Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Module is broken with Terraform AWS Provider v3.38.0 #213

Closed
onematchfox opened this issue May 2, 2021 · 6 comments
Closed

Module is broken with Terraform AWS Provider v3.38.0 #213

onematchfox opened this issue May 2, 2021 · 6 comments

Comments

@onematchfox
Copy link

onematchfox commented May 2, 2021
edited

Description

Sorry, for the short report. Just wanted to bring an issue I encountered into the open. There are issues using this module with v3.38.0 of the Terraform AWS provider - perhaps only under certain circumstances (can't say for certain if it's all or not). In short, hashicorp/terraform-provider-aws#18467 introduced a silent change whereby ipv6_cidr_blocks can no longer be supplied at the same time as source_security_group_id on the aws_security_group_rule resource. This results in errors such as the following during plan

Error: ConflictsWith 
  on .terraform/modules/mod.sg/main.tf line 144, in resource "aws_security_group_rule" "computed_ingress_with_source_security_group_id": 
 144:   source_security_group_id = var.computed_ingress_with_source_security_group_id[count.index]["source_security_group_id"] 
"source_security_group_id": conflicts with ipv6_cidr_blocks 
Error: ConflictsWith 
  on .terraform/modules/mod.sg/main.tf line 145, in resource "aws_security_group_rule" "computed_ingress_with_source_security_group_id": 
 145:   ipv6_cidr_blocks         = var.ingress_ipv6_cidr_blocks 
"ipv6_cidr_blocks": conflicts with source_security_group_id

I'm not sure whether this should really be seen as a bug in this module or not but thought it would be worth noting that there are inconsistencies between this module and that version. For now I've just locked my provider version down to < 3.38.0.

Perhaps one of the maintainers of this repo can make the call as to whether to engage with the maintainers of https://github.com/hashicorp/terraform-provider-aws or make adjustments to this module?
@ptpavankumar-kinesso
Copy link

ptpavankumar-kinesso commented May 3, 2021
edited

Hi @onematchfox not sure as to what version you are using but currently I have a setup where terraform-aws-security-group is v3.18.0 with terraform aws provider version to be 0.14.7. Im still experiencing similar issue

...
...
module.gravity.module.sg_asg.aws_security_group_rule.egress_rules[2]: Refreshing state... [id=sgrule-284690968]
module.gravity.module.sg_asg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1697953462]

Error: ConflictsWith
  on .terraform/modules/gravity.sg_lb/main.tf line 479, in resource "aws_security_group_rule" "egress_with_source_security_group_id":
 479:   source_security_group_id = var.egress_with_source_security_group_id[count.index]["source_security_group_id"]
"source_security_group_id": conflicts with ipv6_cidr_blocks

Error: ConflictsWith
  on .terraform/modules/gravity.sg_lb/main.tf line 480, in resource "aws_security_group_rule" "egress_with_source_security_group_id":
 480:   ipv6_cidr_blocks         = var.egress_ipv6_cidr_blocks
"ipv6_cidr_blocks": conflicts with source_security_group_id

Can you please suggest which version of terraform is working for you.

@onematchfox
Copy link
Author

onematchfox commented May 4, 2021
edited

Hi @onematchfox not sure as to what version you are using but currently I have a setup where terraform-aws-security-group is v3.18.0 with terraform aws provider version to be 0.14.7. Im still experiencing similar issue

Can you please suggest which version of terraform is working for you.

Hi @ptpavankumar-kinesso,

I think you're mixing up your Terraform version and the version of the Terraform AWS provider. Your Terraform version would be 0.14.7 and you need to restrict the version of the Terraform AWS provider to < 3.38.0. Something like the following should do the trick:

terraform {
  required_version = ">= 0.14"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.1, < 3.38.0"
    }
  }
}

@robinbowes
Copy link
Contributor

Not sure if this fixes all conflicts, but setting the default value of ingress_ipv6_cidr_blocks to null fixes this specific issue, ie.:

 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
   type        = list(string)
   default     = null
 }

@robinbowes
Copy link
Contributor

Actually, this is fixed in https://github.com/treasure-data/terraform-aws-security-group/pull/2/commits/b17296833b7828813ff532f837234b120f530bb6

So, upgrade to v3.6.0, or later :)

@bryantbiggs
Copy link
Member

closed with #148

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 15, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@robinbowes @onematchfox @bryantbiggs @ptpavankumar-kinesso