Error updating Firewall. Invalid IP protocol specification

ameyaptk · July 25, 2020, 12:09am

I’ve the following module that configures a firewall rule resource in GCP using Terraform.

 5 resource "google_compute_firewall" "firewall_rule" {
  6   name    = "${var.name}"
  7   network = "${var.network}"
  8   project = "${var.project}"
  9   priority = "${var.priority}"
 10   direction = "${var.direction}"
 11 # enable_logging = "${var.enable_logging}"
 12   source_ranges = "${var.source_ranges}"
 13   allow {
 14     protocol = "${length(var.allow_tcp_ports) > 0 ? "tcp" : ""}"
 15     ports = "${var.allow_tcp_ports}"
 16   }
 17
 18   allow {
 19     protocol = "${length(var.allow_udp_ports) > 0 ? "udp" : ""}"
 20     ports = "${var.allow_udp_ports}"
 21   }
 22
 23   allow {
 24     protocol = "${var.allow_other_protocols}"
 25   }
 26
 27 }

Lines 14 and 19 assign the value “tcp” or “udp” to variable protocol depending on which list is defined. (It checks the length of the list and if it is > 0 i.e ports are present, then the corresponding protocol is assigned.)

Here is the plan-

# module.firewall_rule_18.google_compute_firewall.firewall_rule will be created
  + resource "google_compute_firewall" "firewall_rule" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = "INGRESS"
      + id                 = (known after apply)
      + name               = "test_rule"
      + network            = "test-vpc"
      + priority           = 1000
      + project            = "proj-12345"
      + self_link          = (known after apply)
      + source_ranges      = [
          + "10.10.0.0/24",
        ]

      + allow {
          + ports    = [
              + "1433",
            ]
          + protocol = "tcp"
        }
      + allow {
          + ports = []
        }
    }

Per the API documentation, the protocol variable (allowed[].IPProtocol) is of type string. However, when I apply the plan, it throws out the error below.

Error: Error updating Firewall "test_rule": googleapi: Error 400: Invalid value for field 'resource.allowed[0].IPProtocol': ''. Invalid IP protocol specification., invalid on ../../../modules/firewall/firewall-allow/main.tf line 5, in resource "google_compute_firewall" "firewall_rule":
   5: resource "google_compute_firewall" "firewall_rule" {

Fwiw, this used to work before without any issues. Now, not so much. Am I missing anything?

TF version

terraform -v
Terraform v0.12.0

Your version of Terraform is out of date! The latest version
is 0.12.29. You can update by downloading from www.terraform.io/downloads.html

Topic		Replies	Views
Data source for google_compute_firewall Terraform	3	1400	November 24, 2021
Terraform dynamic blocks in modules Google	1	2373	October 19, 2023
Google Cloud - google_compute_firewall Google	3	1810	November 19, 2021
Reusing terraform modules Google	0	1229	August 8, 2021
Terraform create new firewall rule Google hcp-terraform	0	329	December 6, 2022

Error updating Firewall. Invalid IP protocol specification

Related topics