Open
Description
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
History: a very common use case with security groups is to have inbound rules on instance private IPs. scaleway_instance_security_group_rules was created to address this use case, and because we didn't want to do any breaking change we allowed security group rules to be defined in both scaleway_instance_security_group and scaleway_instance_security_group_rules.
In most cases, there are two ways to create the same security groups:
resource scaleway_instance_security_group sg01 {
external_rules = true
}
resource scaleway_instance_security_group_rules sgrs01 {
security_group_id = scaleway_instance_security_group.sg01.id
inbound_rule {
action = "accept"
port = 80
ip_range = "0.0.0.0/0"
}
}
# sg02 is the same as sg01
resource scaleway_instance_security_group sg02 {
inbound_rule {
action = "accept"
port = 80
ip_range = "0.0.0.0/0"
}
}Proposal: do not allow to set inbound_rule nor outbound_rule from scaleway_instance_security_group, and remove external_rules attribute. Which means scaleway_instance_security_group_rules will be the only way to set rules.
New or Affected Resource(s)
- scaleway_instance_security_group_rules
- scaleway_instance_security_group
Potential Terraform Configuration
resource scaleway_instance_security_group sg01 {}
resource scaleway_instance_security_group_rules sgrs01 {
security_group_id = scaleway_instance_security_group.sg01.id
inbound_rule {
action = "accept"
port = 80
ip_range = "0.0.0.0/0"
}
}