Terraform-provider-aws: aws_lb_listener_rule: Stickiness block not removed from state

Created on 14 Sep 2020 · 3Comments · Source: hashicorp/terraform-provider-aws

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

$ terraform -v
Terraform v0.12.29
+ provider.aws v3.2.0
+ provider.null v2.1.2

Affected Resource(s)

aws_XXXXX

Terraform Configuration Files

resource "aws_lb_listener_rule" "httpsecure_prod" {
  count        = local.is_prod ? 1 : 0
  depends_on   = [null_resource.health]
  listener_arn = data.aws_alb_listener.https.arn

  priority = 48001


  action {
    order = 1
    type  = "forward"
    forward {

      dynamic "target_group" {
        for_each = local.target_groups

        content {
          arn    = target_group.value.arn
          weight = target_group.value.weight
        }
      }
    }
  }

  condition {
    host_header {
      values = [
        "foo.com",
        "bar.foo.com"
      ]
    }
  }
}

Expected Behavior

When stickiness is not declared in the resource, the listener rule should not use it

Actual Behavior

We had previously had a rule with stickiness enabled, and applied it. Later our use case changed and we removed it. Yesterday we went to update the rule and got this error when applying:

aws_lb_listener_rule.httpsecure_prod[0]: Modifying... [id=arn:aws:elasticloadbalancing:*********:xxxx:listener-rule/app/foo-production-app/xxx/xxx/xxx]

Error: Error modifying LB Listener Rule: ValidationError: Target group stickiness duration must be between 1 and 604800 seconds
    status code: 400, request id: xxx-xxx-xxx-xxx-xxxxx

Checking in the AWS console, the listener rule didn't have stickiness enabled. Looking into the plan, we can see that the plan does include the stickiness:

resource "aws_lb_listener_rule" "httpsecure_prod" {
      ...
      ~ action {
            order = 1
            type  = "forward"

          ~ forward {
                stickiness {
                    duration = 0
                    enabled  = false
                }
            ... 
            }
        }
}

Steps to Reproduce

terraform apply with stickiness defied in an aws_lb_listener_rule
Remove the stickiness block from the rule
Run terraform apply again, and notice the above error.

bug servicelbv2

Source

ian-bartholomew

👍5

All 3 comments

Hi @ian-bartholomew, thank you for creating this issue! Looking at the plan output you've provided as well as reproducing this locally, seems there's a bug in the diff created as the entire stickiness block should be marked for removal with something like:

  ~ action {
            order = 1
            type  = "forward"

          ~ forward {
              - stickiness {
                  - duration = 3600 -> null
                  - enabled  = true -> null
                }

This could stem from some custom logic in the resource that modifies the diff behavior, so further investigation is needed. In the meantime, I would recommend disabling stickiness with enabled=false instead of removing the entire block as this behavior here will persist.

anGie44 on 15 Sep 2020

👍1

@anGie44 Sorry for the late reply, but thank you. I did what you suggested as a workaround and that worked. Thanks!

ian-bartholomew on 29 Sep 2020

🎉1

Hopefully the information below is helpful for you guys. My terraform version is 0.12.24 though. But by checking the release nots, I don't think it makes any difference from your TF version.

I think terraform is unable to remove the stickiness because it's trying to set duration value back to 0. However, the minimum value of the duration is 1 in AWS. That's exactly what you got from the error.

I'm actually getting the same error with different scenario, see follow steps:

Apply a listener rule with 100% traffic forwarding to target group 1 and 0% traffic to target group 2.
Adjust the percentages to 80% vs 20%
Apply again.
Got the same error as yours.

It seems like the default stickiness state in terraform is:
stickiness {
duration = 0
enabled = false
}
Which is wrong.

So couple of problems here:

Default stickiness state is wrong.
Why we even need to update the stickiness state since in my case I'm not using it from beginning to the end.
"duration" is a required field in stickiness block. If that's intended, this document may need to be updated: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener_rule