Open
Description
What happened?
resource "hcloud_primary_ip" "nat_vpn_gateway_public_ip" {
type = "ipv4"
name = "nat_vpn_gateway_public_ip"
datacenter = "nbg1-dc3"
auto_delete = false
assignee_type = "server"
delete_protection = true
}
resource "hcloud_firewall" "nat_vpn_gateway_firewall" {
name = "nat-gateway-firewall"
}
resource "hcloud_server" "nat_vpn_gateway" {
name = "nat-vpn-gateway"
server_type = "cax11"
image = "ubuntu-24.04"
datacenter = "nbg1-dc3"
firewall_ids = [hcloud_firewall.nat_vpn_gateway_firewall.id]
public_net {
ipv4_enabled = true
ipv4 = hcloud_primary_ip.nat_vpn_gateway_public_ip.id
ipv6_enabled = false
}
delete_protection = true
rebuild_protection = true
shutdown_before_deletion = true
}
While above code correctly creates a public IP and assigns it to the server, running "tofu plan -refresh-only" will detect below drift.
# hcloud_firewall.nat_vpn_gateway_firewall has changed
│ ~ resource "hcloud_firewall" "nat_vpn_gateway_firewall" {
│ id = "2003008"
│ name = "nat-gateway-firewall"
│ # (1 unchanged attribute hidden)
│
│ + apply_to {
│ + server = 61815540
│ }
│
│ # (7 unchanged blocks hidden)
│ }
│
│ # hcloud_primary_ip.nat_vpn_gateway_public_ip has changed
│ ~ resource "hcloud_primary_ip" "nat_vpn_gateway_public_ip" {
│ ~ assignee_id = 0 -> 61815540
│ id = "84896341"
│ name = "nat_vpn_gateway_public_ip"
│ # (7 unchanged attributes hidden)
│ }
What did you expect to happen?
hcloud_firewall.nat_vpn_gateway_firewall.apply_to should have been changed by the given code and not in the cloud. This way it wouldn't show as a drift.
Please provide a minimal working example
See first section