josh-padnick
commented
6 years ago It looks like this is backwards-compatible change, but users may have to run terraform apply twice for it to work. Here's the Terraform exerience I had when running terraform apply after updating to this branch:
Terraform will perform the following actions:
+ module.consul_servers.google_compute_firewall.allow_inbound_http_api
id: <computed>
allow.#: "1"
allow.2855179054.ports.#: "1"
allow.2855179054.ports.0: "8500"
allow.2855179054.protocol: "tcp"
destination_ranges.#: <computed>
direction: <computed>
name: "consul-server-josh-rule-external-api-access"
network: "default"
priority: "1000"
project: <computed>
self_link: <computed>
source_ranges.#: "1"
source_ranges.1080289494: "0.0.0.0/0"
source_tags.#: "1"
source_tags.3857602526: "consul-client-josh"
target_tags.#: "1"
target_tags.3220366684: "consul-server-josh"
- module.consul_servers.google_compute_firewall.allow_inbound_http_api_typo
Plan: 1 to add, 0 to change, 1 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
module.consul_servers.google_compute_firewall.allow_inbound_http_api_typo: Destroying... (ID: consul-server-josh-rule-external-api-access)
module.consul_servers.google_compute_firewall.allow_inbound_http_api: Creating...
allow.#: "" => "1"
allow.2855179054.ports.#: "" => "1"
allow.2855179054.ports.0: "" => "8500"
allow.2855179054.protocol: "" => "tcp"
destination_ranges.#: "" => "<computed>"
direction: "" => "<computed>"
name: "" => "consul-server-josh-rule-external-api-access"
network: "" => "default"
priority: "" => "1000"
project: "" => "<computed>"
self_link: "" => "<computed>"
source_ranges.#: "" => "1"
source_ranges.1080289494: "" => "0.0.0.0/0"
source_tags.#: "" => "1"
source_tags.3857602526: "" => "consul-client-josh"
target_tags.#: "" => "1"
target_tags.3220366684: "" => "consul-server-josh"
module.consul_servers.google_compute_firewall.allow_inbound_http_api_typo: Still destroying... (ID: consul-server-josh-rule-external-api-access, 10s elapsed)
module.consul_servers.google_compute_firewall.allow_inbound_http_api_typo: Destruction complete after 11s
Error: Error applying plan:
1 error(s) occurred:
* module.consul_servers.google_compute_firewall.allow_inbound_http_api: 1 error(s) occurred:
* google_compute_firewall.allow_inbound_http_api: Error creating firewall: googleapi: Error 409: The resource 'projects/consul-176820/global/firewalls/consul-server-josh-rule-external-api-access' already exists, alreadyExistsThis is probably just an eventual consistency error where the destroy did not fully process before the create began. Running a second time resulted in the desired outcome:
Terraform will perform the following actions:
+ module.consul_servers.google_compute_firewall.allow_inbound_http_api
id: <computed>
allow.#: "1"
allow.2855179054.ports.#: "1"
allow.2855179054.ports.0: "8500"
allow.2855179054.protocol: "tcp"
destination_ranges.#: <computed>
direction: <computed>
name: "consul-server-josh-rule-external-api-access"
network: "default"
priority: "1000"
project: <computed>
self_link: <computed>
source_ranges.#: "1"
source_ranges.1080289494: "0.0.0.0/0"
source_tags.#: "1"
source_tags.3857602526: "consul-client-josh"
target_tags.#: "1"
target_tags.3220366684: "consul-server-josh"
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
module.consul_servers.google_compute_firewall.allow_inbound_http_api: Creating...
allow.#: "" => "1"
allow.2855179054.ports.#: "" => "1"
allow.2855179054.ports.0: "" => "8500"
allow.2855179054.protocol: "" => "tcp"
destination_ranges.#: "" => "<computed>"
direction: "" => "<computed>"
name: "" => "consul-server-josh-rule-external-api-access"
network: "" => "default"
priority: "" => "1000"
project: "" => "<computed>"
self_link: "" => "<computed>"
source_ranges.#: "" => "1"
source_ranges.1080289494: "" => "0.0.0.0/0"
source_tags.#: "" => "1"
source_tags.3857602526: "" => "consul-client-josh"
target_tags.#: "" => "1"
target_tags.3220366684: "" => "consul-server-josh"
module.consul_servers.google_compute_firewall.allow_inbound_http_api: Still creating... (10s elapsed)
module.consul_servers.google_compute_firewall.allow_inbound_http_api: Creation complete after 11s (ID: consul-server-josh-rule-external-api-access)
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Thank you to @blaisep for finding the typo. I'll hold off on merging this until I've had an opportunity to assess whether this constitutes a backward-incompatible change to this repo. Since this is just a firewall rule, I doubt it, but I'll manually test to make sure.