Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cloudstack_network_acl does not work with projects #6684

Closed
serbaut opened this issue May 16, 2016 · 6 comments · Fixed by #6743
Closed

cloudstack_network_acl does not work with projects #6684

serbaut opened this issue May 16, 2016 · 6 comments · Fixed by #6743

Comments

@serbaut
Copy link
Contributor

serbaut commented May 16, 2016

A new cloudstack_network_acl is created each run if the VPC belongs to a project.

Terraform Version

Terraform v0.6.15
CloudStack 4.8

Affected Resource(s)

  • cloudstack_network_acl

Terraform Configuration Files

resource "cloudstack_vpc" "foo" {
    project = "foo"
    name = "foo"
    zone = "zone1"
    cidr = "10.10.0.0/16"
    vpc_offering = "Default VPC offering"
}

resource "cloudstack_network_acl" "foo" {
    name = "foo"
    vpc_id = "${cloudstack_vpc.foo.id}"
}

Debug Output

$ terraform apply
cloudstack_vpc.foo: Refreshing state... (ID: 306568bf-df1a-4dff-a6dc-b99bcb197952)
cloudstack_network_acl.foo: Creating...
  description: "" => "<computed>"
  name:        "" => "foo"
  vpc_id:      "" => "306568bf-df1a-4dff-a6dc-b99bcb197952"
cloudstack_network_acl.foo: Creation complete

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

$ terraform apply
cloudstack_vpc.foo: Refreshing state... (ID: 306568bf-df1a-4dff-a6dc-b99bcb197952)
cloudstack_network_acl.foo: Creating...
  description: "" => "<computed>"
  name:        "" => "foo"
  vpc_id:      "" => "306568bf-df1a-4dff-a6dc-b99bcb197952"
cloudstack_network_acl.foo: Creation complete

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Expected Behavior

No change

Actual Behavior

A new acl list was created.

Steps to Reproduce

  1. terraform apply
  2. terraform apply
@svanharmelen
Copy link
Contributor

Thanks for the report @serbaut! Unfortunately I cannot reproduce this issue by using the exact same config you provided. So you created a new empty project called foo, and executed the config shown above?

If I try that all seems to work as expected and the ACL is not recreated on every apply. Are there any more details you can think of that can play a role in this?

@serbaut
Copy link
Contributor Author

serbaut commented May 18, 2016

I can see that "cloudstack_network_acl.foo" is missing from the state file in 0.6.15. Maybe there is some problem with async results not being written to the state file?

$ cat terraform.tfstate
{
    "version": 1,
    "serial": 2,
    "modules": [
        {
            "path": [
                "root"
            ],
            "outputs": {},
            "resources": {
                "cloudstack_vpc.foo": {
                    "type": "cloudstack_vpc",
                    "primary": {
                        "id": "fb0f600e-f7a1-476d-8c51-094ffc2a9381",
                        "attributes": {
                            "cidr": "10.10.0.0/16",
                            "display_text": "foo",
                            "id": "fb0f600e-f7a1-476d-8c51-094ffc2a9381",
                            "name": "foo",
                            "network_domain": "false",
                            "project": "foo",
                            "source_nat_ip": "10.124.16.29",
                            "vpc_offering": "Default VPC offering",
                            "zone": "zone1"
                        }
                    }
                }
            }
        }
    ]
}

@serbaut
Copy link
Contributor Author

serbaut commented May 18, 2016

At https://github.com/hashicorp/terraform/blob/master/builtin/providers/cloudstack/resource_cloudstack_network_acl.go#L94 the acl list is read by id but if the vpc belongs to a project you seem to have to supply the vpcid or projectid for it to return anything?

$ cloudmonkey list networkacllists id=1a573d91-34bf-42c8-b775-340d771d4ee2
$ cloudmonkey list networkacllists id=1a573d91-34bf-42c8-b775-340d771d4ee2 vpcid=fb0f600e-f7a1-476d-8c51-094ffc2a9381
count = 1
networkacllist:
name = foo
id = 1a573d91-34bf-42c8-b775-340d771d4ee2
description = foo
vpcid = fb0f600e-f7a1-476d-8c51-094ffc2a9381
$ cloudmonkey list networkacllists id=1a573d91-34bf-42c8-b775-340d771d4ee2 projectid=2800abb7-dec8-4bd0-bc0a-ca81937ab43c
count = 1
networkacllist:
name = foo
id = 1a573d91-34bf-42c8-b775-340d771d4ee2
description = foo
vpcid = fb0f600e-f7a1-476d-8c51-094ffc2a9381

edit: maybe you are running as admin because then it works.

@svanharmelen
Copy link
Contributor

I also tried it with a user account, but with the same results... But I guess the problem (and the solution) is clear now :) Thanks and I'll add a PR shortly...

@svanharmelen
Copy link
Contributor

Fixed by PR #6743

@ghost
Copy link

ghost commented Apr 25, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 25, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants