Size limitation on number of ips in myjfrog_ip_allowlist?

[nbaju1]

Describe the bug
Attempting to add ~3800 ips to existing allow list, with ~1000 ips, fails on apply with the following error:

╷
│ Error: failed to add IPs
│ 
│   with myjfrog_ip_allowlist.ip-allowlist,
│   on cdk.tf.json line 4189, in resource.myjfrog_ip_allowlist.ip-allowlist:
│ 4189:       }
│ 
│  - 
╵

I'm using the CDK to generate the resources, so no code to show. Plan output works without issues.

Terraform version 1.8.4
Provider version 1.0.0

Expected behavior
Append the new ips to the allow list.

[alexhung]

@nbaju1 Thanks for the report. I'll add validation to this attribute.

[alexhung]

@nbaju1 Per the limitations from the MyJFrog REST API documentation: https://jfrog.com/help/r/jfrog-rest-apis/get-platform-cloud-nat-ips, the combined CIDR list allows maximum of 2500 entries.

So you will likely encounter this issue before getting close to 2500 as you probably have other CIDRs already in your AWS environment.

[alexhung]

@nbaju1 Does the attribute contains all ~3800 ips? Or do you have ~3800 resource configurations, each with one ip? I'm trying to ascertain the actual failure, whether you are hitting the ips/cidr limits, or other failure (e.g. timeout/retry) from the REST API.

[nbaju1]

@alexhung One resource with all the ips.

[alexhung]

@nbaju1 In this case, even with a size validation on the ips attribute (2500) this error may still happens for you.

You can confirm this is an issue with the MyJFrog API by using the Add IP to Allowlist API directly. If error occurs, you should contact your JFrog customer support contact to open a support ticket.

[nbaju1]

I converted the list of ips into the smallest set of CIDR blocks possible which resulted in ~2800 CIDRs, which I was able to deploy. So the 2500 limit doesn't seem to be a hard limit.

[alexhung]

@nbaju1 Interesting. Looks like this is a MyJFrog API behavior.