heroku_space and heroku_space_inbound_ruleset resources are not compatible with each other.
Govind-1452 opened this issue · 1 comments
Terraform Version
v0.14.8
Heroku Provider Version
v4.2.0
Affected Resource(s)
heroku_space and heroku_space_inbound_ruleset
Expected Behavior
We are expecting one of these two.
- heroku_space resource will not have the trusted-IP-ranges attribute, So only heroku_space_inbound_ruleset add the IP ranges in Heroku.
- heroku_space resource by default leave the trusted-IP-ranges attribute empty, So trusted-IP ranges and allow list both are consistent.
Actual Behavior
heroku_space resource trusted_ip_ranges attribute has been deprecated. But when heroku_space resource creates a private space it by default adds 0.0.0.0/0 in trusted IP ranges. And because of this in the subsequent run trusted_ip_ranges try to override the allowlist. And because of this the trusted-IP-ranges and allow list are different and this cause of unexpected behavior in term of network-level access.
Thanks for opening this issue @Govind-1452 😄
I see that the heroku_space
resource trusted_ip_ranges
attribute has been deprecated for a few years.
At first glance, it seems a relatively simple fix to completely remove it, and the code causing the unintentional behavior.
What do you think @davidji99 ?