Weird terraform plan results without making code changes in alicloud_db_instance

[firasnajjar]

I am working on a domestic account in Frankfurt region.

Run the following terraform:

provider "alicloud" {
  access_key = "your access key"
  secret_key = "your secret key"
  region = "eu-central-1"
}

resource "alicloud_vpc" "vpc" {
  name       = "test_vpc"
  cidr_block = "10.0.0.0/8"
}

resource "alicloud_vswitch" "rds_subnet" {
  vpc_id            = "${alicloud_vpc.vpc.id}"
  cidr_block        = "10.0.0.0/24"
  availability_zone = "eu-central-1a"
  name              = "rds_subnet"
}

resource "alicloud_db_instance" "cf_postgres" {
  engine            = "PostgreSQL"
  engine_version    = "10.0"
  instance_type     = "pg.n1.micro.1"
  instance_storage  = "20"
  instance_name     = "test_postgres_batata"
  zone_id           = "eu-central-1a"
  vswitch_id        = "${alicloud_vswitch.rds_subnet.id}"
}

//backup policy
resource "alicloud_db_backup_policy" "default" {
  instance_id       = "${alicloud_db_instance.cf_postgres.id}"
  retention_period  = 7
  log_backup        = true
  log_retention_period = 7
}

Once the deployment succeeds, run terraform plan and you'll get the following:

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  ~ alicloud_db_backup_policy.default
      backup_time:          "03:00Z-04:00Z" => "02:00Z-03:00Z"
      log_backup:           "false" => "true"
      log_retention_period: "0" => "7"

Plan: 0 to add, 1 to change, 0 to destroy.

No changes were made in the code but terraform wants to change the backup time, which was left to the default value. The log backup and retention period will be changed by terraform too.

Neither of those should be changed since no code changes were made at all!

Running terraform apply again doesn't change anything in the resources. I checked that in the console. Running terraform plan after the second apply will show the same result as before that it will be changing the backup time, log backup, and log retention period.

[firasnajjar]

In addition, running terraform destroy afterwords gives the following error:

Error: Error applying plan:

1 error(s) occurred:

* alicloud_vswitch.rds_subnet (destroy): 1 error(s) occurred:

* alicloud_vswitch.rds_subnet: Delete vswitch timeout and got an error: &errors.ServerError{httpStatus:400, requestId:"50CA3055-DB66-4977-8050-E2B2BFDDAE0B", hostId:"vpc.eu-central-1.aliyuncs.com", errorCode:"DependencyViolation", recommend:"", message:"Specified object has dependent resources.", comment:""}.

Running terraform destroy for the second time succeeds to delete the vswitch but fails now on deleting the vpc with the following error:

Error: Error applying plan:

1 error(s) occurred:

* alicloud_vpc.vpc (destroy): 1 error(s) occurred:

* alicloud_vpc.vpc: Delete VPC timeout and got an error: &errors.ServerError{httpStatus:400, requestId:"CFB35991-6EC0-44E6-BA83-7B7D5DC3E686", hostId:"vpc.eu-central-1.aliyuncs.com", errorCode:"DependencyViolation.SecurityGroup", recommend:"", message:"Specified object has dependent resources SecurityGroup.", comment:""}.

I checked the VPC in the web console and it has no security groups. In addition, my terraform didn't create any security groups at all. I also didn't create any resources manually other than what terraform created.

Trying to delete the vpc manually from the web console also gives me the same error:

Now I'm stuck with a VPC that I have no way to delete.

[xiaozhu36]

HI @firasnajjar This a rds's bug. Does this issue still exist?

[xiaozhu36]

Fixed by 1.41.0