Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

API Gateway VPC endpoint IDs are constantly updated because of order #12210

Closed
andymcintosh opened this issue Feb 28, 2020 · 3 comments · Fixed by #12350
Closed

API Gateway VPC endpoint IDs are constantly updated because of order #12210

andymcintosh opened this issue Feb 28, 2020 · 3 comments · Fixed by #12350
Assignees
Labels
bug Addresses a defect in current functionality. service/apigateway Issues and PRs that pertain to the apigateway service.
Milestone

Comments

@andymcintosh
Copy link

When creating an API Gateway Private REST API with more than one vpc_endpoint_ids in the endpoint_configuration block, the endpoints are consistently reordered in the state file. This results in all subsequent apply/plan commands updating the aws_api_gateway_rest_api resource.

NOTE: If I destroy the original resource and manually reorder the vpc_endpoint_ids to match the order they were created in the state file, then subsequent apply/plan commands report "No Changes" as expected. I tried this several times with consistent results, even with up to 7 endpoint ids. It seems that somewhere under the hood, Terraform is sorting the endpoint ids before running the operations, but it's unclear how they're being sorted--it's not alphabetical.

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.12.20
+ provider.aws v2.51.0

Affected Resource(s)

  • aws_api_gateway_rest_api

Terraform Configuration Files

provider "aws" {
  region = "us-east-1"
}

resource "aws_api_gateway_rest_api" "default" {
  name = "devops-test"
  description = "Test Gateway to test Terraform issue with VPC endpoint IDS"
  endpoint_configuration {
    types = ["PRIVATE"]
    vpc_endpoint_ids = [
      "vpce-xxxxxxxxxxxxxa581",
      "vpce-xxxxxxxxxxxxx6e47"
    ]
  }
}

Expected Behavior

❯ terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_api_gateway_rest_api.default will be created
  + resource "aws_api_gateway_rest_api" "default" {
      + api_key_source           = "HEADER"
      + arn                      = (known after apply)
      + created_date             = (known after apply)
      + description              = "Test Gateway to test Terraform issue with VPC endpoint IDS"
      + execution_arn            = (known after apply)
      + id                       = (known after apply)
      + minimum_compression_size = -1
      + name                     = "devops-test"
      + root_resource_id         = (known after apply)

      + endpoint_configuration {
          + types            = [
              + "PRIVATE",
            ]
          + vpc_endpoint_ids = [
              + "vpce-xxxxxxxxxxxxxa581",
              + "vpce-xxxxxxxxxxxxx6e47",
            ]
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_api_gateway_rest_api.default: Creating...
aws_api_gateway_rest_api.default: Creation complete after 1s [id=xxxxxxu95f]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
❯ terraform plan

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

aws_api_gateway_rest_api.default: Refreshing state... [id=xxxxxxu95f]

------------------------------------------------------------------------

No changes. Infrastructure is up-to-date.

This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.

Actual Behavior

❯ terraform plan

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

aws_api_gateway_rest_api.default: Refreshing state... [id=xxxxxxu95f]

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_api_gateway_rest_api.default will be updated in-place
  ~ resource "aws_api_gateway_rest_api" "default" {
        api_key_source           = "HEADER"
        arn                      = "arn:aws:apigateway:us-east-1::/restapis/xxxxxxu95f"
        binary_media_types       = []
        created_date             = "2020-02-28T16:33:00Z"
        description              = "Test Gateway to test Terraform issue with VPC endpoint IDS"
        execution_arn            = "arn:aws:execute-api:us-east-1:[redacted]:xxxxxxu95f"
        id                       = "xxxxxxu95f"
        minimum_compression_size = -1
        name                     = "devops-test"
        root_resource_id         = "xxxxxx0m1h"
        tags                     = {}

      ~ endpoint_configuration {
            types            = [
                "PRIVATE",
            ]
          ~ vpc_endpoint_ids = [
              - "vpce-xxxxxxxxxxxab6e47",
                "vpce-xxxxxxxxxxx87a581",
              + "vpce-xxxxxxxxxxxab6e47",
            ]
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

Steps to Reproduce

  1. terraform apply

Important Factoids

References

@ghost ghost added the service/apigateway Issues and PRs that pertain to the apigateway service. label Feb 28, 2020
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Feb 28, 2020
@bflad bflad added bug Addresses a defect in current functionality. and removed needs-triage Waiting for first response or review from a maintainer. labels Mar 17, 2020
@bflad bflad self-assigned this Mar 17, 2020
@bflad bflad added this to the v2.54.0 milestone Mar 17, 2020
@bflad
Copy link
Contributor

bflad commented Mar 17, 2020

The fix to ignore the ordering of this argument has been merged and will be released with version 2.54.0 of the Terraform AWS Provider, later this week. Thanks to @DrFaust92 for the implementation. 👍

@ghost
Copy link

ghost commented Mar 19, 2020

This has been released in version 2.54.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@ghost
Copy link

ghost commented Apr 16, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 16, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Addresses a defect in current functionality. service/apigateway Issues and PRs that pertain to the apigateway service.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants