azurem_virtual_network - inconsistent final plan

rybakovanton-metta commented 1 month ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.3

AzureRM Provider Version

3.114.0

Affected Resource(s)/Data Source(s)

azurem_virtual_network

Terraform Configuration Files

prefixes

var.subnet = 10.128.1.0/24
module.rs_subnet.prefix = 172.16.2.0/27
module.vng_subnet.prefix = 172.16.2.32/27

resource "azurerm_resource_group" "rg" {
  name     = var.name
  location = "Germany West Central"
}

resource "azurerm_virtual_network" "main" {
  name                = var.name
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  address_space       = [var.subnet, module.rs_subnet.prefix, module.vng_subnet.prefix]

  tags = {
    Project = var.project
  }
}

Debug Output/Panic Output

Error: Provider produced inconsistent final plan
│
│ When expanding the plan for <skip>module.azr[0].azurerm_virtual_network.main to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for .address_space: was null, but now cty.ListVal([]cty.Value{cty.StringVal("10.128.1.0/24"), cty.StringVal("172.16.2.0/27"),
│ cty.StringVal("172.16.2.32/27")}).
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.

Expected Behaviour

virtual network must be created

Actual Behaviour

It created on second start of apply

Steps to Reproduce

just apply with this config

Important Factoids

location germany west central

References

No response

sinbai commented 1 month ago

Hi @rybakovanton-metta thanks for opening this issue. Unfortunately, I am unable to reproduce above issue, details are below. Could you please check again?

rybakovanton-metta commented 1 month ago

it's happening all the time. but after fail, I just "apply" second time and all going fine.

git:(v3.1) ✗ terraform -v
Terraform v1.9.3
on darwin_arm64

+ provider registry.terraform.io/hashicorp/azurerm v3.114.0

I tried with "subnet":

resource "azurerm_virtual_network" "main" {
  name                = var.name
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  address_space       = [var.subnet, module.rs_subnet.prefix, module.vng_subnet.prefix]
  subnet {
    name                 = "subnet-${var.name}"
    address_prefix     = var.subnet
  }

  tags = {
    Project = var.project
  }
  depends_on = [ time_sleep.wait_rg ]
}

no luck. reverted config back and turned full debug. Here some info

2024-08-14T23:37:58.108+0800 [DEBUG] Resource instance state not found for node "module.cloud_vpc[\"devnet-azr-en1-k8sm-01\"].module.azr[0].azurerm_virtual_network.main", instance module.cloud_vpc["devnet-azr-en1-k8sm-01"].module.azr[0].azurerm_virtual_network.main
<skip>
2024-08-14T23:37:58.109+0800 [DEBUG] refresh: module.cloud_vpc["devnet-azr-en1-k8sm-01"].module.azr[0].azurerm_virtual_network.main: no state, so not refreshing
<skip>
2024-08-14T23:37:58.109+0800 [DEBUG] refresh: module.cloud_vpc["devnet-azr-en1-k8sm-01"].module.azr[0].azurerm_virtual_network.main: no state, so not refreshing
2024-08-14T23:37:58.111+0800 [WARN]  Provider "registry.terraform.io/hashicorp/azurerm" produced an invalid plan for module.cloud_vpc["devnet-azr-en1-k8sm-01"].module.azr[0].azurerm_virtual_network.main, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .address_space: planned value cty.NullVal(cty.List(cty.String)) does not match config value cty.ListVal([]cty.Value{cty.StringVal("10.128.1.0/24"), cty.UnknownVal(cty.String), cty.UnknownVal(cty.String)})
<skip>
2024-08-14T23:39:00.281+0800 [DEBUG] ReferenceTransformer: "module.cloud_vpc.module.azr.azurerm_subnet.vng_subnet (expand)" references: [module.cloud_vpc.module.azr.module.vng_subnet.output.prefix (expand) module.cloud_vpc["devnet-azr-en1-k8sm-01"].module.azr[0].azurerm_resource_group.rg module.cloud_vpc["devnet-azr-en1-k8sm-01"].module.azr[0].azurerm_resource_group.rg module.cloud_vpc.module.azr.azurerm_resource_group.rg (expand) module.cloud_vpc.module.azr.azurerm_virtual_network.main (expand) module.cloud_vpc["devnet-azr-en1-k8sm-01"].module.azr[0].azurerm_virtual_network.main module.cloud_vpc["devnet-azr-en1-k8sm-01"].module.azr[0].azurerm_virtual_network.main]
<skip>
2024-08-14T23:39:34.023+0800 [ERROR] vertex "module.cloud_vpc[\"devnet-azr-en1-k8sm-01\"].module.azr[0].azurerm_virtual_network.main" error: Provider produced inconsistent final plan

some strings with "reference" or "expand" can I check something more, to find what is wrong?

sinbai commented 1 month ago

Could you reproduce the issue using the config in the screenshot above? If not, could you try outputting the values of var.subnet, module.rs_subnet.prefix, module.vng_subnet.prefix to see if they match what you expect?

rybakovanton-metta commented 1 month ago

It's weird. I set it with constants. it's working.

resource "azurerm_virtual_network" "main" {
  name                = var.name
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
 # address_space       = [var.subnet, module.rs_subnet.prefix, module.vng_subnet.prefix]
 address_space = ["10.128.1.0/24", "172.16.2.0/27", "172.16.2.32/27"]
  tags = {
    Project = var.project
  }
  depends_on = [ time_sleep.wait_rg ]
}

and I made output for values from modules

output "_azr_sub" {
  value = var.subnet
}
output "_azr_rs" {
  value = module.rs_subnet.prefix
}
output "_azr_vng" {
  value = module.vng_subnet.prefix
}

and this is the output. It's same as constants that I set in config

main_tf = {
  "_azr_rs" = "172.16.2.32/27"
  "_azr_sub" = "10.128.1.0/24"
  "_azr_vng" = "172.16.2.0/27"

I thought, terraform did not create enough dependencies and set it in code

terraform graph | grep azurerm_virtual_network
"module.cloud_vpc.module.azr.azurerm_virtual_network.main" -> "module.cloud_vpc.module.azr.time_sleep.wait_rg"

terraform graph | grep module.cloud_vpc.module.azr.time_sleep.wait_rg
  "module.cloud_vpc.module.azr.time_sleep.wait_rg" -> "module.cloud_vpc.module.azr.azurerm_resource_group.rg";
  "module.cloud_vpc.module.azr.time_sleep.wait_rg" -> "module.cloud_vpc.module.azr.module.rs_subnet.netbox_available_prefix.free";
  "module.cloud_vpc.module.azr.time_sleep.wait_rg" -> "module.cloud_vpc.module.azr.module.vng_subnet.netbox_available_prefix.free";

and revert configuration back

resource "azurerm_virtual_network" "main" {
  name                = var.name
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  address_space       = [var.subnet, module.rs_subnet.prefix, module.vng_subnet.prefix]
 #address_space = ["10.128.1.0/24", "172.16.2.0/27", "172.16.2.32/27"]
  tags = {
    Project = var.project
  }
  depends_on = [ time_sleep.wait_rg, module.rs_subnet, module.vng_subnet ]
}

on apply same result

 Error: Provider produced inconsistent final plan
│
│ When expanding the plan for module.cloud_vpc["devnet-azr-en1-k8sm-01"].module.azr[0].azurerm_virtual_network.main to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for .address_space: was null, but now cty.ListVal([]cty.Value{cty.StringVal("10.128.1.0/24"), cty.StringVal("172.16.2.0/27"),
│ cty.StringVal("172.16.2.32/27")}).
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.

and because there error I can't see output, but in error it shows right IP networks

sinbai commented 4 weeks ago

Given that azurerm_virtual_network works fine when using constants, I'm assuming this is an issue with the usage of the module. This forum is intended to be used for feature enhancements and bugs in the Azure Provider - so that we can keep this forum focused on that we instead ask that broader questions are raised using one of the Community Resources.

Thanks!

rybakovanton-metta commented 4 weeks ago

to my mind it's issue with provider anyway. even If there incorrect values and provider crashed then it is incorrect input parameters validation and In place of stop and show error it have a crash.

rybakovanton-metta commented 3 weeks ago

as I see with this part of error message "to include new values learned so far during apply" and my understanding, there was no values, because they calculated with apply stage. and this part of error message

"registry.terraform.io/hashicorp/azurerm" produced an invalid new value for .address_space: was null, but now cty.ListVal([]cty.Value{cty.StringVal("10.128.1.0/24"), cty.StringVal("172.16.2.0/27"), cty.StringVal("172.16.2.32/27")}).

explain that before was null (as expected) and after apply it have some real values (as expected) but provider and azurem_virtual_network resource can't figure out this situation.

hashicorp / terraform-provider-azurerm