vpc_data: output var in patterns vsi module does not give complete output on first apply
Closed this issue · 5 comments
surajsbharadwaj commented
vpc_data does not give complete output on first terraform apply.
on apply again, the output is extended and shown correctly.
on first terraform apply:
"vpc_data" = {
"access_tags" = toset([])
"address_prefix_management" = "manual"
"classic_access" = false
"crn" = "crn:v1:bluemix:public:is:br-sao:a/f45b53887765473bb366c7001d40c728::vpc:r042-4599faa5-fae0-40b6-8e7a-b3e61550ace9"
"cse_source_addresses" = tolist([
{
"address" = "10.12.180.2"
"zone_name" = "br-sao-1"
},
{
"address" = "10.12.78.179"
"zone_name" = "br-sao-2"
},
{
"address" = "10.12.81.185"
"zone_name" = "br-sao-3"
},
])
"default_network_acl" = "r042-7cd7bab9-f1e6-4a68-899c-0c8f3b059e65"
"default_network_acl_crn" = "crn:v1:bluemix:public:is:br-sao:a/f45b53887765473bb366c7001d40c728::network-acl:r042-7cd7bab9-f1e6-4a68-899c-0c8f3b059e65"
"default_network_acl_name" = "overeager-chowder-debunker-jeeps"
"default_routing_table" = "r042-9619539c-908e-4b19-a631-cdb221584cfa"
"default_routing_table_name" = "pauper-isolated-footbath-stride"
"default_security_group" = "r042-c23ae8bf-1ff3-45d8-9142-613cf19f2248"
"default_security_group_crn" = "crn:v1:bluemix:public:is:br-sao:a/f45b53887765473bb366c7001d40c728::security-group:r042-c23ae8bf-1ff3-45d8-9142-613cf19f2248"
"default_security_group_name" = "marital-bunny-gills-deport"
"dns" = tolist([
{
"enable_hub" = false
"resolution_binding_count" = 0
"resolver" = tolist([
{
"configuration" = "default"
"dns_binding_id" = ""
"dns_binding_name" = ""
"manual_servers" = toset([])
"servers" = tolist([
{
"address" = "161.26.0.10"
"zone_affinity" = ""
},
{
"address" = "161.26.0.11"
"zone_affinity" = ""
},
])
"type" = "system"
"vpc_crn" = ""
"vpc_id" = ""
"vpc_name" = ""
"vpc_remote_account_id" = ""
"vpc_remote_region" = ""
},
])
},
])
"health_reasons" = tolist([])
"health_state" = "ok"
"id" = "r042-4599faa5-fae0-40b6-8e7a-b3e61550ace9"
"name" = "val2-edge-vpc"
"no_sg_acl_rules" = false
"resource_controller_url" = "https://cloud.ibm.com/vpc-ext/network/vpcs"
"resource_crn" = "crn:v1:bluemix:public:is:br-sao:a/f45b53887765473bb366c7001d40c728::vpc:r042-4599faa5-fae0-40b6-8e7a-b3e61550ace9"
"resource_group" = "d05ea3c96ee8467a9c84e99ee8306c77"
"resource_group_name" = "val2-slz-edge-rg"
"resource_name" = "val2-edge-vpc"
"resource_status" = "available"
"security_group" = tolist([
{
"group_id" = "r042-c23ae8bf-1ff3-45d8-9142-613cf19f2248"
"group_name" = "marital-bunny-gills-deport"
"rules" = tolist([
{
"code" = 0
"direction" = "outbound"
"ip_version" = "ipv4"
"port_max" = 0
"port_min" = 0
"protocol" = "all"
"remote" = "0.0.0.0/0"
"rule_id" = "r042-c7eb2cab-88c7-4847-ad0b-4820b49ee617"
"type" = 0
},
{
"code" = 0
"direction" = "inbound"
"ip_version" = "ipv4"
"port_max" = 0
"port_min" = 0
"protocol" = "all"
"remote" = "r042-c23ae8bf-1ff3-45d8-9142-613cf19f2248"
"rule_id" = "r042-9fd1e096-cfc0-4288-8c58-ad08a81d9693"
"type" = 0
},
])
},
])
"status" = "available"
"subnets" = tolist([])
"tags" = toset([])
"timeouts" = null /* object */
}
"vpc_flow_logs" = []
"vpc_id" = "r042-4599faa5-fae0-40b6-8e7a-b3e61550ace9"
"vpc_name" = "val2-edge-vpc"
},
]
on second apply:
~ vpc_data = [
~ {
~ cidr_blocks = [
# (3 unchanged elements hidden)
"10.30.10.4/24",
+ "192.168.0.0/16",
]
~ vpc_data = {
~ dns = [
~ {
~ resolver = [
~ {
~ configuration = "default" -> "private_resolver"
~ servers = [
~ {
~ address = "161.26.0.10" -> "161.26.0.7"
# (1 unchanged attribute hidden)
},
~ {
~ address = "161.26.0.11" -> "161.26.0.8"
# (1 unchanged attribute hidden)
},
]
# (9 unchanged attributes hidden)
},
]
# (2 unchanged attributes hidden)
},
]
id = "r042-4599faa5-fae0-40b6-8e7a-b3e61550ace9"
name = "val2-edge-vpc"
~ security_group = [
~ {
~ group_id = "r042-c23ae8bf-1ff3-45d8-9142-613cf19f2248" -> "r042-6d7e839c-f17d-457c-93de-68ba453bb4b6"
~ group_name = "marital-bunny-gills-deport" -> "management-sg"
~ rules = [
~ {
~ direction = "outbound" -> "inbound"
~ port_max = 0 -> 22
~ port_min = 0 -> 22
~ protocol = "all" -> "tcp"
~ remote = "0.0.0.0/0" -> "158.177.210.176/28"
~ rule_id = "r042-c7eb2cab-88c7-4847-ad0b-4820b49ee617" -> "r042-83cdeab8-d836-495d-bc8c-d97c425d1cf8"
# (3 unchanged attributes hidden)
},
~ {
~ port_max = 0 -> 22
~ port_min = 0 -> 22
~ protocol = "all" -> "tcp"
~ remote = "r042-c23ae8bf-1ff3-45d8-9142-613cf19f2248" -> "158.177.216.144/28"
~ rule_id = "r042-9fd1e096-cfc0-4288-8c58-ad08a81d9693" -> "r042-4effc8df-f274-4a2c-a489-40d972380f4a"
# (4 unchanged attributes hidden)
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "158.175.138.176/28"
+ rule_id = "r042-464b9e11-c1db-4866-870d-43300d7ec7a4"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "169.45.235.176/28"
+ rule_id = "r042-fdfc96d0-69c2-42a4-bb8d-5a83c4ee1121"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "169.61.191.64/27"
+ rule_id = "r042-3cafad49-66fd-4c89-b01b-a73244e40e65"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "149.81.123.64/27"
+ rule_id = "r042-8584e140-dd81-464f-a457-ff62d0fae97d"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "169.60.115.32/27"
+ rule_id = "r042-43e3d1cb-53d8-4d6a-be48-801991ac97e3"
+ type = 0
},
+ {
+ code = 0
+ direction = "outbound"
+ ip_version = "ipv4"
+ port_max = 0
+ port_min = 0
+ protocol = "all"
+ remote = "0.0.0.0/0"
+ rule_id = "r042-ab042bf6-6f4c-4187-bc21-300c1cee2c59"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "150.238.230.128/27"
+ rule_id = "r042-b98f35a2-a203-46ba-b296-92f4ccdb9f02"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "169.62.53.64/27"
+ rule_id = "r042-56d19aff-92ab-4466-90be-fc79cf029a84"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "158.175.106.64/27"
+ rule_id = "r042-d56abe21-6039-451e-b4b1-8730dbd95713"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 0
+ port_min = 0
+ protocol = "all"
+ remote = "10.0.0.0/8"
+ rule_id = "r042-4be24ba3-b4e4-4289-a661-70d1f929b8bf"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 0
+ port_min = 0
+ protocol = "all"
+ remote = "172.16.0.0/12"
+ rule_id = "r042-50e7a5a1-0560-4200-9d9b-13df9157733c"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "169.47.104.160/28"
+ rule_id = "r042-d937bd50-eadf-4f9a-971f-b2a0ba948904"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "149.81.135.64/28"
+ rule_id = "r042-1bf59467-e310-4284-aa33-efa532ce8e53"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 0
+ port_min = 0
+ protocol = "all"
+ remote = "161.26.0.0/16"
+ rule_id = "r042-72c70595-05fb-4485-85c4-0cbe2719e561"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "161.156.138.80/28"
+ rule_id = "r042-1d220fc8-c35c-4648-967a-7f033c90d587"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "169.60.172.144/28"
+ rule_id = "r042-acc6e6d3-fe54-496f-90f6-029c939a9952"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "161.156.37.160/27"
+ rule_id = "r042-53920c63-17a7-4888-9015-509527bceef3"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "169.62.1.224/28"
+ rule_id = "r042-ed55e6f1-f2d3-473d-9a9f-dcfb17e4b586"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "158.176.111.64/27"
+ rule_id = "r042-c473af5a-e1c6-4e14-83bf-d8631682cf0b"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "169.63.254.64/28"
+ rule_id = "r042-cbdde1c0-e616-480d-8e9c-6901e776fe93"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "159.122.111.224/27"
+ rule_id = "r042-73e939ac-0a6e-43a5-9ca1-eec3e066b74a"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "169.62.204.32/27"
+ rule_id = "r042-d98a9966-f23e-479d-a796-d4616c7af144"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "169.63.150.144/28"
+ rule_id = "r042-565b6a36-c99d-43d3-8532-4666675447cf"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "169.55.82.128/27"
+ rule_id = "r042-5e405735-5d46-46f4-a8b1-a5466dbb18bb"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "141.125.79.160/28"
+ rule_id = "r042-04fdee8a-fc97-42d9-a42c-ee3d93fd0069"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "158.176.134.80/28"
+ rule_id = "r042-06f7fbe2-2bac-47f8-aa42-1ad210497940"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "141.125.142.96/27"
+ rule_id = "r042-2cecbdc9-5f1c-4b47-aa24-0ab2206fd45a"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 0
+ port_min = 0
+ protocol = "all"
+ remote = "192.168.0.0/16"
+ rule_id = "r042-7d02ff16-edcb-4894-9c39-52c1e7483cfc"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 22
+ port_min = 22
+ protocol = "tcp"
+ remote = "0.0.0.0/0"
+ rule_id = "r042-283567bd-b4ff-4a9e-8560-8bcb72429dd5"
+ type = 0
},
]
},
+ {
+ group_id = "r042-973ea2d5-7e86-45c9-b229-9775f3c39772"
+ group_name = "workload-sg"
+ rules = [
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 0
+ port_min = 0
+ protocol = "all"
+ remote = "172.16.0.0/12"
+ rule_id = "r042-bca1141b-6ecb-4586-b512-6b6a8ee2c2c6"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 0
+ port_min = 0
+ protocol = "all"
+ remote = "161.26.0.0/16"
+ rule_id = "r042-e9ca6908-2276-4985-a61e-c65e6fa4ca24"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 0
+ port_min = 0
+ protocol = "all"
+ remote = "10.0.0.0/8"
+ rule_id = "r042-371c6352-58c5-4cb4-adca-ee5670c2bcf0"
+ type = 0
},
+ {
+ code = 0
+ direction = "outbound"
+ ip_version = "ipv4"
+ port_max = 0
+ port_min = 0
+ protocol = "all"
+ remote = "0.0.0.0/0"
+ rule_id = "r042-6ad26b8a-e628-43c9-b5c2-4fb81bfc772b"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 0
+ port_min = 0
+ protocol = "all"
+ remote = "192.168.0.0/16"
+ rule_id = "r042-043ede86-1a64-4c71-8d68-bc174975c15e"
+ type = 0
},
]
},
+ {
+ group_id = "r042-c23ae8bf-1ff3-45d8-9142-613cf19f2248"
+ group_name = "marital-bunny-gills-deport"
+ rules = [
+ {
+ code = 0
+ direction = "outbound"
+ ip_version = "ipv4"
+ port_max = 0
+ port_min = 0
+ protocol = "all"
+ remote = "0.0.0.0/0"
+ rule_id = "r042-c7eb2cab-88c7-4847-ad0b-4820b49ee617"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 0
+ port_min = 0
+ protocol = "all"
+ remote = "r042-c23ae8bf-1ff3-45d8-9142-613cf19f2248"
+ rule_id = "r042-9fd1e096-cfc0-4288-8c58-ad08a81d9693"
+ type = 0
},
+ {
+ code = 0
+ direction = "inbound"
+ ip_version = "ipv4"
+ port_max = 0
+ port_min = 0
+ protocol = "all"
+ remote = "0.0.0.0/0"
+ rule_id = "r042-8e94c145-2784-4c6a-a2c1-9f64cb15a750"
+ type = 0
},
]
},
]
~ subnets = [
+ {
+ available_ipv4_address_count = 250
+ id = "02t7-4415efb4-b35d-4ea6-a79b-c10075949ae8"
+ name = "val2-edge-vsi-management-zone-1"
+ status = "available"
+ total_ipv4_address_count = 256
+ zone = "br-sao-1"
},
+ {
+ available_ipv4_address_count = 249
+ id = "02t7-a941310e-1926-45e7-8f3b-343bc8b0b174"
+ name = "val2-edge-vsi-workload-zone-1"
+ status = "available"
+ total_ipv4_address_count = 256
+ zone = "br-sao-1"
},
+ {
+ available_ipv4_address_count = 250
+ id = "02t7-04a21b0f-7a73-4547-b351-b3dfff4b2cbc"
+ name = "val2-edge-vpn-zone-1"
+ status = "available"
+ total_ipv4_address_count = 256
+ zone = "br-sao-1"
},
+ {
+ available_ipv4_address_count = 250
+ id = "02t7-1cb167f2-b245-45c5-9335-40212decdac3"
+ name = "val2-edge-vpe-zone-1"
+ status = "available"
+ total_ipv4_address_count = 256
+ zone = "br-sao-1"
},
]
tags = []
# (24 unchanged attributes hidden)
}
# (13 unchanged attributes hidden)
},
]
surajsbharadwaj commented
jor2 commented
@surajsbharadwaj We have investigated the issue and the problem you are seeing is due to the way our modules are structured. The difference on reapply is actually expected as vpc_data is an output from the time we call the landing-zone-vpc module. But we then attach some security groups and other resources in this module to the vpc we just created which in turns creates the diff on reapply.
I plan to bring this up on one of our deep dives to see if we can untangle these dependencies, but until then is there a reason you need vpc_data to be the latest updated version on first apply?
surajsbharadwaj commented
Hello @jor2 That is really required for us. Otherwise it is not possible to add load balancers and nfs files share to the correct security groups which relies on output of landing_zone
What happens is on first apply, the application load balancer and file storage share are created in the VPC default security group. (as vpc_data wouldn't have populated the list at all), and because of this the code block:
[for security_group in module.landing_zone.vpc_data[0].vpc_data.security_group : security_group.group_id if security_group.group_name == "network-services-sg"] returns empty and the default VPC security group gets assigned,
I even explicitly added depends_on block, and still no use...
module "landing_zone" {
source = "terraform-ibm-modules/landing-zone/ibm//patterns//vsi//module"
version = "5.21.1"
providers = { ibm = ibm.ibm-is }
ssh_public_key = var.ssh_public_key
region = lookup(local.ibm_powervs_zone_cloud_region_map, var.powervs_zone, null)
prefix = var.prefix
override_json_string = local.override_json_string
}
module "vpc_file_share_alb" {
...
...
file_share_security_group_ids = [for security_group in module.landing_zone.vpc_data[0].vpc_data.security_group : security_group.group_id if security_group.group_name == "network-services-sg"]
alb_security_group_ids = [for security_group in module.landing_zone.vpc_data[0].vpc_data.security_group : security_group.group_id if security_group.group_name == "network-services-sg"]
}
surajsbharadwaj commented
Here is the override_json:
{
"resource_groups": [
{
"name": "slz-service-rg",
"create": true,
"use_prefix": true
},
{
"name": "slz-edge-rg",
"create": true,
"use_prefix": true
}
],
"key_management": {
"name": "slz-kms",
"resource_group": "slz-service-rg",
"use_hs_crypto": false,
"use_data": false,
"keys": [
{
"name": "slz-key",
"key_ring": "slz-slz-ring",
"root_key": true,
"payload": null,
"force_delete": null,
"endpoint": null,
"iv_value": null,
"encrypted_nonce": null,
"policies": {
"rotation": {
"interval_month": 12
}
}
},
{
"name": "slz-atracker-key",
"key_ring": "slz-slz-ring",
"root_key": true,
"payload": null,
"force_delete": null,
"endpoint": null,
"iv_value": null,
"encrypted_nonce": null,
"policies": {
"rotation": {
"interval_month": 12
}
}
},
{
"name": "slz-vsi-volume-key",
"key_ring": "slz-slz-ring",
"root_key": true,
"payload": null,
"force_delete": null,
"endpoint": null,
"iv_value": null,
"encrypted_nonce": null,
"policies": {
"rotation": {
"interval_month": 12
}
}
}
]
},
"wait_till": "IngressReady",
"service_endpoints": "private",
"vpn_gateways": [],
"cos": [
{
"name": "atracker-cos",
"plan": "standard",
"random_suffix": true,
"resource_group": "slz-service-rg",
"use_data": false,
"buckets": [
{
"name": "atracker-bucket",
"storage_class": "standard",
"endpoint_type": "public",
"force_delete": true,
"kms_key": "slz-atracker-key"
}
],
"keys": [
{
"name": "cos-bind-key",
"role": "Writer",
"enable_HMAC": false
}
]
},
{
"name": "cos",
"plan": "standard",
"random_suffix": true,
"resource_group": "slz-service-rg",
"use_data": false,
"buckets": [
{
"name": "edge-bucket",
"storage_class": "standard",
"endpoint_type": "public",
"force_delete": true,
"kms_key": "slz-key"
}
],
"keys": []
}
],
"atracker": {
"collector_bucket_name": "atracker-bucket",
"receive_global_events": true,
"resource_group": "slz-service-rg",
"add_route": true
},
"enable_transit_gateway": true,
"transit_gateway_resource_group": "slz-service-rg",
"transit_gateway_connections": [
"edge"
],
"security_groups": [
{
"name": "vpe-sg",
"vpc_name": "edge",
"resource_group": "slz-edge-rg",
"show": false,
"rules": [
{
"direction": "inbound",
"name": "allow-ibm-inbound",
"source": "161.26.0.0/16"
},
{
"direction": "inbound",
"name": "allow-private1-inbound",
"source": "10.0.0.0/8"
},
{
"direction": "inbound",
"name": "allow-private2-inbound",
"source": "172.16.0.0/12"
},
{
"direction": "inbound",
"name": "allow-private3-inbound",
"source": "192.168.0.0/16"
},
{
"direction": "outbound",
"name": "allow-all-outbound",
"source": "0.0.0.0/0"
}
]
}
],
"network_cidr": "10.0.0.0/8",
"vpcs": [
{
"prefix": "edge",
"resource_group": "slz-edge-rg",
"clean_default_sg_acl": false,
"flow_logs_bucket_name": "atracker-bucket",
"default_security_group_rules": [
{
"name": "all-inbound",
"direction": "inbound",
"remote": "0.0.0.0/0"
}
],
"address_prefixes": {
"zone-1": [
"10.30.10.4/24",
"10.30.20.0/24",
"10.30.30.0/24",
"10.30.40.0/24"
]
},
"network_acls": [
{
"name": "acl",
"rules": [
{
"name": "allow-all-inbound",
"action": "allow",
"direction": "inbound",
"source": "0.0.0.0/0",
"destination": "0.0.0.0/0"
},
{
"name": "allow-all-outbound",
"action": "allow",
"direction": "outbound",
"source": "0.0.0.0/0",
"destination": "0.0.0.0/0"
}
]
}
],
"subnets": {
"zone-1": [
{
"name": "vpn-zone-1",
"cidr": "10.30.10.0/24",
"public_gateway": false,
"acl_name": "acl"
},
{
"name": "vsi-management-zone-1",
"cidr": "10.30.20.0/24",
"public_gateway": false,
"acl_name": "acl"
},
{
"name": "vpe-zone-1",
"cidr": "10.30.30.0/24",
"public_gateway": false,
"acl_name": "acl"
},
{
"name": "vsi-edge-zone-1",
"cidr": "10.30.40.0/24",
"public_gateway": true,
"acl_name": "acl"
}
],
"zone-2": null,
"zone-3": null
},
"use_public_gateways": {
"zone-1": true,
"zone-2": false,
"zone-3": false
}
}
],
"vsi": [
{
"name": "jump-box",
"image_name": "${vsi_image}",
"machine_type": "cx2-2x4",
"vpc_name": "edge",
"resource_group": "slz-edge-rg",
"enable_floating_ip": true,
"boot_volume_encryption_key_name": "slz-vsi-volume-key",
"ssh_keys": ["ssh-key"],
"vsi_per_subnet": 1,
"subnet_names": ["vsi-management-zone-1"],
"block_storage_volumes": [],
"security_group": {
"name": "management-sg",
"vpc_name": "edge",
"rules": [
{
"name": "allow-ibm-inbound",
"direction": "inbound",
"source": "161.26.0.0/16"
},
{
"name": "allow-private1-inbound",
"direction": "inbound",
"source": "10.0.0.0/8",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-private2-inbound",
"direction": "inbound",
"source": "172.16.0.0/12",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-private3-inbound",
"direction": "inbound",
"source": "192.168.0.0/16",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics1",
"direction": "inbound",
"source": "169.45.235.176/28",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics2",
"direction": "inbound",
"source": "169.55.82.128/27",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics3",
"direction": "inbound",
"source": "169.60.115.32/27",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics4",
"direction": "inbound",
"source": "169.63.150.144/28",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics5",
"direction": "inbound",
"source": "169.62.1.224/28",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics6",
"direction": "inbound",
"source": "169.62.53.64/27",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics7",
"direction": "inbound",
"source": "150.238.230.128/27",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics8",
"direction": "inbound",
"source": "169.63.254.64/28",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics9",
"direction": "inbound",
"source": "169.47.104.160/28",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics10",
"direction": "inbound",
"source": "169.61.191.64/27",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics11",
"direction": "inbound",
"source": "169.60.172.144/28",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics12",
"direction": "inbound",
"source": "169.62.204.32/27",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics13",
"direction": "inbound",
"source": "158.175.106.64/27",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics14",
"direction": "inbound",
"source": "158.175.138.176/28",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics15",
"direction": "inbound",
"source": "141.125.79.160/28",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics16",
"direction": "inbound",
"source": "141.125.142.96/27",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics17",
"direction": "inbound",
"source": "158.176.111.64/27",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics18",
"direction": "inbound",
"source": "158.176.134.80/28",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics19",
"direction": "inbound",
"source": "149.81.123.64/27",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics20",
"direction": "inbound",
"source": "149.81.135.64/28",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics21",
"direction": "inbound",
"source": "158.177.210.176/28",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics22",
"direction": "inbound",
"source": "158.177.216.144/28",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics23",
"direction": "inbound",
"source": "161.156.138.80/28",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics24",
"direction": "inbound",
"source": "159.122.111.224/27",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-ssh-inbound-schematics25",
"direction": "inbound",
"source": "161.156.37.160/27",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"direction": "outbound",
"name": "allow-all-outbound",
"source": "0.0.0.0/0"
}
]
}
},
{
"name": "network-services",
"image_name": "${vsi_image}",
"machine_type": "cx2-2x4",
"vpc_name": "edge",
"resource_group": "slz-edge-rg",
"enable_floating_ip": false,
"boot_volume_encryption_key_name": "slz-vsi-volume-key",
"ssh_keys": ["ssh-key"],
"vsi_per_subnet": 1,
"subnet_names": ["vsi-edge-zone-1"],
"block_storage_volumes": [],
"security_group": {
"name": "network-services-sg",
"vpc_name": "egde",
"rules": [
{
"direction": "inbound",
"name": "allow-ibm-inbound",
"source": "161.26.0.0/16"
},
{
"direction": "inbound",
"name": "allow-private1-inbound",
"source": "10.0.0.0/8"
},
{
"direction": "inbound",
"name": "allow-private2-inbound",
"source": "172.16.0.0/12"
},
{
"direction": "inbound",
"name": "allow-private3-inbound",
"source": "192.168.0.0/16"
},
{
"direction": "outbound",
"name": "allow-all-outbound",
"source": "0.0.0.0/0"
}
]
}
}
],
"virtual_private_endpoints": [
{
"service_name": "cos",
"service_type": "cloud-object-storage",
"resource_group": "slz-edge-rg",
"vpcs": [
{
"name": "edge",
"security_group_name": "vpe-sg",
"subnets": [
"vpe-zone-1"
]
}
]
}
]
}
ocofaigh commented
This is fixed