-
Notifications
You must be signed in to change notification settings - Fork 9.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: "registry.terraform.io/hashicorp/aws" produced an invalid new value for .rule: planned set element #28191
Comments
Community NoteVoting for Prioritization
Volunteering to Work on This Issue
|
Having the same issue here, right after start using the |
This is the change that introduced this new feature, is it worth reverting? |
Same issue terraform v1.1.7 aws v4.45.0
|
same issue in our environment - reverting to the depreciated block allowed us to update the ACL successfully. |
that issue has been resolved? I am having the same issue as well.
|
Similar #27479. |
I am also facing similar issue #28672 |
As a workaround I have been tainting my web acl when rules are impacting changes to webacl. I keep the same webacl name so that my WAF logs do not get impacted. Edit: See next comment below for a workaround that works for me |
Issue debugging@ewbankkit I think I found something leading to part of the root cause here based on some investigation I did on the plan json that can reproduce the issue and a "workaround". Will dig more when I get a chance but this seems to be a workaround in my case. This schema here is an optional list:
When I add or modify any In my plan file's json the
WorkaroundIf I ensure there is something populated in
Once I make these changes the before and after plans still show changes to all the rules but don't crash on apply. |
Thank you @bclodius for the work around!! I can confirm that changing |
This bug is not limited to the waf2 resource. I got the error on routing tables:
I hope this gets fixed soon, because this breaks all new applies... |
@bclodius the workaround which you mentioned what exactly does it do? Just wondering if there's some impact i need to careful about |
@amitsamal94 the workaround just ensures that the plan doesn't end up in a situation that causes the error. The bug gets triggered when there's NOTHING overridden in the override. In my case I had to force an extra header in the rule override config. This extra header doesn't impact my application. |
@bclodius , thanks |
I can confirm this bug is present on |
Please fix this with high priority. I currently breaks central WAF rule changes. |
Workaround helps to ease the pain. Thx so far! |
v4.59.0 is also affected. |
Also see this error. Do we know when a fix will be in place? |
Is there any update on this? Confirming bug on resource |
Having the same issue, Terraform 1.3.3 and AWS provider 4.63.0 |
Facing the same issue in terraform ~> 1.3.0 and AWS provider 4.63.0 |
I am experiencing the same issue, but not with the Using the same method described above, the workaround is successful here too.
|
V5.0.1 removes |
aws_wafv2_web_acl
configurations
#27273
NOTE: I cannot reproduce this error using Terraform v1.5+/AWS provider v5.7+ after trying various configurations. Retry using a minimum of Terraform v1.4.2/AWS provider v4.67.0 but preferably Terraform v1.5.3+/AWS provider v5.8.0+ and let us know if this is still a problem! If we don't hear back and can't reproduce, we plan to close this on or around July 20, 2023. The evidence suggests this is OBE (ie, fixed in the interim). |
@YakDriver thanks for the update. Do you have any suggestions on the minimum aws provider version to try this on? |
With Terraform v1.5.3 and AWS provider v5.8.0, I am no longer experiencing this error! Thanks @YakDriver |
@bclodius It depends on the exact subpart of this family of issues. If yours is similar to the op on this issue, I suggest trying a minimum of Terraform v1.4.2 and AWS provider v4.67.0. |
Thanks @AlexandreGohier for reporting back! |
Hi all 👋 As was mentioned above, this issue appears to be fixed when using a minimum Terraform version of 1.4.2 and a minimum AWS Provider version of 4.67.0 (preferably Terraform 1.5.3 or later and AWS Provider 5.8.0 or later). If you experience additional unexpected behaviors with versions that meet these parameters, please open a new issue so that we can investigate further. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Related:
aws_wafv2_web_acl
#27175aws_wafv2_web_acl
configurations #27273aws_wafv2_web_acl
description/tag changes result in inconsistent final plan #27479Terraform Core Version
1.3.5
AWS Provider Version
4.45.0
Affected Resource(s)
Expected Behavior
We should now use
rule_action_override
instead of deprecated
excluded_rule
Actual Behavior
When using
dynamic rule_action_override
block, the webacl gets created or updated as expected.However, subsequent updates are impossible :
Error: Provider produced inconsistent final plan
Reverting to
excluded_rule
allows new updates to the webacl.Relevant Error/Panic Output Snippet
Terraform Configuration Files
Steps to Reproduce
1- Create or update webacl to use
rule_action_override
(and apply)2- Modify something in the code that will require a webacl update (and apply) --> this will produce an inconsistant final plan
3- Revert to
excluded_rule
(and apply) --> works fine and further webacl updates are possibleDebug Output
No response
Panic Output
No response
Important Factoids
Tested on Ubuntu 22.04
References
No response
Would you like to implement a fix?
None
The text was updated successfully, but these errors were encountered: