Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_backup_selection continuously re-creating #22595

Closed
devonbleak opened this issue Jan 14, 2022 · 19 comments · Fixed by #22882
Closed

aws_backup_selection continuously re-creating #22595

devonbleak opened this issue Jan 14, 2022 · 19 comments · Fixed by #22882
Labels
bug Addresses a defect in current functionality. regression Pertains to a degraded workflow resulting from an upstream patch or internal enhancement. service/backup Issues and PRs that pertain to the backup service.
Milestone
v4.0.0

Comments

@devonbleak
Copy link
Contributor

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

$ terraform -v
Terraform v0.13.5

  • provider registry.terraform.io/hashicorp/archive v2.2.0
  • provider registry.terraform.io/hashicorp/aws v3.72.0
  • provider registry.terraform.io/hashicorp/template v2.2.0

Affected Resource(s)

  • aws_backup_selection

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "aws_backup_selection" "fox_default_tags" {
  plan_id      = aws_backup_plan.fox_default.id
  name         = "${local.backup_strategy_name}-tags"
  iam_role_arn = aws_iam_role.backup.arn

  selection_tag {
    type  = "STRINGEQUALS"
    key   = "BackupPlan"
    value = local.backup_strategy_name
  }
}

Debug Output

Panic Output

Expected Behavior

No change to this resource after apply if there are no changes to the code

Actual Behavior

Terraform re-creates the resource on every plan

Steps to Reproduce

  1. terraform plan
  2. terraform apply
  3. terraform plan

Important Factoids

References
@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. service/backup Issues and PRs that pertain to the backup service. labels Jan 14, 2022
@bootswithdefer
Copy link
Contributor

bootswithdefer commented Jan 14, 2022
edited
Loading

Seeing the same, the condition block is not defined in my config but it always forces replacement.

-/+ resource "aws_backup_selection" "tag" {
      ~ id            = "..." -> (known after apply)
        name          = "tag"
      - not_resources = [] -> null
      - resources     = [] -> null
        # (2 unchanged attributes hidden)

      - condition { # forces replacement
        }

        # (1 unchanged block hidden)
    }

@justinretzolk
Copy link
Member

Hey @devonbleak 👋 Thank you for taking the time to raise this. So that we have all of the information we need in order to look into this, can you update the issue description to include debug logs as well?

@justinretzolk justinretzolk added bug Addresses a defect in current functionality. waiting-response Maintainers are waiting on response from community or contributor. and removed needs-triage Waiting for first response or review from a maintainer. labels Jan 14, 2022
@justinretzolk justinretzolk mentioned this issue Jan 14, 2022
Closed
@tdmalone
Copy link
Contributor

Probably caused by #22074

@github-actions github-actions bot removed the waiting-response Maintainers are waiting on response from community or contributor. label Jan 15, 2022
@tdmalone tdmalone mentioned this issue Jan 15, 2022
Merged
@leanenkaa
Copy link
Contributor

I'm not sure that this can be considered as a bug,condition and not_resources are the same fields as selection_tag and resources, I mean they have the same logic, moreover as far as I know selection_tag(ListOfTags on AWS API side) is an old approach. I think if you will add empty variables condition and not_resources to your terraform resource the diff will be disappeared.

@sergey-sml
Copy link

I think if you will add empty variables condition and not_resources to your terraform resource the diff will be disappeared.

I can confirm that after addind empty "condition" variable resource stopped recreating. Thanks!

@rcjames
Copy link

rcjames commented Jan 17, 2022

If this is not a bug, then the documentation is not correct as these fields now seem to be required.

terraform-provider-aws/internal/service/backup/selection.go

Lines 48 to 52 in 0c9bcee

"condition": {
Type: schema.TypeSet,
Optional: true,
ForceNew: true,
Elem: &schema.Resource{

Defining an empty block for these fields seems like a workaround for a bug rather than a missing piece of configuration, and is probably not good practice.

@jobwat
Copy link

jobwat commented Jan 17, 2022

I'm having the same issue.

  # aws_backup_selection.clients[0] must be replaced
-/+ resource "aws_backup_selection" "clients" {
      ...
      - not_resources = [] -> null
        # (3 unchanged attributes hidden)

      - condition { # forces replacement
        }
    }

But unlike what's been said earlier, I can't seem to patch it quiet with empty values... 😒

To get it to pass, I added a dummy condition:

 condition {
    string_equals {
      key   = "aws:ResourceTag/Project"
      value = var.project_name
    }
  }

Terraform v1.1.3
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v3.72.0

@1robroos
Copy link

I am adding this lifecycle policy , as a workaround. It works for me.

lifecycle { 
    ignore_changes = [ 
      condition 
    ] 
  }

@AntonUspishnyi
Copy link

I'm having the same issue and it's very confusing because it appears every time you ran tf plan.
IMHO it's a bug because it recreates resources each time without any reasons for it.

@balltrev balltrev mentioned this issue Jan 21, 2022
Closed
@breathingdust breathingdust added the regression Pertains to a degraded workflow resulting from an upstream patch or internal enhancement. label Jan 24, 2022
@nitrocode nitrocode mentioned this issue Jan 24, 2022
Closed
This was referenced Jan 25, 2022
Open
Closed
@ewbankkit
Copy link
Contributor

Related:

@stumins stumins mentioned this issue Jan 25, 2022
Closed
@fjromerom fjromerom mentioned this issue Jan 27, 2022
Closed
@ewbankkit
Copy link
Contributor

We'll need to make condition and not_resources Computed.

@ewbankkit ewbankkit added this to the v3.74.1 milestone Feb 1, 2022
@ewbankkit ewbankkit mentioned this issue Feb 1, 2022
Merged
@frankfong0208
Copy link

I am adding this lifecycle policy , as a workaround. It works for me.

lifecycle { 
    ignore_changes = [ 
      condition 
    ] 
  }

I applied this same fix as well with terraform 0.13.5 and it worked for the first time. Then rerunning later it started to fail, complaining about "This object has no argument, nested block, or exported attribute named
"condition""

@hyei
Copy link

hyei commented Feb 2, 2022

Adding condition {} with TF 1.0.2 and aws-provider 3.73.0 worked for me.

@frankfong0208
Copy link

Adding condition {} with TF 0.13.5 and aws-provider 3.23 didn't work for me. It said:
Blocks of type "condition" are not expected here.

@github-actions github-actions bot modified the milestones: v3.74.1, v4.0.0 Feb 2, 2022
@ewbankkit ewbankkit mentioned this issue Feb 2, 2022
Merged
@mattgirdler
Copy link

Adding condition {} with TF 0.13.5 and aws-provider 3.23 didn't work for me. It said: Blocks of type "condition" are not expected here.

@frankfong0208 You'll need to use aws-provider version >3.72.0.

@andreimcristof
Copy link

I am adding this lifecycle policy , as a workaround. It works for me.

lifecycle { 
    ignore_changes = [ 
      condition 
    ] 
  }

For me it works with:

lifecycle { 
      ignore_changes = [ 
        condition , resources
      ] 
    }

@stratusjerry
Copy link

tangentially related Terraform is still reporting the derived value aws_backup_vault : recovery_points changes as "Objects have changed outside of Terraform"

@github-actions
Copy link

This functionality has been released in v4.0.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@adenot adenot mentioned this issue May 2, 2022
Merged
7 tasks
@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 16, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. regression Pertains to a degraded workflow resulting from an upstream patch or internal enhancement. service/backup Issues and PRs that pertain to the backup service.
Projects
None yet
Milestone
v4.0.0