Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Firewall NAT rule expecting string errors #1333

Open
scottmack11 opened this issue Aug 17, 2023 · 2 comments
Open

Firewall NAT rule expecting string errors #1333

scottmack11 opened this issue Aug 17, 2023 · 2 comments
Labels
kind/bug Some behavior is incorrect or out of spec

Comments

@scottmack11
Copy link

scottmack11 commented Aug 17, 2023

What happened?

Version currently using: 5.48.1
Version upgraded from: 5.19.0

NAT rules started failing to deploy as destinationPorts has changed from string[] to string

["443"] has been changed to "443". However after making this change I get the following error instead:

azure:network/firewallPolicyRuleCollectionGroup:FirewallPolicyRuleCollectionGroup::DNATPolicyRuleCollectionGroup's instance state: could not read field nat_rule_collection: '' expected type 'string', got unconvertible type '[]interface {}', value: '[443]'

export const CreateDNATRules = (firewallpolicy: string, firewallpublicip: string, privateip: string) => {
    const GlobalFirewallPolicyRuleCollectionGroup = new 
        azure.network.FirewallPolicyRuleCollectionGroup("DNATPolicyRuleCollectionGroup", {
            name: "DevDNATRules",
            firewallPolicyId: firewallpolicy,
            priority: 200,
            natRuleCollections: [{
                name: "nat_rule_collection",
                priority: 100,
                action: "Dnat",
                rules: [{
                    name: "nat_rule_collection",
                    protocols: [
                        "TCP",
                        "UDP",
                    ],
                    sourceAddresses: [
                        "*"
                    ],
                    destinationAddress: firewallpublicip,
                    destinationPorts: "443",
                    translatedAddress: privateip,
                    translatedPort: 443,
            }],
        }]
    })
};

Expected Behavior

NAT rule would be succesfully created as im passing in a string value

Steps to reproduce

Try to create a NAT rule specifying a port number for azure firewall

Output of pulumi about

CLI
Version 3.76.0
Go Version go1.20.6
Go Compiler gc

Plugins
NAME VERSION
azure 5.48.1
azure 5.44.1
azuread 5.38.0
kubernetes 3.30.1
nodejs unknown
random 4.13.2

Host
OS Microsoft Windows 11 Pro
Version 10.0.22621 Build 22621
Arch x86_64

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

@scottmack11 scottmack11 added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels Aug 17, 2023
@rquitales
Copy link
Member

Hello @scottmack11,

I apologize for the inconvenience you're experiencing. I understand that you're encountering an error, but I'm unable to replicate it on my end. To assist you more effectively, here are the steps I've taken to try reproducing the error:

  1. I created a new FirewallPolicyRuleCollectionGroup using pulumi-azure version 5.19.0 with destinationPorts: ["443"].
  2. I upgraded to pulumi-azure version 5.48.1.
  3. I performed a simple pulumi up and encountered the expected typescript compilation type error where []string should now be just string.
  4. I updated destinationPorts: "443" to correct the type.
  5. I ran pulumi up, and it worked as expected, with no changes required
  6. I added another FirewallPolicyRuleCollectionGroup and re-ran pulumi up and still did not encounter any issues

Considering these steps, I suggest trying the following to see if it helps resolve your situation:

  1. Run pulumi refresh before attempting an update.
  2. Provide additional details about the steps you've taken and any specific configurations you're using. This information might help us better understand the root cause of the error.

@rquitales rquitales removed the needs-triage Needs attention from the triage team label Aug 17, 2023
@scottmack11
Copy link
Author

scottmack11 commented Aug 18, 2023

Hi @rquitales

Just tested again on my side after refreshing and trying again - still getting the same error. I've managed to boil it down to a state issue - refreshing the stack doesnt update the the destinationPorts from string[] to string so I've had to go in and manually update state by hand on both inputs and outputs. After changing those references I can successfully preview the stack

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Some behavior is incorrect or out of spec
Projects
None yet
Development

No branches or pull requests

2 participants