Comments (11)
if I explicitly include the attributes that being call out in the debug log into the HCL configuration, terraform plan no longer complaining
See reference below for two additional attributes certificate_configuration
and locations
resource "awscc_gamelift_fleet" "example" {
name = "TFExampleFleet"
build_id = awscc_gamelift_build.example.id
compute_type = "EC2"
ec2_instance_type = "c5.large"
fleet_type = "ON_DEMAND"
certificate_configuration = {
certificate_type = "DISABLED"
}
locations = [{
location = "us-east-1",
}]
runtime_configuration = {
server_processes = [
{
concurrent_executions = 1
launch_path = "/local/game/gamelift-test-app"
parameters = "port:1936 gameSessionLengthSeconds:20"
},
]
}
}
from terraform-provider-awscc.
These are the properties any of which will force recreation if Terraform detects a change:
"createOnlyProperties": [
"/properties/ApplyCapacity",
"/properties/BuildId",
"/properties/CertificateConfiguration",
"/properties/EC2InstanceType",
"/properties/FleetType",
"/properties/InstanceRoleARN",
"/properties/InstanceRoleCredentialsProvider",
"/properties/LogPaths",
"/properties/PeerVpcAwsAccountId",
"/properties/PeerVpcId",
"/properties/ScriptId",
"/properties/ServerLaunchParameters",
"/properties/ServerLaunchPath",
"/properties/CertificateType",
"/properties/ComputeType"
],
from terraform-provider-awscc.
The root cause of the issue with Locations
is discussed (at length) here: https://discuss.hashicorp.com/t/dealing-with-unordered-sets-of-complex-objects-setnestedattribute-with-computed-attributes/61874.
Locations
is a list of objects that include Computed/Optional
attributes and because the underlying array is marked with "insertionOrder": false
we have the same problems as described with TypeSet
s.
Explicitly adding all attributes that are returned with defaults should work around this.
from terraform-provider-awscc.
might be related to similar issue on #983, @novekm are you able to compare the resource using AWS CLI vs HCL config and Terraform State ?
from terraform-provider-awscc.
Debug logs seems to indicate that certain attribute has changed
2024-02-13T02:52:25.073Z [DEBUG] provider.terraform-provider-awscc_v0.70.0_x5: Detected value change between proposed new state and prior state: tf_rpc=PlanResourceChange @caller=github.com/hashicorp/[email protected]/internal/fwserver/server_planresourcechange.go:186 tf_attribute_path=certificate_configuration tf_resource_type=awscc_gamelift_fleet tf_req_id=deca06f2-3217-dfc1-26d1-862bca62ec94 @module=sdk.framework tf_provider_addr=registry.terraform.io/hashicorp/awscc timestamp=2024-02-13T02:52:25.073Z
In specific the attribute in question is : certificate_configuration
from terraform-provider-awscc.
CCAPI output for comparison:
[cloudshell-user@ip-10-134-89-87 ~]$ aws cloudcontrol get-resource --type-name AWS::GameLift::Fleet --identifier fleet-0e4de04b-25bc-4840-a5a6-4a8d3a8a8d7e
{
"TypeName": "AWS::GameLift::Fleet",
"ResourceDescription": {
"Identifier": "fleet-0e4de04b-25bc-4840-a5a6-4a8d3a8a8d7e",
"Properties": "{\"ServerLaunchParameters\":\"port:1936 gameSessionLengthSeconds:20\",\"FleetType\":\"ON_DEMAND\",\"EC2InboundPermissions\":[{\"IpRange\":\"70.127.195.133/32\",\"FromPort\":8101,\"ToPort\":8999,\"Protocol\":\"UDP\"},{\"IpRange\":\"70.127.195.133/32\",\"FromPort\":22,\"ToPort\":22,\"Protocol\":\"TCP\"}],\"Locations\":[{\"Location\":\"us-west-2\"}],\"NewGameSessionProtectionPolicy\":\"NoProtection\",\"ComputeType\":\"EC2\",\"RuntimeConfiguration\":{\"ServerProcesses\":[{\"ConcurrentExecutions\":1,\"Parameters\":\"port:1936 gameSessionLengthSeconds:20\",\"LaunchPath\":\"/local/game/gamelift-test-app\"}],\"MaxConcurrentGameSessionActivations\":2147483647,\"GameSessionActivationTimeoutSeconds\":30},\"LogPaths\":[],\"Name\":\"TFExampleFleet\",\"ServerLaunchPath\":\"/local/game/gamelift-test-app\",\"MetricGroups\":[\"default\"],\"BuildId\":\"build-79fb6d85-70e9-4bb3-b484-0481e0b171ca\",\"FleetId\":\"fleet-0e4de04b-25bc-4840-a5a6-4a8d3a8a8d7e\",\"EC2InstanceType\":\"c5.large\",\"CertificateConfiguration\":{\"CertificateType\":\"DISABLED\"}}"
}
}
from terraform-provider-awscc.
As of my testing today, it looks like you have to also explicitly define the location_capacity
(another optional value) or it again states the resource must be force recreated. I thought this could potentially be a provider version issue, but same happens on v0.66.0 as well as v0.70.0.
My new config looks like this and does not cause force recreation:
resource "awscc_gamelift_fleet" "example" {
name = "TFExampleFleet"
build_id = awscc_gamelift_build.example.id
compute_type = "EC2"
ec2_instance_type = "c5.large"
fleet_type = "ON_DEMAND"
# description = "hi"
runtime_configuration = {
server_processes = [
{
concurrent_executions = 1
launch_path = "/local/game/gamelift-test-app"
parameters = "port:1936 gameSessionLengthSeconds:20"
},
]
}
ec2_inbound_permissions = [
{
from_port : 8101,
ip_range : "70.127.195.133/32",
protocol : "UDP",
to_port : 8999
},
{
from_port : 22,
ip_range : "70.127.195.133/32",
protocol : "TCP",
to_port : 22
},
]
locations = [{
location = "us-west-2",
location_capacity = {
desired_ec2_instances = 1
max_size = 1
min_size = 0
}
}]
certificate_configuration = {
certificate_type = "DISABLED"
}
}
Which gives the following when running terraform plan
:
Terraform will perform the following actions:
# awscc_iam_role.example will be updated in-place
~ resource "awscc_iam_role" "example" {
~ assume_role_policy_document = jsonencode( # whitespace changes
{
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "gamelift.amazonaws.com"
}
},
]
Version = "2012-10-17"
}
)
id = "gamelift-s3-access"
+ permissions_boundary = (known after apply)
+ policies = (known after apply)
tags = [
{
key = "Modified By"
value = "AWSCC"
},
{
key = "Environment"
value = "Development"
},
]
# (7 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
I thought that adding the (optional) values locations
and certificate_configuration
would be a temporary solution, however when making changes to another optional value such as description
, terraform plan
shows that it again must be destroyed and recreated. See the below for the new config/plan
TF Config (with optional description added)
resource "awscc_gamelift_fleet" "example" {
name = "TFExampleFleet"
build_id = awscc_gamelift_build.example.id
compute_type = "EC2"
ec2_instance_type = "c5.large"
fleet_type = "ON_DEMAND"
description = "hi"
runtime_configuration = {
server_processes = [
{
concurrent_executions = 1
launch_path = "/local/game/gamelift-test-app"
parameters = "port:1936 gameSessionLengthSeconds:20"
},
]
}
ec2_inbound_permissions = [
{
from_port : 8101,
ip_range : "70.127.195.133/32",
protocol : "UDP",
to_port : 8999
},
{
from_port : 22,
ip_range : "70.127.195.133/32",
protocol : "TCP",
to_port : 22
},
]
locations = [{
location = "us-west-2",
location_capacity = {
desired_ec2_instances = 1
max_size = 1
min_size = 0
}
}]
certificate_configuration = {
certificate_type = "DISABLED"
}
}
The subsequent terraform plan
shows the following:
Terraform will perform the following actions:
# awscc_gamelift_fleet.example must be replaced
-/+ resource "awscc_gamelift_fleet" "example" {
+ anywhere_configuration = (known after apply)
+ apply_capacity = (known after apply) # forces replacement
+ description = "hi"
+ desired_ec2_instances = (known after apply)
~ fleet_id = "fleet-b5d0550c-6bbc-4dbd-bd84-a84e0b11f22e" -> (known after apply)
~ id = "fleet-b5d0550c-6bbc-4dbd-bd84-a84e0b11f22e" -> (known after apply)
+ instance_role_arn = (known after apply) # forces replacement
+ instance_role_credentials_provider = (known after apply) # forces replacement
+ log_paths = (known after apply) # forces replacement
+ max_size = (known after apply)
~ metric_groups = [
- "default",
] -> (known after apply)
+ min_size = (known after apply)
name = "TFExampleFleet"
~ new_game_session_protection_policy = "NoProtection" -> (known after apply)
+ peer_vpc_aws_account_id = (known after apply) # forces replacement
+ peer_vpc_id = (known after apply) # forces replacement
+ resource_creation_limit_policy = (known after apply)
~ runtime_configuration = {
~ game_session_activation_timeout_seconds = 30 -> (known after apply)
~ max_concurrent_game_session_activations = 2147483647 -> (known after apply)
# (1 unchanged attribute hidden)
}
+ scaling_policies = (known after apply)
+ script_id = (known after apply) # forces replacement
~ server_launch_parameters = "port:1936 gameSessionLengthSeconds:20" -> (known after apply)
~ server_launch_path = "/local/game/gamelift-test-app" -> (known after apply)
# (7 unchanged attributes hidden)
}
from terraform-provider-awscc.
CCAPI now returns additional nested attributes for locations
:
aws cloudcontrol get-resource --type-name AWS::GameLift::Fleet --identifier fleet-45e9501a-defc-49f8-8042-f61f8c2f402b | jq -r ".ResourceDescription.Properties" | jq "."
{
"ServerLaunchParameters": "port:1936 gameSessionLengthSeconds:20",
"FleetType": "ON_DEMAND",
"EC2InboundPermissions": [],
"Locations": [
{
"LocationCapacity": {
"MinSize": 0,
"DesiredEC2Instances": 1,
"MaxSize": 1
},
"Location": "us-east-1"
}
],
. . .
"CertificateConfiguration": {
"CertificateType": "DISABLED"
}
}
Which is why you have to include location_capacity
in your HCL. This also adds the location_capacity
in your terraform state if you try a new terraform apply.
Still not sure why we have to explicitly add this in the HCL config. @ewbankkit could you please give us some insights to this problem?
from terraform-provider-awscc.
@ewbankkit , make sense for the locations
since its a list of objects.
however we also encounter this problem with certificate_configuration
, I suspect that has different root cause?
from terraform-provider-awscc.
We believe there are two root cause issue here.
We dont know yet why certificate_configuration
triggers replacement and we'll investigate it separately on different GH issue.
Issue #1428 will focus solely on one of the root cause: unordered complex object with computed attributes.
from terraform-provider-awscc.
Closing this issue now, I can confirm that problem with unordered complex object is now fixed. This will address problem with locations
attribute.
I've opened separate issue to track problem when other mutating attributes trigger force replacement in #1497
from terraform-provider-awscc.
Related Issues (20)
- awscc_rds_db_cluster does not support aurora-postgresql engine due to forced backtrack_window HOT 1
- The plugin6.(*GRPCProvider).ConfigureProvider request was cancelled. HOT 1
- AWSCC provider now panics if 'optional' duration not set in assume-role HOT 1
- Resource `awscc_rds_db_instance` cannot create DB instance due to forced promotion_tier HOT 1
- Query on Support for Pod-Level Actions in EKS Clusters via AWS FIS HOT 4
- awscc_ecr_repository_creation_template: response fields are null after creation failing run HOT 1
- awscc_lightsail_database: Database deleted but provider returns an InvalidRequest error on destroy
- awscc_lightsail_instance: Perpetual changes on apply without config change, update does not complete HOT 1
- awscc_lightsail_certificate: Dummy resource description presumably obtained from CloudFormation schema HOT 2
- awscc_lightsail_alarm: Wrong description for the `monitored_resource_name` argument HOT 2
- awscc_autoscaling_auto_scaling_group - vpc_zone_identifer values order can triggers drift
- awscc_batch_scheduling_policy: weightfactor returned by CloudControl API doesn't match configuration/console HOT 1
- awscc_securityhub_configuration_policy: Creation fails with InvalidRequest even with all attrs/args provided HOT 2
- Add incrementalRunConfig to awscc_entityresolution_matching_workflow HOT 1
- awscc_ecr_repository_creation_template aws api return 400; The type 'AWS::ECR::RepositoryCreationTemplate' cannot be found. HOT 7
- Custom service endpoint configuration HOT 1
- Create Terraform for AWS APIs Related to Amazon QuickSight Export / Import Job(s) HOT 2
- When the tags in awscc_chatbot_slack_channel_configuration are not set,apply does not finish. HOT 4
- Build with Go v1.22.4
- awscc_sagemaker_domain stuck in modifying state on consecutive applies
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-awscc.