Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

source_dest_check broken in 0.3.7 #1020

Closed
teancom opened this issue Feb 21, 2015 · 10 comments · Fixed by #1021
Closed

source_dest_check broken in 0.3.7 #1020

teancom opened this issue Feb 21, 2015 · 10 comments · Fixed by #1021
Assignees
@phinze
Labels
bug provider/aws

Comments

@teancom
Copy link

teancom commented Feb 21, 2015

Using terraform to create a nat instance in AWS is currently broken, as setting source_dest_check = false does not currently actually turn off the source/dest check, and so it cannot route traffic.

An example project is at https://github.com/teancom/terraform-test You'll need to replace the security_groups and subnet_id with values that work for you, but it should work out of the box otherwise.
@teancom
Copy link
Author

teancom commented Feb 21, 2015

Output of a run, with TF_LOG=1 set:

$ TF_LOG=1 make apply
terraform apply -var-file terraform.tfvars
2015/02/20 19:53:56 [INFO] Terraform version: 0.3.7  0bc0c03fece07c4f21ee5195743116a4d418f234+CHANGES
2015/02/20 19:53:56 Detected home directory from env var: /Users/dbishop
2015/02/20 19:53:56 [DEBUG] Discoverd plugin: atlas = /usr/local/bin/terraform-provider-atlas
2015/02/20 19:53:56 [DEBUG] Discoverd plugin: aws = /usr/local/bin/terraform-provider-aws
2015/02/20 19:53:56 [DEBUG] Discoverd plugin: cloudflare = /usr/local/bin/terraform-provider-cloudflare
2015/02/20 19:53:56 [DEBUG] Discoverd plugin: cloudstack = /usr/local/bin/terraform-provider-cloudstack
2015/02/20 19:53:56 [DEBUG] Discoverd plugin: consul = /usr/local/bin/terraform-provider-consul
2015/02/20 19:53:56 [DEBUG] Discoverd plugin: digitalocean = /usr/local/bin/terraform-provider-digitalocean
2015/02/20 19:53:56 [DEBUG] Discoverd plugin: dnsimple = /usr/local/bin/terraform-provider-dnsimple
2015/02/20 19:53:56 [DEBUG] Discoverd plugin: google = /usr/local/bin/terraform-provider-google
2015/02/20 19:53:56 [DEBUG] Discoverd plugin: heroku = /usr/local/bin/terraform-provider-heroku
2015/02/20 19:53:56 [DEBUG] Discoverd plugin: mailgun = /usr/local/bin/terraform-provider-mailgun
2015/02/20 19:53:56 [DEBUG] Discoverd plugin: null = /usr/local/bin/terraform-provider-null
2015/02/20 19:53:56 [DEBUG] Discoverd plugin: openstack = /usr/local/bin/terraform-provider-openstack
2015/02/20 19:53:56 [DEBUG] Discoverd plugin: file = /usr/local/bin/terraform-provisioner-file
2015/02/20 19:53:56 [DEBUG] Discoverd plugin: local-exec = /usr/local/bin/terraform-provisioner-local-exec
2015/02/20 19:53:56 [DEBUG] Discoverd plugin: remote-exec = /usr/local/bin/terraform-provisioner-remote-exec
2015/02/20 19:53:56 Detected home directory from env var: /Users/dbishop
2015/02/20 19:53:56 [DEBUG] Attempting to open CLI config file: /Users/dbishop/.terraformrc
2015/02/20 19:53:56 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2015/02/20 19:53:56 [DEBUG] Creating graph for path: [root]
2015/02/20 19:53:56 [DEBUG] Starting plugin: /usr/local/bin/terraform-provider-aws []string{"/usr/local/bin/terraform-provider-aws"}
2015/02/20 19:53:56 Detected home directory from env var: /Users/dbishop
2015/02/20 19:53:56 [DEBUG] Waiting for RPC address for: /usr/local/bin/terraform-provider-aws
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 Plugin address: unix /var/folders/jv/k0f64c6x1qz1zt9st9c5235c0000gn/T/tf-plugin372580379
2015/02/20 19:53:56 [DEBUG] Graph [root] created and valid. 3 nouns.
2015/02/20 19:53:56 [DEBUG] Creating graph for path: [root]
2015/02/20 19:53:56 [DEBUG] Graph [root] created and valid. 3 nouns.
2015/02/20 19:53:56 [INFO] Validating provider: aws
2015/02/20 19:53:56 [DEBUG] aws_instance.test: expanding to count = 1
2015/02/20 19:53:56 [INFO] Validating resource: aws_instance.test
2015/02/20 19:53:56 [DEBUG] Creating graph for path: [root]
2015/02/20 19:53:56 [DEBUG] Graph [root] created and valid. 3 nouns.
2015/02/20 19:53:56 [INFO] Configuring provider: aws
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Building AWS auth structure
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Building AWS region structure
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing EC2 connection
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing ELB connection
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing AutoScaling connection
aws_instance.test: Creating...
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing S3 connection
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing RDS connection
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing Route53 connection
2015/02/20 19:53:56 [DEBUG] aws_instance.test: expanding to count = 1
2015/02/20 19:53:56 [INFO] Module root walking: aws_instance.test (Graph node: aws_instance.test)
2015/02/20 19:53:56 [DEBUG] aws_instance.test: Not refreshing, ID is empty
2015/02/20 19:53:56 [DEBUG] Creating graph for path: [root]
2015/02/20 19:53:56 [DEBUG] Graph [root] created and valid. 3 nouns.
2015/02/20 19:53:56 [INFO] Configuring provider: aws
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Building AWS auth structure
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Building AW  ami:                         "" => "ami-1d2b2958"
S region structure
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing EC2 connection
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing ELB connection
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing AutoScaling connection
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing S3 connection
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing RDS connection
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing Route53 connection
2015/02/20 19:53:56 [DEBUG] aws_instance.test: expanding to count = 1
2015/02/20 19:53:56 [INFO] Module root walking: aws_instance.test (Graph node: aws_instance.test)
2015/02/20 19:53:56 [DEBUG] aws_instance.test: Executing diff
2015/02/20 19:53:56 [DEBUG] aws_instance.test: Diff: &terraform.InstanceDiff{Attributes:map[string]*terraform.ResourceAttrDiff{"instance_type":*terraform.ResourceAttrDiff{Old:"", New:"m3.medium", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Type:0x0}, "root_block_device.#":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Type:0x0}, "availability_zone":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNe  associate_public_ip_address: "" => "1"
w:true, Type:0x0}, "private_ip":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Type:0x0}, "public_ip":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Type:0x0}, "tenancy":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Type:0x0}, "key_name":*terraform.ResourceAttrDiff{Old:"", New:"cf-sunrise", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Type:0x0}, "tags.Name":*terraform.ResourceAttrDiff{Old:"", New:"test server", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Type:0x0}, "block_device.#":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Type:0x0}, "source_dest_check":*terraform.ResourceAttrDiff{Old:"", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Type:0x0}, "tags.#":*terraform.ResourceAttrDiff{Old:"", New:"1", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Type:0x0}, "ami":*terraform.ResourceAttrDiff{Old:"", New:"ami-1d2b2958", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Type:0x0}, "subnet_id":*terraform.ResourceAttrDiff{Old:"", New:"subnet-6e0ad40b", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Type:0x0}, "associate_public_ip_address":*terraform.ResourceAttrDiff{Old:"", New:"1", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Type:0x0}, "security_groups.#":*terraform.ResourceAttrDiff{Old:"", New:"1", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Type:0x0}, "security_groups.2234991354":*terraform.ResourceAttrDiff{Old:"", New:"sg-f2f55397", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil),  availability_zone:           "" => "<computed>"
  block_device.#:              "" => "<computed>"
  instance_type:               "" => "m3.medium"
 RequiresNew:true, Type:0x0}, "private_dns":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Type:0x0}, "public_dns":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Type:0x0}, "id":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Type:0x2}}, Destroy:false, DestroyTainted:false}
2015/02/20 19:53:56 [INFO] Apply walk starting
2015/02/20 19:53:56 [DEBUG] Creating graph for path: [root]
2015/02/20 19:53:56 [DEBUG] Graph [root] created and valid. 3 nouns.
2015/02/20 19:53:56 [INFO] Configuring provider: aws
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Building AWS auth structure
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Building AWS region structure
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing EC2 connection
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing ELB connection
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing AutoScaling connection
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing S3 connection
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing RDS connection
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [INFO] Initializing Route53 connection
2015/02/20 19:53:56 [DEBUG] aws_instance.test: expanding to count = 1
2015/02/20 19:53:56 [INFO] Module root walking: aws_instance.test (Graph node: aws_instance.test)
2015/02/20 19:53:56 [DEBUG] aws_instance.test: Executing Apply
2015/02/20 19:53:56 terraform-provider-aws: 2015/02/20 19:53:56 [DEBUG] Run configuration: &ec2.RunInstances{ImageId:"ami-1d2b2958", MinCount:0, MaxCount:0, KeyName:"cf-sunrise", InstanceType:"m3.medium", SecurityGroups:[]ec2.SecurityGroup{ec2.SecurityGroup{Id:"sg-f2f55  key_name:                    "" => "cf-sunrise"
397", Name:"", Description:"", VpcId:"", Tags:[]ec2.Tag(nil)}}, IamInstanceProfile:"", KernelId:"", RamdiskId:"", UserData:[]uint8{}, AvailZone:"", PlacementGroupName:"", Monitoring:false, SubnetId:"subnet-6e0ad40b", AssociatePublicIpAddress:true, DisableAPITermination:false, EbsOptimized:false, ShutdownBehavior:"", PrivateIPAddress:"", BlockDevices:[]ec2.BlockDeviceMapping(nil), Tenancy:""}
  private_dns:                 "" => "<computed>"
  private_ip:                  "" => "<computed>"
  public_dns:                  "" => "<computed>"
  public_ip:                   "" => "<computed>"
  root_block_device.#:         "" => "<computed>"
  security_groups.#:           "" => "1"
  security_groups.2234991354:  "" => "sg-f2f55397"
  source_dest_check:           "" => "0"
  subnet_id:                   "" => "subnet-6e0ad40b"
  tags.#:                      "" => "1"
  tags.Name:                   "" => "test server"
  tenancy:                     "" => "<computed>"
2015/02/20 19:53:57 terraform-provider-aws: 2015/02/20 19:53:57 [INFO] Instance ID: i-306b60f8
2015/02/20 19:53:57 terraform-provider-aws: 2015/02/20 19:53:57 [DEBUG] Waiting for instance (i-306b60f8) to become running
2015/02/20 19:53:57 terraform-provider-aws: 2015/02/20 19:53:57 [DEBUG] Waiting for state to become: running
2015/02/20 19:54:07 terraform-provider-aws: 2015/02/20 19:54:07 [TRACE] Waiting 3s before next try
2015/02/20 19:54:11 terraform-provider-aws: 2015/02/20 19:54:11 [TRACE] Waiting 3s before next try
2015/02/20 19:54:15 terraform-provider-aws: 2015/02/20 19:54:15 [DEBUG] Creating tags: []ec2.Tag{ec2.Tag{Key:"Name", Value:"test server"}}
2015/02/20 19:54:16 [INFO] Apply walk complete
2015/02/20 19:54:16 [INFO] Writing backup state to: terraform.tfstate.backup
aws_instance.test: Creation complete

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
2015/02/20 19:54:16 waiting for all plugin processes to complete...

The state of your infrastructure has been saved to the path
below. This state is required to modify and destroy your
infrastructure, so keep it safe. To inspect the complete state
use the `terraform show` command.

State path: terraform.tfstate
2015/02/20 19:54:16 [DEBUG] /usr/local/bin/terraform-provider-aws: plugin process exited

@teancom
Copy link
Author

teancom commented Feb 21, 2015

Screenshot of the test server's state after bringing it up:

https://s3.amazonaws.com/f.cl.ly/items/190e2b06271U1z2G2H18/Image%202015-02-20%20at%207.56.32%20PM.png

@mitchellh
Copy link
Contributor

You're right, I can already see the problem.

@drnic
Copy link
Contributor

drnic commented Feb 21, 2015

xoxo @teancom for creating this ticket

@phinze
Copy link
Contributor

phinze commented Feb 21, 2015

Odd, I thought that #1003 would have fixed this. Did I mess it up somehow?

@phinze phinze self-assigned this Feb 21, 2015
@phinze
Copy link
Contributor

phinze commented Feb 21, 2015

Ah I see it now. It was only ever supported in Update. 🙈

Fixing now...

phinze added a commit that referenced this issue Feb 21, 2015
@phinze
providers/aws: fix source_dest_check on instance creation
473b03c 
The `SourceDestCheck` attribute can only be changed via
`ModifyInstance`, so the AWS instance resource's `Create` function calls
out to `Update` before it returns to take care of applying
`source_dest_check` properly.

The `Update` function originally guarded against unnecessary API calls
with `GetOk`, which worked fine until #993 when we changed the `GetOk`
semantics to no longer distinguish between "configured and zero-value"
and "not configured".

I attempted in #1003 to fix this by switching to `HasChange` for the
guard, but this does not work in the `Create` case.

I played around with a few different ideas, none of which worked:

(a) Setting `Default: true` on `source_dest_check' has no effect

(b) Setting `Computed: true` on `source_dest_check' and adding a `d.Set`
    call in the `Read` function (which will initially set the value to `true`
    after instance creation). I really thought I could get this to work,
    but it results in the following:

```go
d.Get('source_dest_check')       // true
d.HasChange('source_dest_check') // false
d.GetChange('source_dest_check') // old: false, new: false
```

I couldn't figure out a way of coherently dealing with that result, so I
ended up throwing up my hands and giving up on the guard altogether.
We'll call `ModifyInstance` more than we have to, but this at least
yields expected behavior for both Creates and Updates.

Fixes #1020
@phinze phinze mentioned this issue Feb 21, 2015
Merged
@drnic
Copy link
Contributor

drnic commented Feb 21, 2015

Sweet.

On Sat, Feb 21, 2015 at 11:33 AM, Paul Hinze notifications@github.com
wrote:

Ah I see it now. It was only ever supported in Update. 🙈

Fixing now...

Reply to this email directly or view it on GitHub:
#1020 (comment)

@radeksimko radeksimko mentioned this issue Mar 1, 2015
Closed
@james-masson
Copy link

source_dest_check seems to be broken again in master.

@radeksimko
Copy link
Member

@james-masson I cannot confirm that, just built a fresh binary from 16cafe9 having following:

resource "aws_instance" "nat" {
...
  source_dest_check = false
}

and everything went ok.

@teancom teancom mentioned this issue Mar 9, 2015
Closed
yahyapo pushed a commit to yahyapo/terraform that referenced this issue Mar 13, 2015
@phinze
providers/aws: fix source_dest_check on instance creation
9be2a7c 
The `SourceDestCheck` attribute can only be changed via
`ModifyInstance`, so the AWS instance resource's `Create` function calls
out to `Update` before it returns to take care of applying
`source_dest_check` properly.

The `Update` function originally guarded against unnecessary API calls
with `GetOk`, which worked fine until hashicorp#993 when we changed the `GetOk`
semantics to no longer distinguish between "configured and zero-value"
and "not configured".

I attempted in hashicorp#1003 to fix this by switching to `HasChange` for the
guard, but this does not work in the `Create` case.

I played around with a few different ideas, none of which worked:

(a) Setting `Default: true` on `source_dest_check' has no effect

(b) Setting `Computed: true` on `source_dest_check' and adding a `d.Set`
    call in the `Read` function (which will initially set the value to `true`
    after instance creation). I really thought I could get this to work,
    but it results in the following:

```go
d.Get('source_dest_check')       // true
d.HasChange('source_dest_check') // false
d.GetChange('source_dest_check') // old: false, new: false
```

I couldn't figure out a way of coherently dealing with that result, so I
ended up throwing up my hands and giving up on the guard altogether.
We'll call `ModifyInstance` more than we have to, but this at least
yields expected behavior for both Creates and Updates.

Fixes hashicorp#1020
@ghost
Copy link

ghost commented May 4, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators May 4, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@phinze phinze

Labels
bug provider/aws
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

providers/aws: fix source_dest_check on instance creation hashicorp/terraform
6 participants
@drnic @mitchellh @phinze @radeksimko @teancom @james-masson