IPv6 prefix and address count specified in same API request resulting in error

dr-yd commented 2 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v1.1.5 on darwin_amd64

provider registry.terraform.io/hashicorp/aws v4.0.0

Affected Resource(s)

aws_network_interface

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "aws_vpc" "temp" {
  cidr_block                       = "10.1.2.0/24"
  assign_generated_ipv6_cidr_block = true
}

resource "aws_subnet" "temp" {
  vpc_id                          = aws_vpc.temp.id
  cidr_block                      = "10.1.2.0/25"
  ipv6_cidr_block                 = cidrsubnet(aws_vpc.temp.ipv6_cidr_block, 8, 1)
  assign_ipv6_address_on_creation = true
}

resource "aws_network_interface" "temp" {
  subnet_id          = aws_subnet.temp.id
  ipv6_address_count = 1
  ipv6_prefix_count  = 1
}

Debug Output

Debug output is available upon request directly to the team.

Expected Behavior

A network interface with both an IPv6 address and an IPv6 prefix is created.

Actual Behavior

│ Error: error creating EC2 Network Interface: InvalidParameterValue: You can specify one and only one of ipv6AddressCount or ipv6Addresses or ipv6Prefixes or ipv6PrefixCount.
│       status code: 400, request id: ed814c88-ec09-46fa-b0b8-c4b610b02690
│
│   with aws_network_interface.temp,
│   on t.tf line 13, in resource "aws_network_interface" "temp":
│   13: resource "aws_network_interface" "temp" {

Presumably, the provider would have to mask that API requirement my making two separate calls. If one or the other is set, then the second setting is added and Terraform is re-run, the interface ends up as desired. This is impractical in many codebases, e. g. when a module creates the interface.

Steps to Reproduce

terraform apply

Important Factoids

The error message's grammar was badly garbled using provider 3.x a few days ago, which likely means that this is a moving target.

References

None found.

dirk39 commented 2 years ago

Hi @dr-yd, I've tried to replicate the issue via CLI and this is the error I've got:

An error occurred (InvalidParameterValue) when calling the CreateNetworkInterface operation: You can specify one and only one of ipv6AddressCount or ipv6Addresses or ipv6Prefixes or ipv6PrefixCount.

IMHO we should add the conflictWith attribute for those fields. What do you think?

dr-yd commented 2 years ago

IMO, these fields should definitely not conflict with each other, that would make something that is actually feasible with the API impossible to implement with Terraform! As described in the issue, running Terraform twice and adding the parameters one after another does work and results in the desired outcome. I don't know if there are any internal guidelines on how to handle things like that but like I said above, making two separate API calls would probably be the most seamless user experience.

mmerickel commented 1 year ago

This is quite an annoying issue in the AWS api and it would be great if terraform could work around it by invoking the api multiple times. It is perfectly valid to assign prefixes after the fact to an interface, but it's not possible to mix/match everything into a single create-network-interface invocation.

mmerickel commented 1 year ago

I guess to be more helpful, in my example I was trying to do a slightly different combination of fields from OP but same issue/error. Note it's not using the count args at all, and that I can create an ENI like this manually via clickops in the console, just seemingly not all at once from a single call to create-network-interface:

resource "aws_network_interface" "this" {
  subnet_id         = aws_subnet.this.id
  security_groups   = [aws_security_group.instance.id]

  private_ips    = [local.private_ip]
  ipv6_addresses = [local.ipv6_address]
  ipv6_prefixes  = local.ipv6_prefixes
}

github-actions[bot] commented 5 days ago

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

hashicorp / terraform-provider-aws