fix: Acls created for network cidr are open to Any IP (#569)

Aashiq-J · web-flow · commit 2f74af086e83 · 2023-07-10T19:54:42.000+05:30
* fix: network cidr inbound Any IP

* test: remove ignoreupdates
diff --git a/module-metadata.json b/module-metadata.json
@@ -600,7 +600,7 @@
       },
       "pos": {
         "filename": "network_acls.tf",
-        "line": 152
+        "line": 162
       }
     },
     "ibm_is_public_gateway.gateway": {
diff --git a/network_acls.tf b/network_acls.tf
@@ -48,18 +48,28 @@ locals {
   ]
 
   ibm_cloud_internal_rules = flatten([
-    for rules in local.internal_rules : [
-      for index, cidrs in var.network_cidrs != null ? var.network_cidrs : ["0.0.0.0/0"] :
-      merge(rules, {
-        name   = "${rules.name}-${index}"
-        source = cidrs
-      })
-    ]
+    for index, cidrs in var.network_cidrs != null ? var.network_cidrs : ["0.0.0.0/0"] :
+    flatten([
+      [
+        for rule in local.internal_rules :
+        merge(rule, {
+          name   = "${rule.name}-${index}"
+          source = cidrs
+        }) if rule.direction == "outbound"
+      ],
+      [
+        for rule in local.internal_rules :
+        merge(rule, {
+          name        = "${rule.name}-${index}"
+          destination = cidrs
+        }) if rule.direction == "inbound"
+      ]
+    ])
   ])
 
   vpc_inbound_rule = flatten([
-    for address in data.ibm_is_vpc_address_prefixes.get_address_prefixes.address_prefixes : [
-      for index, cidrs in var.network_cidrs != null ? var.network_cidrs : ["0.0.0.0/0"] :
+    for index, cidrs in var.network_cidrs != null ? var.network_cidrs : ["0.0.0.0/0"] : [
+      for address in data.ibm_is_vpc_address_prefixes.get_address_prefixes.address_prefixes :
       {
         name        = "ibmflow-allow-vpc-connectivity-inbound-${substr(address.id, -4, -1)}-${index}" # Providing unique rule names
         action      = "allow"
diff --git a/tests/pr_test.go b/tests/pr_test.go
@@ -36,11 +36,6 @@ func setupOptions(t *testing.T, prefix string, terraformDir string) *testhelper.
 		TerraformDir:  terraformDir,
 		Prefix:        prefix,
 		ResourceGroup: resourceGroup,
-		IgnoreUpdates: testhelper.Exemptions{ // Ignore for consistency check
-			List: []string{
-				"module.slz_vpc.ibm_is_network_acl.network_acl[\"vpc-acl\"]",
-			},
-		},
 		TerraformVars: map[string]interface{}{
 			"access_tags": permanentResources["accessTags"],
 		},

Original file line number	Diff line number	Diff line change
`@@ -600,7 +600,7 @@`
`600`	`600`	`},`
`601`	`601`	`"pos": {`
`602`	`602`	`"filename": "network_acls.tf",`
`603`		`- "line": 152`
	`603`	`+ "line": 162`
`604`	`604`	`}`
`605`	`605`	`},`
`606`	`606`	`"ibm_is_public_gateway.gateway": {`