Unable to create multiple firewall rules
zulh-civo opened this issue · 4 comments
zulh-civo commented
$ ls -la
total 16
drwxr-xr-x 6 zulh staff 192 Aug 26 12:44 .
drwxr-xr-x 30 zulh staff 960 Aug 26 10:48 ..
drwxr-xr-x 3 zulh staff 96 Aug 9 10:06 .terraform
drwxr-xr-x 3 zulh staff 96 Aug 9 10:33 .terraform.d
-rw-r--r-- 1 zulh staff 644 Aug 26 12:43 main.tf
-rw-r--r-- 1 zulh staff 355 Aug 26 12:41 provider.tf
$ tf init
Initializing the backend...
Initializing provider plugins...
- Finding civo/civo versions matching "0.10.9"...
- Installing civo/civo v0.10.9...
- Installed civo/civo v0.10.9 (signed by a HashiCorp partner, key ID CA1DE390990EBE66)
Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
$ ls -la
total 24
drwxr-xr-x 7 zulh staff 224 Aug 26 12:46 .
drwxr-xr-x 30 zulh staff 960 Aug 26 10:48 ..
drwxr-xr-x 3 zulh staff 96 Aug 9 10:06 .terraform
drwxr-xr-x 3 zulh staff 96 Aug 9 10:33 .terraform.d
-rw-r--r-- 1 zulh staff 1252 Aug 26 12:46 .terraform.lock.hcl
-rw-r--r-- 1 zulh staff 644 Aug 26 12:43 main.tf
-rw-r--r-- 1 zulh staff 355 Aug 26 12:41 provider.tf
$ cat main.tf
resource "civo_network" "cluster_net" {
label = "my-custom-network"
}
resource "civo_firewall" "www" {
name = "www"
network_id = civo_network.cluster_net.id
}
resource "civo_firewall_rule" "http" {
firewall_id = civo_firewall.www.id
protocol = "tcp"
start_port = "80"
end_port = "80"
direction = "ingress"
label = "server web"
depends_on = [civo_firewall.www]
}
resource "civo_firewall_rule" "https" {
firewall_id = civo_firewall.www.id
protocol = "tcp"
start_port = "443"
end_port = "443"
direction = "ingress"
label = "server web"
depends_on = [civo_firewall.www]
}
$ export TF_LOG=INFO
$ echo $TF_LOG
INFO
$ tf apply --auto-approve
2021-08-26T12:46:59.953+0800 [INFO] Terraform version: 1.0.3
2021-08-26T12:46:59.954+0800 [INFO] Go runtime version: go1.16.4
2021-08-26T12:46:59.954+0800 [INFO] CLI args: []string{"/usr/local/bin/terraform", "apply", "--auto-approve"}
2021-08-26T12:46:59.954+0800 [INFO] CLI command args: []string{"apply", "--auto-approve"}
2021-08-26T12:47:00.020+0800 [INFO] Failed to read plugin lock file .terraform/plugins/darwin_amd64/lock.json: open .terraform/plugins/darwin_amd64/lock.json: no such file or directory
2021-08-26T12:47:00.024+0800 [INFO] backend/local: starting Apply operation
2021-08-26T12:47:00.031+0800 [INFO] provider: configuring client automatic mTLS
2021-08-26T12:47:00.251+0800 [INFO] provider.terraform-provider-civo_v0.10.9: configuring server automatic mTLS: timestamp=2021-08-26T12:47:00.250+0800
2021-08-26T12:47:00.338+0800 [INFO] terraform: building graph: GraphTypeValidate
2021-08-26T12:47:00.345+0800 [INFO] provider: configuring client automatic mTLS
2021-08-26T12:47:00.394+0800 [INFO] provider.terraform-provider-civo_v0.10.9: configuring server automatic mTLS: timestamp=2021-08-26T12:47:00.394+0800
2021-08-26T12:47:00.473+0800 [INFO] backend/local: apply calling Plan
2021-08-26T12:47:00.473+0800 [INFO] terraform: building graph: GraphTypePlan
2021-08-26T12:47:00.475+0800 [INFO] provider: configuring client automatic mTLS
2021-08-26T12:47:00.521+0800 [INFO] provider.terraform-provider-civo_v0.10.9: configuring server automatic mTLS: timestamp=2021-08-26T12:47:00.520+0800
2021-08-26T12:47:00.596+0800 [WARN] ValidateProviderConfig from "provider[\"registry.terraform.io/civo/civo\"]" changed the config value, but that value is unused
2021-08-26T12:47:00.603+0800 [INFO] ReferenceTransformer: reference not found: "civo_firewall.www"
2021-08-26T12:47:00.603+0800 [INFO] ReferenceTransformer: reference not found: "civo_firewall.www"
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# civo_firewall.www will be created
+ resource "civo_firewall" "www" {
+ id = (known after apply)
+ name = "www"
+ network_id = (known after apply)
}
# civo_firewall_rule.http will be created
+ resource "civo_firewall_rule" "http" {
+ cidr = (known after apply)
+ direction = "ingress"
+ end_port = "80"
+ firewall_id = (known after apply)
+ id = (known after apply)
+ label = "server web"
+ protocol = "tcp"
+ region = (known after apply)
+ start_port = "80"
}
# civo_firewall_rule.https will be created
+ resource "civo_firewall_rule" "https" {
+ cidr = (known after apply)
+ direction = "ingress"
+ end_port = "443"
+ firewall_id = (known after apply)
+ id = (known after apply)
+ label = "server web"
+ protocol = "tcp"
+ region = (known after apply)
+ start_port = "443"
}
# civo_network.cluster_net will be created
+ resource "civo_network" "cluster_net" {
+ default = (known after apply)
+ id = (known after apply)
+ label = "my-custom-network"
+ name = (known after apply)
}
Plan: 4 to add, 0 to change, 0 to destroy.
2021-08-26T12:47:00.609+0800 [INFO] backend/local: apply calling Apply
2021-08-26T12:47:00.609+0800 [INFO] terraform: building graph: GraphTypeApply
2021-08-26T12:47:00.611+0800 [INFO] ReferenceTransformer: reference not found: "civo_firewall.www#destroy"
2021-08-26T12:47:00.611+0800 [INFO] ReferenceTransformer: reference not found: "civo_firewall.www#destroy"
2021-08-26T12:47:00.612+0800 [INFO] provider: configuring client automatic mTLS
2021-08-26T12:47:00.659+0800 [INFO] provider.terraform-provider-civo_v0.10.9: configuring server automatic mTLS: timestamp=2021-08-26T12:47:00.659+0800
2021-08-26T12:47:00.732+0800 [WARN] ValidateProviderConfig from "provider[\"registry.terraform.io/civo/civo\"]" changed the config value, but that value is unused
civo_network.cluster_net: Creating...
2021-08-26T12:47:00.734+0800 [INFO] Starting apply for civo_network.cluster_net
2021-08-26T12:47:00.734+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:47:00 [INFO] creating the new network my-custom-network: timestamp=2021-08-26T12:47:00.734+0800
2021-08-26T12:47:02.911+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:47:02 [INFO] retriving the network 52c49e78-febf-4015-b889-f56385e62336: timestamp=2021-08-26T12:47:02.911+0800
2021-08-26T12:47:03.591+0800 [WARN] Provider "provider[\"registry.terraform.io/civo/civo\"]" produced an unexpected new value for civo_network.cluster_net, but we are tolerating it because it is using the legacy plugin SDK.
The following problems may be the cause of any confusing errors from downstream operations:
- .region: was null, but now cty.StringVal("")
civo_network.cluster_net: Creation complete after 3s [id=52c49e78-febf-4015-b889-f56385e62336]
civo_firewall.www: Creating...
2021-08-26T12:47:03.623+0800 [INFO] Starting apply for civo_firewall.www
2021-08-26T12:47:03.624+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:47:03 [INFO] creating a new firewall www: timestamp=2021-08-26T12:47:03.624+0800
2021-08-26T12:47:05.623+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:47:05 [INFO] retriving the firewall 85873fad-c942-488b-8372-7899956cce2f: timestamp=2021-08-26T12:47:05.623+0800
civo_firewall.www: Creation complete after 3s [id=85873fad-c942-488b-8372-7899956cce2f]
civo_firewall_rule.http: Creating...
2021-08-26T12:47:07.396+0800 [INFO] Starting apply for civo_firewall_rule.http
civo_firewall_rule.https: Creating...
2021-08-26T12:47:07.396+0800 [INFO] Starting apply for civo_firewall_rule.https
2021-08-26T12:47:07.397+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:47:07 [DEBUG] setting computed for "cidr" from ComputedKeys: timestamp=2021-08-26T12:47:07.397+0800
2021-08-26T12:47:07.397+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:47:07 [DEBUG] setting computed for "cidr" from ComputedKeys: timestamp=2021-08-26T12:47:07.397+0800
2021-08-26T12:47:07.397+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:47:07 [INFO] configuring a new firewall rule for firewall 85873fad-c942-488b-8372-7899956cce2f: timestamp=2021-08-26T12:47:07.397+0800
2021-08-26T12:47:07.397+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:47:07 [INFO] configuring a new firewall rule for firewall 85873fad-c942-488b-8372-7899956cce2f: timestamp=2021-08-26T12:47:07.397+0800
2021-08-26T12:47:07.397+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:47:07 [INFO] Config: &{FirewallID:85873fad-c942-488b-8372-7899956cce2f Region: Protocol:tcp StartPort:443 EndPort:443 Cidr:[] Direction:ingress Label:server web}: timestamp=2021-08-26T12:47:07.397+0800
2021-08-26T12:47:07.397+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:47:07 [INFO] creating a new firewall rule for firewall 85873fad-c942-488b-8372-7899956cce2f: timestamp=2021-08-26T12:47:07.397+0800
2021-08-26T12:47:07.397+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:47:07 [INFO] Config: &{FirewallID:85873fad-c942-488b-8372-7899956cce2f Region: Protocol:tcp StartPort:80 EndPort:80 Cidr:[] Direction:ingress Label:server web}: timestamp=2021-08-26T12:47:07.397+0800
2021-08-26T12:47:07.397+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:47:07 [INFO] creating a new firewall rule for firewall 85873fad-c942-488b-8372-7899956cce2f: timestamp=2021-08-26T12:47:07.397+0800
2021-08-26T12:47:09.111+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:47:09 [INFO] RuleID: cb01ff7b-26ff-4529-8f94-ab3ec44a157e: timestamp=2021-08-26T12:47:09.111+0800
2021-08-26T12:47:09.112+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:47:09 [INFO] firewallID: 85873fad-c942-488b-8372-7899956cce2f: timestamp=2021-08-26T12:47:09.111+0800
2021-08-26T12:47:09.112+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:47:09 [INFO] RuleID: cb01ff7b-26ff-4529-8f94-ab3ec44a157e: timestamp=2021-08-26T12:47:09.111+0800
2021-08-26T12:47:09.112+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:47:09 [INFO] retriving the firewall rule cb01ff7b-26ff-4529-8f94-ab3ec44a157e: timestamp=2021-08-26T12:47:09.111+0800
2021-08-26T12:47:10.026+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:47:10 [INFO] rules &{ID:cb01ff7b-26ff-4529-8f94-ab3ec44a157e FirewallID:85873fad-c942-488b-8372-7899956cce2f Protocol:tcp StartPort:80 EndPort: Cidr:[] Direction:ingress Label:server web}: timestamp=2021-08-26T12:47:10.026+0800
civo_firewall_rule.http: Creation complete after 3s [id=cb01ff7b-26ff-4529-8f94-ab3ec44a157e]
╷
│ Error: [ERR] failed to create a new firewall: RegionUnavailable: Timed out communicating with that region
│
│ with civo_firewall_rule.https,
│ on main.tf line 20, in resource "civo_firewall_rule" "https":
│ 20: resource "civo_firewall_rule" "https" {
│
╵
$ tf show
2021-08-26T12:50:01.847+0800 [INFO] Terraform version: 1.0.3
2021-08-26T12:50:01.848+0800 [INFO] Go runtime version: go1.16.4
2021-08-26T12:50:01.848+0800 [INFO] CLI args: []string{"/usr/local/bin/terraform", "show"}
2021-08-26T12:50:01.848+0800 [INFO] CLI command args: []string{"show"}
2021-08-26T12:50:01.913+0800 [INFO] Failed to read plugin lock file .terraform/plugins/darwin_amd64/lock.json: open .terraform/plugins/darwin_amd64/lock.json: no such file or directory
2021-08-26T12:50:01.915+0800 [INFO] provider: configuring client automatic mTLS
2021-08-26T12:50:01.964+0800 [INFO] provider.terraform-provider-civo_v0.10.9: configuring server automatic mTLS: timestamp=2021-08-26T12:50:01.964+0800
# civo_firewall.www:
resource "civo_firewall" "www" {
id = "85873fad-c942-488b-8372-7899956cce2f"
name = "www"
network_id = "52c49e78-febf-4015-b889-f56385e62336"
}
# civo_firewall_rule.http:
resource "civo_firewall_rule" "http" {
cidr = [
"",
]
direction = "ingress"
end_port = "80"
firewall_id = "85873fad-c942-488b-8372-7899956cce2f"
id = "cb01ff7b-26ff-4529-8f94-ab3ec44a157e"
label = "server web"
protocol = "tcp"
start_port = "80"
}
# civo_network.cluster_net:
resource "civo_network" "cluster_net" {
default = false
id = "52c49e78-febf-4015-b889-f56385e62336"
label = "my-custom-network"
name = "cust-433e075e-a401-my-custom-network"
}
When I checked Civo.com, only one firewall rule get created:
And when I rerun it, then it creates the second firewall rule:
$ tf apply --auto-approve
2021-08-26T12:53:22.001+0800 [INFO] Terraform version: 1.0.3
2021-08-26T12:53:22.001+0800 [INFO] Go runtime version: go1.16.4
2021-08-26T12:53:22.001+0800 [INFO] CLI args: []string{"/usr/local/bin/terraform", "apply", "--auto-approve"}
2021-08-26T12:53:22.003+0800 [INFO] CLI command args: []string{"apply", "--auto-approve"}
2021-08-26T12:53:22.074+0800 [INFO] Failed to read plugin lock file .terraform/plugins/darwin_amd64/lock.json: open .terraform/plugins/darwin_amd64/lock.json: no such file or directory
2021-08-26T12:53:22.075+0800 [INFO] backend/local: starting Apply operation
2021-08-26T12:53:22.082+0800 [INFO] provider: configuring client automatic mTLS
2021-08-26T12:53:22.134+0800 [INFO] provider.terraform-provider-civo_v0.10.9: configuring server automatic mTLS: timestamp=2021-08-26T12:53:22.134+0800
2021-08-26T12:53:22.210+0800 [INFO] terraform: building graph: GraphTypeValidate
2021-08-26T12:53:22.212+0800 [INFO] provider: configuring client automatic mTLS
2021-08-26T12:53:22.258+0800 [INFO] provider.terraform-provider-civo_v0.10.9: configuring server automatic mTLS: timestamp=2021-08-26T12:53:22.258+0800
2021-08-26T12:53:22.335+0800 [INFO] backend/local: apply calling Plan
2021-08-26T12:53:22.335+0800 [INFO] terraform: building graph: GraphTypePlan
2021-08-26T12:53:22.337+0800 [INFO] provider: configuring client automatic mTLS
2021-08-26T12:53:22.383+0800 [INFO] provider.terraform-provider-civo_v0.10.9: configuring server automatic mTLS: timestamp=2021-08-26T12:53:22.383+0800
2021-08-26T12:53:22.456+0800 [WARN] ValidateProviderConfig from "provider[\"registry.terraform.io/civo/civo\"]" changed the config value, but that value is unused
civo_network.cluster_net: Refreshing state... [id=52c49e78-febf-4015-b889-f56385e62336]
2021-08-26T12:53:22.461+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:53:22 [INFO] retriving the network 52c49e78-febf-4015-b889-f56385e62336: timestamp=2021-08-26T12:53:22.461+0800
2021-08-26T12:53:23.961+0800 [WARN] Provider "registry.terraform.io/civo/civo" produced an invalid plan for civo_network.cluster_net, but we are tolerating it because it is using the legacy plugin SDK.
The following problems may be the cause of any confusing errors from downstream operations:
- .region: planned value cty.StringVal("") for a non-computed attribute
civo_firewall.www: Refreshing state... [id=85873fad-c942-488b-8372-7899956cce2f]
2021-08-26T12:53:23.965+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:53:23 [INFO] retriving the firewall 85873fad-c942-488b-8372-7899956cce2f: timestamp=2021-08-26T12:53:23.965+0800
2021-08-26T12:53:24.821+0800 [INFO] ReferenceTransformer: reference not found: "civo_firewall.www"
2021-08-26T12:53:24.821+0800 [INFO] ReferenceTransformer: reference not found: "civo_firewall.www"
civo_firewall_rule.http: Refreshing state... [id=cb01ff7b-26ff-4529-8f94-ab3ec44a157e]
2021-08-26T12:53:24.824+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:53:24 [INFO] firewallID: 85873fad-c942-488b-8372-7899956cce2f: timestamp=2021-08-26T12:53:24.824+0800
2021-08-26T12:53:24.824+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:53:24 [INFO] RuleID: cb01ff7b-26ff-4529-8f94-ab3ec44a157e: timestamp=2021-08-26T12:53:24.824+0800
2021-08-26T12:53:24.824+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:53:24 [INFO] retriving the firewall rule cb01ff7b-26ff-4529-8f94-ab3ec44a157e: timestamp=2021-08-26T12:53:24.824+0800
2021-08-26T12:53:25.635+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:53:25 [INFO] rules &{ID:cb01ff7b-26ff-4529-8f94-ab3ec44a157e FirewallID:85873fad-c942-488b-8372-7899956cce2f Protocol:tcp StartPort:80 EndPort: Cidr:[] Direction:ingress Label:server web}: timestamp=2021-08-26T12:53:25.635+0800
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# civo_firewall_rule.https will be created
+ resource "civo_firewall_rule" "https" {
+ cidr = (known after apply)
+ direction = "ingress"
+ end_port = "443"
+ firewall_id = "85873fad-c942-488b-8372-7899956cce2f"
+ id = (known after apply)
+ label = "server web"
+ protocol = "tcp"
+ region = (known after apply)
+ start_port = "443"
}
Plan: 1 to add, 0 to change, 0 to destroy.
2021-08-26T12:53:25.650+0800 [INFO] backend/local: apply calling Apply
2021-08-26T12:53:25.650+0800 [INFO] terraform: building graph: GraphTypeApply
2021-08-26T12:53:25.652+0800 [INFO] ReferenceTransformer: reference not found: "civo_firewall.www#destroy"
2021-08-26T12:53:25.654+0800 [INFO] provider: configuring client automatic mTLS
2021-08-26T12:53:25.713+0800 [INFO] provider.terraform-provider-civo_v0.10.9: configuring server automatic mTLS: timestamp=2021-08-26T12:53:25.712+0800
2021-08-26T12:53:25.788+0800 [WARN] ValidateProviderConfig from "provider[\"registry.terraform.io/civo/civo\"]" changed the config value, but that value is unused
civo_firewall_rule.https: Creating...
2021-08-26T12:53:25.791+0800 [INFO] Starting apply for civo_firewall_rule.https
2021-08-26T12:53:25.792+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:53:25 [DEBUG] setting computed for "cidr" from ComputedKeys: timestamp=2021-08-26T12:53:25.792+0800
2021-08-26T12:53:25.792+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:53:25 [INFO] configuring a new firewall rule for firewall 85873fad-c942-488b-8372-7899956cce2f: timestamp=2021-08-26T12:53:25.792+0800
2021-08-26T12:53:25.792+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:53:25 [INFO] Config: &{FirewallID:85873fad-c942-488b-8372-7899956cce2f Region: Protocol:tcp StartPort:443 EndPort:443 Cidr:[] Direction:ingress Label:server web}: timestamp=2021-08-26T12:53:25.792+0800
2021-08-26T12:53:25.792+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:53:25 [INFO] creating a new firewall rule for firewall 85873fad-c942-488b-8372-7899956cce2f: timestamp=2021-08-26T12:53:25.792+0800
2021-08-26T12:53:28.263+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:53:28 [INFO] RuleID: 4addb235-f59b-4220-8af0-60ad7c1611de: timestamp=2021-08-26T12:53:28.263+0800
2021-08-26T12:53:28.263+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:53:28 [INFO] firewallID: 85873fad-c942-488b-8372-7899956cce2f: timestamp=2021-08-26T12:53:28.263+0800
2021-08-26T12:53:28.264+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:53:28 [INFO] RuleID: 4addb235-f59b-4220-8af0-60ad7c1611de: timestamp=2021-08-26T12:53:28.263+0800
2021-08-26T12:53:28.264+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:53:28 [INFO] retriving the firewall rule 4addb235-f59b-4220-8af0-60ad7c1611de: timestamp=2021-08-26T12:53:28.263+0800
2021-08-26T12:53:29.118+0800 [INFO] provider.terraform-provider-civo_v0.10.9: 2021/08/26 12:53:29 [INFO] rules &{ID:4addb235-f59b-4220-8af0-60ad7c1611de FirewallID:85873fad-c942-488b-8372-7899956cce2f Protocol:tcp StartPort:443 EndPort: Cidr:[] Direction:ingress Label:server web}: timestamp=2021-08-26T12:53:29.118+0800
civo_firewall_rule.https: Creation complete after 3s [id=4addb235-f59b-4220-8af0-60ad7c1611de]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
$ tf show
2021-08-26T12:53:33.148+0800 [INFO] Terraform version: 1.0.3
2021-08-26T12:53:33.148+0800 [INFO] Go runtime version: go1.16.4
2021-08-26T12:53:33.148+0800 [INFO] CLI args: []string{"/usr/local/bin/terraform", "show"}
2021-08-26T12:53:33.149+0800 [INFO] CLI command args: []string{"show"}
2021-08-26T12:53:33.215+0800 [INFO] Failed to read plugin lock file .terraform/plugins/darwin_amd64/lock.json: open .terraform/plugins/darwin_amd64/lock.json: no such file or directory
2021-08-26T12:53:33.217+0800 [INFO] provider: configuring client automatic mTLS
2021-08-26T12:53:33.266+0800 [INFO] provider.terraform-provider-civo_v0.10.9: configuring server automatic mTLS: timestamp=2021-08-26T12:53:33.265+0800
# civo_firewall.www:
resource "civo_firewall" "www" {
id = "85873fad-c942-488b-8372-7899956cce2f"
name = "www"
network_id = "52c49e78-febf-4015-b889-f56385e62336"
}
# civo_firewall_rule.http:
resource "civo_firewall_rule" "http" {
cidr = [
"",
]
direction = "ingress"
end_port = "80"
firewall_id = "85873fad-c942-488b-8372-7899956cce2f"
id = "cb01ff7b-26ff-4529-8f94-ab3ec44a157e"
label = "server web"
protocol = "tcp"
start_port = "80"
}
# civo_firewall_rule.https:
resource "civo_firewall_rule" "https" {
cidr = [
"",
]
direction = "ingress"
end_port = "443"
firewall_id = "85873fad-c942-488b-8372-7899956cce2f"
id = "4addb235-f59b-4220-8af0-60ad7c1611de"
label = "server web"
protocol = "tcp"
start_port = "443"
}
# civo_network.cluster_net:
resource "civo_network" "cluster_net" {
default = false
id = "52c49e78-febf-4015-b889-f56385e62336"
label = "my-custom-network"
name = "cust-433e075e-a401-my-custom-network"
}
zulh-civo commented
I've escalated this issue to Civo SRE team (@AlexsJones) and they are looking at this issue.
dirsigler commented
I saw this issue already somewhere else in an old issue here.
The "solution" there was to add depends_on cascading for each firewall rule.
like:
$ cat main.tf
resource "civo_network" "cluster_net" {
label = "my-custom-network"
}
resource "civo_firewall" "www" {
name = "www"
network_id = civo_network.cluster_net.id
}
resource "civo_firewall_rule" "http" {
firewall_id = civo_firewall.www.id
protocol = "tcp"
start_port = "80"
end_port = "80"
direction = "ingress"
label = "server web"
depends_on = [civo_firewall.www]
}
resource "civo_firewall_rule" "https" {
firewall_id = civo_firewall.www.id
protocol = "tcp"
start_port = "443"
end_port = "443"
direction = "ingress"
label = "server web"
depends_on = [civo_firewall_rule.http]
}
resource "civo_firewall_rule" "my_app" {
firewall_id = civo_firewall.www.id
protocol = "tcp"
start_port = "8080"
end_port = "8080"
direction = "ingress"
label = "some example"
depends_on = [civo_firewall_rule.https]
}zulh-civo commented
@alejandrojnm do you mind writing some notes about this? Fixed? Ignored?
alejandrojnm commented
This is already fixed from the API side