Error while applying lb frontend ACL

[remyleone]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Affected Resource(s)

• scaleway_XXXX

Terraform Configuration Files

resource "scaleway_lb_ip" "ip" {
  zone = "fr-par-1"
}

resource "scaleway_lb" "main" {
  ip_id  = scaleway_lb_ip.ip.id
  zone   = scaleway_lb_ip.ip.zone
  type   = "LB-S"
}

resource "scaleway_lb_backend" "backend01" {
  lb_id            = scaleway_lb.main.id
  name             = "backend01"
  forward_protocol = "http"
  forward_port     = "80"
}

resource "scaleway_lb_frontend" "lb_swarm_frontend_80" {
  lb_id        = scaleway_lb.main.id
  backend_id   = scaleway_lb_backend.backend01.id
  name         = "lb_swarm_frontend_80"
  inbound_port = "80"

  dynamic "acl" {
    for_each = local.acl_loadbalancer
    content {
      name = acl.value.description
      action {
        type = acl.value.action
      }
      match {
        ip_subnet = acl.value.ips
        invert    = acl.value.invert
      }
    }
  }
}

resource "scaleway_lb_frontend" "lb_swarm_frontend_443" {
  lb_id        = scaleway_lb.main.id
  backend_id   = scaleway_lb_backend.backend01.id
  name         = "lb_swarm_frontend_443"
  inbound_port = "443"

  dynamic "acl" {
    for_each = local.acl_loadbalancer
    content {
      name = acl.value.description
      action {
        type = acl.value.action
      }
      match {
        ip_subnet = acl.value.ips
        invert    = acl.value.invert
      }
    }
  }
}

locals {
  acl_loadbalancer = [
    {
      ips         = ["163.172.xxx.xxx", "51.210.xxx.xxx"]
      description = "Allow VPN-DEV1-2."
      action      = "allow"
      invert      = false
    },
    {
      ips         = ["51.68.xxx.xxx", "51.68.xxx.xxx"]
      description = "Allow GitLab Runner QA."
      action      = "allow"
      invert      = false
    },
    {
      ips         = ["51.210.xxx.xxx", "51.210.xxx.xxx"]
      description = "Allow GitLab DevSecOps."
      action      = "allow"
      invert      = false
    },
    {
      ips         = ["212.47.xxx.xxx"]
      description = "Allow VPN Collaborateur"
      action      = "allow"
      invert      = false
    },
    {
      ips         = ["92.154.xxx.xxx"]
      description = "Allow Caumartin workplace"
      action      = "allow"
      invert      = false
    },
    {
      ips         = ["0.0.0.0/0"]
      description = "Deny all"
      action      = "deny"
      invert      = false
    }
  ]
}

Debug Output

scaleway_lb_frontend.lb_swarm_frontend_443: Creating...
scaleway_lb_frontend.lb_swarm_frontend_80: Creating...
╷
│ Error: scaleway-sdk-go: http error 400 Bad Request: invalid parameters
│ 
│   with scaleway_lb_frontend.lb_swarm_frontend_80,
│   on main.tf line 30, in resource "scaleway_lb_frontend" "lb_swarm_frontend_80":
│   30: resource "scaleway_lb_frontend" "lb_swarm_frontend_80" {
│ 
╵
╷
│ Error: scaleway-sdk-go: http error 400 Bad Request: invalid parameters
│ 
│   with scaleway_lb_frontend.lb_swarm_frontend_443,
│   on main.tf line 51, in resource "scaleway_lb_frontend" "lb_swarm_frontend_443":
│   51: resource "scaleway_lb_frontend" "lb_swarm_frontend_443" {
│ 

Panic Output

Expected Behavior

Actual Behavior

Steps to Reproduce

1. terraform apply

Important Factoids

References

• #0000

[remyleone]

Because of hashicorp/terraform-plugin-sdk#536 we cannot currently add acceptance test that reproduce this exact configuration