fix: Consistent handling of cidr_blocks in *_with_ipv6_cidr_blocks helpers#354
Open
raman1236 wants to merge 1 commit into
Open
Conversation
…lpers When a user accidentally specifies cidr_blocks instead of ipv6_cidr_blocks in ingress_with_ipv6_cidr_blocks or egress_with_ipv6_cidr_blocks, the behavior was inconsistent: - Ingress: silently produced ipv6_cidr_blocks = [] (no-op rule) - Egress: appeared to work because var.egress_ipv6_cidr_blocks defaults to ["::/0"] The fix adds a fallback lookup for cidr_blocks when ipv6_cidr_blocks is not found in the rule map, making behavior consistent across both ingress and egress helpers (and their computed variants). Fixes terraform-aws-modules#352
raman1236
force-pushed
the
fix/ipv6-cidr-blocks-consistency
branch
from
6047646 to
0df7f3f
Compare
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes #352
When a user accidentally specifies
cidr_blocksinstead ofipv6_cidr_blocksin the*_with_ipv6_cidr_blockshelper variables, the behavior was inconsistent between ingress and egress:Before this fix:
ipv6_cidr_blocks = [](silent no-op, rule does nothing)ipv6_cidr_blocks = ["::/0"](appears to work, but only becausevar.egress_ipv6_cidr_blocksdefaults to["::/0"])Neither actually reads the user's
cidr_blocksvalue - the egress case only works by coincidence of the default.After this fix:
Both ingress and egress (and their computed variants) now fall back to looking up the
cidr_blockskey whenipv6_cidr_blocksis not found, before falling back to the module-level default. This makes the behavior consistent and prevents silent no-op rules.Changes
lookup(..., "cidr_blocks", ...)as fallback in theipv6_cidr_blocksattribute for:ingress_with_ipv6_cidr_blockscomputed_ingress_with_ipv6_cidr_blocksegress_with_ipv6_cidr_blockscomputed_egress_with_ipv6_cidr_blocks