hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.6k stars 4.65k forks source link

Error: Provider produced inconsistent final plan when creating Application Gateway #10893

Open marinmuso opened 3 years ago

marinmuso commented 3 years ago

Terraform and Provider Versions

Affected Resource

azurerm_application_gateway

Actual Behavior

Error: Provider produced inconsistent final plan

When expanding the plan for azurerm_application_gateway.appgw01 to include new values learned so far during apply, provider "registry.terraform.io/-/azurerm" produced an invalid new value for .ssl_certificate[0].data: inconsistent values for sensitive attribute.

This is a bug in the provider, which should be reported in the provider's own issue tracker.

Steps to Reproduce

Important Factoids

Has anyone come across this?

JustinGalbraith commented 2 years ago

Any update on this, I'm encountering the same problem.

I first upload two certificates to the Key Vault using azurerm_key_vault_certificate, read them back out with data.azurerm_key_vault_certificate and then use a dynamic ssl_certificate block based on the content of data.azurerm_key_vault_certificate to load it into an application gateway.

Everything on initial deployment and subsequent deployments works great. The problem comes in when I attempt to rotate 1 or the certificates. It will update in the Key Vault but then TF will abort with the same (or similar) error as the person above.

Error: Provider produced inconsistent final plan When expanding the plan for azurerm_application_gateway.app_gw to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for .ssl_certificate: planned set element cty.ObjectVal(map[string]cty.Value{"data":cty.StringVal(""), "id":cty.UnknownVal(cty.String), "key_vault_secret_id":cty.UnknownVal(cty.String), "name":cty.StringVal("XXXXXXXXXXXXXXXXXXXXXXXXXX"), "password":cty.StringVal(""), "public_cert_data":cty.UnknownVal(cty.String)}) does not correlate with any element in actual. This is a bug in the provider, which should be reported in the provider's own issue tracker.

AzureRM: 3.10.0 TF: 1.2.3

JustinGalbraith commented 2 years ago

Any update on this?

This is a pretty critical bug that prevents certificate rotation on the application gateway.