terraform-provider-ibm
terraform-provider-ibm copied to clipboard
IBM-Cloud
"allowed_ip" doesn't show any difff for IBM COS Bucket when we remove firewall outside the terraform
- Provision a COS bucket with firewall enabled (allowed_ip)
- Remove or disable the firewall from UI
- Terraform plan doesn't show any diff
Sample configuration
resource "ibm_cos_bucket" "standard-ams03" {
bucket_name = "test-harini-18"
resource_instance_id = ibm_resource_instance.cos_instance.id
cross_region_location = "us"
storage_class = "standard"
allowed_ip = ["183.83.141.179"]
}
Attaching the converison and inital analysis done as part of support ticket We are able to indentify the issue. Scenario 1 : The firewall is able to detect a change when we add or remove ip's I created a bucket with below sample configuration
resource "ibm_cos_bucket" "standard-ams03" { bucket_name = "test-harini-18" resource_instance_id = ibm_resource_instance.cos_instance.id cross_region_location = "us" storage_class = "standard" allowed_ip = ["183.83.141.179"] }
Now add one more ip via UI "183.83.142.179" when we run the plan its able to detect the change Scenario 2 : Create bucket with firewall and remove the complete firewall from UI it was not able to find the difference because when we are setting back the firewall
if bucketPtr.Firewall != nil { d.Set("allowed_ip", flex.FlattenStringList(bucketPtr.Firewall.AllowedIp)) } ``` Since bucketPtr.Firewall it self is nil its not overriding the values back.
@Priyaranimishra, may we have update?
btw, I could successfully refresh bucket configuration change outside of Terraform. But it's occuring in Schematics.
Hello @IBMdiksha
Please see the update from the customer
///////// I deleted only one of the ICOS firewall definitions on the IBM Cloud Web Console (GUI) and left the other definitions in place. So I did a Plan generation and it detected the difference between the allowed_ip in the Terraform code and the actual bucket settings and created a plan to change the settings.
So it seems that this event only occurs when all ICOS firewall definitions are deleted.
/////////
Best Regards, Kanak ACS-Storage Support Engineer IBM Cloud Support
Hello @IBMdiksha, I confirmed the issue occurs only when delete all allowed_ip items,
Reproduce steps
- Created a bucket
resource "ibm_cos_bucket" "smart-us-south" { bucket_name = "kyungmo1741669-stardard-at-us-south" resource_instance_id = ibm_resource_instance.cos_instance.id region_location = "us-south" storage_class = "smart" allowed_ip = ["169.63.163.244", "9.192.235.12", "172.30.8.121","135.90.119.4"] } - Apply plan and get state
erraform state list data.ibm_resource_group.group ibm_cos_bucket.expire_incomplete_multipart ibm_cos_bucket.expire_rule ibm_cos_bucket.expired_delete_marker ibm_cos_bucket.objectversioning ibm_cos_bucket.retention_cos ibm_cos_bucket.smart-us-south ibm_resource_instance.cos_instance` terraform state show ibm_cos_bucket.smart-us-south
ibm_cos_bucket.smart-us-south:
resource "ibm_cos_bucket" "smart-us-south" {
allowed_ip = [
"169.63.163.244",
"9.192.235.12",
"172.30.8.121",
"135.90.119.4",
]
bucket_name = "kyungmo1741669-stardard-at-us-south"
...3. Delete all allowed_ip items at UI, and refresh or plan 4. Terraform state againterraform state show ibm_cos_bucket.smart-us-south
ibm_cos_bucket.smart-us-south:
resource "ibm_cos_bucket" "smart-us-south" {
allowed_ip = [
"169.63.163.244",
"9.192.235.12",
"172.30.8.121",
"135.90.119.4",
]
bucket_name = "kyungmo1741669-stardard-at-us-south"
...5. Add one IP address at UI and refresh (or plan)terraform state show ibm_cos_bucket.smart-us-south
ibm_cos_bucket.smart-us-south:
resource "ibm_cos_bucket" "smart-us-south" { allowed_ip = [ "135.90.119.4", ] bucket_name = "kyungmo1741669-stardard-at-us-south"`
So, this problem only occurs when delete all allowed_ip items.
Best Regards,
Kyung J. Storage Support Engineer IBM Cloud
Fixed in latest release https://github.com/IBM-Cloud/terraform-provider-ibm/releases/tag/v1.44.1
