You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
If an issue is assigned to a user, that user is claiming responsibility for the issue.
Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.
│ Error: Error creating Firewall: googleapi: Error 400: Invalid value for field 'resource.allowed[0].ports[0]': ''. Ports may only be specified on rules whose protocol is one of [TCP, UDP, SCTP]., invalid
│
│ with module.vpc-peering["subnet1"].google_compute_firewall.rule-vpc-peering-ingress["icmp:"],
│ on modules/vpc-peering/main.tf line 32, in resource "google_compute_firewall" "rule-vpc-peering-ingress":
│ 32: resource "google_compute_firewall" "rule-vpc-peering-ingress" {
Expected Behavior
Although ICMP does not have ports, to be able to reuse the google_compute_firewall resource for ICMP and other protocols is useful for compact and effective IaC.
ie. populated ports with a value for non ICMP and null for ICMP
This Provider should allow:
a) No ports defined in the Terraform <-- it currently does this
And
b) Ports to be defined but with a null value <-- currently it fails as debug output above.
Actual Behavior
Note, that the Terraform plan shows the null value as expected
eg.
it is the apply that fails
eg. Error: Error creating Firewall: googleapi: Error 400: Invalid value for field 'resource.allowed[0].ports[0]': ''. Ports may only be specified on rules whose protocol is one of [TCP, UDP, SCTP]., invalid
Steps to reproduce
terraform apply
Important Factoids
No response
References
No response
b/337926849
The text was updated successfully, but these errors were encountered:
Confirmed issue, after many tries with different configurations it is not possible to manage ICMP for firewall rules even if the value is assigned or not, when the documentation specify that this is valid
Community Note
Terraform Version
Terraform v1.8.1
on linux_amd64
Affected Resource(s)
google_compute_firewall
Terraform Configuration
snippet.tfvars
target_pp = ["tcp:22,6443","udp:123,456", "icmp:"]
snippet.tf
Debug Output
│ Error: Error creating Firewall: googleapi: Error 400: Invalid value for field 'resource.allowed[0].ports[0]': ''. Ports may only be specified on rules whose protocol is one of [TCP, UDP, SCTP]., invalid
│
│ with module.vpc-peering["subnet1"].google_compute_firewall.rule-vpc-peering-ingress["icmp:"],
│ on modules/vpc-peering/main.tf line 32, in resource "google_compute_firewall" "rule-vpc-peering-ingress":
│ 32: resource "google_compute_firewall" "rule-vpc-peering-ingress" {
Expected Behavior
Although ICMP does not have ports, to be able to reuse the google_compute_firewall resource for ICMP and other protocols is useful for compact and effective IaC.
ie. populated ports with a value for non ICMP and null for ICMP
eg.
target_pp = ["tcp:22,6443","udp:123,456", "icmp:"]
This Provider should allow:
a) No ports defined in the Terraform <-- it currently does this
And
b) Ports to be defined but with a null value <-- currently it fails as debug output above.
Actual Behavior
Note, that the Terraform plan shows the null value as expected
eg.
it is the apply that fails
eg.
Error: Error creating Firewall: googleapi: Error 400: Invalid value for field 'resource.allowed[0].ports[0]': ''. Ports may only be specified on rules whose protocol is one of [TCP, UDP, SCTP]., invalid
Steps to reproduce
terraform apply
Important Factoids
No response
References
No response
b/337926849
The text was updated successfully, but these errors were encountered: