[Bug]: terraform.tfstate has not actual state after terraform apply

[EugenKon]

Terraform Core Version

v1.8.4

AWS Provider Version

v4.67.0

Affected Resource(s)

• aws_lb

Expected Behavior

After

# Change subnets:
terraform plan -target aws_lb.public -out alb
terraform apply alb
# Change other subnets:
terraform plan -target aws_lb.public -out alb
terraform apply alb

subnet_mapping should be in actual state, eg. all new subnets should be there.

Actual Behavior

After the first change was applied:

resource "aws_lb" "public" {
  name         = "public-WWW"

  subnets = [
    aws_subnet.a_prd_plntr.id,
    aws_subnet.b_prd_plntr.id,
-    aws_subnet.c_prd_plntr.id,
-    aws_subnet.d_prd_plntr.id,
+    aws_subnet.c_public_prd_plntr.id,
+    aws_subnet.d_public_prd_plntr.id,
  ]
  ...
}

I got correct state.

But after the second change was applied:

resource "aws_lb" "public" {
  name         = "public-WWW"

  subnets = [
-    aws_subnet.a_prd_plntr.id,
-    aws_subnet.b_prd_plntr.id,
+    aws_subnet.a_public_prd_plntr.id,
+    aws_subnet.b_public_prd_plntr.id,
    aws_subnet.c_public_prd_plntr.id,
    aws_subnet.d_public_prd_plntr.id,
  ]
  ...
}

The new TF state does not reflect the actual state.

It was fixed only by running:

terraform plan -target aws_lb.public -out alb -refresh-only
terraform apply -refresh-only alb

The usual:

terraform plan -target aws_lb.public -out alb

does not see the changes:

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

See actual behaviour section.

Steps to Reproduce

1. Change two subnets for ALB
2. Apply changes
3. Change another two subnets for ALB
4. Apply changes

Details are at actual behaviour section.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[justinretzolk]

Hey @EugenKon 👋 Thank you for taking the time to raise this! We'll need a sample Terraform configuration that can be used to reproduce this in order to look into it. Are you able to provide that and, if possible, debug logs (redacted as needed)?

[EugenKon]

@justinretzolk Yes, I can send the full configuration. Can you provide the email address? Unfortunately the default one for private post does not work: https://github.com/hashicorp/nomad/issues/23168

[justinretzolk]

Hey @EugenKon 👋 I'm not immediately aware of an email address that we'd use for sending that kind of thing. Generally, we'd prefer an upload with files encrypted with out GPG key. Here's the relevant snippet from the bug form:

Here, we ask that you provide the Terraform configuration and, when possible, the debug logs. For configurations or logs of more than just a few lines, it's preferred to either share a Gist link or zip the files and upload them.

Terraform configurations or debug logs under 25MB may be attached directly in the field. Files larger than this should be uploaded to a file hosting service and a link shared.

For your security you can also encrypt the files using our GPG public key.

[EugenKon]

@justinretzolk Do I miss something? This is the link not to "GPG public key", but to some Chat application. I am not sure how to use that chat application to encrypt files.

[justinretzolk]

@EugenKon Near the top of the page, the key's fingerprint is shown. If you click on it, a modal appears that has the public key. Thanks for following up on that -- something to keep in mind to add to the form as well.

[justinretzolk]

Hey @EugenKon 👋 I wanted to follow up on this one. I know on another issue, we discussed how the -target flag was the culprit for some aspects of Terraform not behaving as you'd expected; did this seem to be a similar situation?