Unable to create egress rules encompassing all ports without explicitly defining them

[bernardodemarco]

The createEgressFirewallRule API allows the creation of TCP/UDP rules involving all possible ports by simply omitting the startport and endport parameters. For instance, after the following API call:

🐞 > create egressfirewallrule networkid=bf5b51ae-c1ae-4ec5-951b-35d90d936ba2 protocol="tcp"
{
  "firewallrule": {
    "cidrlist": "192.168.50.0/24",
    "destcidrlist": "",
    "id": "fed01adb-ed94-4c60-aede-8ac53cf9aeda",
    "networkid": "bf5b51ae-c1ae-4ec5-951b-35d90d936ba2",
    "protocol": "tcp",
    "state": "Active",
    "tags": [],
    "traffictype": "Egress"
  }
}

All ports are encompassed by the egress rule:

---

However, when defining the following cloudstack_egress_firewall resource:

resource "cloudstack_egress_firewall" "egress_rules" {
  network_id = cloudstack_network.network.id
  rule {
    cidr_list = [cloudstack_network.network.cidr]
    protocol  = "tcp"
  }
  depends_on = [cloudstack_instance.vm]
}

The following error is returned by the provider:

cloudstack_egress_firewall.egress_rules: Creating...
╷
│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to cloudstack_egress_firewall.egress_rules, provider "provider[\"registry.terraform.io/cloudstack/cloudstack\"]" produced an unexpected
│ new value: Root object was present, but now absent.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker

A workaround is to explicitly set the ports argument of the rule block or to specify the value all as the protocol.

---

Thus, the user should be allowed to add a rule involving all ports by simply not specifying the ports argument, as it is possible via the API and UI.

If not possible to achieve so, then the cloudstack_egress_firewall documentation should be updated, clarifying that the ports argument is required for the TCP and UDP protocols.