[BUG] Terraform state manipulation with `terraform state rm` and then `terraform import` causes firewall error
Opened this issue · 1 comments
Description
When a firewall is created using create_default_rules = true flag, the firewall can be created using terraform apply, and any subsequent terraform plan will take that flag into account.
However, once the Terraform state is manually adjusted, such as using terraform state rm and then terraform import, this flag will not be imported (I'm assuming there is no inferring happen, though it is probably technically possible), causing the firewall adjustment will throw an error unless you specifically set create_default_rules = false.
Steps to reproduce:
- Create network with something like below
provider "civo" {
// NOTE: Requires CIVO_TOKEN env variable
region = var.civo_region
}
resource "civo_network" "network" {
label = var.civo_cluster_name
region = var.civo_region
}
resource "civo_firewall" "firewall" {
name = var.civo_cluster_name
network_id = civo_network.network.id
region = var.civo_region
create_default_rules = true
}-
Check
terraform planworks without any error, and no change needed -
Check the ID for the created network
__firewall_id=$(terraform show -json | jq -r '.values.root_module.resources | map(select(.type == "civo_firewall").values.id)[]')
echo $__firewall_id- Remove the state for firewall
terraform state rm civo_firewall.firewall- Import the state
terraform import civo_firewall.firewall $__firewall_id- Try
terraform plan, and get error related tocreate_default_rulesand Egress error
I think there is a way to set the create_default_rules to true when we can see the default rule sets.
Acceptance Criteria
- Ensure that imported resource can set the
create_default_rulesby looking at the ingress / egress rules - Perhaps consider dropping
create_default_rulesflag, and provide example instead to clarify what the default is