Skip to content

After restore consul state terraform do not track policy state and trying recreate it from scratch and fails #417

New issue
New issue
Open
Open
After restore consul state terraform do not track policy state and trying recreate it from scratch and fails#417
@garry-t

Description

@garry-t
garry-t
opened on Oct 7, 2024

Hi there,

After consul run consul snapshot restore backup.snap I expect that rerun plan will not trigger any resource changes

Terraform Version

Terraform v1.6.6
on darwin_arm64

+ provider registry.terraform.io/hashicorp/consul v2.20

Affected Resource(s)

Please list the resources as a list, for example:

  • consul_acl_token
  • consul_acl_policy

Terraform Configuration Files

resource "consul_acl_policy" "test" {
  name  = "service_test"
  rules = <<-RULE
    agent_prefix "test" {
      policy = "write"
    }

    agent_prefix "${var.platform_env}-test" {
      policy = "write"
    }
    RULE
}
resource "consul_acl_token" "test" {
  description = "Token for test"
  policies    = [consul_acl_policy.test.name]
  local       = false # valid in all DCs
}

Debug Output

2024-10-07T14:37:34.102+0200 [DEBUG] Resource state not found for node "consul_acl_policy.test", instance consul_acl_policy.test
2024-10-07T14:37:34.102+0200 [DEBUG] Resource state not found for node "data.consul_acl_token_secret_id.test", instance data.consul_acl_token_secret_id.test
2024-10-07T14:37:34.102+0200 [DEBUG] Resource state not found for node "consul_acl_token.test", instance consul_acl_token.test

Panic Output

n/a

Expected Behavior

After consul run consul snapshot restore backup.snap I expect that rerun plan will not trigger any resource changes.

Actual Behavior

In some reason policy always recreates after cluster restore state.
If I run
terraform state show consul_acl_policy.test it will print me policy in state file.

Steps to Reproduce

consul 1.11.4

  1. Take cluster snapshot
  2. Restore state to another consul cluster
  3. Point your project to a new consul cluster
  4. Run terraform plan

Possible reason

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # consul_acl_policy.test has been deleted
  - resource "consul_acl_policy" "test" {
        id          = "38110fd9-47e3-434a-2fb0-59e5cc0bb743"
      - name        = "service_test" -> null
        # (2 unchanged attributes hidden)
    }

  # consul_acl_token.test has been deleted
  - resource "consul_acl_token" "test" {
      - id          = "05c3a262-9e96-2d67-cc42-8530837898a3" -> null
        # (5 unchanged attributes hidden)
    }

Elaborate this behaviour, please.

Important Factoids

consul bootstrap with ACL

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions