terraform-provider-aws icon indicating copy to clipboard operation
terraform-provider-aws copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

[Bug]: Error: error deleting API Gateway REST API (xxx) Stage - cannot change name of stage

Open lorelei-rupp-imprivata opened this issue 2 years ago • 3 comments

Terraform Core Version

1.2.7

AWS Provider Version

4.46.0

Affected Resource(s)

We needed to change the name on a API Gateway stage, the plan looked good, however on apply it failed with an error I believe we probably want to use create before destroy perhaps, but the provider docs like https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_base_path_mapping don't really talk to this, so I am not sure what the best path forward here is or which resources we want the create before destroy on

aws_api_gateway_base_path_mapping aws_api_gateway_method_settings aws_api_gateway_stage

Expected Behavior

To change the name of the stage without apply failling

Actual Behavior

It errors on apply

Relevant Error/Panic Output Snippet

Terraform will perform the following actions:

  ~ resource "aws_api_gateway_base_path_mapping" "aws_api_gateway_base_path_mapping_green" {
        id          = "*.xxx/"
      ~ stage_name  = "beforexxx" -> "afterxxx"
        # (2 unchanged attributes hidden)
    }

-/+ resource "aws_api_gateway_method_settings" "aws_api_gateway_method_settings" {
      ~ id          = "xxx-*/*" -> (known after apply)
      ~ stage_name  = "beforexxx" -> "afterxxx" # forces replacement
        # (2 unchanged attributes hidden)

      ~ settings {
          ~ cache_data_encrypted                       = false -> (known after apply)
          ~ cache_ttl_in_seconds                       = 300 -> (known after apply)
          ~ caching_enabled                            = false -> (known after apply)
          ~ require_authorization_for_cache_control    = true -> (known after apply)
          ~ unauthorized_cache_control_header_strategy = "SUCCEED_WITH_RESPONSE_HEADER" -> (known after apply)
            # (5 unchanged attributes hidden)
        }
    }

-/+ resource "aws_api_gateway_stage" "aws_api_gateway_stage" {
      ~ arn                   = "beforexxx" -> (known after apply)
      ~ execution_arn         = "beforexxx" -> (known after apply)
      ~ id                    = "beforexxx" -> (known after apply)
      ~ invoke_url            = "beforexxx" -> (known after apply)
      ~ stage_name            = "beforexxx" -> "afterxxx" # forces replacement
        tags                  = {  .... }
      + web_acl_arn           = (known after apply)
        # (7 unchanged attributes hidden)
    }

Plan: 2 to add, 1 to change, 2 to destroy.
aws_api_gateway_method_settings.aws_api_gateway_method_settings["xxx-api"]: Destroying... [id=xxxx-*/*]
aws_api_gateway_method_settings.aws_api_gateway_method_settings["xxxapi"]: Destruction complete after 1s
aws_api_gateway_stage.aws_api_gateway_stage["xxx-api"]: Destroying... [id=xxxx]
╷
│ Error: error deleting API Gateway REST API xxx) Stage (beforexxx): BadRequestException: Deleting stage beforexxx failed. Please remove all base path mappings related to the stage in your domains: .*xxxx

Terraform Configuration Files

This is basically what our modules look like for this -- removed a few things to make it easier to follow

resource "aws_api_gateway_base_path_mapping" "aws_api_gateway_base_path_mappingn" {
  for_each    = local.rest_api_names
  api_id      = aws_api_gateway_rest_api.aws_api_gateway_rest_api[each.key].id
  stage_name  = aws_api_gateway_stage.aws_api_gateway_stage[each.key].stage_name
  domain_name = aws_api_gateway_domain_name.aws_api_gateway_domain_name[0].domain_name
  #base_path = each.key
  depends_on = [aws_api_gateway_stage.aws_api_gateway_stage]
}
resource "aws_api_gateway_stage" "aws_api_gateway_stage" {
   for_each      =  local.rest_api_names 
  rest_api_id   = aws_api_gateway_rest_api.aws_api_gateway_rest_api[each.key].id
  stage_name    = "xxx-green"
  deployment_id = aws_api_gateway_deployment.aws_api_gateway_deployment[each.key].id
  depends_on    = [aws_api_gateway_deployment.aws_api_gateway_deployment]
  tags          = var.tags

  #Fix for an infinte plan issue https://github.com/hashicorp/terraform-provider-aws/issues/17661
  #Without this we cannot upgrade to latest provider https://github.com/hashicorp/terraform-provider-aws/issues/22866
  cache_cluster_enabled = false # https://github.com/hashicorp/terraform-provider-aws/issues/22866
  cache_cluster_size    = "0.5"
  #end of infinite plan fixes

  variables = {
    nlbHostname = var.vpc_link_configuration["green"].hostname
    vpcLinkID   = aws_api_gateway_vpc_link.aws_api_gateway_vpc_link["green"].id
    vpcLinkName = aws_api_gateway_vpc_link.aws_api_gateway_vpc_link["green"].name
  }

  xray_tracing_enabled = var.xray_tracing_enabled
}
resource "aws_api_gateway_method_settings" "aws_api_gateway_method_settings" {
  for_each    =local.rest_api_names
  rest_api_id = aws_api_gateway_rest_api.aws_api_gateway_rest_api[each.key].id
  stage_name  = aws_api_gateway_stage.aws_api_gateway_stage[each.key].stage_name
  method_path = "*/*"
  settings {
    metrics_enabled        = var.cloudwatch_metrics_enabled
    logging_level          = var.cloudwatch_logs_loglevel
    data_trace_enabled     = var.cloudwatch_logs_data_trace_enabled
    throttling_rate_limit  = var.throttling_rate_limit
    throttling_burst_limit = var.throttling_burst_limit
  }
}

Steps to Reproduce

Just need to update the stage_name on the aws_api_gateway_stage resource after you already have live deployed resources

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

lorelei-rupp-imprivata avatar Jan 09 '23 21:01 lorelei-rupp-imprivata