rickychew77 commented 1 year ago

23390
23423
23936
23992
24386
27175
27273
27479
28191
28672
29012
29304
👉 #30858

Terraform Core Version

1.1.7

AWS Provider Version

4.64.0

Affected Resource(s)

aws_wafv2_web_acl, aws_wafv2_ip_set

Expected Behavior

Able to apply when updating config aws cloudfront default_action.block

Actual Behavior

After terraform apply and type "yes", it produces error below. Seems like a repetitive output.

Relevant Error/Panic Output Snippet

╷
│ Error: Provider produced inconsistent final plan
│ 
│ When expanding the plan for aws_wafv2_web_acl.main to include new values
│ learned so far during apply, provider "registry.terraform.io/hashicorp/aws"
│ produced an invalid new value for .rule: planned set element
│ cty.ObjectVal(map[string]cty.Value{"action":cty.ListValEmpty(cty.Object(map[string]cty.Type{"allow":cty.List(cty.Object(map[string]cty.Type{"custom_request_handling":cty.List(cty.Object(map[string]cty.Type{"insert_header":cty.Set(cty.Object(map[string]cty.Type{"name":cty.String,
│ "value":cty.String}))}))})),
│ "block":cty.List(cty.Object(map[string]cty.Type{"custom_response":cty.List(cty.Object(map[string]cty.Type{"custom_response_body_key":cty.String,
│ "response_code":cty.Number,
│ "response_header":cty.Set(cty.Object(map[string]cty.Type{"name":cty.String,
│ "value":cty.String}))}))})),
│ "captcha":cty.List(cty.Object(map[string]cty.Type{"custom_request_handling":cty.List(cty.Object(map[string]cty.Type{"insert_header":cty.Set(cty.Object(map[string]cty.Type{"name":cty.String,
│ "value":cty.String}))}))})),
│ "challenge":cty.List(cty.Object(map[string]cty.Type{"custom_request_handling":cty.List(cty.Object(map[string]cty.Type{"insert_header":cty.Set(cty.Object(map[string]cty.Type{"name":cty.String,
│ "value":cty.String}))}))})),
│ "count":cty.List(cty.Object(map[string]cty.Type{"custom_request_handling":cty.List(cty.Object(map[string]cty.Type{"insert_header":cty.Set(cty.Object(map[string]cty.Type{"name":cty.String,
│ "value":cty.String}))}))}))})),
│ "captcha_config":cty.ListValEmpty(cty.Object(map[string]cty.Type{"immunity_time_property":cty.List(cty.Object(map[string]cty.Type{"immunity_time":cty.Number}))})),
│ "name":cty.StringVal("AWS-AWSManagedRulesSQLiRuleSet"),
│ "override_action":cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"count":cty.ListValEmpty(cty.EmptyObject),
│ "none":cty.ListVal([]cty.Value{cty.EmptyObjectVal})})}),
│ "priority":cty.NumberIntVal(4),
│ "rule_label":cty.SetValEmpty(cty.Object(map[string]cty.Type{"name":cty.String})),
│ "statement":cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"and_statement":cty.ListValEmpty(cty.Object(map[string]cty.Type{"statement":cty.List(cty.Object(map[string]cty.Type{"and_statement":cty.List(cty.Object(map[string]cty.Type{"statement":cty.List(cty.Object(map[string]cty.Type{"and_statement":cty.List(cty.Object(map[string]cty.Type{"statement":cty.List(cty.Object(map[string]cty.Type{"byte_match_statement":cty.List(cty.Object(map[string]cty.Type{"field_to_match":cty.List(cty.Object(map[string]cty.Type{"all_query_arguments":cty.List(cty.EmptyObject),
│ "body":cty.List(cty.Object(map[string]cty.Type{"oversize_handling":cty.String})),
│ "cookies":cty.List(cty.Object(map[string]cty.Type{"match_pattern":cty.List(cty.Object(map[string]cty.Type{"all":cty.List(cty.EmptyObject),
│ "excluded_cookies":cty.List(cty.String),
│ "included_cookies":cty.List(cty.String)})), "match_scope":cty.String,
│ "oversize_handling":cty.String})),
│ "headers":cty.List(cty.Object(map[string]cty.Type{"match_pattern":cty.List(cty.Object(map[string]cty.Type{"all":cty.List(cty.EmptyObject),
│ "excluded_headers":cty.List(cty.String),
│ "included_headers":cty.List(cty.String)})), "match_scope":cty.String,
│ "oversize_handling":cty.String})),
│ "json_body":cty.List(cty.Object(map[string]cty.Type{"invalid_fallback_behavior":cty.String,
│ "match_pattern":cty.List(cty.Object(map[string]cty.Type{"all":cty.List(cty.EmptyObject),
│ "included_paths":cty.List(cty.String)})), "match_scope":cty.String,
│ "oversize_handling":cty.String})), "method":cty.List(cty.EmptyObject),
│ "query_string":cty.List(cty.EmptyObject),
│ "single_header":cty.List(cty.Object(map[string]cty.Type{"name":cty.String})),
│ "single_query_argument":cty.List(cty.Object(map[string]cty.Type{"name":cty.String})),
│ "uri_path":cty.List(cty.EmptyObject)})),
│ "positional_constraint":cty.String, "search_string":cty.String,
│ "text_transformation":cty.Set(cty.Object(map[string]cty.Type{"priority":cty.Number,
│ "type":cty.String}))})),
│ "geo_match_statement":cty.List(cty.Object(map[string]cty.Type{"country_codes":cty.List(cty.String),
│ "forwarded_ip_config":cty.List(cty.Object(map[string]cty.Type{"fallback_behavior":cty.String,
│ "header_name":cty.String}))})),
│ "ip_set_reference_statement":cty.List(cty.Object(map[string]cty.Type{"arn":cty.String,
│ "ip_set_forwarded_ip_config":cty.List(cty.Object(map[string]cty.Type{"fallback_behavior":cty.String,
│ "header_name":cty.String, "position":cty.String}))})),
│ "label_match_statement":cty.List(cty.Object(map[string]cty.Type{"key":cty.String,
│ "scope":cty.String})),
│ "regex_match_statement":cty.List(cty.Object(map[string]cty.Type{"field_to_match":cty.List(cty.Object(map[string]cty.Type{"all_query_arguments":cty.List(cty.EmptyObject),
│ "body":cty.List(cty.Object(map[string]cty.Type{"oversize_handling":cty.String})),
│ "cookies":cty.List(cty.Object(map[string]cty.Type{"match_pattern":cty.List(cty.Object(map[string]cty.Type{"all":cty.List(cty.EmptyObject),
│ "excluded_cookies":cty.List(cty.String),
│ "included_cookies":cty.List(cty.String)})), "match_scope":cty.String,
│ "oversize_handling":cty.String})),
│ "headers":cty.List(cty.Object(map[string]cty.Type{"match_pattern":cty.List(cty.Object(map[string]cty.Type{"all":cty.List(cty.EmptyObject),
│ "excluded_headers":cty.List(cty.String),
│ "included_headers":cty.List(cty.String)})), "match_scope":cty.String,
│ "oversize_handling":cty.String})),
│ "json_body":cty.List(cty.Object(map[string]cty.Type{"invalid_fallback_behavior":cty.String,
│ "match_pattern":cty.List(cty.Object(map[string]cty.Type{"all":cty.List(cty.EmptyObject),
│ "included_paths":cty.List(cty.String)})), "match_scope":cty.String,
│ "oversize_handling":cty.String})), "method":cty.List(cty.EmptyObject),
│ "query_string":cty.List(cty.EmptyObject),
│ "single_header":cty.List(cty.Object(map[string]cty.Type{"name":cty.String})),
│ "single_query_argument":cty.List(cty.Object(map[string]cty.Type{"name":cty.String})),
│ "uri_path":cty.List(cty.EmptyObject)})), "regex_string":cty.String,
│ "text_transformation":cty.Set(cty.Object(map[string]cty.Type{"priority":cty.Number,
│ "type":cty.String}))})),
│ "regex_pattern_set_reference_statement":cty.List(cty.Object(map[string]cty.Type{"arn":cty.String,
│ "field_to_match":cty.List(cty.Object(map[string]cty.Type{"all_query_arguments":cty.List(cty.EmptyObject),
│ "body":cty.List(cty.Object(map[string]cty.Type{"oversize_handling":cty.String})),
│ "cookies":cty.List(cty.Object(map[string]cty.Type{"match_pattern":cty.List(cty.Object(map[string]cty.Type{"all":cty.List(cty.EmptyObject),
│ "excluded_cookies":cty.List(cty.String),
│ "included_cookies":cty.List(cty.String)})), "match_scope":cty.String,
│ "oversize_handling":cty.String})),
│ "headers":cty.List(cty.Object(map[string]cty.Type{"match_pattern":cty.List(cty.Object(map[string]cty.Type{"all":cty.List(cty.EmptyObject),
│ "excluded_headers":cty.List(cty.String),
│ "included_headers":cty.List(cty.String)})), "match_scope":cty.String,
│ "oversize_handling":cty.String})),
│ "json_body":cty.List(cty.Object(map[string]cty.Type{"invalid_fallback_behavior":cty.String,
│ "match_pattern":cty.List(cty.Object(map[string]cty.Type{"all":cty.List(cty.EmptyObject),
│ "included_paths":cty.List(cty.String)})), "match_scope":cty.String,
│ "oversize_handling":cty.String})), "method":cty.List(cty.EmptyObject),
│ "query_string":cty.List(cty.EmptyObject),
│ "single_header":cty.List(cty.Object(map[string]cty.Type{"name":cty.String})),
│ "single_query_argument":cty.List(cty.Object(map[string]cty.Type{"name":cty.String})),
│ "uri_path":cty.List(cty.EmptyObject)})),
│ "text_transformation":cty.Set(cty.Object(map[string]cty.Type{"priority":cty.Number,
│ "type":cty.String}))})),
│ "size_constraint_statement":cty.List(cty.Object(map[string]cty.Type{"comparison_operator":cty.String,
│ "field_to_match":cty.List(cty.Object(map[string]cty.Type{"all_query_arguments":cty.List(cty.EmptyObject),
│ "body":cty.List(cty.Object(map[string]cty.Type{"oversize_handling":cty.String})),
│ "cookies":cty.List(cty.Object(map[string]cty.Type{"match_pattern":cty.List(cty.Object(map[string]cty.Type{"all":cty.List(cty.EmptyObject),
│ "excluded_cookies":cty.List(cty.String),
│ "included_cookies":cty.List(cty.String)})), "match_scope":cty.String,
│ "oversize_handling":cty.String})),
│ "headers":cty.List(cty.Object(map[string]cty.Type{"match_pattern":cty.List(cty.Object(map[string]cty.Type{"all":cty.List(cty.EmptyObject),
│ "excluded_headers":cty.List(cty.String),

.
.
.
| This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.

Output seems repetitive and too long to put here.

Terraform Configuration Files


resource "aws_wafv2_web_acl" "main" {
  name        = local.wafv2_name
  description = var.description
  scope       = var.scope

  dynamic "custom_response_body" {
    for_each = coalesce(var.custom_responses, {})
    content {
      key          = custom_response_body.key
      content      = custom_response_body.value.content
      content_type = custom_response_body.value.content_type
    }
  }

  default_action {
    dynamic "block" {
      for_each = var.block_by_default ? [1] : []
      content {
        dynamic "custom_response" {
          for_each = var.block_custom_response != null ? [1] : []
          content {
            custom_response_body_key = var.block_custom_response.custom_response_body_key
            response_code            = var.block_custom_response.response_code
          }
        }
      }
    }

    dynamic "allow" {
      for_each = var.block_by_default ? [] : [1]
      content {}
    }
  }

  dynamic "rule" {
    for_each = var.allow_ip_addresses

    content {
      name     = "${local.allow_ip_addresses_name_prefix}-${rule.key}"
      priority = rule.value.priority

      action {
        allow {
          dynamic "custom_request_handling" {
            for_each = rule.value.bypass_cognito ? [1] : []
            content {
              insert_header {
                name  = "ip-whitelist"
                value = "to-bypass-cognito"
              }
            }
          }
        }
      }

      statement {
        ip_set_reference_statement {
          arn = aws_wafv2_ip_set.allowed_ip_set[rule.key].arn
        }
      }

      visibility_config {
        cloudwatch_metrics_enabled = true
        sampled_requests_enabled   = true
        metric_name                = "${local.allow_ip_addresses_name_prefix}-${rule.key}"
      }
    }
  }

  dynamic "rule" {
    for_each = aws_wafv2_ip_set.blocked_ip_set

    content {
      name     = rule.key
      priority = var.block_ip_addresses[rule.key].priority

      action {
        block {}
      }

      statement {
        ip_set_reference_statement {
          arn = rule.value.arn
        }
      }

      visibility_config {
        cloudwatch_metrics_enabled = true
        sampled_requests_enabled   = true
        metric_name                = "${local.allow_ip_addresses_name_prefix}-${rule.key}"
      }
    }
  }

  dynamic "rule" {
    for_each = length(var.block_country_codes) != 0 ? [1] : []
    content {
      name     = local.block_countries_rule_name
      priority = 0

      statement {
        geo_match_statement {
          country_codes = var.block_country_codes
        }
      }

      action {
        block {}
      }

      visibility_config {
        cloudwatch_metrics_enabled = true
        metric_name                = local.block_countries_rule_name
        sampled_requests_enabled   = true
      }
    }
  }

  dynamic "rule" {
    for_each = var.allow_uri_path
    content {
      name     = "${local.allow_uri_path_prefix}-${rule.key}"
      priority = rule.value.priority

      statement {
        byte_match_statement {
          field_to_match {
            uri_path {}
          }
          positional_constraint = rule.value.positional_constraint
          search_string         = rule.value.search_string
          text_transformation {
            priority = rule.value.text_transform_priority
            type     = rule.value.text_transform_type
          }
        }
      }

      action {
        allow {}
      }

      visibility_config {
        cloudwatch_metrics_enabled = true
        metric_name                = "${local.allow_uri_path_prefix}-${rule.key}"
        sampled_requests_enabled   = true
      }
    }
  }

  //  To Count
  dynamic "rule" {
    for_each = coalesce(var.aws_managed_rule_sets_to_count, {})
    content {
      name     = "AWS-${rule.key}"
      priority = rule.value.priority
      statement {
        managed_rule_group_statement {
          name        = rule.key
          vendor_name = "AWS"

          dynamic "excluded_rule" {
            for_each = coalesce(rule.value.excluded_rules, [])
            content {
              name = excluded_rule.value
            }
          }
        }
      }

      override_action {
        count {}
      }

      visibility_config {
        sampled_requests_enabled   = true
        cloudwatch_metrics_enabled = true
        metric_name                = "AWS-${rule.key}"
      }
    }
  }

  //  To Block
  dynamic "rule" {
    for_each = coalesce(var.aws_managed_rule_sets_to_block, {})
    content {
      name     = "AWS-${rule.key}"
      priority = rule.value.priority
      statement {
        managed_rule_group_statement {
          name        = rule.key
          vendor_name = "AWS"

          dynamic "excluded_rule" {
            for_each = coalesce(rule.value.excluded_rules, [])
            content {
              name = excluded_rule.value
            }
          }
        }
      }

      override_action {
        none {}
      }

      visibility_config {
        sampled_requests_enabled   = true
        cloudwatch_metrics_enabled = true
        metric_name                = "AWS-${rule.key}"
      }
    }
  }

  visibility_config {
    sampled_requests_enabled   = true
    cloudwatch_metrics_enabled = true
    metric_name                = local.wafv2_name
  }

  tags = module.names.tags
}

resource "aws_wafv2_ip_set" "allowed_ip_set" {
  for_each           = var.allow_ip_addresses
  name               = "${local.allow_ip_addresses_name_prefix}-${each.key}"
  description        = "Whitelisted IPs for ${each.key}"
  scope              = var.scope
  ip_address_version = "IPV4"

  # Add list of ip addresses
  # addresses = [for ip in each.value.ips : "${cidrhost("${ip}/32", 0)}/32"]
  addresses = each.value.ips

  tags = module.names.tags
}

resource "aws_wafv2_ip_set" "blocked_ip_set" {
  for_each           = var.block_ip_addresses
  name               = "${local.block_ip_addresses_name_prefix}-${each.key}"
  description        = "Block ${each.key} IPs"
  scope              = var.scope
  ip_address_version = "IPV4"

  addresses = [
    for ip in split("\r\n", file(each.value.ips_file_path)) : contains(["/"], ip) ? cidrsubnet(ip, 0, 0) : cidrsubnet("${ip}/32", 0, 0)
  ]
}

### Steps to Reproduce

We used terragrunt, terragrunt apply and typed "yes" produces error above.

### Debug Output

_No response_

### Panic Output

_No response_

### Important Factoids

_No response_

### References

_No response_

### Would you like to implement a fix?

None

github-actions[bot] commented 1 year ago

Community Note

Voting for Prioritization

Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
Please see our prioritization guide for information on how we prioritize.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.

ddouglas commented 1 year ago

I had a very similar issue with managed_rule_group_statements earlier this week. the workaround that i figured out was to define something in the empty blocks that have properties in them. We also programmatically generate our terraform as json but you should get the gist from below

{
  "aws_wafv2_web_acl": {
    "[REDACTED]": {
      "default_action": {
        "allow": [
          {}
        ]
      },
      "description": "[REDACTED]",
      "name": "[REDACTED]",
      "rule": [
        {
          "name": "AWSManagedRulesCommonRuleSet",
          "priority": 0,
          "action": null,
          "override_action": [
            {
              "none": {}
            }
          ],
          "statement": [
            {
              "managed_rule_group_statement": {
                "name": "AWSManagedRulesCommonRuleSet",
                "rule_action_override": {
                  "name": "AWSManagedRulesCommonRuleSet",
                  "action_to_use": {
                    "block": [
                      {
                        "custom_response": {
                          "response_code": 200 // This is faked
                        }
                      }
                    ]
                  }
                },
                "managed_rule_group_configs": null,
                "vendor_name": "AWS"
              }
            }
          ],
          "visibility_config": [
            {
              "cloudwatch_metrics_enabled": true,
              "metric_name": "[REDACTED]-AWSManagedRulesCommonRuleSet",
              "sampled_requests_enabled": true
            }
          ]
        },
        {
          "name": "AWSManagedRulesAmazonIpReputationList",
          "priority": 1,
          "action": null,
          "override_action": [
            {
              "none": {}
            }
          ],
          "statement": [
            {
              "managed_rule_group_statement": {
                "name": "AWSManagedRulesAmazonIpReputationList",
                "rule_action_override": {
                  "name": "AWSManagedRulesAmazonIpReputationList",
                  "action_to_use": {
                    "block": [
                      {
                        "custom_response": {
                          "response_code": 200 // This is faked
                        }
                      }
                    ]
                  }
                },
                "managed_rule_group_configs": null,
                "vendor_name": "AWS"
              }
            }
          ],
          "visibility_config": [
            {
              "cloudwatch_metrics_enabled": true,
              "metric_name": "[REDACTED]-AWSManagedRulesAmazonIpReputationList",
              "sampled_requests_enabled": true
            }
          ]
        },
        {
          "name": "AWSManagedRulesBotControlRuleSet",
          "priority": 2,
          "action": null,
          "override_action": [
            {
              "count": {}
            }
          ],
          "statement": [
            {
              "managed_rule_group_statement": {
                "name": "AWSManagedRulesBotControlRuleSet",
                "rule_action_override": {
                  "name": "AWSManagedRulesBotControlRuleSet",
                  "action_to_use": {
                    "count": [
                      {
                        "custom_request_handling": {
                          "insert_header": [
                            {
                              "name": "fake",
                              "value": "value"
                            }
                          ]
                        }
                      }
                    ]
                  }
                },
                "managed_rule_group_configs": null,
                "vendor_name": "AWS"
              }
            }
          ],
          "visibility_config": [
            {
              "cloudwatch_metrics_enabled": true,
              "metric_name": "[REDACTED]-AWSManagedRulesBotControlRuleSet",
              "sampled_requests_enabled": true
            }
          ]
        },
        {
          "name": "AWSManagedRulesKnownBadInputsRuleSet",
          "priority": 3,
          "action": null,
          "override_action": [
            {
              "count": {}
            }
          ],
          "statement": [
            {
              "managed_rule_group_statement": {
                "name": "AWSManagedRulesKnownBadInputsRuleSet",
                "rule_action_override": {
                  "name": "AWSManagedRulesKnownBadInputsRuleSet",
                  "action_to_use": {
                    "count": [
                      {
                        "custom_request_handling": {
                          "insert_header": [
                            {
                              "name": "fake",
                              "value": "value"
                            }
                          ]
                        }
                      }
                    ]
                  }
                },
                "managed_rule_group_configs": null,
                "vendor_name": "AWS"
              }
            }
          ],
          "visibility_config": [
            {
              "cloudwatch_metrics_enabled": true,
              "metric_name": "[REDACTED]-AWSManagedRulesKnownBadInputsRuleSet",
              "sampled_requests_enabled": true
            }
          ]
        }
      ],
      "scope": "CLOUDFRONT",
      "visibility_config": {
        "cloudwatch_metrics_enabled": false,
        "metric_name": "[REDACTED]",
        "sampled_requests_enabled": false
      }
    }
  }
}

ddouglas commented 1 year ago

This is most likely a duplicate of https://github.com/hashicorp/terraform-provider-aws/issues/23992, which has some helpful information

YakDriver commented 1 year ago

NOTE: I cannot reproduce this error using Terraform v1.5+/AWS provider v5.7+ after trying various configurations. Retry using a minimum of Terraform v1.4.2/AWS provider v4.67.0 but preferably Terraform v1.5.3+/AWS provider v5.8.0+ and let us know if this is still a problem! If we don't hear back and can't reproduce, we plan to close this on or around July 20, 2023. The evidence suggests this is OBE (ie, fixed in the interim).

For more details see #23992 (comment) and #28672 (comment).

ferschubert-hm commented 1 year ago

A similar error with Terraform v1.3.3 and AWS provider 5.8, fix is to upgrade Terraform to 1.5.3.

justinretzolk commented 1 year ago

Hi all :wave: As was mentioned above, this issue appears to be fixed when using a minimum Terraform version of 1.4.2 and a minimum AWS Provider version of 4.67.0 (preferably Terraform 1.5.3 or later and AWS Provider 5.8.0 or later). If you experience additional unexpected behaviors with versions that meet these parameters, please open a new issue so that we can investigate further.

ananth-manney commented 1 year ago

Hi All,

we have updated the AWS provider version to 4.67.0 and 5.8.0 and 5.11.0. But we still see the below error. Error: Provider produced inconsistent final plan When expanding the plan for aws_wafv2_web_acl.cnbej92222twebacl001 to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" produced an invalid new value for .rule: planned set element cty.ObjectVal(map[string]cty.Value{"action":cty.ListValEmpty(cty.Object(map[string]cty.Type{"allow":cty.List(cty.Object(map[string]cty.Type{"custom_request_handling":cty.List(cty.Object(map[string]cty.Type{"insert_header":cty.Set(cty.Object(map[string]cty.Type{"name":cty.String, "value":cty.String}))}))})), "block":cty.List(cty.Object(map[string]cty.Type{"custom_response":cty.List(cty.Object(map[string]cty.Type{"custom_response_body_key":cty.String, "response_code":cty.Number, "response_header":cty.Set(cty.Object(map[string]cty.Type{"name":cty.String, "value":cty.String}))}))})), "captcha":cty.List(cty.Object(map[string]cty.Type{"custom_request_handling":cty.List(cty.Object(map[string]cty.Type{"insert_header":cty.Set(cty.Object(map[string]cty.Type{"name":cty.String, "value":cty.String}))}))})),

"single_query_argument":cty.List(cty.Object(map[string]cty.Type{"name":cty.String})), "uri_path":cty.List(cty.EmptyObject)})), "text_transformation":cty.Set(cty.Object(map[string]cty.Type{"priority":cty.Number, "type":cty.String}))}))})}), "visibility_config":cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"cloudwatch_metrics_enabled":cty.True, "metric_name":cty.StringVal("AWSManagedRulesSQLiRuleSet"), "sampled_requests_enabled":cty.True})})}) does not correlate with any element in actual. This is a bug in the provider, which should be reported in the provider's own issue tracker.

PoonamTiwari77 commented 1 year ago

Hey, just wanted to know which terraform version you are using.

ananth-manney commented 1 year ago

Hi Team,

We tried with 4.67.0 and 4.28.0 as well but still no luck.

Thanks, Ananth.

From: bq-poonam-28 @.> Sent: Monday, August 14, 2023 7:11 AM To: hashicorp/terraform-provider-aws @.> Cc: Manney, Ananth (ext) @.>; Comment @.> Subject: Re: [hashicorp/terraform-provider-aws] [Bug]: aws_wafv2_web_acl Error: Provider produced inconsistent final plan (Issue #30858)

Hey, I just wanted to know which terraform version you are using? — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented. Message ID: hashicorp/terraform-provider-aws/issues/30858/1677127260@ github. com

Hey, I just wanted to know which terraform version you are using?

— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/hashicorp/terraform-provider-aws/issues/30858*issuecomment-1677127260__;Iw!!KDurfCY!95O8OklExd55kVW3ArcRJaPSO941u86oS9e_1DC0J8hy5k7zzwTdbi1FdQG1eU5xnYxV_sinOkMOmJ6FAyjuNq79uKc$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AZ3W2GRTV7FLSX25RTRTPILXVIBT7ANCNFSM6AAAAAAXGVX3OY__;!!KDurfCY!95O8OklExd55kVW3ArcRJaPSO941u86oS9e_1DC0J8hy5k7zzwTdbi1FdQG1eU5xnYxV_sinOkMOmJ6FAyjuOQB_2MY$. You are receiving this because you commented.Message ID: @.***>

The content of this email and of any files transmitted may contain confidential, proprietary or legally privileged information and is intended solely for the use of the person/s or entity/ies to whom it is addressed. If you have received this email in error you have no permission whatsoever to use, copy, disclose or forward all or any of its contents. Please immediately notify the sender and thereafter delete this email and any attachments.

ananth-manney commented 1 year ago

Hi Team,

We tried with AWS provider version 4.67.0 and 4.28.0 and terraform version used is 1.3.9 but still no luck.

Thanks, Ananth.

From: Manney, Ananth (ext) Sent: Monday, August 14, 2023 9:19 AM To: hashicorp/terraform-provider-aws @.>; hashicorp/terraform-provider-aws @.> Cc: Comment @.>; Wang, Steven 2 @.>; Chen, Xize (ext) @.***> Subject: RE: [hashicorp/terraform-provider-aws] [Bug]: aws_wafv2_web_acl Error: Provider produced inconsistent final plan (Issue #30858)

Hi Team,

We tried with 4.67.0 and 4.28.0 as well but still no luck.

Thanks, Ananth.

From: bq-poonam-28 @.**@.>> Sent: Monday, August 14, 2023 7:11 AM To: hashicorp/terraform-provider-aws @.**@.>> Cc: Manney, Ananth (ext) @.**@.>>; Comment @.**@.>> Subject: Re: [hashicorp/terraform-provider-aws] [Bug]: aws_wafv2_web_acl Error: Provider produced inconsistent final plan (Issue #30858)

Hey, I just wanted to know which terraform version you are using? — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented. Message ID: hashicorp/terraform-provider-aws/issues/30858/1677127260@ github. com

Hey, I just wanted to know which terraform version you are using?

— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/hashicorp/terraform-provider-aws/issues/30858*issuecomment-1677127260__;Iw!!KDurfCY!95O8OklExd55kVW3ArcRJaPSO941u86oS9e_1DC0J8hy5k7zzwTdbi1FdQG1eU5xnYxV_sinOkMOmJ6FAyjuNq79uKc$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AZ3W2GRTV7FLSX25RTRTPILXVIBT7ANCNFSM6AAAAAAXGVX3OY__;!!KDurfCY!95O8OklExd55kVW3ArcRJaPSO941u86oS9e_1DC0J8hy5k7zzwTdbi1FdQG1eU5xnYxV_sinOkMOmJ6FAyjuOQB_2MY$. You are receiving this because you commented.Message ID: @.**@.>>

The content of this email and of any files transmitted may contain confidential, proprietary or legally privileged information and is intended solely for the use of the person/s or entity/ies to whom it is addressed. If you have received this email in error you have no permission whatsoever to use, copy, disclose or forward all or any of its contents. Please immediately notify the sender and thereafter delete this email and any attachments.

PoonamTiwari77 commented 1 year ago

Have you tried with terraform version 1.5.3+ and aws provider 5.11.0+

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashicorp / terraform-provider-aws

[Bug]: aws_wafv2_web_acl Error: Provider produced inconsistent final plan #30858

23390

23423

23936

23992

24386

27175

27273

27479

28191

28672

29012

29304

Terraform Core Version

AWS Provider Version

Affected Resource(s)

Expected Behavior

Actual Behavior

Relevant Error/Panic Output Snippet

Terraform Configuration Files

Community Note