cloudstack-terraform-provider icon indicating copy to clipboard operation
cloudstack-terraform-provider copied to clipboard

Published 20 hours ago verified publisher icon apache

ACL_ID not accepting id

Open tomaspekarovic opened this issue 1 year ago • 2 comments

i have this code: using (0.5.0 provider)

 36 resource "cloudstack_vpc" "tomas_vpc" {
 37   name         = "tomas_vpc"
 38   display_text = "Tomas VPC"
 39   cidr         = "10.20.0.0/16"
 40   vpc_offering = "Default VPC Offering"
 41   zone         = "SK-WDS01"
 42 }
 43
 44 resource "cloudstack_network" "tomas_network" {
 45   name             = "tomas_network"
 46   display_text     = "Tomasova siet"
 47   network_offering = "DefaultIsolatedNetworkOfferingForVpcNetworks"
 48   zone             = "SK-WDS01"
 49   vpc_id           = cloudstack_vpc.tomas_vpc.id
 50   cidr             = "10.20.1.0/24"
 51   gateway          = "10.20.1.1"
 52   acl_id           = "ibdb115e1-16aa-11ef-9251-42ad207a9833"
 53 }

vpc is created but when network is going to be created, acl_id fails with:

│ Error: Error creating network tomas_network: CloudStack API error 431 (CSExceptionErrorCode: 9999): Unable to execute API command createnetwork due to invalid value. Invalid parameter aclid value=ibdb115e1-16aa-11ef-9251-42ad207a9833 due to incorrect long value format, or entity does not exist or due to incorrect parameter annotation for the field in api cmd class.
│
│   with cloudstack_network.tomas_network,
│   on main.tf line 44, in resource "cloudstack_network" "tomas_network":
│   44: resource "cloudstack_network" "tomas_network" {

Acl exists, and lot of networks has this attached ...

tomaspekarovic avatar Nov 21 '24 09:11 tomaspekarovic

@tomaspekarovic ACL rules are tied to a specific vpc network in cloudstack.

An existing acl for a vpc cannot be used for another vpc.

Please try the following terraform code create a acl rule and attach it to a vpc


resource "cloudstack_vpc" "tomas_vpc" {
 name         = "tomas_vpc"
    display_text = "Tomas VPC"
   cidr         = "10.20.0.0/16"
    vpc_offering = "Default VPC Offering"
    zone         = "83bddd7d-3f56-4085-a709-f9694b9e8608"
  }
 

 resource "cloudstack_network_acl" "default" {
  name   = "test-acl"
  vpc_id = cloudstack_vpc.tomas_vpc.id
}


resource "cloudstack_network_acl_rule" "default" {
  acl_id = cloudstack_network_acl.default.id

  rule {
    action       = "allow"
    cidr_list    = ["10.0.0.0/8"]
    protocol     = "tcp"
    ports        = ["80", "1000-2000"]
    traffic_type = "ingress"
  }
}

  resource "cloudstack_network" "tomas_network" {
    name             = "tomas_network"
    display_text     = "Tomasova siet"
    network_offering = "DefaultIsolatedNetworkOfferingForVpcNetworks"
    zone             = "83bddd7d-3f56-4085-a709-f9694b9e8608"
    vpc_id           = cloudstack_vpc.tomas_vpc.id
    cidr             = "10.20.1.0/24"
    gateway          = "10.20.1.1"
    acl_id           = cloudstack_network_acl.default.id
  }

kiranchavala avatar Feb 10 '25 05:02 kiranchavala

@tomaspekarovic are you still facing the issue .

can I go ahead and close the issue

kiranchavala avatar May 12 '25 10:05 kiranchavala

Closing the issue as it's not reproducible

kiranchavala avatar Aug 18 '25 16:08 kiranchavala