Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sync_rules_and_sg_lifecycles doesn't take in account module enabled = false #43

Closed
syphernl opened this issue Dec 19, 2022 · 1 comment · Fixed by #45
Closed

sync_rules_and_sg_lifecycles doesn't take in account module enabled = false #43

syphernl opened this issue Dec 19, 2022 · 1 comment · Fixed by #45
Labels
bug 🐛 An issue with the system

Comments

@syphernl
Copy link

Found a bug? Maybe our Slack Community can help.

Slack Community

Describe the Bug

We have a SG which only needs to be created in specific environments. For this we use enabled = <condition>.
However, it seems that one resource is not looking at the enabled as it wants to create a null_resource even with enabled = false.

  # module.vpn_sg_azure.null_resource.sync_rules_and_sg_lifecycles[0] will be created
+ resource "null_resource" "sync_rules_and_sg_lifecycles" {
    + id       = (known after apply)
    + triggers = {
        + "sg_ids" = null
        }
    }

Not a big problem as this is a null_resource and doesn't create anything in the AWS environment, but since the module is disabled for this environment it should not create this.

Expected Behavior

This module should not be creating any resources if enabled = false.

Steps to Reproduce

Based off the example:

module "sg" {
  source = "cloudposse/security-group/aws"
  version = "2.0.0"

  # Security Group names must be unique within a VPC.
  # This module follows Cloud Posse naming conventions and generates the name
  # based on the inputs to the null-label module, which means you cannot
  # reuse the label as-is for more than one security group in the VPC.
  #
  # Here we add an attribute to give the security group a unique name.
  attributes = ["primary"]

  # Allow unlimited egress
  allow_all_egress = true

  rules = [
    {
      key         = "ssh"
      type        = "ingress"
      from_port   = 22
      to_port     = 22
      protocol    = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
      self        = null  # preferable to self = false
      description = "Allow SSH from anywhere"
    },
    {
      key         = "HTTP"
      type        = "ingress"
      from_port   = 80
      to_port     = 80
      protocol    = "tcp"
      cidr_blocks = []
      self        = true
      description = "Allow HTTP from inside the security group"
    }
  ]

  vpc_id  = module.vpc.vpc_id

  # Disable this module
  enabled = false

  context = module.label.context
}
@syphernl syphernl added the bug 🐛 An issue with the system label Dec 19, 2022
@karaluh
Copy link

karaluh commented Dec 20, 2022

Same thing happens to me too.

This was referenced Mar 23, 2023
Merged
Merged
@Nuru Nuru closed this as completed in #45 Mar 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug 🐛 An issue with the system
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Properly handle enabled = false cloudposse/terraform-aws-security-group
2 participants
@syphernl @karaluh