v7.5.0
terraform-ibm-modules-ops
Terraform IBM Modules Operations
7.5.0 (2023-09-13)
Updates (#621) (753b89d)
IBM Cloud Terraform provider v1.56.0 has added a new option for the "ibm_is_vpc" resource that will cause the default VPC ACL and Security Group to contain no rules (empty).
This release will retire the usage of existing backend scripts to remove all rules from the VPC default ACL and SG, and instead use this new provider option to accomplish the same feature.
Input variable changes:
The new provider option covers both security group and ACL in one variable, so we will be deprecating the individual "clean_" variables and replace them with a new single boolean to enable the feature.
- REMOVED:
clean_default_security_groupandclean_default_acl - ADDED:
clean_default_sg_acl, if set to "true" will trigger new VPC option to have empty default groups (default is "false") - CHANGED:
security_group_rulesnow has a default of empty, instead of a broad default inbound rule that may not be desired - Validation has been added to make sure that
clean_default_sg_aclhas not been set to "true" while having rules specified in thesecurity_group_rulesinput, which are in direct conflict with each other
Upgrade Notes:
If you have already deployed module with the "clean_" variables not specified, you should see no difference after upgrade.
If you have already deployed module with "clean_" variables set to "true/false", you will get an error after upgrade due to those variables being removed, and you should set the new clean_default_sg_acl variable instead. During a plan phase after upgrading, you may see the following resources marked for DESTROY, this is expected as these are the retired scripts that handled this feature in the past, and have been removed:
module.slz_vpc.null_resource.clean_default_acl[0] will be destroyed
module.slz_vpc.null_resource.clean_default_security_group[0] will be destroyed