provider/aws: More noisy about aws_security_group consistency issues #9719
Conversation
It appears, based on the report in #6991, that the EC2 API is being inconsistent in reporting that a security group exists shortly after it has been created; we've seen Terraform get past the "Waiting for Security Group to exist" step but then apparently detect that it's gone again once we get into the Update function. This is not a fix for the issue, but it does make Terraform complain more loudly should the situation arise: - If it happens in the Update function, as I suspect is the case for bug #6991, we will treat this as a fatal error and bail out with partial state, whereas before Terraform would lose track of the security group altogether. This seems more correct in any case, since it's not the Update function's job to refresh the state. - If it happens in the Read function, we will still drop it from the state but we'll first generate a debug log acknowledging that this is happening, to give us more to work with when debugging should this issue continue to arise for those who have seen it so far.
|
Even better: we should probably pull the update logic out into its own function that can take a This will cause the |
|
I'm down with all of that but it still seems weird to me for We can't always guarantee that, but I'd consider it better to catch it if we have an opportunity to do so. |
|
I agree with that! |
|
I have created #11361 based on Mitchell feedback, wdyt @apparentlymart ? |
|
Closing this out in favor of #11361. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
It appears, based on the report in #6991, that the EC2 API is being inconsistent in reporting that a security group exists shortly after it has been created; we've seen Terraform get past the "Waiting for
Security Group to exist" step but then apparently detect that it's gone again once we get into the Update function.
This is not a fix for the issue, but it does make Terraform complain more loudly should the situation arise:
Updatefunction, as I suspect is the case for bug Resource does not have attribute 'id' for variable #6991, we will treat this as a fatal error and bail out with partial state, whereas before Terraform would lose track of the security group altogether. This seems more correct in any case, since it's not theUpdatefunction's job to refresh the state.Readfunction, we will still drop it from the state but we'll first generate a debug log acknowledging that this is happening, to give us more to work with when debugging should this issuecontinue to arise for those who have seen it so far.