terraform apply is not picking up changes from a github module that have been updated.
Terraform Version
Terraform v0.11.11
+ provider.aws v1.50.0
Terraform Configuration Files
main - https://github.com/firehawkvfx/firehawk-compute-batch
github module that isn't updating (referenced in modules/vpn/main.tf) - https://github.com/firehawkvfx/tf_aws_openvpn
Expected Behavior
if you clone https://github.com/firehawkvfx/firehawk-compute-batch and run terraform apply, any changes to modules (like https://github.com/firehawkvfx/tf_aws_openvpn) should also be applied.
Actual Behavior
when running terraform apply on the firehawk-batch-compute repo, the vpn submodule (which references https://github.com/firehawkvfx/tf_aws_openvpn ) doesn't update correctly.
For example - the path https://github.com/firehawkvfx/tf_aws_openvpn has had added descriptions to the openvpn security group rules, and also another ingress group to allow icmp traffic. none of these are present when I run terraform apply on firehawk-batch-compute. It's almost as if it only executes some past cache of what that git url (https://github.com/firehawkvfx/tf_aws_openvpn) state once was, before those recent changes were added.
Steps to Reproduce
its hard to know if you will reproduce this behaviour, since it looks like terraform has some local cache of the git module ts_aws_openvpn, so if another user runs this, they may indeed see descriptions next to rules in the openvpn security group without a problem.
1) clone https://github.com/firehawkvfx/firehawk-compute-batch
2) run terraform init
3) run terraform apply
4) check the aws ec2 console for the openvpn security group. if you see descriptions next to rules like "https", "ssh", "all incoming traffic from vpc", and if you see an incoming security group that allows icmp traffic, then you haven't reproduced the bug, but further changes to the tf_aws_openvpn repo may not update for you the next time terraform apply is run after those changes. Id be happy to push changes to the security group for you to reproduce after you have run the terraform apply once (you can also destroy straight away, the bug should be reproducable this way)
queglay
All 4 comments
Hi @queglay!
I'm sorry you've run into this. Does running terraform get -update after changing the submodule download the update?
mildwonkey
on 14 Jan 2019
Thanks for your suggestion @mildwonkey. Yes this worked for me.
queglay
on 15 Jan 2019
The problem is though this creates inconsistency and dangers if you use the suggested solution sporadically, or are even unaware of it as I was. The issue only occurs with github repos. github submodules are not affected.
You might be referencing a github module and not realise its out of date while you are developing.
but a submodule will not have this issue.
queglay
on 16 Jan 2019
I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 30 Mar 2020
Related issues
shanmugakarna
ยท
3Comments
thebenwaters
ยท
3Comments
larstobi
ยท
3Comments
jrnt30
ยท
3Comments
pawelsawicz
ยท
3Comments
Most helpful comment
Hi @queglay!
I'm sorry you've run into this. Does running
terraform get -updateafter changing the submodule download the update?