Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

awscc_ecs_task_definition : Provider produced inconsistent result after apply #1586

Open
quixoticmonk opened this issue Apr 18, 2024 · 2 comments
Open

awscc_ecs_task_definition : Provider produced inconsistent result after apply #1586

quixoticmonk opened this issue Apr 18, 2024 · 2 comments
Labels
bug service/ecs

Comments

@quixoticmonk
Copy link
Collaborator

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
  • The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.

Terraform CLI and Terraform AWS Cloud Control Provider Version

  • Terraform CLI version :
Terraform v1.7.4
on darwin_amd64
+ provider registry.terraform.io/hashicorp/awscc v0.74.0
  • AWSCC provider version : v0.74.0

Affected Resource(s)

  • awscc_ecs_task_definition

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "awscc_ecs_cluster" "replicate_issue" {
  cluster_name = "example-hello-world-replicate_issue"
}

resource "awscc_ecs_task_definition" "replicate_issue" {
  family                   = "helloworld"

  requires_compatibilities = ["FARGATE"]
  network_mode             = "awsvpc"
  execution_role_arn        = awscc_iam_role.replicate_issue.arn
  cpu                      = 1024
  memory                   = 2048

  container_definitions = [{

      name      = "hello-world"
      image     = "hello-world"
      cpu       = 1024
      memory    = 2048
      essential = true
      port_mappings = [
        {
          container_Port = 80
          host_Port      = 80
        }
    ]

}]
depends_on = [awscc_iam_role.replicate_issue]
}

resource "awscc_iam_role" "replicate_issue" {
  role_name = "ecs_Task_ExecutionRole"

  assume_role_policy_document = jsonencode(
    {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Action": "sts:AssumeRole",
        "Principal": {
          "Service": "ecs-tasks.amazonaws.com"
        },
        "Effect": "Allow",
        "Sid": ""
      }
    ]
    }
  )
  managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"]

}

resource "aws_ecs_service" "replicate_issue" {
  name            = "hello-world"
  cluster         = awscc_ecs_cluster.replicate_issue.arn
  task_definition = awscc_ecs_task_definition.replicate_issue.id
  launch_type     = "FARGATE"
  desired_count   = 3

  network_configuration {
    assign_public_ip = true
    subnets = [aws_default_subnet.replicate_issue_a.id, aws_default_subnet.replicate_issue_b.id, aws_default_subnet.replicate_issue_c.id]

  }
}
resource "aws_default_vpc" "this" {
}


resource "aws_default_subnet" "replicate_issue_a" {
  availability_zone = "us-east-1a"
}

resource "aws_default_subnet" "replicate_issue_b" {
  availability_zone = "us-east-1b"
}

resource "aws_default_subnet" "replicate_issue_c" {
  availability_zone = "us-east-1d"
}

Debug Output

Panic Output

Expected Behavior

Expected the ecs task definition and associated configuration to be deployed.

Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_default_subnet.replicate_issue_a will be created
  + resource "aws_default_subnet" "replicate_issue_a" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = (known after apply)
      + enable_dns64                                   = false
      + enable_lni_at_device_index                     = (known after apply)
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + existing_default_subnet                        = (known after apply)
      + force_destroy                                  = false
      + id                                             = (known after apply)
      + ipv6_cidr_block                                = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = true
      + outpost_arn                                    = (known after apply)
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags_all                                       = (known after apply)
      + vpc_id                                         = (known after apply)
    }

  # aws_default_subnet.replicate_issue_b will be created
  + resource "aws_default_subnet" "replicate_issue_b" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = (known after apply)
      + enable_dns64                                   = false
      + enable_lni_at_device_index                     = (known after apply)
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + existing_default_subnet                        = (known after apply)
      + force_destroy                                  = false
      + id                                             = (known after apply)
      + ipv6_cidr_block                                = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = true
      + outpost_arn                                    = (known after apply)
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags_all                                       = (known after apply)
      + vpc_id                                         = (known after apply)
    }

  # aws_default_subnet.replicate_issue_c will be created
  + resource "aws_default_subnet" "replicate_issue_c" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1d"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = (known after apply)
      + enable_dns64                                   = false
      + enable_lni_at_device_index                     = (known after apply)
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + existing_default_subnet                        = (known after apply)
      + force_destroy                                  = false
      + id                                             = (known after apply)
      + ipv6_cidr_block                                = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = true
      + outpost_arn                                    = (known after apply)
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags_all                                       = (known after apply)
      + vpc_id                                         = (known after apply)
    }

  # aws_default_vpc.this will be created
  + resource "aws_default_vpc" "this" {
      + arn                                  = (known after apply)
      + cidr_block                           = (known after apply)
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + existing_default_vpc                 = (known after apply)
      + force_destroy                        = false
      + id                                   = (known after apply)
      + instance_tenancy                     = (known after apply)
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags_all                             = (known after apply)
    }

  # aws_ecs_service.replicate_issue will be created
  + resource "aws_ecs_service" "replicate_issue" {
      + cluster                            = (known after apply)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 3
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "hello-world"
      + platform_version                   = (known after apply)
      + scheduling_strategy                = "REPLICA"
      + tags_all                           = (known after apply)
      + task_definition                    = (known after apply)
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + network_configuration {
          + assign_public_ip = true
          + subnets          = (known after apply)
        }
    }

  # awscc_ecs_cluster.replicate_issue will be created
  + resource "awscc_ecs_cluster" "replicate_issue" {
      + arn                                = (known after apply)
      + capacity_providers                 = (known after apply)
      + cluster_name                       = "example-hello-world-replicate_issue"
      + cluster_settings                   = (known after apply)
      + configuration                      = (known after apply)
      + default_capacity_provider_strategy = (known after apply)
      + id                                 = (known after apply)
      + service_connect_defaults           = (known after apply)
      + tags                               = (known after apply)
    }

  # awscc_ecs_task_definition.replicate_issue will be created
  + resource "awscc_ecs_task_definition" "replicate_issue" {
      + container_definitions    = [
          + {
              + command                  = (known after apply)
              + cpu                      = 1024
              + credential_specs         = (known after apply)
              + depends_on               = (known after apply)
              + disable_networking       = (known after apply)
              + dns_search_domains       = (known after apply)
              + dns_servers              = (known after apply)
              + docker_labels            = (known after apply)
              + docker_security_options  = (known after apply)
              + entry_point              = (known after apply)
              + environment              = (known after apply)
              + environment_files        = (known after apply)
              + essential                = true
              + extra_hosts              = (known after apply)
              + firelens_configuration   = (known after apply)
              + health_check             = (known after apply)
              + hostname                 = (known after apply)
              + image                    = "hello-world"
              + interactive              = (known after apply)
              + links                    = (known after apply)
              + linux_parameters         = (known after apply)
              + log_configuration        = (known after apply)
              + memory                   = 2048
              + memory_reservation       = (known after apply)
              + mount_points             = (known after apply)
              + name                     = "hello-world"
              + port_mappings            = [
                  + {
                      + app_protocol         = (known after apply)
                      + container_port       = (known after apply)
                      + container_port_range = (known after apply)
                      + host_port            = (known after apply)
                      + name                 = (known after apply)
                      + protocol             = (known after apply)
                    },
                ]
              + privileged               = (known after apply)
              + pseudo_terminal          = (known after apply)
              + readonly_root_filesystem = (known after apply)
              + repository_credentials   = (known after apply)
              + resource_requirements    = (known after apply)
              + secrets                  = (known after apply)
              + start_timeout            = (known after apply)
              + stop_timeout             = (known after apply)
              + system_controls          = (known after apply)
              + ulimits                  = (known after apply)
              + user                     = (known after apply)
              + volumes_from             = (known after apply)
              + working_directory        = (known after apply)
            },
        ]
      + cpu                      = "1024"
      + ephemeral_storage        = (known after apply)
      + execution_role_arn       = (known after apply)
      + family                   = "helloworld"
      + id                       = (known after apply)
      + inference_accelerators   = (known after apply)
      + ipc_mode                 = (known after apply)
      + memory                   = "2048"
      + network_mode             = "awsvpc"
      + pid_mode                 = (known after apply)
      + placement_constraints    = (known after apply)
      + proxy_configuration      = (known after apply)
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + runtime_platform         = (known after apply)
      + tags                     = (known after apply)
      + task_definition_arn      = (known after apply)
      + task_role_arn            = (known after apply)
      + volumes                  = (known after apply)
    }

  # awscc_iam_role.replicate_issue will be created
  + resource "awscc_iam_role" "replicate_issue" {
      + arn                         = (known after apply)
      + assume_role_policy_document = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ecs-tasks.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + description                 = (known after apply)
      + id                          = (known after apply)
      + managed_policy_arns         = [
          + "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
        ]
      + max_session_duration        = (known after apply)
      + path                        = (known after apply)
      + permissions_boundary        = (known after apply)
      + policies                    = (known after apply)
      + role_id                     = (known after apply)
      + role_name                   = "ecs_Task_ExecutionRole"
      + tags                        = (known after apply)
    }

Plan: 8 to add, 0 to change, 0 to destroy.

Actual Behavior

│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to awscc_ecs_task_definition.replicate_issue, provider
│ "provider[\"registry.terraform.io/hashicorp/awscc\"]" produced an unexpected new value:
│ .container_definitions: planned set element
│ cty.ObjectVal(map[string]cty.Value{"command":cty.UnknownVal(cty.List(cty.String)),
│ "cpu":cty.NumberIntVal(1024), "credential_specs":cty.UnknownVal(cty.List(cty.String)),
│ "depends_on":cty.UnknownVal(cty.List(cty.Object(map[string]cty.Type{"condition":cty.String,
│ "container_name":cty.String}))), "disable_networking":cty.UnknownVal(cty.Bool),
│ "dns_search_domains":cty.UnknownVal(cty.List(cty.String)),
│ "dns_servers":cty.UnknownVal(cty.List(cty.String)), "docker_labels":cty.UnknownVal(cty.Map(cty.String)),
│ "docker_security_options":cty.UnknownVal(cty.List(cty.String)),
│ "entry_point":cty.UnknownVal(cty.List(cty.String)),
│ "environment":cty.UnknownVal(cty.Set(cty.Object(map[string]cty.Type{"name":cty.String,
│ "value":cty.String}))),
│ "environment_files":cty.UnknownVal(cty.List(cty.Object(map[string]cty.Type{"type":cty.String,
│ "value":cty.String}))), "essential":cty.True,
│ "extra_hosts":cty.UnknownVal(cty.List(cty.Object(map[string]cty.Type{"hostname":cty.String,
│ "ip_address":cty.String}))),
│ "firelens_configuration":cty.UnknownVal(cty.Object(map[string]cty.Type{"options":cty.Map(cty.String),
│ "type":cty.String})),
│ "health_check":cty.UnknownVal(cty.Object(map[string]cty.Type{"command":cty.List(cty.String),
│ "interval":cty.Number, "retries":cty.Number, "start_period":cty.Number, "timeout":cty.Number})),
│ "hostname":cty.UnknownVal(cty.String), "image":cty.StringVal("hello-world"),
│ "interactive":cty.UnknownVal(cty.Bool), "links":cty.UnknownVal(cty.Set(cty.String)),
│ "linux_parameters":cty.UnknownVal(cty.Object(map[string]cty.Type{"capabilities":cty.Object(map[string]cty.Type{"add":cty.List(cty.String),
│ "drop":cty.List(cty.String)}),
│ "devices":cty.List(cty.Object(map[string]cty.Type{"container_path":cty.String, "host_path":cty.String,
│ "permissions":cty.Set(cty.String)})), "init_process_enabled":cty.Bool, "max_swap":cty.Number,
│ "shared_memory_size":cty.Number, "swappiness":cty.Number,
│ "tmpfs":cty.List(cty.Object(map[string]cty.Type{"container_path":cty.String,
│ "mount_options":cty.List(cty.String), "size":cty.Number}))})),
│ "log_configuration":cty.UnknownVal(cty.Object(map[string]cty.Type{"log_driver":cty.String,
│ "options":cty.Map(cty.String),
│ "secret_options":cty.List(cty.Object(map[string]cty.Type{"name":cty.String,
│ "value_from":cty.String}))})), "memory":cty.NumberIntVal(2048),
│ "memory_reservation":cty.UnknownVal(cty.Number),
│ "mount_points":cty.UnknownVal(cty.List(cty.Object(map[string]cty.Type{"container_path":cty.String,
│ "read_only":cty.Bool, "source_volume":cty.String}))), "name":cty.StringVal("hello-world"),
│ "port_mappings":cty.SetVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"app_protocol":cty.UnknownVal(cty.String),
│ "container_port":cty.UnknownVal(cty.Number), "container_port_range":cty.UnknownVal(cty.String),
│ "host_port":cty.UnknownVal(cty.Number), "name":cty.UnknownVal(cty.String),
│ "protocol":cty.UnknownVal(cty.String)})}), "privileged":cty.UnknownVal(cty.Bool),
│ "pseudo_terminal":cty.UnknownVal(cty.Bool), "readonly_root_filesystem":cty.UnknownVal(cty.Bool),
│ "repository_credentials":cty.UnknownVal(cty.Object(map[string]cty.Type{"credentials_parameter":cty.String})),
│ "resource_requirements":cty.UnknownVal(cty.List(cty.Object(map[string]cty.Type{"type":cty.String,
│ "value":cty.String}))),
│ "secrets":cty.UnknownVal(cty.List(cty.Object(map[string]cty.Type{"name":cty.String,
│ "value_from":cty.String}))), "start_timeout":cty.UnknownVal(cty.Number),
│ "stop_timeout":cty.UnknownVal(cty.Number),
│ "system_controls":cty.UnknownVal(cty.List(cty.Object(map[string]cty.Type{"namespace":cty.String,
│ "value":cty.String}))),
│ "ulimits":cty.UnknownVal(cty.List(cty.Object(map[string]cty.Type{"hard_limit":cty.Number,
│ "name":cty.String, "soft_limit":cty.Number}))), "user":cty.UnknownVal(cty.String),
│ "volumes_from":cty.UnknownVal(cty.Set(cty.Object(map[string]cty.Type{"read_only":cty.Bool,
│ "source_container":cty.String}))), "working_directory":cty.UnknownVal(cty.String)}) does not correlate
│ with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.

Steps to Reproduce

  1. terraform apply

Important Factoids

References
@wellsiau-aws
Copy link
Collaborator

I was able to consistently replicate this problem when using port_mappings attribute in the container_definitions.

@wellsiau-aws
Copy link
Collaborator

Task definition was created successfully and CCAPI returned the GetResource response, I dont think this is upstream issue.

This was referenced May 9, 2024
Open
Open
Open
@parisholley parisholley mentioned this issue Oct 11, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug service/ecs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@quixoticmonk @wellsiau-aws