Skip to content

Update SG rule input variable defaults to null #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 30, 2025
Merged

Update SG rule input variable defaults to null #25

merged 2 commits into from
May 30, 2025

Conversation

alexbasista
Copy link
Contributor

Description

Be consistent with evaluating AWS security group rules creation based on null variable value rather than the length of a list. The following inputs defaulted to an empty list ([]) which can cause issues when transitioning from a populated list to an empty list (default value), given how the count logic currently exists within the resources.

  • cidr_allow_ingress_ec2_ssh
  • cidr_allow_ingress_tfe_metrics_http
  • cidr_allow_ingress_tfe_metrics_https
  • cidr_allow_egress_ec2_dns

When changing the value of an input from a list with one or more items in it to an empty list, Terraform wants to replace the resources, but they shouldn't really be recreated if the list is empty. Terraform will run for at least 10 minutes on the create operation until it reaches a timeout.

Error: waiting for Security Group (sg-0c30e23a66c96e769) Rule (sgrule-1073862818) create: couldn't find resource

Related issue

N/A

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality not to work as expected)
  • This change requires a documentation update

How has this been tested?

Transition from running terraform apply while the variables are populated with CIDR ranges in a list, to commenting them out and running another terraform apply which causes them to take on the default value of null - with no issue. Going back and forth between the two configurations without Terraform hanging/timing out.

Checklist

  • [x ] My code follows the style guidelines of this project
  • [x ] I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

Additional notes

N/A

@alexbasista alexbasista self-assigned this May 28, 2025
@alexbasista alexbasista requested a review from a team as a code owner May 28, 2025 16:03
abuxton
abuxton approved these changes May 30, 2025
View reviewed changes
Copy link
Contributor

@abuxton abuxton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@jkellner-hashi jkellner-hashi self-requested a review May 30, 2025 13:51
jkellner-hashi
jkellner-hashi approved these changes May 30, 2025
View reviewed changes
Copy link
Contributor

@jkellner-hashi jkellner-hashi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@alexbasista alexbasista merged commit abcd1d4 into main May 30, 2025
4 checks passed
@alexbasista alexbasista deleted the fix/sg-rule-var-defaults branch May 30, 2025 13:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abuxton abuxton abuxton approved these changes

@jkellner-hashi jkellner-hashi jkellner-hashi approved these changes

Assignees

@alexbasista alexbasista

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alexbasista @abuxton @jkellner-hashi