search

fastly / terraform-provider-fastly

Terraform Fastly provider
https://www.terraform.io/docs/providers/fastly/
Mozilla Public License 2.0
119 stars 138 forks source link

fastly_service_vcl.logging_bigquery always shows change #798

Open LevOlkha opened 9 months ago

LevOlkha commented 9 months ago

Terraform Version

Terraform v1.6.6
on darwin_amd64
+ provider registry.terraform.io/fastly/fastly v5.6.0
+ provider registry.terraform.io/hashicorp/google v5.1.0
+ provider registry.terraform.io/hashicorp/google-beta v5.10.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.23.0
+ provider registry.terraform.io/hashicorp/local v2.4.0
+ provider registry.terraform.io/hashicorp/random v3.6.0

Affected Fastly Terraform Resource(s)

Please list the affected resources, for example:

Terraform Configuration Files

# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.

provider "registry.terraform.io/fastly/fastly" {
  version     = "5.6.0"
  constraints = "5.6.0"
  hashes = [
    "h1:Bs/2HwqaC3ws6tIRk3KfYAWKU54GvGbXlQk4RJpjUn0=",
    "zh:056f4df5d358bc387df629804c3d8508af53e88e52c2e444ee40f27bcfc58c78",
    "zh:0789add78a9a8964a76cda093602cefc2853f640d0f7c67cf6a209b63f5dd582",
    "zh:2e26ddd68532562b51c389a7a36331bd6828eae9ddee3ea9782e9e6f6368b725",
    "zh:36c3cc88ca6930b825b5057905daa836ff5c315dce5a0ea4cedb4c57a3002d69",
    "zh:3a47a5497a45a06cfd214a703422a585040788a82251cbc21d0fb4732770c31b",
    "zh:3adc87bd992455e013f8c79aad8cd4a75bde48037a6044ba0ad2e1247796b95c",
    "zh:5fc2c843caecead98bcf0aae5930257e684c4d3aa20e8c8fa1a2d17bb80747b0",
    "zh:69d9b863ed691bafca7e38547a6d37ca12759a28f948186152e433bd804dc2b8",
    "zh:7b3bfbbf70d9a72823dbda25839c3ccead87bd623bde1a1f489c2fb57a450428",
    "zh:933388918761730b3ad058f81e54ae486d6701fce0ae19867fd3149d49e9da9e",
    "zh:a9b48f0602bba8924befd1cc22fee8d2ad809bb40c847614187eb82b4543f837",
    "zh:b45d56528709ba429641eb18a07134ea286158148cdfa7a6afccdbc95a008391",
    "zh:d11d72ea5c05c66f3e9659a0e38d51caf850cd1d0a3821921682fd9224bc4276",
    "zh:e578dd1d29f8b14e545319ec09856cca0008f9e5a272de791fc5ea8f363e6078",
  ]
}

provider "registry.terraform.io/hashicorp/google" {
  version     = "5.1.0"
  constraints = "5.1.0"
  hashes = [
    "h1:76HT6nyFNWu7v1+VSIRwrs45hH7z8iZR23W8jon5K+Q=",
    "h1:sWFV9Doy66DZYiyeFPGy3UWG5Zwqaw0aSDoIkrm8A/M=",
    "zh:01f24868bba2292a097cb7d754b41a660050475235c07ceddeceaa8f2a19f6d8",
    "zh:184182ec28d6aec21531001092e276f1ea1b1b6ad2bba7e632bc56c5d6f2ec77",
    "zh:2fb6762046649acb625bb7c8e9955eaca2e64ecebd1313c5e843c957ddfa9d2f",
    "zh:38178391ae9444c1c6b77489d6afcbf4ec30be733ae4d88b94b1c1d800ae706a",
    "zh:49d2c57cd6c82336ddebe8ecb7ee0d6882b276b7ba32c62d82828c4530088c22",
    "zh:73eecd0d8dc45b5c3ebb3adce16761c84c7048f7fa70088ad7ac30641381edd9",
    "zh:81bd96748be1a4abac25fb6ae93cd6b84a10ed4b03435405df7ccbc38a1e8053",
    "zh:882ac45a7a3e1cce1eabef5be28d66c2eed9fc881a81c9dcc66b863a1e0d829c",
    "zh:9141b04c8bdf079f0e82b750ab090a7ab20a56975906b7fae76434ea5cc71b5f",
    "zh:9369ed15e686807422b30958bf84860d9b4f112aee0173a1e6367f056f8e4c97",
    "zh:e83e5ede7f74206a13310d29d4b6599e9ed54fa4b86427d15332de10630848dc",
    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
  ]
}

provider "registry.terraform.io/hashicorp/google-beta" {
  version = "5.10.0"
  hashes = [
    "h1:FbQG6/zQoZsAmErPjaDsu6snwopIKc9LqrLipyxgiPk=",
    "h1:SaobVU0390V8hPtNVvnJrAXfm+ZIZRVJB6m6VFjAnkQ=",
    "zh:1004ac3733679254abcc7f5e9d594d9ee079cf071391a92f82b50077e07c70b5",
    "zh:1e25af33d20b6ab369860d5b7c746b4a3b3dccc061b14dde91b6ccccfe704cc4",
    "zh:2873a614a1dc1c460246edc95a558ad9befedf93490a0204bee8fb95362813cc",
    "zh:2f421e13247b3822ef3c2e07e1aee948116a5064c386466a53fb72486daded20",
    "zh:517c13cd146d3451789da8f13cbfa5355c3e88456cf762ad3918dada84a5f261",
    "zh:56553ae44f4089f5149551714daaf3c97205d4638dd93b0675ed777476d56048",
    "zh:6925a07bcb9ab70faa84bf36f87990025e3f9cd6c8cfab5260877f60086c8161",
    "zh:72454b65ee4a24896d215f7f7af41e31336865c86d6c20ea4acb63596e75ac0d",
    "zh:8b05f8a6ff51999bf65e3127618931647a00bc9abf739f0711151e4145cae3d5",
    "zh:a3b7d3b39740088174d121bc7e4e3ce27da0ebf0c87877f8fce9277b0046c75b",
    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
    "zh:fe2af4fcda1b45d73ef8b8c728c150e00d1a4d5c0323b30d7d43c6f24ed78bcb",
  ]
}

provider "registry.terraform.io/hashicorp/kubernetes" {
  version     = "2.23.0"
  constraints = "2.23.0"
  hashes = [
    "h1:arTzD0XG/DswGCAx9JEttkSKe9RyyFW9W7UWcXF13dU=",
    "h1:cMs2scNCSgQhGamomGT5Ag4i8ms/mql1AR7NJc2hmbA=",
    "zh:10488a12525ed674359585f83e3ee5e74818b5c98e033798351678b21b2f7d89",
    "zh:1102ba5ca1a595f880e67102bbf999cc8b60203272a078a5b1e896d173f3f34b",
    "zh:1347cf958ed3f3f80b3c7b3e23ddda3d6c6573a81847a8ee92b7df231c238bf6",
    "zh:2cb18e9f5156bc1b1ee6bc580a709f7c2737d142722948f4a6c3c8efe757fa8d",
    "zh:5506aa6f28dcca2a265ccf8e34478b5ec2cb43b867fe6d93b0158f01590fdadd",
    "zh:6217a20686b631b1dcb448ee4bc795747ebc61b56fbe97a1ad51f375ebb0d996",
    "zh:8accf916c00579c22806cb771e8909b349ffb7eb29d9c5468d0a3f3166c7a84a",
    "zh:9379b0b54a0fa030b19c7b9356708ec8489e194c3b5e978df2d31368563308e5",
    "zh:aa99c580890691036c2931841e88e7ee80d59ae52289c8c2c28ea0ac23e31520",
    "zh:c57376d169875990ac68664d227fb69cd0037b92d0eba6921d757c3fd1879080",
    "zh:e6068e3f94f6943b5586557b73f109debe19d1a75ca9273a681d22d1ce066579",
    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
  ]
}

provider "registry.terraform.io/hashicorp/local" {
  version     = "2.4.0"
  constraints = "2.4.0"
  hashes = [
    "h1:Bs7LAkV/iQTLv72j+cTMrvx2U3KyXrcVHaGbdns1NcE=",
    "h1:ZUEYUmm2t4vxwzxy1BvN1wL6SDWrDxfH7pxtzX8c6d0=",
    "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9",
    "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf",
    "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732",
    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
    "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35",
    "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04",
    "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406",
    "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6",
    "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7",
    "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2",
    "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc",
    "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce",
  ]
}

provider "registry.terraform.io/hashicorp/random" {
  version = "3.6.0"
  hashes = [
    "h1:I8MBeauYA8J8yheLJ8oSMWqB0kovn16dF/wKZ1QTdkk=",
    "h1:p6WG1IPHnqx1fnJVKNjv733FBaArIugqy58HRZnpPCk=",
    "zh:03360ed3ecd31e8c5dac9c95fe0858be50f3e9a0d0c654b5e504109c2159287d",
    "zh:1c67ac51254ba2a2bb53a25e8ae7e4d076103483f55f39b426ec55e47d1fe211",
    "zh:24a17bba7f6d679538ff51b3a2f378cedadede97af8a1db7dad4fd8d6d50f829",
    "zh:30ffb297ffd1633175d6545d37c2217e2cef9545a6e03946e514c59c0859b77d",
    "zh:454ce4b3dbc73e6775f2f6605d45cee6e16c3872a2e66a2c97993d6e5cbd7055",
    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
    "zh:91df0a9fab329aff2ff4cf26797592eb7a3a90b4a0c04d64ce186654e0cc6e17",
    "zh:aa57384b85622a9f7bfb5d4512ca88e61f22a9cea9f30febaa4c98c68ff0dc21",
    "zh:c4a3e329ba786ffb6f2b694e1fd41d413a7010f3a53c20b432325a94fa71e839",
    "zh:e2699bc9116447f96c53d55f2a00570f982e6f9935038c3810603572693712d0",
    "zh:e747c0fd5d7684e5bfad8aa0ca441903f15ae7a98a737ff6aca24ba223207e2c",
    "zh:f1ca75f417ce490368f047b63ec09fd003711ae48487fba90b4aba2ccf71920e",
  ]
}

Expected Behavior

when no change to configuration is made, no changes should be done for plan

Actual Behavior

logging_bigquery is always reporting change

Debug Output (optional)

2024-01-02T11:43:20.075-0800 [DEBUG] provider.terraform-provider-fastly_v5.6.0: Creating clone of version (614) for updates: timestamp=2024-01-02T11:43:20.075-0800 2024-01-02T11:43:20.831-0800 [DEBUG] provider.terraform-provider-fastly_v5.6.0: Sleeping 7 seconds to allow Fastly Version to be available: timestamp=2024-01-02T11:43:20.831-0800 2024-01-02T11:43:27.834-0800 [DEBUG] provider.terraform-provider-fastly_v5.6.0: Update BigQuery Opts: fastly.UpdateBigQueryInput{AccountName:(string)(nil), Dataset:(string)(nil), Format:(string)(nil), FormatVersion:(int)(nil), Name:"BigQuery", NewName:(string)(nil), Placement:(string)(nil), ProjectID:(string)(nil), ResponseCondition:(string)(nil), SecretKey:(string)(0xc0005a1130), ServiceID:"", ServiceVersion:615, Table:(string)(nil), Template:(string)(nil), User:(string)(nil)}: timestamp=2024-01-02T11:43:27.834-0800

Steps to Reproduce

  1. terraform apply

Important Factoids (optional)

Is there anything atypical about your account or set up that we should know?

Integralist commented 9 months ago

👋🏻 Hi @LevOlkha

Can you provide (or some of) your Terraform configuration (i.e. your Fastly specific configuration such as your logging_bigquery block).

It would be useful to know what your state looks like for that particular resource block (e.g. terraform show or cat terraform.tfstate) so we can understand why the Terraform provider thinks there is something to change.

It looks like from the log output that it's trying to update the logging resource block. Could you try running your terraform apply again with the following env vars prefixed (these will display the actually HTTP request/response for the Fastly API calls)...

TF_LOG=DEBUG FASTLY_DEBUG_MODE=true terraform apply

Thanks.

LevOlkha commented 9 months ago

@Integralist I cannot post the whole outputs there since they contain sensitive information and keys.

I compared terraform.tfstate with debug logs. It seems that difference is in the filed secret_key In logging_bigquery it is defined as secret_key = trimspace(chomp(data.google_secret_manager_secret_version.bigquery_service_key.secret_data))

in logs file we can see ( I redacted parts)

- .logging_bigquery: planned set element cty.ObjectVal(map[string]cty.Value{"account_name":cty.StringVal(""), <***REDACTED***> "secret_key":cty.StringVal("-----BEGIN PRIVATE KEY-----\\n<***REDACTED***>
) does not correlate with any element in actual

and in terraform.tfstate

            "logging_bigquery": [
              {
                "account_name": "",
<***REDACTED***>
"secret_key": "-----BEGIN PRIVATE KEY-----\n

all \n in secret_key field in state file are \\n in the log file

and terraform plan shows 

      - logging_bigquery {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
      + logging_bigquery {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }

what is interesting that if I create plan terraform show it has the same values for secret_key as values from log file "secret_key":"-----BEGIN PRIVATE KEY-----\\n

So it seems that values saved in state file are not the same as applied in plan

JacobCoffee commented 1 week ago

Just as a data point, fastly_service_vcl.logging_datadog in pythondotorg's patch to enable NGWAF, we noticed that there is ALWAYS a change for this even though nothing is ever changed.

https://github.com/python/pythondotorg/commit/1795b1f27dba8b40c27c82675411a8ba4978563b#diff-c4edee4039d22cfe2fd0d1ef214e7eba022aa85b29dd5677f4485f60e5b7a668

image

Similarly, when recently trying to enable NGWAF for PyPI we had to upgrade the Fastly TF provider from v1 to v5.16.

https://github.com/pypi/infra/pull/172/files

We now see in our plans that it also always now shows changed for fastly_service_vcl.logging_https.

image

The only commonality here is the ugpraded Fastly provider, I think. Nothing in either of these logging settings was touched