You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add guidance to heroku_space_inbound_ruleset to use moved blocks (#403)
* Add guidance to heroku_space_inbound_ruleset to use moved blocks
The heroku_space_inbound_ruleset is modeled as a single list resource
in the Heroku API. When renaming the resource terraform understands this
as a delete and then a create of the new resource rather than patching
it in place.
A deletion of the heroku_space_inbound_ruleset has the effect of changing
the ruleset to "ALLOW 0.0.0.0/0." While this behavior is correct, it does
put the space in a temporary state of allowing all traffic, which users
may find undesierable and non-obvious.
We want to advise users that this is behavior exists and provide
guidance for how to avoid it so that they man ensure consistent application
of their desired ruleset.
* Update our heroku_inbound_space_ruleset to a red warning
Marking it "danger" as it has implications for a spaces' critical
security controls.
Copy file name to clipboardExpand all lines: docs/resources/space_inbound_ruleset.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,6 +10,8 @@ description: |-
10
10
11
11
Provides a resource for managing [inbound rulesets](https://devcenter.heroku.com/articles/platform-api-reference#inbound-ruleset) for Heroku Private Spaces.
12
12
13
+
!> **Warning:** When renaming or relocating this resource, use a [`moved` block](https://developer.hashicorp.com/terraform/language/block/moved) to prevent the resource from being destroyed and recreated. During destroy/create operations, the space's inbound ruleset is temporarily set to allow all traffic, which can create a security risk.
0 commit comments