[BUG] - Newly created VM is not reachable from the web

[nawarian]

Describe the bug

Whenever I create a VM instance and assign it a port with a public ip attached and security groups configured, it doesn't become reachable on the web.

To Reproduce

main.tf file for reproducing this issue

Use the following file to reproduce the issue:

variable "mgc_api_key" {
  type = string
  description = "API Key for authentication"
}

variable "ssh_pub_key_path" {
  type = string
  description = "Path to the ssh public key that will be uploaded to the VM"
}

terraform {
  required_providers {
    mgc = {
      source = "registry.terraform.io/MagaluCloud/mgc"
      version = "0.32.2"
    }
  }
}

provider "mgc" {
  api_key = var.mgc_api_key
  region = "br-se1"
}

resource "mgc_network_vpcs" "test_vpc" {
  name = "test-vpc"
  description = "test vpc so I can check public ip assignments"
}

resource "mgc_network_public_ips" "test_public_ip" {
  vpc_id = mgc_network_vpcs.test_vpc.id
  description = "my test public ip" 
}

resource "mgc_network_vpcs_interfaces" "vpc_iface" {
  vpc_id = mgc_network_vpcs.test_vpc.id

  name = "test-vpc-iface"

  depends_on = [
    mgc_network_vpcs_subnets.my_ipv4_subnet,
  ]
}

resource "mgc_network_security_groups" "onefiletest_security_group" {
  name = "onefiletest-sg1"
  description = "My test sg"
  disable_default_rules = false
}

resource "mgc_network_security_groups_rules" "allow_incoming_ssh_ipv4" {
  description = "Allow incoming SSH traffic"
  direction = "ingress"
  ethertype = "IPv4"
  protocol = "tcp"
  remote_ip_prefix = "0.0.0.0/0"
  port_range_min = 22
  port_range_max = 22

  security_group_id = mgc_network_security_groups.onefiletest_security_group.id
}

resource "mgc_network_security_groups_attach" "attach_sg_iface" {
  security_group_id = mgc_network_security_groups.onefiletest_security_group.id
  interface_id = mgc_network_vpcs_interfaces.vpc_iface.id
}

resource "mgc_network_public_ips_attach" "attach_public_ip_to_iface" {
  public_ip_id = mgc_network_public_ips.test_public_ip.id
  interface_id = mgc_network_vpcs_interfaces.vpc_iface.id
}

resource "mgc_network_subnetpools" "main_subnetpool" {
  cidr = "172.26.0.0/16"
  name = "test-subnetpool"
  description = "used for testing purposed"
  type = "pip"
}

resource "mgc_network_vpcs_subnets" "my_ipv4_subnet" {
  cidr_block = "172.26.0.0/16"
  description = "My Ipv4 public subnet"
  dns_nameservers = ["8.8.8.8", "8.8.4.4"]
  ip_version = "IPv4"
  name = "test-ipv4-subnet"
  subnetpool_id = mgc_network_subnetpools.main_subnetpool.id
  vpc_id = mgc_network_vpcs.test_vpc.id
}

resource "mgc_ssh_keys" "test_ssh_key" {
  name = "test_ssh_key"
  key = file(var.ssh_pub_key_path)
}

resource "mgc_virtual_machine_instances" "my_test_instance" {
  name = "my-test-instance"
  machine_type = "BV1-1-10"
  image = "cloud-ubuntu-24.04 LTS"
  ssh_key_name = mgc_ssh_keys.test_ssh_key.name
  vpc_id = mgc_network_vpcs.test_vpc.id
}

resource "mgc_virtual_machine_interface_attach" "attach_vpc_iface" {
  instance_id = mgc_virtual_machine_instances.my_test_instance.id
  interface_id = mgc_network_vpcs_interfaces.vpc_iface.id
}

Steps to reproduce the behavior:

1. Copy the main.tf example file provided above
2. Run terraform init
3. Run terraform apply and provide its variable values accordingly
4. The VM is created but not reachable

Some clues that might help finding the issue

1. The VM creation already creates a network interface and marks it with primary = true
2. After creating the mgc_network_vpcs_interfaces.vpc_iface resource, the VM has now two network interfaces with primary = true set
3. The cloud console doesn't show the public ip associated with the machine until I manually delete the default network interface via mgc-cli
4. Deleting the default network interface has no effect - I still can't reach it
5. When listing public ips on the cloud console, the newly created address doesn't show an associated VM with it

Expected behavior

The newly created VM should have only one network interface, which was defined by main.tf. Associating this interface with a public ip and correctly configuring security groups should make them reachable from the web.

Desktop (please complete the following information):

• OS: Debian GNU/Linux
• Version 12
• mgccli v0.34.1
• mgc terraform provider: v0.32.2

Additional context

Some screenshots illustrating what I've seen here:

mgccli shows the newly created instance has two network interfaces

VM is not reachable even after deleting the default network interface

Public IPs don't show association with any VM, even after deleting the default network iface

VM listing shows the public ip association, but is unreachable nonetheless

[publi0]

Hi @nawarian, thank you so much for your report – always so detailed and helpful as usual!

After analyzing the case, we identified some edge cases that shouldn't occur, such as deleting the primary interface. However, the main issue regarding the connection to the VM seems to be related to your tenant. For this reason, we'd like to ask you to create a ticket through our portal so that our Customer Success team can investigate the issue in more depth.

Please use the following link to create the ticket:
https://help.magalu.cloud/hc/pt-br/requests/new

When filling out the ticket, please use the following guidelines:

• What do you need help with?
  Technical issues
• Services
  Virtual Machines
• What do you want to discuss?
  Connecting to the VM - SSH

Internally, I will link your ticket with our initial investigation, which should help streamline the process.

Thanks again, and feel free to reach out if you have any questions!