terraform-provider-awscc
terraform-provider-awscc copied to clipboard
Published
20 hours ago •
hashicorp
hashicorp
awscc_ecs_task_definition : Provider produced inconsistent result after apply
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
- The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.
Terraform CLI and Terraform AWS Cloud Control Provider Version
- Terraform CLI version :
Terraform v1.7.4
on darwin_amd64
+ provider registry.terraform.io/hashicorp/awscc v0.74.0
- AWSCC provider version :
v0.74.0
Affected Resource(s)
- awscc_ecs_task_definition
Terraform Configuration Files
Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.
resource "awscc_ecs_cluster" "replicate_issue" {
cluster_name = "example-hello-world-replicate_issue"
}
resource "awscc_ecs_task_definition" "replicate_issue" {
family = "helloworld"
requires_compatibilities = ["FARGATE"]
network_mode = "awsvpc"
execution_role_arn = awscc_iam_role.replicate_issue.arn
cpu = 1024
memory = 2048
container_definitions = [{
name = "hello-world"
image = "hello-world"
cpu = 1024
memory = 2048
essential = true
port_mappings = [
{
container_Port = 80
host_Port = 80
}
]
}]
depends_on = [awscc_iam_role.replicate_issue]
}
resource "awscc_iam_role" "replicate_issue" {
role_name = "ecs_Task_ExecutionRole"
assume_role_policy_document = jsonencode(
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
)
managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"]
}
resource "aws_ecs_service" "replicate_issue" {
name = "hello-world"
cluster = awscc_ecs_cluster.replicate_issue.arn
task_definition = awscc_ecs_task_definition.replicate_issue.id
launch_type = "FARGATE"
desired_count = 3
network_configuration {
assign_public_ip = true
subnets = [aws_default_subnet.replicate_issue_a.id, aws_default_subnet.replicate_issue_b.id, aws_default_subnet.replicate_issue_c.id]
}
}
resource "aws_default_vpc" "this" {
}
resource "aws_default_subnet" "replicate_issue_a" {
availability_zone = "us-east-1a"
}
resource "aws_default_subnet" "replicate_issue_b" {
availability_zone = "us-east-1b"
}
resource "aws_default_subnet" "replicate_issue_c" {
availability_zone = "us-east-1d"
}
Debug Output
Panic Output
Expected Behavior
Expected the ecs task definition and associated configuration to be deployed.
Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_default_subnet.replicate_issue_a will be created
+ resource "aws_default_subnet" "replicate_issue_a" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-1a"
+ availability_zone_id = (known after apply)
+ cidr_block = (known after apply)
+ enable_dns64 = false
+ enable_lni_at_device_index = (known after apply)
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ existing_default_subnet = (known after apply)
+ force_destroy = false
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_public_ip_on_launch = true
+ outpost_arn = (known after apply)
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags_all = (known after apply)
+ vpc_id = (known after apply)
}
# aws_default_subnet.replicate_issue_b will be created
+ resource "aws_default_subnet" "replicate_issue_b" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-1b"
+ availability_zone_id = (known after apply)
+ cidr_block = (known after apply)
+ enable_dns64 = false
+ enable_lni_at_device_index = (known after apply)
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ existing_default_subnet = (known after apply)
+ force_destroy = false
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_public_ip_on_launch = true
+ outpost_arn = (known after apply)
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags_all = (known after apply)
+ vpc_id = (known after apply)
}
# aws_default_subnet.replicate_issue_c will be created
+ resource "aws_default_subnet" "replicate_issue_c" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-1d"
+ availability_zone_id = (known after apply)
+ cidr_block = (known after apply)
+ enable_dns64 = false
+ enable_lni_at_device_index = (known after apply)
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ existing_default_subnet = (known after apply)
+ force_destroy = false
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_public_ip_on_launch = true
+ outpost_arn = (known after apply)
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags_all = (known after apply)
+ vpc_id = (known after apply)
}
# aws_default_vpc.this will be created
+ resource "aws_default_vpc" "this" {
+ arn = (known after apply)
+ cidr_block = (known after apply)
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_dns_hostnames = true
+ enable_dns_support = true
+ enable_network_address_usage_metrics = (known after apply)
+ existing_default_vpc = (known after apply)
+ force_destroy = false
+ id = (known after apply)
+ instance_tenancy = (known after apply)
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags_all = (known after apply)
}
# aws_ecs_service.replicate_issue will be created
+ resource "aws_ecs_service" "replicate_issue" {
+ cluster = (known after apply)
+ deployment_maximum_percent = 200
+ deployment_minimum_healthy_percent = 100
+ desired_count = 3
+ enable_ecs_managed_tags = false
+ enable_execute_command = false
+ iam_role = (known after apply)
+ id = (known after apply)
+ launch_type = "FARGATE"
+ name = "hello-world"
+ platform_version = (known after apply)
+ scheduling_strategy = "REPLICA"
+ tags_all = (known after apply)
+ task_definition = (known after apply)
+ triggers = (known after apply)
+ wait_for_steady_state = false
+ network_configuration {
+ assign_public_ip = true
+ subnets = (known after apply)
}
}
# awscc_ecs_cluster.replicate_issue will be created
+ resource "awscc_ecs_cluster" "replicate_issue" {
+ arn = (known after apply)
+ capacity_providers = (known after apply)
+ cluster_name = "example-hello-world-replicate_issue"
+ cluster_settings = (known after apply)
+ configuration = (known after apply)
+ default_capacity_provider_strategy = (known after apply)
+ id = (known after apply)
+ service_connect_defaults = (known after apply)
+ tags = (known after apply)
}
# awscc_ecs_task_definition.replicate_issue will be created
+ resource "awscc_ecs_task_definition" "replicate_issue" {
+ container_definitions = [
+ {
+ command = (known after apply)
+ cpu = 1024
+ credential_specs = (known after apply)
+ depends_on = (known after apply)
+ disable_networking = (known after apply)
+ dns_search_domains = (known after apply)
+ dns_servers = (known after apply)
+ docker_labels = (known after apply)
+ docker_security_options = (known after apply)
+ entry_point = (known after apply)
+ environment = (known after apply)
+ environment_files = (known after apply)
+ essential = true
+ extra_hosts = (known after apply)
+ firelens_configuration = (known after apply)
+ health_check = (known after apply)
+ hostname = (known after apply)
+ image = "hello-world"
+ interactive = (known after apply)
+ links = (known after apply)
+ linux_parameters = (known after apply)
+ log_configuration = (known after apply)
+ memory = 2048
+ memory_reservation = (known after apply)
+ mount_points = (known after apply)
+ name = "hello-world"
+ port_mappings = [
+ {
+ app_protocol = (known after apply)
+ container_port = (known after apply)
+ container_port_range = (known after apply)
+ host_port = (known after apply)
+ name = (known after apply)
+ protocol = (known after apply)
},
]
+ privileged = (known after apply)
+ pseudo_terminal = (known after apply)
+ readonly_root_filesystem = (known after apply)
+ repository_credentials = (known after apply)
+ resource_requirements = (known after apply)
+ secrets = (known after apply)
+ start_timeout = (known after apply)
+ stop_timeout = (known after apply)
+ system_controls = (known after apply)
+ ulimits = (known after apply)
+ user = (known after apply)
+ volumes_from = (known after apply)
+ working_directory = (known after apply)
},
]
+ cpu = "1024"
+ ephemeral_storage = (known after apply)
+ execution_role_arn = (known after apply)
+ family = "helloworld"
+ id = (known after apply)
+ inference_accelerators = (known after apply)
+ ipc_mode = (known after apply)
+ memory = "2048"
+ network_mode = "awsvpc"
+ pid_mode = (known after apply)
+ placement_constraints = (known after apply)
+ proxy_configuration = (known after apply)
+ requires_compatibilities = [
+ "FARGATE",
]
+ runtime_platform = (known after apply)
+ tags = (known after apply)
+ task_definition_arn = (known after apply)
+ task_role_arn = (known after apply)
+ volumes = (known after apply)
}
# awscc_iam_role.replicate_issue will be created
+ resource "awscc_iam_role" "replicate_issue" {
+ arn = (known after apply)
+ assume_role_policy_document = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "ecs-tasks.amazonaws.com"
}
+ Sid = ""
},
]
+ Version = "2012-10-17"
}
)
+ description = (known after apply)
+ id = (known after apply)
+ managed_policy_arns = [
+ "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
]
+ max_session_duration = (known after apply)
+ path = (known after apply)
+ permissions_boundary = (known after apply)
+ policies = (known after apply)
+ role_id = (known after apply)
+ role_name = "ecs_Task_ExecutionRole"
+ tags = (known after apply)
}
Plan: 8 to add, 0 to change, 0 to destroy.
Actual Behavior
│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to awscc_ecs_task_definition.replicate_issue, provider
│ "provider[\"registry.terraform.io/hashicorp/awscc\"]" produced an unexpected new value:
│ .container_definitions: planned set element
│ cty.ObjectVal(map[string]cty.Value{"command":cty.UnknownVal(cty.List(cty.String)),
│ "cpu":cty.NumberIntVal(1024), "credential_specs":cty.UnknownVal(cty.List(cty.String)),
│ "depends_on":cty.UnknownVal(cty.List(cty.Object(map[string]cty.Type{"condition":cty.String,
│ "container_name":cty.String}))), "disable_networking":cty.UnknownVal(cty.Bool),
│ "dns_search_domains":cty.UnknownVal(cty.List(cty.String)),
│ "dns_servers":cty.UnknownVal(cty.List(cty.String)), "docker_labels":cty.UnknownVal(cty.Map(cty.String)),
│ "docker_security_options":cty.UnknownVal(cty.List(cty.String)),
│ "entry_point":cty.UnknownVal(cty.List(cty.String)),
│ "environment":cty.UnknownVal(cty.Set(cty.Object(map[string]cty.Type{"name":cty.String,
│ "value":cty.String}))),
│ "environment_files":cty.UnknownVal(cty.List(cty.Object(map[string]cty.Type{"type":cty.String,
│ "value":cty.String}))), "essential":cty.True,
│ "extra_hosts":cty.UnknownVal(cty.List(cty.Object(map[string]cty.Type{"hostname":cty.String,
│ "ip_address":cty.String}))),
│ "firelens_configuration":cty.UnknownVal(cty.Object(map[string]cty.Type{"options":cty.Map(cty.String),
│ "type":cty.String})),
│ "health_check":cty.UnknownVal(cty.Object(map[string]cty.Type{"command":cty.List(cty.String),
│ "interval":cty.Number, "retries":cty.Number, "start_period":cty.Number, "timeout":cty.Number})),
│ "hostname":cty.UnknownVal(cty.String), "image":cty.StringVal("hello-world"),
│ "interactive":cty.UnknownVal(cty.Bool), "links":cty.UnknownVal(cty.Set(cty.String)),
│ "linux_parameters":cty.UnknownVal(cty.Object(map[string]cty.Type{"capabilities":cty.Object(map[string]cty.Type{"add":cty.List(cty.String),
│ "drop":cty.List(cty.String)}),
│ "devices":cty.List(cty.Object(map[string]cty.Type{"container_path":cty.String, "host_path":cty.String,
│ "permissions":cty.Set(cty.String)})), "init_process_enabled":cty.Bool, "max_swap":cty.Number,
│ "shared_memory_size":cty.Number, "swappiness":cty.Number,
│ "tmpfs":cty.List(cty.Object(map[string]cty.Type{"container_path":cty.String,
│ "mount_options":cty.List(cty.String), "size":cty.Number}))})),
│ "log_configuration":cty.UnknownVal(cty.Object(map[string]cty.Type{"log_driver":cty.String,
│ "options":cty.Map(cty.String),
│ "secret_options":cty.List(cty.Object(map[string]cty.Type{"name":cty.String,
│ "value_from":cty.String}))})), "memory":cty.NumberIntVal(2048),
│ "memory_reservation":cty.UnknownVal(cty.Number),
│ "mount_points":cty.UnknownVal(cty.List(cty.Object(map[string]cty.Type{"container_path":cty.String,
│ "read_only":cty.Bool, "source_volume":cty.String}))), "name":cty.StringVal("hello-world"),
│ "port_mappings":cty.SetVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"app_protocol":cty.UnknownVal(cty.String),
│ "container_port":cty.UnknownVal(cty.Number), "container_port_range":cty.UnknownVal(cty.String),
│ "host_port":cty.UnknownVal(cty.Number), "name":cty.UnknownVal(cty.String),
│ "protocol":cty.UnknownVal(cty.String)})}), "privileged":cty.UnknownVal(cty.Bool),
│ "pseudo_terminal":cty.UnknownVal(cty.Bool), "readonly_root_filesystem":cty.UnknownVal(cty.Bool),
│ "repository_credentials":cty.UnknownVal(cty.Object(map[string]cty.Type{"credentials_parameter":cty.String})),
│ "resource_requirements":cty.UnknownVal(cty.List(cty.Object(map[string]cty.Type{"type":cty.String,
│ "value":cty.String}))),
│ "secrets":cty.UnknownVal(cty.List(cty.Object(map[string]cty.Type{"name":cty.String,
│ "value_from":cty.String}))), "start_timeout":cty.UnknownVal(cty.Number),
│ "stop_timeout":cty.UnknownVal(cty.Number),
│ "system_controls":cty.UnknownVal(cty.List(cty.Object(map[string]cty.Type{"namespace":cty.String,
│ "value":cty.String}))),
│ "ulimits":cty.UnknownVal(cty.List(cty.Object(map[string]cty.Type{"hard_limit":cty.Number,
│ "name":cty.String, "soft_limit":cty.Number}))), "user":cty.UnknownVal(cty.String),
│ "volumes_from":cty.UnknownVal(cty.Set(cty.Object(map[string]cty.Type{"read_only":cty.Bool,
│ "source_container":cty.String}))), "working_directory":cty.UnknownVal(cty.String)}) does not correlate
│ with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
Steps to Reproduce
-
terraform apply
Important Factoids
References
I was able to consistently replicate this problem when using port_mappings attribute in the container_definitions.
Task definition was created successfully and CCAPI returned the GetResource response, I dont think this is upstream issue.