terraform-provider-ovh icon indicating copy to clipboard operation
terraform-provider-ovh copied to clipboard

Published 20 hours ago verified publisher icon ovh

ovh_iploadbalancing_http_frontend tries to reorder allowed_source IPs

Open 0xErnie opened this issue 3 years ago • 2 comments

Terraform Version

Terraform v1.0.2
on darwin_amd64
+ provider registry.terraform.io/ovh/ovh v0.15.0
+ provider registry.terraform.io/terraform-providers/ovh v0.15.0

Affected Resource(s)

  • ovh_iploadbalancing_http_frontend
  • ovh_iploadbalancing_tcp_frontend

Terraform Configuration Files

resource "ovh_iploadbalancing_tcp_frontend" "frontend" {
  count = var.has_frontend ? 1 : 0
  service_name = data.ovh_iploadbalancing.lb.service_name
  display_name = length(var.frontend_display_name) > 0 ? var.frontend_display_name : var.display_name
  zone = "all"
  port = var.frontend_port
  default_farm_id = ovh_iploadbalancing_tcp_farm.farm[0].id
  default_ssl_id = var.frontend_ssl_certificate_id
  ssl = var.frontend_is_ssl
  allowed_source = [
          "1.1.1.1/32",
          "1.1.1.2/32",
          "1.1.1.3/32",
          "1.1.1.4/32",
          "1.1.1.5/32",
          "1.1.1.6/32",
          "1.1.1.7/32",
          "1.1.1.8/32",
          "1.1.1.9/32",
  ]
}

Output

terraform apply
...
# module.farm_.ovh_iploadbalancing_tcp_frontend.frontend[0] will be updated in-place
  ~ resource "ovh_iploadbalancing_tcp_frontend" "frontend" {
      ~ allowed_source  = [
          + "1.1.1.1/32",
          + "1.1.1.2/32",
            "1.1.1.3/32",
            # (1 unchanged element hidden)
            "1.1.1.5/32",
          + "1.1.1.6/32",
            "1.1.1.7/32",
            # (1 unchanged element hidden)
            "1.1.1.9/32",
          - "1.1.1.6/32",
          - "1.1.1.2/32",
          - "1.1.1.1/32",
        ]
        id              = "12345"
        # (9 unchanged attributes hidden)
...

Expected Behavior

Terraform should not plan any changes.

Actual Behavior

Terraform detects a difference in the allowed_source list since the order is different. Reloading the LB config does not make any difference.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply
  2. terraform apply

0xErnie avatar Jul 12 '21 08:07 0xErnie

If you sort allowed_source using Terraform sort function it should behave properly :)

Example:

resource "ovh_iploadbalancing_tcp_frontend" "frontend" {
  count = var.has_frontend ? 1 : 0
  service_name = data.ovh_iploadbalancing.lb.service_name
  display_name = length(var.frontend_display_name) > 0 ? var.frontend_display_name : var.display_name
  zone = "all"
  port = var.frontend_port
  default_farm_id = ovh_iploadbalancing_tcp_farm.farm[0].id
  default_ssl_id = var.frontend_ssl_certificate_id
  ssl = var.frontend_is_ssl
  allowed_source = sort([
          "1.1.1.1/32",
          "1.1.1.2/32",
          "1.1.1.3/32",
          "1.1.1.4/32",
          "1.1.1.5/32",
          "1.1.1.6/32",
          "1.1.1.7/32",
          "1.1.1.8/32",
          "1.1.1.9/32",
  ])
}

Kaswob avatar Aug 04 '21 07:08 Kaswob

I can not test it now, but look like the root problem of this issue is that allowed_source is a TypeList. As say in Terraform doc this type is for "an ordered collection of items, where the order the items are presented can impact the behavior of the resource being modeled"

For this field, the order should not be important (Is it ?), so use a TypeSet will do the same without order constraint Maybe the same issue exists with the field dedicated_ipfo and for the resource resource_iploadbalancing_tcp_frontend

lpatte avatar Aug 29 '22 12:08 lpatte