Closed jBouyoud closed 5 months ago
Would be super helpful since currently every run detects a change :\
plus one for this, I thought maybe i was doing something wrong. Is there any workaround at the moment?
curious if this is caught anyone's attention. Does it really need to use the timestamp if it has the file hash?
This does seem to be related to the issues #51, #63 and #323. We're also having this issue, but only when using Terrafrom with multiple envs (users and CI). When deploying from the same env we don't receive these changes with terraform plan
.
We tried the suggested fix by using TF_RECREATE_MISSING_LAMBDA_PACKAGE=false
env var, but it didn't work for us and instead these Terraform changes persisted when running from multiple envs.
This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days
Setting recreate_missing_package
module variable to false
worked for me.
Module lambda.null_resource.archive[0]
was updated once more, due to a change in the timestamp
trigger ("1679200526172839000" change to "<WARNING: Missing lambda zip artifacts wouldn't be restored>"
), but not in the following runs.
Does anyone understand the implications of the "Missing lambda zip artifacts wouldn't be restored" warning?
This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days
Bumping this issue. Just spent hours debugging a scenario. A terraform plan/apply partially failed in CI and subsequent builds continued to fail because the package wasn't being regenerated. We have to have recreate_missing_package
set to false
for CI purposes, however in the event that null_resource.archive
hasn't changed while aws_lambda_function.this
has (admittedly an edge case), nothing triggers the package to be generated. An option to ignore the timestamp for package comparison would allow recreate_missing_package
to be set to true
while not causing terraform to detect a change when their hasn't been one to the actual source code.
@nwalters512 This scenario my team managed to get ourselves into seems to be one such implication.
This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days
yeah, can confirm this issue is a bit of a PITA.
+1, booo!
π would love to see this implemented! That will save lots of provisioning time when there are actually no changes.
Wouldn't it be possible to refactor that logic and use some kind of hash (sha512, for example) instead of the timestamp? I mean, let the thing re-generate the ZIP, but if it's the same, don't trigger anything?
We are having the same problem. Every CI run detects a change in lambda even the code was never touched. Please let's find a solution for this!
I played with the module a bit, and there are following workarounds for this issue, that you can do as a module user:
recreate_missing_package = false
. This way, if the source file did not change, terraform will not attempt to re-create the ZIP File, and will not re-deploy the Function. If the sources change, the ZIP will still be created, and the Function redeployed. The downside of this approach is, that if anyone changes the source of the Function using AWS Console, Terraform will likely not detect that, and not re-deploy the Function.All of them, however, render the functionality of simply pointing to a script file, either useless or broken and some of them (docker) require quite significant amount of extra effort and infrastructure provisioning. That somehow contradicts the idea of using this module to simplify lambda provisioning.
I still think, the best way out of this would be to refactor the module to use some kind of hash on the ZIP file (instead of it's creation timestamp). @antonbabenko, WDYT?
Are there more downsides to setting recreate_missing_package = false
to false?
I did not spot any. But to be fair, I set it to false
, left a comment in code explaining why, so that somebody, someday wouldn't think it's weird and "fix" it ;-), and moved on, never thinking about it again. We do, however have a quite strict policy of not allowing people to mess around manually via AWS Console, so the setup is relatively safe for us. YMMV.
I have the same issue. If different users alternatively do terraform apply
, it will reconstruct constantly the package, even with the setting recreate_missing_package = false
.
I was getting the Error: Provider produced inconsistent final plan
error when recreate_missing_package = false
. removing that and using the default true value resolved the error but now the timestamp always results in the plan stating there is a change
I have a similar problem, I am using the terraform-aws-modules/lambda/aws
module in my module which is used in several sub-environments. This means that the same workspace contains the same modules, only with different names and slightly different configurations, but the source code for AWS Lambda is the same.
I ran into two problems:
recreate_missing_package = true
(default value) - AWS Lambda module will be updated every timeThis issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days
This issue still exists and the workaround with recreating package does not work in CI environments when there was a deploy problem. During a subsequent run terraform will say it does not need to create the zip files as the archive resource seem to exist. But in reality they don't. Could we just get the module to use a hash instead of the timestamp as suggested? This would solve so many headaches!
Does this pull request require additional work in order to be considered for merging? From what I can tell, this pull request would change the logic to use hash instead of timestamp, when comparing zip file archives.
https://github.com/terraform-aws-modules/terraform-aws-lambda/pull/331
This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days
Not stale. Is there any contributor who might know more reasoning to why the proposed change would be acceptable or unacceptable?
@brokenthumbs Lack of time - the only reason for most delays.
@antonbabenko That's fair π
Keeping this issue open for when you / another contributor potentially has a chance to review.
I have tested https://github.com/terraform-aws-modules/terraform-aws-lambda/pull/331 and the code seems to work okay, but being new to using this module, I might also be missing edge cases or unforeseen side effects.
For those reading, more context here: https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/323#issuecomment-1234144646
Can someone please provide a complete set of instructions (including 100% failing code)? I have an extremely hard time realizing WHAT IS WRONG with this and without being able to reproduce it locally I can't do much.
For clarification, there is no failing code in the repository. What is being suggested is an alternative to a specific behavior of Terraform triggers in specific scenarios.
Here's my attempt at explaining why timestamp
as a Terraform trigger can potentially cause problems.
Scenario:
terraform-aws-lambda
module.terraform plan
and terraform apply
..terraform
directory.
.terraform
directory.terraform-aws-lambda
resource, I execute terraform plan
.
terraform plan
indicates no differences. terraform plan
indicates null_resource.archive[0] must be replaced
.triggers
include timestamp (https://github.com/terraform-aws-modules/terraform-aws-lambda/blob/master/package.tf#L62-L65).terraform apply
to re-deploy the Lambda function, even if there have been no changes to the terraform-aws-lambda
resource or function code.Local Reproduction:
terraform-aws-lambda
module, using terraform init
.terraform plan
and terraform apply
..terraform
directory..terraform
directory using terraform init
.terraform-aws-lambda
module resource or to the function code.terraform plan
.Expected Result:
terraform plan
indicates that there are no changes required.Current Result:
terraform plan
indicates null_resource.archive[0] must be replaced
.Recommended Upgrade:
timestamp
trigger will always be different, when recreating the build.zip.
.terraform
directory is missing and must be recreated using terraform init
.timestamp
will always be different, then every terraform plan
in a newly cloned repository will force a deployment of the terraform-aws-lambda
module, regardless of whether any changes have been made to the module usage or function source code.timestamp
trigger with hash
, we can execute terraform
plan in a newly cloned repository and not trigger any deployments of the terraform-aws-lambda
module, as expected when not making any changes to the module usage or function source code.Per an earlier comment, one potential fix is as such. https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/396#issuecomment-1609078149
This would effectively turn this:
triggers = {
filename = data.external.archive_prepare[0].result.filename
timestamp = data.external.archive_prepare[0].result.timestamp
}
into this:
triggers = {
filename = data.external.archive_prepare[0].result.filename
hash = md5(data.external.archive_prepare[0].result.build_plan)
}
There isn't any failing code, because the code itself is working. The issue described is with a unique process, involving freshly cloned repositories (for example, when executing Terraform in a Continuous Integration environment).
Let me know if there's something else I can do or test to help merge https://github.com/terraform-aws-modules/terraform-aws-lambda/pull/331
π
EDIT: Tagging @mkielar to review my explanation and proposed fix. ^^^
This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days
Not stale, looking for review on https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/396#issuecomment-1792787797 from @antonbabenko
re:
Can someone please provide a complete set of instructions (including 100% failing code)? I have an extremely hard time realizing WHAT IS WRONG with this and without being able to reproduce it locally I can't do much.
This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days
I don't believe this should be closed yet.
I believe my explanation of the situation is still relevant: https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/396#issuecomment-1792787797
This issue has been resolved in version 6.7.0 :tada:
I think it is fixed now by @samuel-phan in #521. Please let us know if there is still an issue.
Does filename change if the hash changes?
I'm thinking about if I were to avoid updating on timestamp, would the filename of the package change trigger updates instead?
EDIT:
Filename does change on update! Disabling timestamp should work great π I'll give this a try in my production environment this week.
# module.module.module.lambda_function.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
~ id = "6348977012088056442" -> (known after apply)
~ triggers = { # forces replacement
~ "filename" = "builds/d2b8d4bd26f21d3c56d6b53988959701aa861149f4286853c3e3f57ef7ebea35.zip" -> "builds/2da1928cc4a1c4909daf48a87c1381093c8ffd8fc7219f63b435fa239cd5f989.zip"
}
}
EDIT:
Thanks all for helping solve the issue!
I'm going to lock this issue because it has been closed for 30 days β³. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Is your request related to a new offering from AWS?
Is this functionality available in the AWS provider for Terraform? See CHANGELOG.md, too.
Is your request related to a problem? Please describe.
When using this module in a CI environment that aims to detect drift. If the package is freshly checkout the timestamp is always drifting even the checksum doesn't move.
Describe the solution you'd like.
Give a way to disable timestamp checks (probably with a terraform variable)
Describe alternatives you've considered.
Manually touch with a specific timestamp all file that are targeted by the module instance
Additional context