Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Firewall one of source_tags, source_ranges, or source_service_accounts must be defined #964

Closed
nicaura opened this issue Dec 23, 2022 · 1 comment
Closed

Firewall one of source_tags, source_ranges, or source_service_accounts must be defined #964

nicaura opened this issue Dec 23, 2022 · 1 comment
Labels
kind/bug Some behavior is incorrect or out of spec resolution/by-design This issue won't be fixed because the functionality is working as designed

Comments

@nicaura
Copy link

nicaura commented Dec 23, 2022
edited

What happened?

Setting a firewall rule

new gcp.compute.Firewall("firewall-vm", {
  network: "default",
  allows: [
    {
      ports: ["8181"],
      protocol: "tcp",
    },
  ],
  targetTags: ["mytag"],
}),

used to work perfectly but now throws :

     Type                     Name                  Plan       Info
     pulumi:pulumi:Stack      gcp-us                                1 error
 +   └─ gcp:compute:Firewall  firewall-vm  create     1 error

Diagnostics:
  gcp:compute:Firewall (firewall-vm):
    error: Preview failed: diffing urn:pulumi:prod::gcp-us::gcp:compute/firewall:Firewall::firewall-vm: 1 error occurred:
    	* one of source_tags, source_ranges, or source_service_accounts must be defined

  pulumi:pulumi:Stack (gcp-us):
    error: preview failed

Adding sourceRanges: ["0.0.0.0/0"] fixes the issue.

Steps to reproduce

Create a firewall rule as such :

new gcp.compute.Firewall("firewall-vm", {
  network: "default",
  allows: [
    {
      ports: ["8181"],
      protocol: "tcp",
    },
  ],
  targetTags: ["mytag"],
}),

Expected Behavior

The rule to be created.

Actual Behavior

Firewall rule now seems to require additional attributes :

one of source_tags, source_ranges, or source_service_accounts must be defined

Output of pulumi about

No response

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@nicaura nicaura added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels Dec 23, 2022
@mikhailshilkov mikhailshilkov added resolution/by-design This issue won't be fixed because the functionality is working as designed and removed needs-triage Needs attention from the triage team labels Dec 27, 2022
@mikhailshilkov
Copy link
Member

My guess is that this is by design. Here is the upstream check that triggers it: https://github.com/hashicorp/terraform-provider-google/blob/16a2ae286181d3fc43834166d3428fd1d0a53562/google/resource_compute_firewall.go#L93-L95

If you let me know which exact version broke you, I can try to look up the PR that may be the cause. Off the top of my head it could be hashicorp/terraform-provider-google#10668

@mikhailshilkov mikhailshilkov closed this as not planned Won't fix, can't repro, duplicate, stale Dec 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Some behavior is incorrect or out of spec resolution/by-design This issue won't be fixed because the functionality is working as designed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mikhailshilkov @nicaura