search

volterraedge / terraform-provider-volterra

Volterra's Public Terraform Provider
https://volterra.io
Apache License 2.0
13 stars 11 forks source link

unable to upgrade volterra provider from 0.11.32 to 0.11.33 or to 0.11.34 :( :( :( #268

Open eissko opened 1 month ago

eissko commented 1 month ago

I am unable to upgrade volterra provider

ERROR:

2024-08-09T14:53:17.303Z [ERROR] provider.terraform-provider-volterra_v0.11.34: Response contains error diagnostic: tf_provider_addr=provider diagnostic_severity=ERROR diagnostic_summary="missing expected [" tf_proto_version=5.3 tf_req_id=791fd57d-057e-9638-4c83-390a5459fa28 @caller=github.com/hashicorp/terraform-plugin-go@v0.14.3/tfprotov5/internal/diag/diagnostics.go:55 @module=sdk.proto tf_rpc=UpgradeResourceState diagnostic_attribute="AttributeName(\"https\")" diagnostic_detail="" tf_resource_type=volterra_http_loadbalancer timestamp=2024-08-09T14:53:17.303Z 2024-08-09T14:53:17.306Z [ERROR] vertex "module.xxx[0].module.http_lb.volterra_http_loadbalancer.this" error: missing expected [ 2024-08-09T14:53:17.306Z [ERROR] vertex "module.xxx.module.http_lb.volterra_http_loadbalancer.this (expand)" error: missing expected [ 2024-08-09T14:53:17.323Z [WARN] Planning encountered errors, so plan is not applyable 2024-08-09T14:53:17.324Z [INFO] backend/local: plan operation completed 2024-08-09T14:53:17.324Z [INFO] backend/local: writing plan output to: tfplan

resource "volterra_http_loadbalancer" "this" {
  namespace = var.volt_namespace_name

  name = "${var.prefix_name}-lb"
  labels = length(var.labels) > 0 ? var.labels : null

  domains = var.frontend_domains
  https {

    dynamic http_protocol_options {
      for_each = var.enable_only_http_v1 ? ["1"] : []
      content {
          http_protocol_enable_v1_only {
            header_transformation {
              legacy_header_transformation = true
            }
          }
      }
    }

    http_redirect = var.enable_http_redirect
    add_hsts = var.enable_hsts
    port = 443

    dynamic tls_parameters { 
      for_each = length(var.certificate_name) == 0 ? ["1"] : []

      content {        
          tls_config {
            default_security = true
          }
          tls_certificates {
            certificate_url = var.tls_cert
            private_key {
              blindfold_secret_info {
                location = var.tls_key 

              }
            }
            description = "Automatic from terraform module (${basename(path.module)})."
            dynamic custom_hash_algorithms {
              for_each = var.enable_custom_ocsp ? ["1"] : []
              content {
                hash_algorithms = [
                  "SHA256",
                  "SHA1"
                ]
              }
            }

          }
        }
      }

    dynamic tls_cert_params {
      for_each = length(var.certificate_name) > 0 ? ["1"] : []
      content {
        tls_config {
          default_security = true
        }
        certificates {
          name = var.certificate_name
          namespace = var.volt_namespace_name

        }
      }

    }

  }
  advertise_custom {
    advertise_where {
      virtual_site {
        network = "SITE_NETWORK_OUTSIDE"
        virtual_site {
          name = var.virtual_site
          namespace = var.virtual_site_namespace
        }
      }
    }
  }
michaelbuemi commented 1 month ago

Looks like this is a different conflict but I had to manually manipulate state to remove a conflicting setting (mine was related to DDoS). I think my issue was also in upgrading from 32.

Based on the diagnostic_attribute="AttributeName("https")" you might need to edit the state or change the HCL to remove your http_protocol_enable_v1_only block then update the HCL with a different setting and then do the provider upgrade.

Obviously not working as intended, but if you're stuck there are options.

eissko commented 1 month ago

@michaelbuemi thank you for response. from debug log I see those attributes are deprecated enable_ddos_detection, disable_ddos_detection, enable_threat_intelligence, disable_threat_intelligence but those are not causing an issue during upgrade. I removed below block from terraform state and plan was suddenly successful.

  "http_protocol_options": [
                  {
                    "http_protocol_enable_v1_only": true,
                    "http_protocol_enable_v1_v2": false,
                    "http_protocol_enable_v2_only": false
                  }
                ],

This is disaster. Having tens or hundreds terraform states, you have to write script to adjust iteratively all states prior the upgrade.

michaelbuemi commented 1 month ago

This is disaster. Having tens or hundreds terraform states, you have to write script to adjust iteratively all states prior the upgrade.

Agreed, this is going to have to get worked out or it won't be sustainable.

eissko commented 1 week ago

@michaelbuemi Looks like this has been fixed here in volterra provider 0.11.35 -> fix https state change issue by @SanjeetKr7 in https://github.com/volterraedge/terraform-provider-volterra/pull/275

However, I am not sure if this fix covers all cases for:

                "http_protocol_enable_v1_only": true,
                "http_protocol_enable_v1_v2": false,
                "http_protocol_enable_v2_only": false

My issues was only with "http_protocol_enable_v1_only", so I am fine. But I don't see in the code change mentioned strings "http_protocol_enable_v1_v2" and "http_protocol_enable_v2_only"