Firewall Group association between fw_firewall_group_v2 and opentelekomcloud_vpc_subnet_v1 resources #3167
Description
Terraform provider version
terraform v.1.11.0 (Using this version waiting for #2961 issue to be solved)
Affected Resource(s)
- opentelekomcloud_fw_firewall_group_v2
- opentelekomcloud_vpc_subnet_v1
Terraform Configuration Files
resource "opentelekomcloud_vpc_subnet_v1" "this" {
name = var.subnet_name
cidr = var.subnet_cidr
gateway_ip = var.gateway_ip
vpc_id = var.vpc_id
availability_zone = var.availability_zone
ntp_addresses = join(",", var.ntp_addresses)
dhcp_enable = var.dhcp_enable
dns_list = var.dns_nameservers
tags = var.tags
}
resource "opentelekomcloud_fw_firewall_group_v2" "group" {
for_each = var.firewall_rules
name = "${var.tenant_name}_${each.key}"
description = "Firewall group for ${var.tenant_name}_${each.key}"
ingress_policy_id = (...)
egress_policy_id = (...)
lifecycle {
ignore_changes = [
ports
]
}
}Debug Output/Panic Output
Steps to Reproduce
terraform apply
Expected Behavior
It should be possible to associate a firewall group directly with a subnet using the opentelekomcloud_vpc_subnet_v1 resource by specifying a firewall argument.
Actual Behavior
Currently, opentelekomcloud_vpc_subnet_v1 does not support a firewall argument, so firewall groups cannot be directly associated with subnets. As a workaround, we associate the firewall group with a port in the subnet, but this approach is not ideal and requires additional outputs from subnets and firewalls, as well as custom Python scripts.