Networks created through the provider are blocked from internet access

Question

Networks created through the provider are blocked from internet access

DillonN opened this issue 2 years ago · 4 comments

Using UDMP with Unifi Network ver 7.2.94.0 and provider ver 0.34.1

I'm having an issue where networks created via this provider are force-blocked from internet access in firewall rules. The rules are predefined so I can't get rid of them. However if I first create the network in Unifi, then import it to TF, there's no issue ~~no matter how many times I update it~~ until it's updated by the TF provider.

I'm probably just missing an isolation setting or something, but I've looked at this for a while and can't find any differences so any help is appreciated!

I'm testing this out with a network setup pretty much the same as in the example, just tweaked a bit to avoid overlap with another network I have already:

variable "vlan_id" {
  default = 4
}

resource "unifi_network" "vlan" {
  name    = "wifi-vlan"
  purpose = "corporate"

  subnet       = "10.0.4.1/24"
  vlan_id      = var.vlan_id
  dhcp_start   = "10.0.4.6"
  dhcp_stop    = "10.0.4.254"
  dhcp_enabled = true
}

That results in this auto-defined firewal set in Unifi:

And clients cannot access the internet.

However if I create a network with the same details through the Unifi console, I get rules I'm used to seeing like this:

I can then import that network with terraform import unifi_network.vlan name=wifi-vlan, ~~and everything works great from there on. No differences are found when running terraform apply. But if I ever recreate it through TF, it comes back in a blocked state again.~~ E: I was mistaken on this - it works as long as no changes are detected. As soon as an update is made, the block state comes back.

Thanks for any help!

Answer 1 · 2022-10-16T22:55:30.000Z

I ended up peeking into the JSON differences when the network is created via terraform vs Unifi. There's quite a few options set by the TF provider that Unifi doesn't set, but these stuck out to me:

"internet_access_enabled": false
"intra_network_access_enabled": false

I made a tweak to expose these and default to true, which has fixed my issue. See #280

Answer 2 · 2022-10-17T14:48:08.000Z

I recently discovered this provider and I also experienced this same issue using a UDM-Pro. I managed to get my networks imported by using 'scyto/unifibrowser' to probe the API and get my ID's - All appeared well until I moved to update the name of a network that I successfully imported - Running 'terraform plan' showed that only the name was going to be updated but after an apply, I noticed all hosts on that leg couldn't route out.

Come to find out, the same 3 pre-defined rules were applied to my network and the pre-defined 'Accounting Defined Network' rule was gone. I ended up having to remove it and create it entirely via the GUI which fixed the issue and I also discovered that newly created networks were also provisioned in this same manner.

Anticipating this PR to be implemented officially. Thanks @DillonN !

Answer 3 · 2022-10-20T15:54:51.000Z

Fixed in #282

Answer 4 · 2022-10-21T03:46:36.000Z

Sweet, thanks @paultyng!