Adding another rule to an existing ACL causes Terraform to crash

[argeiger]

I am trying to add another ACL rule to an existing ACL that was initially deployed. The plan is generated correctly but when it is applied, a terraform crash occurs:

Terraform Version

Terraform v0.12.20

• provider.ibm v1.2.1
• provider.template v2.1.2

Affected Resource(s)

ibm_is_network_acl

Terraform Configuration Plan:

First applied the following:

  # module.vpc.ibm_is_network_acl.acls["default"] will be created
  + resource "ibm_is_network_acl" "acls" {
      + id                      = (known after apply)
      + name                    = "default"
      + resource_controller_url = (known after apply)
      + resource_crn            = (known after apply)
      + resource_group_name     = (known after apply)
      + resource_name           = (known after apply)
      + vpc                     = (known after apply)

      + rules {
          + action      = "allow"
          + destination = "0.0.0.0/0"
          + direction   = "inbound"
          + id          = (known after apply)
          + ip_version  = (known after apply)
          + name        = "icmp"
          + source      = "0.0.0.0/0"
          + subnets     = (known after apply)

          + icmp {
              + code = 1
              + type = 1
            }
        }
      + rules {
          + action      = "allow"
          + destination = "0.0.0.0/0"
          + direction   = "inbound"
          + id          = (known after apply)
          + ip_version  = (known after apply)
          + name        = "inbound-http"
          + source      = "0.0.0.0/0"
          + subnets     = (known after apply)

          + tcp {
              + port_max        = 80
              + port_min        = 80
              + source_port_max = 80
              + source_port_min = 80
            }
        }
      + rules {
          + action      = "allow"
          + destination = "0.0.0.0/0"
          + direction   = "inbound"
          + id          = (known after apply)
          + ip_version  = (known after apply)
          + name        = "inbound-ssh"
          + source      = "0.0.0.0/0"
          + subnets     = (known after apply)

          + tcp {
              + port_max        = 22
              + port_min        = 22
              + source_port_max = 22
              + source_port_min = 22
            }
        }
    }

Then applied:

  # module.vpc.ibm_is_network_acl.acls["default"] will be updated in-place
  ~ resource "ibm_is_network_acl" "acls" {
        id                      = "r006-59358655-1356-4694-a23a-dfe535989411"
        name                    = "default"
        resource_controller_url = "https://cloud.ibm.com/vpc-ext/network/acl"
        resource_crn            = "crn:v1:bluemix:public:is:us-south:a/26a3d1a386bd2cc44df1997eb7ac0ef1::network-acl:r006-59358655-1356-4694-a23a-dfe535989411"
        resource_group_name     = "default"
        resource_name           = "default"
        vpc                     = "r006-e1efa45b-5bc7-48b8-bd3a-ed3c62d5cdde"

        rules {
            action      = "allow"
            destination = "0.0.0.0/0"
            direction   = "inbound"
            id          = "a14663e2-9a1c-4401-987c-487a4ef3f9a8"
            ip_version  = "ipv4"
            name        = "icmp"
            source      = "0.0.0.0/0"
            subnets     = 0

            icmp {
                code = 1
                type = 1
            }
        }
        rules {
            action      = "allow"
            destination = "0.0.0.0/0"
            direction   = "inbound"
            id          = "20ff57a3-784f-4312-ba03-5cc7d86b9144"
            ip_version  = "ipv4"
            name        = "inbound-ssh"
            source      = "0.0.0.0/0"
            subnets     = 0

            tcp {
                port_max        = 22
                port_min        = 22
                source_port_max = 22
                source_port_min = 22
            }
        }
        rules {
            action      = "allow"
            destination = "0.0.0.0/0"
            direction   = "inbound"
            id          = "71a68b27-379e-4ccd-8f81-ad2f4d5bc1f2"
            ip_version  = "ipv4"
            name        = "inbound-http"
            source      = "0.0.0.0/0"
            subnets     = 0

            tcp {
                port_max        = 80
                port_min        = 80
                source_port_max = 80
                source_port_min = 80
            }
        }
      + rules {
          + action      = "allow"
          + destination = "0.0.0.0/0"
          + direction   = "inbound"
          + id          = (known after apply)
          + ip_version  = (known after apply)
          + name        = "inbound-ftp"
          + source      = "0.0.0.0/0"
          + subnets     = (known after apply)

          + tcp {
              + port_max        = 21
              + port_min        = 21
              + source_port_max = 21
              + source_port_min = 21
            }
        }
    }

Expected Behavior

The new ACL rule should have been applied without causing a crash

Actual Behavior

A terraform crash occurs. I have the crash.log if needed but haven't looked to see if there is any sensitive data. Please let me know if this is needed

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

Create an ACL with some rules
Apply the plan: terraform apply
Modify the terraform plan to add another acl rule to the existing acl
Apply the plan: terraform apply
Terraform crashes

[hkantare]

Already its known issue ..Duplicate of #1117 are working and will be available in next release (early next week)

[hkantare]

Fix a available in latest releases
https://github.com/IBM-Cloud/terraform-provider-ibm/releases/tag/v1.2.2
https://github.com/IBM-Cloud/terraform-provider-ibm/releases/tag/v0.24.2

[hkantare]

The order of creation is fixed in
https://github.com/IBM-Cloud/terraform-provider-ibm/releases/tag/v1.2.4
https://github.com/IBM-Cloud/terraform-provider-ibm/releases/tag/v0.24.4