Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Provider produced inconsistent plan for aws_eip / aws_nat_gateway #34268

Open
pdrastil opened this issue Nov 5, 2023 · 4 comments
Open
Labels
bug Addresses a defect in current functionality. service/ec2 Issues and PRs that pertain to the ec2 service. service/vpc Issues and PRs that pertain to the vpc service.

Comments

@pdrastil
Copy link

pdrastil commented Nov 5, 2023

Terraform Core Version

1.5.7

AWS Provider Version

5.24.0

Affected Resource(s)

  • aws_eip
  • aws_nat_gateway

Expected Behavior

When creating aws_eip and using them for secondary_allocation_ids in aw_nat_gateway, association ids are correctly resolved after creation. See terraform-aws-modules/terraform-aws-vpc#1005 with a sample code.

Actual Behavior

Provider fails to assign created EIPs on the first apply. Running apply again for the second time will correctly perform given action.

Relevant Error/Panic Output Snippet

│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for aws_nat_gateway.this[0] to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" changed the planned action from Update to DeleteThenCreate.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.


│ Error: Provider produced inconsistent final plan

│ When expanding the plan for aws_nat_gateway.this[0] to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" produced an invalid new value for
│ .secondary_private_ip_address_count: was known, but now unknown.

│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for aws_nat_gateway.this[0] to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" produced an invalid new value for .network_interface_id:
│ was known, but now unknown.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.


│ Error: Provider produced inconsistent final plan

│ When expanding the plan for aws_nat_gateway.this[0] to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" produced an invalid new value for .id: was known, but now
│ unknown.

│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for aws_nat_gateway.this[0] to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" produced an invalid new value for .public_ip: was known,
│ but now unknown.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.


│ Error: Provider produced inconsistent final plan

│ When expanding the plan for aws_nat_gateway.this[0] to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" produced an invalid new value for
│ .secondary_private_ip_addresses: was known, but now unknown.

│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for aws_nat_gateway.this[0] to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" produced an invalid new value for .association_id: was
│ known, but now unknown.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.


│ Error: Provider produced inconsistent final plan

│ When expanding the plan for aws_nat_gateway.this[0] to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" produced an invalid new value for .private_ip: was known,
│ but now unknown.

│ This is a bug in the provider, which should be reported in the provider's own issue tracker.

Terraform Configuration Files

You can clone https://github.com/pdrastil/terraform-aws-vpc/tree/feature/nat-secondary-ips

test.auto.tfvars

name = "nat-test"
cidr = "10.0.0.0/16"
azs = ["us-east-1a", "us-east-1b", "us-east-1c"]
enable_nat_gateway     = true
single_nat_gateway     = false
one_nat_gateway_per_az = true
public_subnets         = ["10.0.0.0/19", "10.0.32.0/19", "10.0.64.0/19"]
private_subnets        = ["10.0.128.0/19", "10.0.160.0/19", "10.0.192.0/19"]
# Variable that triggers the behaviour
secondary_nat_ips      = 0

Steps to Reproduce

  • Clone fork of terraform-aws-vpc module mentioned above
  • Supply provided test.auto.tfvars
  • Run terraform apply with secondary_nat_ips = 0
  • Change secondary_nat_ips = 1
  • Run terraform apply again to invoke the issue

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

Would you like to implement a fix?

No

@pdrastil pdrastil added the bug Addresses a defect in current functionality. label Nov 5, 2023
Copy link

github-actions bot commented Nov 5, 2023

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added service/ec2 Issues and PRs that pertain to the ec2 service. service/vpc Issues and PRs that pertain to the vpc service. labels Nov 5, 2023
@terraform-aws-provider terraform-aws-provider bot added the needs-triage Waiting for first response or review from a maintainer. label Nov 5, 2023
@justinretzolk justinretzolk removed the needs-triage Waiting for first response or review from a maintainer. label Nov 7, 2023
@flaviomoringa
Copy link

@pdrastil Hi, is there any work being done for this ticket?
I'm using 5.65.0 and I'm getting this.

Also when it finally works, the natgw is deleted and re-recreated instead of just updated (using the aws UI it just updates the current NATGW with no need to delete and recreate).

This has been a really pain to understand. I've tried using the terraform-aws-vpc oficial module where I added the efforts tried here: https://github.com/terraform-aws-modules/terraform-aws-vpc/pull/1109/files but same error.

Can you help us please? Might there be some issue with the secondary_allocation_ids variable in https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/nat_gateway ?

Thanks

@pdrastil
Copy link
Author

pdrastil commented Sep 4, 2024

@flaviomoringa Hi, no I'm not working on this. I just wrote bug report with this behaviour.

@jeremyweber72
Copy link

@pdrastil - I believe this is the same as #33964

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Addresses a defect in current functionality. service/ec2 Issues and PRs that pertain to the ec2 service. service/vpc Issues and PRs that pertain to the vpc service.
Projects
None yet
Development

No branches or pull requests

4 participants