terraform-provider-azuredevops icon indicating copy to clipboard operation
terraform-provider-azuredevops copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Provider produced inconsistent final plan for azuredevops_serviceendpoint_kubernetes

Open allenvino1 opened this issue 3 years ago • 9 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and Azure DevOps Provider) Version

Affected Resource(s)

  • azuredevops_serviceendpoint_kubernetes

Terraform Configuration Files

resource "azuredevops_serviceendpoint_kubernetes" "kubernetes_service_account" {
  project_id            = var.azure_devops_project
  service_endpoint_name = "${var.team_name}-${var.environment_name}-gke"
  apiserver_url         = "https://${google_container_cluster.primary.endpoint}"
  authorization_type    = "ServiceAccount"

  service_account {
    token   = data.kubernetes_secret.azure_devops_integration.binary_data["token"]
    ca_cert = data.kubernetes_secret.azure_devops_integration.binary_data["ca.crt"]
  }
}

Debug Output

Panic Output

Expected Behavior

Actual Behavior

image

Steps to Reproduce

  1. terraform apply

Important Factoids

Note

  1. Im trying to do GKE + creating azure devops service connection.
  2. When I applied the second time it pushed thru maybe because the gke cluster is established already.
  3. Seems like the handling of the provider seems broken with dynamic values from other terraform resources. I tried hardcoding values it works.

References

  • #0000

allenvino1 avatar Aug 11 '21 14:08 allenvino1

Hi @spacejam101 I cannot reproduce this error. Which Terraform version and provider version are you use? This seems like https://github.com/hashicorp/terraform/issues/20517

xuzhang3 avatar Aug 12 '21 07:08 xuzhang3

Hello @xuzhang3. I'm using terraform v1.0.3. This my provider versions: image

allenvino1 avatar Aug 12 '21 07:08 allenvino1

Is there anyway I can help inorder for you to solve this? @xuzhang3

allenvino1 avatar Aug 12 '21 12:08 allenvino1

@spacejam101 You should mask the cert and tokens.

xuzhang3 avatar Aug 13 '21 03:08 xuzhang3

Hi @spacejam101 what's the output of terraform plan. Will token and cert changed during the terraform apply, the real value will changed by GKE?

xuzhang3 avatar Aug 13 '21 03:08 xuzhang3

I'm afraid my flow does not use static token and cert. I would like it to be on the fly.

The flow would be GKE is created and then I do a secret lookup on the serviceaccount to be passed to azure devops.

image

Plan output: image

allenvino1 avatar Aug 13 '21 03:08 allenvino1

@spacejam101 I create a new aks cluster and use kubernetes_secret to get the credentials, all resource can be created without error.

xuzhang3 avatar Aug 13 '21 08:08 xuzhang3

Interesting. Sorry im new to terraform. Not sure how to debug this one. Uhmm Maybe try it with GKE cluster?

allenvino1 avatar Aug 14 '21 11:08 allenvino1

same issue here (tipalti.com)

korenlev avatar Dec 15 '21 11:12 korenlev