov
@anton-sidelnikov
Copy link
Member

@sfhl please check in 1.35.7

@sfhl
Copy link
Author

sfhl commented Sep 11, 2023

@anton-sidelnikov
sadly, it's still the same behaviour.

...
Terraform will perform the following actions:

  # resource opentelekomcloud_lb_listener_v3" "cceelb-testing-test-443" will be updated in-place
 ~ resource "opentelekomcloud_lb_listener_v3" "cceelb-testing-test-443" {
        id                  = "YYYYYYYYY-YYYYYYYY-YYYYYYYYYYY-YYYYYYY"
        name                = "xxxxxxxxxxxxxxxxx-443"
        tags                = {}
        # (13 unchanged attributes hidden)

      ~ ip_group {
          ~ enable = true -> false
            id     = "XXXXXX-XXXXXXXXX-XXXXXXXX-XXXXX"
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.
...

but the whitelist ist still active.
So it is also not possible to delete this ip_group(s).

@anton-sidelnikov
Copy link
Member

anton-sidelnikov commented Sep 11, 2023
edited

@sfhl Hi, just remove ip_group block from config

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@anton-sidelnikov anton-sidelnikov

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anton-sidelnikov @sfhl