[Bug]: Can't import hcloud_firewall_attachment #1038
Comments
|
Since there can be only a single list of attachments per firewall and thus the list does not need to be identified by name or id, shouldn't the attachment be imported by importing the firewall? Or in other words: Does that resource make sense at all? Shouldn't the list of attached servers be just a property of the firewall resource? |
|
Hi, Adding the import logic to handle the firewall ID is really easy, but I'd prefer waiting that we changed the ID of the firewall attachment to support multiple ones and then find a way to import them (not sure how, seems tricky). I'll try to think of a solution, but this one sure is not an easy one (maybe the answer is that we have to wait to migrate to the Terraform plugin-framework) For the time being, could you maybe delete the firewall in the console and create it using terraform? |
|
Not at the moment, this is a productive system. I will soon perform more tests. As far as I can see, there is not precisely "multiple attachments" for firewalls, but, following https://docs.hetzner.cloud/#firewall-actions-apply-to-resources an array each for each possible resource type. Actually there is e.g. only one attachment for resource type server, and this attachment is an array of attached server ids. Although this is some bad design by Hetzner, this is the way it is. An ID for a firewall attachment could be "[firewallID]-server", containing an array. This is somewhat annoying, since the firewall config needs to know all servers, and rather the server should have a property identifying the firewall to use, but as long as Hetzner has designed it this way, the terraform config should follow Hetzner – for better or for worse. |
What happened?
Hi,
I do have a running setup in the Hetzner Cloud (hcloud) with servers, networks, firewall, bells, and whistles, running properly.
Now I am trying to write a terraform ruleset which would recreate exactly this setup, i.e. having
terraform plan
output nothing to do after importing the current setup with
terraform import ...
, because the terraform configuration exactly matches the setup.
One problem remains:
I have written hcloud_firewall resources with rulesets, that exactly match my firewall setup, but
resource "hcloud_firewall_attachment" "webtest1wall" {
firewall_id = hcloud_firewall.webwall.id
server_ids = [hcloud_server.webtest1.id]
}
always resulting in plan
hcloud_firewall_attachment.webtest1wall will be created
]
}
although it alreaday exists, simply because I cannot import it and tell terraform, that this already exists.
whatever I try to do for importing, I always get
│ Error: resource hcloud_firewall_attachment doesn't support import
The description at
https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/firewall_attachment
doesn't mention importing either.
So how do I import the attachment?
What did you expect to happen?
Having a way to import a firewall attachment in order to tell terraform, that it already exists and does not need to be recreated.
Please provide a minimal working example
see above
Do create a
in the Hetzner Web GUI and try to write terraform configuration to describe the server, the firewall, the attachment.
Importing the server and the firewall into terraform is easy, but how to import the attachment in order to keep terraform recreating it?
regards
The text was updated successfully, but these errors were encountered: