Terraform: Can not create custom protocol (not tcp, udp, icmp) security group rules in openstack

Created on 20 Mar 2017  ยท  5Comments  ยท  Source: hashicorp/terraform

Terraform Version

$ terraform -v
Terraform v0.9.0-dev (89acb5811a25e59e6a9d55cf5a2429846e3b5982+CHANGES)

Affected Resource(s)

  • openstack_networking_secgroup_rule_v2

Debug Output

https://gist.github.com/splashx/ccd4725837c5d3ba660eb82fc6a64319

Expected Behavior

This is the second run, I expected nothing would change. Also, and the most important, it was expected the security group would be created correctly (protocol: 112)

Actual Behavior

The vrrp rule is deleted and created again and protocol: null

.....
| name                 | tf-sg-test-vrrp                                                    |
| security_group_rules | {                                                                  |
|                      |      "remote_group_id": null,                                      |
|                      |      "direction": "ingress",                                       |
|                      |      "protocol": null,                                             |
|                      |      "description": "",                                            |
|                      |      "ethertype": "IPv4",                                          |
|                      |      "remote_ip_prefix": null,                                     |
|                      |      "port_range_max": null,                                       |
|                      |      "security_group_id": "ac42f393-89d3-4ccb-b8f5-525f7bef87be",  |

...

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply 
$ cat test.tf 
resource "openstack_networking_secgroup_v2" "tf-sg-test-vrrp" {
  name = "tf-sg-test-vrrp"
  description = "LDAP master backend servers"
}

resource "openstack_networking_secgroup_rule_v2" "test-tf-vrrp-rule" {
  direction = "ingress"
  ethertype = "IPv4"
  protocol = "112"
  security_group_id = "${openstack_networking_secgroup_v2.tf-sg-test-vrrp.id}"
}

I've also tested with:
protocol = "vrrp"
protocol = 112 (no commas)

Important Factoids

Openstack version: Mitaka

bug
Source
picture splashx

Most helpful comment

This has been implemented in #14307 and will be available in the next release of Terraform :)

picture jtopjian on 15 May 2017
2

All 5 comments

Thanks for reporting this. There's a Pull Request in the upstream Gophercloud library that will help resolve this: https://github.com/gophercloud/gophercloud/pull/294

jtopjian picture jtopjian on 20 Mar 2017
👍1

@jtopjian do you have any idea how to workaround this with the current version?

michalmedvecky picture michalmedvecky on 21 Mar 2017

There's not a workaround at this time since the protocols are passed by a specific "type". Unfortunately it's not possible to sneak a string through.

jtopjian picture jtopjian on 21 Mar 2017
😕1

This has been implemented in #14307 and will be available in the next release of Terraform :)

jtopjian picture jtopjian on 15 May 2017
2

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 12 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

felnne picture felnne  ยท  133Comments
jszwedko picture jszwedko  ยท  77Comments
phinze picture phinze  ยท  167Comments
FlorinAndrei picture FlorinAndrei  ยท  61Comments
dupuy picture dupuy  ยท  61Comments