Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: update security group logic #422

Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open

feat: update security group logic #422

wants to merge 16 commits into from
+201 −248

Conversation

mounika-nalla
Copy link
Contributor

@mounika-nalla mounika-nalla commented Apr 7, 2023
edited by vburckhardt
Loading

Description

Replace security group logic with the security group module
fixes #410

Types of changes in this PR

No release required

  • Examples or tests (addition or updates of examples or tests)
  • Documentation update
  • CI-related update (pipeline, etc.)
  • Other changes that don't affect Terraform code

Release required

  • Bug fix (patch release (x.x.X): Change that fixes an issue and is compatible with earlier versions)
  • New feature (minor release (x.X.x): Change that adds functionality and is compatible with earlier versions)
  • Breaking change (major release (X.x.x): Change that is likely incompatible with previous versions)
Release notes content

Replace this text with information that users need to know about the bug fixes, features, and breaking changes. This information helps the merger write the commit message that is published in the release notes for the module.

Checklist for reviewers

  • If relevant, a test for the change is included or updated with this PR.
  • If relevant, documentation for the change is included or updated with this PR.

Merge actions for mergers

  • Merge by using "Squash and merge".

  • Use a relevant conventional commit message that is based on the PR contents and any release notes provided by the PR author.

    The commit message determines whether a new version of the module is needed, and if so, which semver increment to use (major, minor, or patch).

@ocofaigh
Copy link
Member

ocofaigh commented Apr 7, 2023

@mounika-nalla The upgrade test failed because it has identified an update to the network_acl. Can you confirm if this is expected? If so we will need to temporarily add module.slz_vpc.ibm_is_network_acl.network_acl["vpc-acl"] to the ignore list in pr_test.go to allow upgrade to test. But first please confirm this is expected:

Messages:   	Resource(s) identified to be updated Name: network_acl Address: module.slz_vpc.ibm_is_network_acl.network_acl["vpc-acl"] Actions: [update]
        	            	DIFF:
        	            	Before: {"rules":[{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"ed853e71-1a32-4f7c-aafd-5c84a72915d9","ip_version":"ipv4","name":"ibmflow-iaas-inbound","source":"161.26.0.0/16","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"161.26.0.0/16","direction":"outbound","icmp":[],"id":"0d5f650e-5dcf-41d6-9bf9-4b38a4974bce","ip_version":"ipv4","name":"ibmflow-iaas-outbound","source":"10.0.0.0/8","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"b64f770f-608c-4331-8786-f330d8bcc68e","ip_version":"ipv4","name":"ibmflow-paas-inbound","source":"166.8.0.0/14","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"166.8.0.0/14","direction":"outbound","icmp":[],"id":"d4a51721-7afc-468e-8000-978c79819612","ip_version":"ipv4","name":"ibmflow-paas-outbound","source":"10.0.0.0/8","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"07f265f3-88e6-471d-a3ad-1fadafba4c1c","ip_version":"ipv4","name":"ibmflow-allow-vpc-connectivity-inbound","source":"10.0.0.0/8","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"outbound","icmp":[],"id":"dc925ad5-6cda-4ab0-a9c7-ace24fb6dc7f","ip_version":"ipv4","name":"ibmflow-allow-vpc-connectivity-outbound","source":"10.0.0.0/8","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"0.0.0.0/0","direction":"inbound","icmp":[],"id":"dc55289c-26d0-458e-a352-d7a1f87be5f1","ip_version":"ipv4","name":"allow-all-443-inbound","source":"0.0.0.0/0","subnets":3,"tcp":[{"port_max":443,"port_min":443,"source_port_max":65535,"source_port_min":1}],"udp":[]},{"action":"allow","destination":"0.0.0.0/0","direction":"outbound","icmp":[],"id":"f4eead85-febc-46ff-b62f-5e1cfea2fe30","ip_version":"ipv4","name":"allow-all-443-outbound","source":"0.0.0.0/0","subnets":3,"tcp":[{"port_max":65535,"port_min":1,"source_port_max":443,"source_port_min":443}],"udp":[]},{"action":"deny","destination":"0.0.0.0/0","direction":"inbound","icmp":[],"id":"0701b4a3-f309-4288-8642-45f5a3400d94","ip_version":"ipv4","name":"ibmflow-deny-all-inbound","source":"0.0.0.0/0","subnets":3,"tcp":[],"udp":[]},{"action":"deny","destination":"0.0.0.0/0","direction":"outbound","icmp":[],"id":"c8dd00dc-6972-4c71-94e5-70f0b7d39cf4","ip_version":"ipv4","name":"ibmflow-deny-all-outbound","source":"0.0.0.0/0","subnets":3,"tcp":[],"udp":[]}]}
        	            	After: {"rules":[{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"ed853e71-1a32-4f7c-aafd-5c84a72915d9","ip_version":"ipv4","name":"ibmflow-iaas-inbound","source":"161.26.0.0/16","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"161.26.0.0/16","direction":"outbound","icmp":[],"id":"0d5f650e-5dcf-41d6-9bf9-4b38a4974bce","ip_version":"ipv4","name":"ibmflow-iaas-outbound","source":"10.0.0.0/8","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"b64f770f-608c-4331-8786-f330d8bcc68e","ip_version":"ipv4","name":"ibmflow-paas-inbound","source":"166.8.0.0/14","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"166.8.0.0/14","direction":"outbound","icmp":[],"id":"d4a51721-7afc-468e-8000-978c79819612","ip_version":"ipv4","name":"ibmflow-paas-outbound","source":"10.0.0.0/8","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"07f265f3-88e6-471d-a3ad-1fadafba4c1c","ip_version":"ipv4","name":"ibmflow-allow-vpc-connectivity-inbound-23a9","source":"10.240.0.0/18","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"dc925ad5-6cda-4ab0-a9c7-ace24fb6dc7f","ip_version":"ipv4","name":"ibmflow-allow-vpc-connectivity-inbound-74bc","source":"10.240.64.0/18","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"dc55289c-26d0-458e-a352-d7a1f87be5f1","ip_version":"ipv4","name":"ibmflow-allow-vpc-connectivity-inbound-767d","source":"10.240.128.0/18","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"f4eead85-febc-46ff-b62f-5e1cfea2fe30","ip_version":"ipv4","name":"ibmflow-allow-vpc-connectivity-inbound-04b2","source":"10.10.10.0/24","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"0701b4a3-f309-4288-8642-45f5a3400d94","ip_version":"ipv4","name":"ibmflow-allow-vpc-connectivity-inbound-1dc5","source":"10.30.10.0/24","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"c8dd00dc-6972-4c71-94e5-70f0b7d39cf4","ip_version":"ipv4","name":"ibmflow-allow-vpc-connectivity-inbound-9aa4","source":"10.20.10.0/24","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.240.0.0/18","direction":"outbound","icmp":[],"id":null,"ip_version":null,"name":"ibmflow-allow-vpc-connectivity-outbound-tion","source":"10.0.0.0/8","subnets":null,"tcp":[],"udp":[]},{"action":"allow","destination":"10.240.64.0/18","direction":"outbound","icmp":[],"id":null,"ip_version":null,"name":"ibmflow-allow-vpc-connectivity-outbound-dled","source":"10.0.0.0/8","subnets":null,"tcp":[],"udp":[]},{"action":"allow","destination":"10.240.128.0/18","direction":"outbound","icmp":[],"id":null,"ip_version":null,"name":"ibmflow-allow-vpc-connectivity-outbound-lude","source":"10.0.0.0/8","subnets":null,"tcp":[],"udp":[]},{"action":"allow","destination":"10.10.10.0/24","direction":"outbound","icmp":[],"id":null,"ip_version":null,"name":"ibmflow-allow-vpc-connectivity-outbound-et-a","source":"10.0.0.0/8","subnets":null,"tcp":[],"udp":[]},{"action":"allow","destination":"10.30.10.0/24","direction":"outbound","icmp":[],"id":null,"ip_version":null,"name":"ibmflow-allow-vpc-connectivity-outbound-et-c","source":"10.0.0.0/8","subnets":null,"tcp":[],"udp":[]},{"action":"allow","destination":"10.20.10.0/24","direction":"outbound","icmp":[],"id":null,"ip_version":null,"name":"ibmflow-allow-vpc-connectivity-outbound-et-b","source":"10.0.0.0/8","subnets":null,"tcp":[],"udp":[]},{"action":"deny","destination":"0.0.0.0/0","direction":"inbound","icmp":[],"id":null,"ip_version":null,"name":"ibmflow-deny-all-inbound","source":"0.0.0.0/0","subnets":null,"tcp":[],"udp":[]},{"action":"deny","destination":"0.0.0.0/0","direction":"outbound","icmp":[],"id":null,"ip_version":null,"name":"ibmflow-deny-all-outbound","source":"0.0.0.0/0","subnets":null,"tcp":[],"udp":[]}]}

@mounika-nalla
Copy link
Contributor Author

@mounika-nalla The upgrade test failed because it has identified an update to the network_acl. Can you confirm if this is expected? If so we will need to temporarily add module.slz_vpc.ibm_is_network_acl.network_acl["vpc-acl"] to the ignore list in pr_test.go to allow upgrade to test. But first please confirm this is expected:

Messages:   	Resource(s) identified to be updated Name: network_acl Address: module.slz_vpc.ibm_is_network_acl.network_acl["vpc-acl"] Actions: [update]
        	            	DIFF:
        	            	Before: {"rules":[{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"ed853e71-1a32-4f7c-aafd-5c84a72915d9","ip_version":"ipv4","name":"ibmflow-iaas-inbound","source":"161.26.0.0/16","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"161.26.0.0/16","direction":"outbound","icmp":[],"id":"0d5f650e-5dcf-41d6-9bf9-4b38a4974bce","ip_version":"ipv4","name":"ibmflow-iaas-outbound","source":"10.0.0.0/8","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"b64f770f-608c-4331-8786-f330d8bcc68e","ip_version":"ipv4","name":"ibmflow-paas-inbound","source":"166.8.0.0/14","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"166.8.0.0/14","direction":"outbound","icmp":[],"id":"d4a51721-7afc-468e-8000-978c79819612","ip_version":"ipv4","name":"ibmflow-paas-outbound","source":"10.0.0.0/8","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"07f265f3-88e6-471d-a3ad-1fadafba4c1c","ip_version":"ipv4","name":"ibmflow-allow-vpc-connectivity-inbound","source":"10.0.0.0/8","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"outbound","icmp":[],"id":"dc925ad5-6cda-4ab0-a9c7-ace24fb6dc7f","ip_version":"ipv4","name":"ibmflow-allow-vpc-connectivity-outbound","source":"10.0.0.0/8","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"0.0.0.0/0","direction":"inbound","icmp":[],"id":"dc55289c-26d0-458e-a352-d7a1f87be5f1","ip_version":"ipv4","name":"allow-all-443-inbound","source":"0.0.0.0/0","subnets":3,"tcp":[{"port_max":443,"port_min":443,"source_port_max":65535,"source_port_min":1}],"udp":[]},{"action":"allow","destination":"0.0.0.0/0","direction":"outbound","icmp":[],"id":"f4eead85-febc-46ff-b62f-5e1cfea2fe30","ip_version":"ipv4","name":"allow-all-443-outbound","source":"0.0.0.0/0","subnets":3,"tcp":[{"port_max":65535,"port_min":1,"source_port_max":443,"source_port_min":443}],"udp":[]},{"action":"deny","destination":"0.0.0.0/0","direction":"inbound","icmp":[],"id":"0701b4a3-f309-4288-8642-45f5a3400d94","ip_version":"ipv4","name":"ibmflow-deny-all-inbound","source":"0.0.0.0/0","subnets":3,"tcp":[],"udp":[]},{"action":"deny","destination":"0.0.0.0/0","direction":"outbound","icmp":[],"id":"c8dd00dc-6972-4c71-94e5-70f0b7d39cf4","ip_version":"ipv4","name":"ibmflow-deny-all-outbound","source":"0.0.0.0/0","subnets":3,"tcp":[],"udp":[]}]}
        	            	After: {"rules":[{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"ed853e71-1a32-4f7c-aafd-5c84a72915d9","ip_version":"ipv4","name":"ibmflow-iaas-inbound","source":"161.26.0.0/16","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"161.26.0.0/16","direction":"outbound","icmp":[],"id":"0d5f650e-5dcf-41d6-9bf9-4b38a4974bce","ip_version":"ipv4","name":"ibmflow-iaas-outbound","source":"10.0.0.0/8","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"b64f770f-608c-4331-8786-f330d8bcc68e","ip_version":"ipv4","name":"ibmflow-paas-inbound","source":"166.8.0.0/14","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"166.8.0.0/14","direction":"outbound","icmp":[],"id":"d4a51721-7afc-468e-8000-978c79819612","ip_version":"ipv4","name":"ibmflow-paas-outbound","source":"10.0.0.0/8","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"07f265f3-88e6-471d-a3ad-1fadafba4c1c","ip_version":"ipv4","name":"ibmflow-allow-vpc-connectivity-inbound-23a9","source":"10.240.0.0/18","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"dc925ad5-6cda-4ab0-a9c7-ace24fb6dc7f","ip_version":"ipv4","name":"ibmflow-allow-vpc-connectivity-inbound-74bc","source":"10.240.64.0/18","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"dc55289c-26d0-458e-a352-d7a1f87be5f1","ip_version":"ipv4","name":"ibmflow-allow-vpc-connectivity-inbound-767d","source":"10.240.128.0/18","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"f4eead85-febc-46ff-b62f-5e1cfea2fe30","ip_version":"ipv4","name":"ibmflow-allow-vpc-connectivity-inbound-04b2","source":"10.10.10.0/24","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"0701b4a3-f309-4288-8642-45f5a3400d94","ip_version":"ipv4","name":"ibmflow-allow-vpc-connectivity-inbound-1dc5","source":"10.30.10.0/24","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.0.0.0/8","direction":"inbound","icmp":[],"id":"c8dd00dc-6972-4c71-94e5-70f0b7d39cf4","ip_version":"ipv4","name":"ibmflow-allow-vpc-connectivity-inbound-9aa4","source":"10.20.10.0/24","subnets":3,"tcp":[],"udp":[]},{"action":"allow","destination":"10.240.0.0/18","direction":"outbound","icmp":[],"id":null,"ip_version":null,"name":"ibmflow-allow-vpc-connectivity-outbound-tion","source":"10.0.0.0/8","subnets":null,"tcp":[],"udp":[]},{"action":"allow","destination":"10.240.64.0/18","direction":"outbound","icmp":[],"id":null,"ip_version":null,"name":"ibmflow-allow-vpc-connectivity-outbound-dled","source":"10.0.0.0/8","subnets":null,"tcp":[],"udp":[]},{"action":"allow","destination":"10.240.128.0/18","direction":"outbound","icmp":[],"id":null,"ip_version":null,"name":"ibmflow-allow-vpc-connectivity-outbound-lude","source":"10.0.0.0/8","subnets":null,"tcp":[],"udp":[]},{"action":"allow","destination":"10.10.10.0/24","direction":"outbound","icmp":[],"id":null,"ip_version":null,"name":"ibmflow-allow-vpc-connectivity-outbound-et-a","source":"10.0.0.0/8","subnets":null,"tcp":[],"udp":[]},{"action":"allow","destination":"10.30.10.0/24","direction":"outbound","icmp":[],"id":null,"ip_version":null,"name":"ibmflow-allow-vpc-connectivity-outbound-et-c","source":"10.0.0.0/8","subnets":null,"tcp":[],"udp":[]},{"action":"allow","destination":"10.20.10.0/24","direction":"outbound","icmp":[],"id":null,"ip_version":null,"name":"ibmflow-allow-vpc-connectivity-outbound-et-b","source":"10.0.0.0/8","subnets":null,"tcp":[],"udp":[]},{"action":"deny","destination":"0.0.0.0/0","direction":"inbound","icmp":[],"id":null,"ip_version":null,"name":"ibmflow-deny-all-inbound","source":"0.0.0.0/0","subnets":null,"tcp":[],"udp":[]},{"action":"deny","destination":"0.0.0.0/0","direction":"outbound","icmp":[],"id":null,"ip_version":null,"name":"ibmflow-deny-all-outbound","source":"0.0.0.0/0","subnets":null,"tcp":[],"udp":[]}]}

Yes, these are expected because of the version bump of terraform-ibm-landing-zone-vpc from 4.2 to 5.2. The updates involved here are the unique names to the acls, changes to source and destination. I have updated the PR ignoring module.slz_vpc.ibm_is_network_acl.network_acl["vpc-acl”]. I will remove it once the PR is merged.

vburckhardt
vburckhardt requested changes Apr 7, 2023
View reviewed changes
Copy link
Member

@vburckhardt vburckhardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @mounika-nalla - couple of comments

variables.tf Outdated Show resolved Hide resolved
variables.tf Outdated Show resolved Hide resolved
@vburckhardt vburckhardt self-requested a review April 18, 2023 16:05
vburckhardt
vburckhardt previously approved these changes Apr 18, 2023
View reviewed changes
Copy link
Member

@vburckhardt vburckhardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@vburckhardt vburckhardt self-requested a review April 18, 2023 16:09
vburckhardt
vburckhardt reviewed Apr 18, 2023
View reviewed changes
Copy link
Member

@vburckhardt vburckhardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Double checking this PR - I do not see any moved block to ensure backward compatibility. At the same time, we definitely now that address references would change in the state file from the code in this PR.

The tests are not failing because security group is not created in the default example - hense the security group logic is not exercises.

Could you update the default example to get the module to create a new security group. I suspect that's where we'll see that the change is not backward compatible.

@vburckhardt vburckhardt self-requested a review April 18, 2023 16:12
@vburckhardt vburckhardt dismissed their stale review April 18, 2023 16:13

See my comment - found a potential issue when double checking the PR code.

@mounika-nalla
Copy link
Contributor Author

@vburckhardt From my tests, I believe usage of moved blocks is not possible here.

the blocks changed are:

from = ibm_is_security_group.security_group[load_balancer.security_group.name]
 to   = module.security_group_rules[load_balancer.security_group.name]

For the above block, we are required to use a static value instead of load_balancer.security_group.name and since we are not using any default values, the error - A single static variable reference is required: only attribute access and indexing with constant keys is returned

and for the below block, since we are changing from a resource to a module, I’m getting the below noted errors

# error in the below line - Unexpected extra operators after address 
  from = ibm_is_security_group.security_group["test-sgr"].id
# error in the below line - Resource specification must include a resource type and name.
  to   = module.security_group_rules["test-sgr"].security_group_id

Please advise if my understanding is incorrect.

Also, adding the below module call in default example to call the security_group module to create a new security group ran without any compatibility issues. The upgrade test did not complain about any errors.

module "security_group_rules1" {
  source                       = "git::https://github.com/terraform-ibm-modules/terraform-ibm-security-group.git?ref=v1.0.0"
  add_ibm_cloud_internal_rules = var.security_group1.add_ibm_cloud_internal_rules
  security_group_name          = var.security_group1.name
  security_group_rules         = var.security_group1.rules
  resource_group               = local.resource_group_id
  vpc_id                       = module.slz_vpc.vpc_id
}

@vburckhardt
Copy link
Member

@mounika-nalla - Thanks. I'd suggest going with a script that is made available in the repository to migrate the state. We can then get the release notes to point to the script. The script would

  1. fetch the list of sg rules
  2. fetch the list of sg
  3. use the terraform mv state commands to migrate the state.

See also terraform-ibm-modules/terraform-ibm-landing-zone#253 (comment) for something conceptually equivalent.

We could have another script as well that use the corresponding schematics mv commands for users using IBM Cloud Schematics. I would name the script migrate_state_currentversion_targetversion.sh and put them in a "migrate" directly in the repo.

@ocofaigh
Copy link
Member

@mounika-nalla what is the latest with this PR?

ocofaigh
ocofaigh reviewed Jul 20, 2023
View reviewed changes
Copy link
Member

@ocofaigh ocofaigh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Won't this need moved blocks to prevent a breaking change?

@mounika-nalla
Copy link
Contributor Author

Won't this need moved blocks to prevent a breaking change?

We have created a script to manage the state changes as per Vincent's comments above. Using moved blocks is not possible here as we are moving away from using a resource to an attribute.

@ocofaigh
Copy link
Member

@mounika-nalla Ah ok yes - where is the script?

@mounika-nalla
Copy link
Contributor Author

Its here - migrate/tf_state_migration.sh

@ocofaigh
Copy link
Member

ocofaigh commented Jul 21, 2023
edited
Loading

@mounika-nalla What about schematics users? We will need a script to migrate schematics state too, similar to https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/extend-output/migration/schematics_migration_v4.4.0_to_v5.0.0.sh

@vburckhardt We need to figure out how to handle this in the SLZ VSI DA that consumes this module. How will a consumer of a DA via projects know they will need to migrate state. Do we bump the major version and document it in cloud docs?

@MatthewLemmond
Copy link
Member

/run pipeline

@MatthewLemmond
Copy link
Member

/run pipeline

@jor2
Copy link
Member

jor2 commented Oct 4, 2023

/run pipeline

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ocofaigh ocofaigh ocofaigh left review comments

@vburckhardt vburckhardt Awaiting requested review from vburckhardt

At least 1 approving review is required to merge this pull request.

Assignees

@MatthewLemmond MatthewLemmond

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Leverage https://github.com/terraform-ibm-modules/terraform-ibm-security-group
5 participants
@mounika-nalla @ocofaigh @vburckhardt @MatthewLemmond @jor2