Open LevOlkha opened 9 months ago
👋🏻 Hi @LevOlkha
Can you provide (or some of) your Terraform configuration (i.e. your Fastly specific configuration such as your logging_bigquery
block).
It would be useful to know what your state looks like for that particular resource block (e.g. terraform show
or cat terraform.tfstate
) so we can understand why the Terraform provider thinks there is something to change.
It looks like from the log output that it's trying to update the logging resource block. Could you try running your terraform apply
again with the following env vars prefixed (these will display the actually HTTP request/response for the Fastly API calls)...
TF_LOG=DEBUG FASTLY_DEBUG_MODE=true terraform apply
Thanks.
@Integralist I cannot post the whole outputs there since they contain sensitive information and keys.
I compared terraform.tfstate
with debug logs.
It seems that difference is in the filed secret_key
In logging_bigquery
it is defined as
secret_key = trimspace(chomp(data.google_secret_manager_secret_version.bigquery_service_key.secret_data))
in logs file we can see ( I redacted parts)
- .logging_bigquery: planned set element cty.ObjectVal(map[string]cty.Value{"account_name":cty.StringVal(""), <***REDACTED***> "secret_key":cty.StringVal("-----BEGIN PRIVATE KEY-----\\n<***REDACTED***>
) does not correlate with any element in actual
and in terraform.tfstate
"logging_bigquery": [
{
"account_name": "",
<***REDACTED***>
"secret_key": "-----BEGIN PRIVATE KEY-----\n
all \n
in secret_key
field in state file are \\n
in the log file
and terraform plan
shows
- logging_bigquery {
# At least one attribute in this block is (or was) sensitive,
# so its contents will not be displayed.
}
+ logging_bigquery {
# At least one attribute in this block is (or was) sensitive,
# so its contents will not be displayed.
}
what is interesting that if I create plan terraform show
it has the same values for secret_key
as values from log file
"secret_key":"-----BEGIN PRIVATE KEY-----\\n
So it seems that values saved in state file are not the same as applied in plan
Just as a data point, fastly_service_vcl.logging_datadog
in pythondotorg
's patch to enable NGWAF, we noticed that there is ALWAYS a change for this even though nothing is ever changed.
Similarly, when recently trying to enable NGWAF for PyPI we had to upgrade the Fastly TF provider from v1 to v5.16.
https://github.com/pypi/infra/pull/172/files
We now see in our plans that it also always now shows changed for fastly_service_vcl.logging_https
.
The only commonality here is the ugpraded Fastly provider, I think. Nothing in either of these logging settings was touched
Terraform Version
Affected Fastly Terraform Resource(s)
Please list the affected resources, for example:
fastly_service_vcl
Terraform Configuration Files
Expected Behavior
when no change to configuration is made, no changes should be done for plan
Actual Behavior
logging_bigquery
is always reporting changeDebug Output (optional)
2024-01-02T11:43:20.075-0800 [DEBUG] provider.terraform-provider-fastly_v5.6.0: Creating clone of version (614) for updates: timestamp=2024-01-02T11:43:20.075-0800 2024-01-02T11:43:20.831-0800 [DEBUG] provider.terraform-provider-fastly_v5.6.0: Sleeping 7 seconds to allow Fastly Version to be available: timestamp=2024-01-02T11:43:20.831-0800 2024-01-02T11:43:27.834-0800 [DEBUG] provider.terraform-provider-fastly_v5.6.0: Update BigQuery Opts: fastly.UpdateBigQueryInput{AccountName:(string)(nil), Dataset:(string)(nil), Format:(string)(nil), FormatVersion:(int)(nil), Name:"BigQuery", NewName:(string)(nil), Placement:(string)(nil), ProjectID:(string)(nil), ResponseCondition:(string)(nil), SecretKey:(string)(0xc0005a1130), ServiceID:"", ServiceVersion:615, Table:( string)(nil), Template:(string)(nil), User:(string)(nil)}: timestamp=2024-01-02T11:43:27.834-0800
Steps to Reproduce
terraform apply
Important Factoids (optional)
Is there anything atypical about your account or set up that we should know?