Changing priority of aws_lb_listener_rule forces replacement - dangerous when combined with blue/green CodeDeploy

simoleone commented 2 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v1.1.9
on darwin_arm64
+ provider registry.terraform.io/hashicorp/aws v4.14.0

Affected Resource(s)

aws_lb_listener_rule

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "aws_alb" "temp" {
  name            = "temp"
  internal        = false
}

resource "aws_alb_listener" "listener" {
  load_balancer_arn = aws_alb.temp.arn
  port = 80

  default_action {
    type = "fixed-response"

    fixed_response {
      content_type = "text/plain"
      status_code  = "404"
    }
  }
}

resource "aws_alb_listener_rule" "rule" {
  listener_arn = aws_alb_listener.listener.arn

  # initially set this to 100, then change it to 200 to see the forced replacement
  priority = 200

  action {
    type = "fixed-response"
    fixed_response {
      content_type = "text/plain"
      status_code  = "200"
      message_body = "OK"
    }
  }

  condition {
    path_pattern {
      values = ["*"]
    }
  }
}

Debug Output

https://gist.github.com/simoleone/9a29bf871b6a58b052e3fb06f1c49445

Panic Output

Expected Behavior

The AWS provider should use the SetRulePriorities API call to update the priority without forcing a replacement of the resource.

Actual Behavior

The AWS provider replaces the resource.

If the rule had been modified by CodeDeploy blue/green strategy, this can be catastrophic since the active target group cannot be known by terraform and the new rule created by the replacement may not send traffic to the active target group, resulting in an outage.

Steps to Reproduce

terraform apply
Change the priority of the aws_alb_listener_rule to another value.
terraform apply
Observe that the aws_alb_listener_rule needs to be replaced.

Important Factoids

We are using CodeDeploy with the blue/green deployment strategy. I did not include this in the example to make it as simple as possible, but it's relevant to know that this is our actual use-case.

References

0000

github-actions[bot] commented 4 months ago

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

simoleone commented 4 months ago

This is still relevant.

hashicorp / terraform-provider-aws