Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: Provider produced inconsistent final plan #223

Open
leonardoauribe opened this issue Mar 25, 2022 · 6 comments
Open

Error: Provider produced inconsistent final plan #223

leonardoauribe opened this issue Mar 25, 2022 · 6 comments

Comments

@leonardoauribe
Copy link

I tried to apply multiple resource name value updates for addresses, address groups, services, and service groups and began receiving these errors. I didn't expect this to happen on such a simple name change.

Error: Provider produced inconsistent final plan
│ 
│ When expanding the plan for module.policy_objects.fortios_firewall_policy.fw12_firewall_policy_50[0] to include new values learned
│ so far during apply, provider "registry.terraform.io/fortinetdev/fortios" produced an invalid new value for .poolname[0].name: was
│ cty.StringVal("staging-whitelist-proxy"), but now cty.StringVal("allowlist-snat-staging").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│ 
│ When expanding the plan for module.policy_objects.fortios_firewall_policy.fw12_firewall_policy_50[0] to include new values learned
│ so far during apply, provider "registry.terraform.io/fortinetdev/fortios" produced an invalid new value for .service[0].name: was
│ cty.StringVal("tcp9443"), but now cty.StringVal("MTLS").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│ 
│ When expanding the plan for module.policy_objects.fortios_firewall_policy.fw12_firewall_policy_50[0] to include new values learned
│ so far during apply, provider "registry.terraform.io/fortinetdev/fortios" produced an invalid new value for .srcaddr[0].name: was
│ cty.StringVal("staging-outbound_svc"), but now cty.StringVal("outbound_svc-staging").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│ 
│ When expanding the plan for module.policy_objects.fortios_firewall_policy.fw12_firewall_policy_10[0] to include new values learned
│ so far during apply, provider "registry.terraform.io/fortinetdev/fortios" produced an invalid new value for .service[1].name: was
│ cty.StringVal("tcp5432"), but now cty.StringVal("VAULT_CZAR").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│ 
│ When expanding the plan for module.policy_objects.fortios_firewall_policy.fw12_firewall_policy_10[0] to include new values learned
│ so far during apply, provider "registry.terraform.io/fortinetdev/fortios" produced an invalid new value for .srcaddr[0].name: was
│ cty.StringVal("filter-float"), but now cty.StringVal("filter_float-staging").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│ 
│ When expanding the plan for module.policy_objects.fortios_firewall_policy.fw12_firewall_policy_10[0] to include new values learned
│ so far during apply, provider "registry.terraform.io/fortinetdev/fortios" produced an invalid new value for .srcaddr[3].name: was
│ cty.StringVal("staging-dns_ext"), but now cty.StringVal("dns_ext-staging").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│ 
│ When expanding the plan for module.policy_objects.fortios_firewall_policy.fw12_firewall_policy_10[0] to include new values learned
│ so far during apply, provider "registry.terraform.io/fortinetdev/fortios" produced an invalid new value for .srcaddr[4].name: was
│ cty.StringVal("staging-outbound_svc"), but now cty.StringVal("outbound_svc-staging").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵

This is just a snippet. I received this error on 20+ different resources.
@lix-fortinet
Copy link
Contributor

Hi @leonardoauribe,

Thank you for raising this issue. We will appreciate it if you could provide an example of your test case and the environment for your test case, like the FortiOS version, FortiOS Terraform provider version, Terraform version, etc. That would be very helpful for us to reproduce this issue.

Thanks,
Xing

@leonardoauribe
Copy link
Author

leonardoauribe commented Apr 6, 2022
edited
Loading

Version Details

Terraform v1.0.1
on darwin_amd64
+ provider registry.terraform.io/fortinetdev/fortios v1.14.0
+ provider registry.terraform.io/hashicorp/local v2.2.2

FortiOS version: v6.4.7

Let me know if more is required. thanks!

@lix-fortinet
Copy link
Contributor

Hi @leonardoauribe,

Thank you for your info. Could you provide some examples of your test case to help us reproduce this issue? Please delete your sensitive information in the example.

Thanks,
Xing

@leonardoauribe
Copy link
Author

The examples are the changes of the names for the addresses and address groups associated to policies, etc. after importing them. I'll walk through the details below.

  • Began project to Terraform existing production Fortigates
  • These Fortigates had multiple resources (policies, addresses, address groups, etc.) already deployed
  • Imported these existing resources into Terraform state file
  • Once imported, I had to rename all of the resources for consistency across all of our sites
  • The Terraform plan reflected these changes correctly
  • Once I ran Terraform apply is when I received all of the errors mentioned above.

Example 1: Resource "staging-whitelist-proxy" needed to be renamed to "allowlist-snat-staging" as shown below

│ When expanding the plan for module.policy_objects.fortios_firewall_policy.fw12_firewall_policy_50[0] to include new values learned
│ so far during apply, provider "registry.terraform.io/fortinetdev/fortios" produced an invalid new value for .poolname[0].name: was
│ cty.StringVal("staging-whitelist-proxy"), but now cty.StringVal("allowlist-snat-staging").

Example 2: Resource "tcp5432" needed to be renamed to "VAULT_CZAR" as shown below

When expanding the plan for module.policy_objects.fortios_firewall_policy.fw12_firewall_policy_10[0] to include new values learned
│ so far during apply, provider "registry.terraform.io/fortinetdev/fortios" produced an invalid new value for .service[1].name: was
│ cty.StringVal("tcp5432"), but now cty.StringVal("VAULT_CZAR").

The list goes on. Issue seems to be with how the policy resources handle the value changes for referenced resources.

@lix-fortinet
Copy link
Contributor

Hi @leonardoauribe,

Thank you for your information. Team is still working to reproduce this issue. We will get back to you once it has some updates.

Thanks,
Xing

@leonardoauribe
Copy link
Author

Any update on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lix-fortinet @leonardoauribe