-
Notifications
You must be signed in to change notification settings - Fork 9.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Terraform apply not idempotent for security groups #13966
Comments
Hi @SanchitBansal, Sorry you're having a problem here, but I'm not able to reproduce this issue with the config you've provided with Terraform 0.9.3 or the latest build. It may be related to the definition of Also, though I don't think it affects the issue, you don't need to add |
@jbardin : i am also facing this issue with |
@jbardin Sharing below the required configuration data "aws_subnet" "elb" {
vpc_id = "${var.vpc_id}"
filter {
name = "tag:role"
values = ["elb"]
}
filter {
name = "tag:az"
values = ["ap-south-1a"]
}
count = "${length(var.availability_zones)}"
depends_on = ["aws_subnet.public"]
} resource "aws_subnet" "public" {
vpc_id = "${var.vpc_id}"
cidr_block = "192.168.0.1/28"
availability_zone = "ap-south-1a"
tags {
Name = "dev-elb-public-1a-1"
role = "elb"
az = "ap-south-1a"
}
} |
Thanks @SanchitBansal, I was able to reproduce the error with the help of the added config . What's causing the error is actually the
Your cassandra config above also does not need the This is still a bug in terraform, as |
I am using terraform version
command output: |
Hi @shamimgeek, This is a different issue from the original attribute mismatch error. |
@jbardin I tried by removing depends_on block and working fine for now.. Actually in few cases terraform was not picking up the references by itself so I started defining dependencies in all configurations :) |
Glad it works! I'm actually going to keep this open because it led me to a reproduction case with a "diffs didn't match" error. |
@jbardin I'm having a related issue, and it seems to currently be by design. Every time I
Based on the docs it looks like Can you offer any insight into what the correct way to configure idempotent security groups would be? |
I believe I am seeing this in
If I start fresh, commenting out the |
…rces an unneeded update. hashicorp/terraform#13966
That's an interesting error too, which may be a provider issue, but I'll leave this here for now until we can investigate further. Extra notes: not only is the diff somehow getting the incorrect description field, but running apply again fails with an error that |
Terraform v0.10.8 I can confirm similar behavior as described by @kurron After my first plan and apply, with no changes to my TF files or the state of the resources in AWS:
Snippet from plan:
|
Terraform v0.10.8 I can also confirm this behavior. I have several It seems to be in the logic that creates the .tfstate on apply. While the description fields on each inbound rule are correctly applied in AWS, each resource has the same description value written to the .tfstate , so when we do a plan/apply, Terraform needs to change them. Terraform then incorrectly applies the same description to all the resources in the .tfstate again. |
There is a pr that addresses the state problem in the aws provider. |
The error I reopened this for has since been fixed, so closing it back out once and for all. |
Hello all, Sorry reopen this case, but I think I can help you a little bit more to reproduce this error. I have the same problem here. It's related with something involving Ingress descriptions when I've tried append multiple ingress roles with the same description. Sor some reason, when I've tried retry terraform apply, tfstate didn't read the previous change corretly. Hope it helps, |
Happens to me when a resource already exist which was not created by Terraform (same name). Instead of proceeding the TF fails. I have a "aws_security_group" which already exists, but in case it doesn't it needs to be created. Is it a correct behavior of TF? Or I can flag it to "skip if exists" somehow? |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Terraform Version
0.9.3
Affected Resource(s)
Terraform Configuration Files
Debug Output
https://gist.github.com/SanchitBansal/2683c645360b8ee31978cfa75e4d7abe
Panic Output
https://gist.github.com/SanchitBansal/3c034d8380ed4e0f6f7d089cf3164979
Expected Behavior
During first time "terraform apply", it launched the complete infra and I was expecting it to just refresh the state on second time "terraform apply". Means Terraform should execute smoothly in case of multiple "terraform apply"
Actual Behavior
During first time, it executed successfully but second time it gave me error related to security group difference did not match.
Steps to Reproduce
terraform apply
terraform apply
The text was updated successfully, but these errors were encountered: