use count for set multiple scaleway_security_group_rule

[eraac]

Hi there (again 😄 ),

Terraform Version

Terraform v0.11.0
+ provider.scaleway v1.0.0

Affected Resource(s)

• scaleway_security_group_rule

Terraform Configuration Files

variable "trusted_ips" {
    type        = "list"
    description = "List of allowed IP for ssh"
    default = ["1.1.1.1/32", "2.2.2.2/32"]
}

resource "scaleway_security_group" "firewall" {
    name        = "firewall"
    description = "Firewall rules"
}

# Allow SSH in
resource "scaleway_security_group_rule" "ssh_in" {
    count = "${length(var.trusted_ips)}"

    security_group = "${scaleway_security_group.firewall.id}"

    action    = "accept"
    direction = "inbound"
    ip_range  = "${element(var.trusted_ips, count.index)}"
    protocol  = "TCP"
    port      = "${var.ssh_port}"
}

Debug Output

scaleway_security_group.firewall: Creating...
  description: "" => "Firewall rules"
  name:        "" => "firewall"
scaleway_security_group.firewall: Creation complete after 1s (ID: ---xxx---)
scaleway_security_group_rule.ssh_in[0]: Creating...
  action:         "" => "accept"
  direction:      "" => "inbound"
  ip_range:       "" => "XXXXX"
  port:           "" => "XXXX"
  protocol:       "" => "TCP"
  security_group: "" => "---xxx---"
scaleway_security_group_rule.ssh_in[1]: Creating...
  action:         "" => "accept"
  direction:      "" => "inbound"
  ip_range:       "" => "XXXXX"
  port:           "" => "XXXX"
  protocol:       "" => "TCP"
  security_group: "" => "---xxx---"
scaleway_security_group_rule.ssh_in[1]: Creation complete after 0s (ID: ---xxx---)

Error: Error applying plan:

1 error(s) occurred:

* scaleway_security_group_rule.ssh_in[0]: 1 error(s) occurred:

* scaleway_security_group_rule.ssh_in.0: Failed to find created security group rule

Expected Behavior

Create 2 rules, one per trusted_ips and terraform should continue

Actual Behavior

Rules for ssh_in are created, but terraform stop due to the error

Steps to Reproduce

1. terraform apply

[nicolai86]

@eraac after diving into the problem I can tell you that you uncovered a bug which is fixed with #28, but there's also a peculiarity about Scaleways CIDR handling.

Technically, 1.1.1.1/32 and 1.1.1.1 are identical, as both describe only one IP, but Scaleway normalizes this to 1.1.1.1, leading to a diff in the terraform provider.

Once #28 is merged you should use an IP instead of a CIDR to avoid this. The changed implementation will not error but instead give you a diff if you re-apply.