Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

After restore consul state terraform do not track policy state and trying recreate it from scratch and fails #417

Open
garry-t opened this issue Oct 7, 2024 · 0 comments
Open

After restore consul state terraform do not track policy state and trying recreate it from scratch and fails #417

garry-t opened this issue Oct 7, 2024 · 0 comments

Comments

@garry-t
Copy link

garry-t commented Oct 7, 2024

Hi there,

After consul run consul snapshot restore backup.snap I expect that rerun plan will not trigger any resource changes

Terraform Version

Terraform v1.6.6
on darwin_arm64

+ provider registry.terraform.io/hashicorp/consul v2.20

Affected Resource(s)

Please list the resources as a list, for example:

  • consul_acl_token
  • consul_acl_policy

Terraform Configuration Files

resource "consul_acl_policy" "test" {
  name  = "service_test"
  rules = <<-RULE
    agent_prefix "test" {
      policy = "write"
    }

    agent_prefix "${var.platform_env}-test" {
      policy = "write"
    }
    RULE
}
resource "consul_acl_token" "test" {
  description = "Token for test"
  policies    = [consul_acl_policy.test.name]
  local       = false # valid in all DCs
}

Debug Output

2024-10-07T14:37:34.102+0200 [DEBUG] Resource state not found for node "consul_acl_policy.test", instance consul_acl_policy.test
2024-10-07T14:37:34.102+0200 [DEBUG] Resource state not found for node "data.consul_acl_token_secret_id.test", instance data.consul_acl_token_secret_id.test
2024-10-07T14:37:34.102+0200 [DEBUG] Resource state not found for node "consul_acl_token.test", instance consul_acl_token.test

Panic Output

n/a

Expected Behavior

After consul run consul snapshot restore backup.snap I expect that rerun plan will not trigger any resource changes.

Actual Behavior

In some reason policy always recreates after cluster restore state.
If I run
terraform state show consul_acl_policy.test it will print me policy in state file.

Steps to Reproduce

consul 1.11.4

  1. Take cluster snapshot
  2. Restore state to another consul cluster
  3. Point your project to a new consul cluster
  4. Run terraform plan

Possible reason

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # consul_acl_policy.test has been deleted
  - resource "consul_acl_policy" "test" {
        id          = "38110fd9-47e3-434a-2fb0-59e5cc0bb743"
      - name        = "service_test" -> null
        # (2 unchanged attributes hidden)
    }

  # consul_acl_token.test has been deleted
  - resource "consul_acl_token" "test" {
      - id          = "05c3a262-9e96-2d67-cc42-8530837898a3" -> null
        # (5 unchanged attributes hidden)
    }

Elaborate this behaviour, please.

Important Factoids

consul bootstrap with ACL
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@garry-t