heroku_space and heroku_space_inbound_ruleset resources are not compatible with each other.

Question

heroku_space and heroku_space_inbound_ruleset resources are not compatible with each other.

Govind-1452 opened this issue 3 years ago · 1 comments

Govind-1452 commented 3 years ago

Terraform Version
v0.14.8

Heroku Provider Version

v4.2.0

Affected Resource(s)

heroku_space and heroku_space_inbound_ruleset

Expected Behavior

We are expecting one of these two.

heroku_space resource will not have the trusted-IP-ranges attribute, So only heroku_space_inbound_ruleset add the IP ranges in Heroku.
heroku_space resource by default leave the trusted-IP-ranges attribute empty, So trusted-IP ranges and allow list both are consistent.

Actual Behavior

heroku_space resource trusted_ip_ranges attribute has been deprecated. But when heroku_space resource creates a private space it by default adds 0.0.0.0/0 in trusted IP ranges. And because of this in the subsequent run trusted_ip_ranges try to override the allowlist. And because of this the trusted-IP-ranges and allow list are different and this cause of unexpected behavior in term of network-level access.

Answer 1 · 2021-04-28T17:04:46.000Z

Thanks for opening this issue @Govind-1452 😄

I see that the heroku_space resource trusted_ip_ranges attribute has been deprecated for a few years.

At first glance, it seems a relatively simple fix to completely remove it, and the code causing the unintentional behavior.

What do you think @davidji99 ?