search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
42.6k stars 9.55k forks source link

aws_cloudfront_distribution.single_region_api_key: diffs didn't match during apply #20703

Closed ThomasRogersDAZN closed 5 years ago

ThomasRogersDAZN commented 5 years ago

Terraform Version

v0.11.11

Terraform Configuration Files

resource "aws_cloudfront_distribution" "single_region_api_key" {
  count   = "${!var.multi_region && var.custom_headers ? 1 : 0}"
  aliases = "${var.aliases}"

  origin {
    domain_name = "${var.origin_domain_name}"
    origin_path = "${var.origin_path}"
    origin_id   = "${var.origin_id}"

    custom_origin_config {
      http_port                = "${var.origin_http_port}"
      https_port               = "${var.origin_https_port}"
      origin_protocol_policy   = "https-only"
      origin_ssl_protocols     = "${var.origin_ssl_protocols}"
      origin_keepalive_timeout = "${var.origin_keepalive_timeout}"
      origin_read_timeout      = "${var.origin_read_timeout}"
    }

    custom_header {
      name = "x-api-key"
      value = "${var.api_key}"
    }
  }

  enabled         = "${var.enabled}"
  is_ipv6_enabled = "${var.is_ipv6_enabled}"
  comment         = "${var.comment}"

  default_cache_behavior {
    allowed_methods  = "${var.allowed_methods}"
    cached_methods   = "${var.cached_methods}"
    target_origin_id = "${var.origin_id}"

    forwarded_values {
      query_string = true
      headers      = "${var.forwarded_headers}"

      cookies {
        forward = "none"
      }
    }

    min_ttl                = "${var.cache_ttl["min"]}"
    default_ttl            = "${var.cache_ttl["default"]}"
    max_ttl                = "${var.cache_ttl["max"]}"
    compress               = true
    viewer_protocol_policy = "redirect-to-https"
  }

  price_class = "PriceClass_All"

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  viewer_certificate {
    acm_certificate_arn      = "${var.acm_certificate_arn}"
    minimum_protocol_version = "TLSv1_2016"
    ssl_support_method       = "sni-only"
  }

  web_acl_id = "${var.waf_protection == "Enabled" ? data.terraform_remote_state.secops.waf_web_acl_id : ""}"

  tags = "${
    merge(
      var.tags,
      map("WAFProtection", var.waf_protection)
    )
  }"
}

Crash Output

  Terraform Version: 0.11.11
    Resource ID: aws_cloudfront_distribution.single_region_api_key
    Mismatch reason: attribute mismatch: origin.3230331303.custom_header.#
    Diff One (usually from plan): *terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{"origin.~4086050432.custom_origin_config.0.https_port":*terraform.ResourceAttrDiff{Old:"", New:"443", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.3230331303.custom_origin_config.0.origin_ssl_protocols.#":*terraform.ResourceAttrDiff{Old:"1", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.3230331303.custom_origin_config.0.origin_ssl_protocols.3981581077":*terraform.ResourceAttrDiff{Old:"TLSv1.2", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~4086050432.custom_header.#":*terraform.ResourceAttrDiff{Old:"0", New:"1", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~4086050432.custom_origin_config.0.http_port":*terraform.ResourceAttrDiff{Old:"", New:"80", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.3230331303.custom_header.#":*terraform.ResourceAttrDiff{Old:"1", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.3230331303.custom_origin_config.0.origin_protocol_policy":*terraform.ResourceAttrDiff{Old:"https-only", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~4086050432.custom_origin_config.#":*terraform.ResourceAttrDiff{Old:"0", New:"1", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~4086050432.origin_id":*terraform.ResourceAttrDiff{Old:"", New:"authentication-service-dev-origin-id", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~4086050432.custom_header.615809506.name":*terraform.ResourceAttrDiff{Old:"", New:"x-api-key", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.3230331303.custom_origin_config.0.https_port":*terraform.ResourceAttrDiff{Old:"443", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~4086050432.custom_origin_config.0.origin_ssl_protocols.#":*terraform.ResourceAttrDiff{Old:"0", New:"1", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~4086050432.custom_header.615809506.value":*terraform.ResourceAttrDiff{Old:"", New:"**8***", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.3230331303.s3_origin_config.#":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.3230331303.custom_header.615809506.value":*terraform.ResourceAttrDiff{Old:"****", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~4086050432.custom_origin_config.0.origin_keepalive_timeout":*terraform.ResourceAttrDiff{Old:"", New:"5", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.3230331303.custom_origin_config.#":*terraform.ResourceAttrDiff{Old:"1", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~4086050432.s3_origin_config.#":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.3230331303.custom_origin_config.0.http_port":*terraform.ResourceAttrDiff{Old:"80", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~4086050432.origin_path":*terraform.ResourceAttrDiff{Old:"", New:"${var.origin_path}", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.3230331303.origin_id":*terraform.ResourceAttrDiff{Old:"authentication-service-dev-origin-id", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~4086050432.domain_name":*terraform.ResourceAttrDiff{Old:"", New:"${var.origin_domain_name}", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~4086050432.custom_origin_config.0.origin_protocol_policy":*terraform.ResourceAttrDiff{Old:"", New:"https-only", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~4086050432.custom_origin_config.0.origin_read_timeout":*terraform.ResourceAttrDiff{Old:"", New:"30", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.3230331303.custom_header.615809506.name":*terraform.ResourceAttrDiff{Old:"x-api-key", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.3230331303.domain_name":*terraform.ResourceAttrDiff{Old:"***execute-api.eu-central-1.amazonaws.com", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.3230331303.origin_path":*terraform.ResourceAttrDiff{Old:"/dev", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~4086050432.custom_origin_config.0.origin_ssl_protocols.3981581077":*terraform.ResourceAttrDiff{Old:"", New:"TLSv1.2", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.3230331303.custom_origin_config.0.origin_read_timeout":*terraform.ResourceAttrDiff{Old:"30", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.3230331303.custom_origin_config.0.origin_keepalive_timeout":*terraform.ResourceAttrDiff{Old:"5", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, Meta:map[string]interface {}(nil)}
    Diff Two (usually from apply): *terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff(nil), Destroy:false, DestroyDeposed:false, DestroyTainted:false, Meta:map[string]interface {}(nil)}

Expected Behavior

The cloudfront should have successfully updated

Actual Behavior

The cloudfront fails to update, and an attribute mismatch happens.

Steps to Reproduce

Force a step to recreate the cloudfront (IE: Force changes to an api gateway) Terraform apply these changes.

Additional Context

Terraform runs in a CI system, but the same problems occur locally.

ghost commented 5 years ago

This issue has been automatically migrated to terraform-providers/terraform-provider-aws#7954 because it looks like an issue with that provider. If you believe this is not an issue with the provider, please reply to terraform-providers/terraform-provider-aws#7954.

ghost commented 5 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.