From bbedb7880a408062828b3fcf3bd022ba93cfae38 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Conall=20=C3=93=20Cofaigh?= <ocofaigh@ie.ibm.com>
Date: Mon, 10 Jun 2024 16:38:03 +0100
Subject: [PATCH] fix: fix bug around `disable_outbound_traffic_protection`
 value (#452)

---
 main.tf | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index 986d0fb7..896ab1ce 100644
--- a/main.tf
+++ b/main.tf
@@ -48,6 +48,9 @@ locals {
   # attach_ibm_managed_security_group is false and custom_security_group_ids is not set => default behavior, so set to null
   # attach_ibm_managed_security_group is false and custom_security_group_ids is set => only use the custom security group ids
   cluster_security_groups = var.attach_ibm_managed_security_group == true ? (var.custom_security_group_ids == null ? null : concat(["cluster"], var.custom_security_group_ids)) : (var.custom_security_group_ids == null ? null : var.custom_security_group_ids)
+
+  # for versions older than 4.15, this value must be null, or provider gives error
+  disable_outbound_traffic_protection = local.ocp_version == "4.12_openshift" || local.ocp_version == "4.13_openshift" || local.ocp_version == "4.14_openshift" ? null : var.disable_outbound_traffic_protection
 }
 
 # Lookup the current default kube version
@@ -101,7 +104,7 @@ resource "ibm_container_vpc_cluster" "cluster" {
   operating_system                    = var.operating_system
   disable_public_service_endpoint     = var.disable_public_endpoint
   worker_labels                       = local.default_pool.labels
-  disable_outbound_traffic_protection = var.disable_outbound_traffic_protection
+  disable_outbound_traffic_protection = local.disable_outbound_traffic_protection
   crk                                 = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.crk
   kms_instance_id                     = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.kms_instance_id
   kms_account_id                      = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.kms_account_id
@@ -168,7 +171,7 @@ resource "ibm_container_vpc_cluster" "autoscaling_cluster" {
   operating_system                    = var.operating_system
   disable_public_service_endpoint     = var.disable_public_endpoint
   worker_labels                       = local.default_pool.labels
-  disable_outbound_traffic_protection = var.disable_outbound_traffic_protection
+  disable_outbound_traffic_protection = local.disable_outbound_traffic_protection
   crk                                 = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.crk
   kms_instance_id                     = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.kms_instance_id
   kms_account_id                      = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.kms_account_id