Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

opentelekomcloud_lb_listener_v2: Issues with ip_group assignment #2510

Closed
pwurbs opened this issue May 17, 2024 · 5 comments
Closed

opentelekomcloud_lb_listener_v2: Issues with ip_group assignment #2510

pwurbs opened this issue May 17, 2024 · 5 comments
Assignees
@anton-sidelnikov

Comments

@pwurbs
Copy link

pwurbs commented May 17, 2024

Terraform provider version

v1.36.8

Affected Resource(s)

opentelekomcloud_lb_listener_v2

Terraform Configuration Files

resource "opentelekomcloud_lb_listener_v2" "listener" {
  name                          = "listener-${var.elb_listener_name}"
  protocol                      = "TCP"
  protocol_port                 = var.elb_listener_port
  loadbalancer_id               = var.elb_id
  transparent_client_ip_enable  = true
  ip_group {
    id   = opentelekomcloud_lb_ipgroup_v3.whitelist.id
    type = "white"
    enable = true
  }
  ip_group {
    id   = opentelekomcloud_lb_ipgroup_v3.blacklist.id
    type = "black"
    enable = true
  }
}

Steps to Reproduce

  1. Apply the TF manifest
  2. Check the result in OTC
  3. Apply a 2nd time

Expected Behavior

  1. According to the TF provider doc, enable = true is default
  2. Both ip_groups (whitelist and blacklist) are assigned to the listener

Actual Behavior

  1. I had to set "enable = true" in the TF resource to activate the assignment in the listener
  2. After 1st apply, only the first ip_group is assigned to the listener (whitelist). The 2nd ip_group (blacklist) is configured but not assigned to the listsner
  3. The 2nd TF apply shows the difference and wants to assign the blacklist again (and again)
@anton-sidelnikov
Copy link
Member

Hi @pwurbs only one ip_group could be assigned to listener https://docs.otc.t-systems.com/elastic-load-balancing/api-ref/apis_v3/listener/adding_a_listener.html#createlistener

@anton-sidelnikov anton-sidelnikov self-assigned this May 20, 2024
@niklasweimann
Copy link

I have only one ip_group assigned to the listener. The dokumentation says that the default value of enabled is true, but when i applied the TF the access control was not enabled in the ui.

@anton-sidelnikov
Copy link
Member

Hi @niklasweimann this is mistake in doc, we will fix soon

@pwurbs
Copy link
Author

pwurbs commented May 27, 2024
edited

@anton-sidelnikov You are right. The OTC only supports assigning only either a blacklist or a whitelist. It makes sense...
But the provider should throw an error if someone tries to assign 2 ip_group to the same listener.

@anton-sidelnikov
Copy link
Member

@pwurbs i will add restriction to one element in next release

@anton-sidelnikov anton-sidelnikov mentioned this issue May 27, 2024
Merged
5 tasks
otc-zuul bot pushed a commit that referenced this issue May 27, 2024
@anton-sidelnikov
[ELB] can only set only one ip_group in config for listener (#2527)
2d35f32 
[ELB] can only set only one ip_group in config for listener

Summary of the Pull Request
Also doc updated
PR Checklist

 Refers to: #2510
 Tests added/passed.
 Documentation updated.
 Schema updated.
 Release notes added.

Acceptance Steps Performed
=== RUN   TestAccLBV2Listener_basic
=== PAUSE TestAccLBV2Listener_basic
=== CONT  TestAccLBV2Listener_basic
--- PASS: TestAccLBV2Listener_basic (119.16s)
=== RUN   TestAccLBV2Listener_tls
=== PAUSE TestAccLBV2Listener_tls
=== CONT  TestAccLBV2Listener_tls
--- PASS: TestAccLBV2Listener_tls (231.80s)
=== RUN   TestAccLBV2Listener_SSLPassthrough
=== PAUSE TestAccLBV2Listener_SSLPassthrough
=== CONT  TestAccLBV2Listener_SSLPassthrough
--- PASS: TestAccLBV2Listener_SSLPassthrough (117.56s)
=== RUN   TestAccLBV2Listener_v3listener
=== PAUSE TestAccLBV2Listener_v3listener
=== CONT  TestAccLBV2Listener_v3listener
--- PASS: TestAccLBV2Listener_v3listener (117.85s)
=== RUN   TestAccLBV2Listener_ipGroup
=== PAUSE TestAccLBV2Listener_ipGroup
=== CONT  TestAccLBV2Listener_ipGroup
--- PASS: TestAccLBV2Listener_ipGroup (156.37s)
=== RUN   TestAccLBV3Listener_import
=== PAUSE TestAccLBV3Listener_import
=== CONT  TestAccLBV3Listener_import
--- PASS: TestAccLBV3Listener_import (87.52s)
FAIL

Process finished with the exit code 0


=== RUN   TestAccLBV3Listener_basic
=== PAUSE TestAccLBV3Listener_basic
=== CONT  TestAccLBV3Listener_basic
--- PASS: TestAccLBV3Listener_basic (55.52s)
=== RUN   TestAccLBV3Listener_TCP
=== PAUSE TestAccLBV3Listener_TCP
=== CONT  TestAccLBV3Listener_TCP
--- PASS: TestAccLBV3Listener_TCP (55.90s)
=== RUN   TestAccLBV3Listener_HTTP_to_TCP
=== PAUSE TestAccLBV3Listener_HTTP_to_TCP
=== CONT  TestAccLBV3Listener_HTTP_to_TCP
--- PASS: TestAccLBV3Listener_HTTP_to_TCP (55.85s)
=== RUN   TestAccLBV3Listener_ipGroup
=== PAUSE TestAccLBV3Listener_ipGroup
=== CONT  TestAccLBV3Listener_ipGroup
--- PASS: TestAccLBV3Listener_ipGroup (80.69s)
=== RUN   TestAccLBV3Listener_import
=== PAUSE TestAccLBV3Listener_import
=== CONT  TestAccLBV3Listener_import
--- PASS: TestAccLBV3Listener_import (40.04s)
PASS

Process finished with the exit code 0

Reviewed-by: Sergei Martynov
Reviewed-by: Artem Lifshits
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@anton-sidelnikov anton-sidelnikov

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@niklasweimann @pwurbs @anton-sidelnikov