VPC disable_outbound_traffic_protection flag condition #6389
Description
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform CLI and Terraform IBM Provider Version
Affected Resource(s)
- ibm_container_vpc_cluster.cluster
Terraform Configuration Files
To create our VPC and ROKS clusters, we use the ocp-all-inclusive-module which uses terraform-ibm-modules/base-ocp-vpc release 3.48.3.
The secure by default is not enabled in Our ROKS clusters. However, if we change the value of the variable disable_outbound_traffic_protection from true to false or fromfalse to true, we are getting the following error:
2025/07/22 22:57:28 Terraform apply | Error: Request failed with status code: 400, ServerErrorResponse: {"incidentID":"0956d9f3-8b18-4108-9b31-3a14e2a3ba7e","code":"E6002","description":"This operation is only supported on a VPC Secure By Default cluster.","type":"General"}
If we reapply the changes, the error disappears.
We think that the error is caused by the following line in the IBM provider:
Once the value
disable_outbound_traffic_protection (DisableOutboundTrafficProtectionFlag) changes, the function SetOutboundTrafficProtection even if secure by default is set to null.
Debug Output
Panic Output
Expected Behavior
Actual Behavior
Steps to Reproduce
terraform apply
Important Factoids
References
- #0000