[Bug] the order of the inputs in an elasticsearch_fleet_package_policy changes in each run #505
Description
Describe the bug
The order of the inputs in an elasticsearch_fleet_package_policy changes in each run.
This leads to a change and sometimes to an HTTP 400 error despite the configuration remaining the same.
To Reproduce
Steps to reproduce the behavior:
- TF configuration used:
resource "elasticstack_fleet_package_policy" "elasticstack_monitoring" {
depends_on = [elasticstack_fleet_package.integrations["elasticsearch"], elasticstack_fleet_agent_policy.elasticsearch_default]
name = "elasticsearch"
namespace = "prod.st"
description = "elasticstack-monitoring"
agent_policy_id = elasticstack_fleet_agent_policy.elasticsearch_default.policy_id
package_name = elasticstack_fleet_package.integrations["elasticsearch"].name
package_version = elasticstack_fleet_package.integrations["elasticsearch"].version
input {
input_id = "elasticsearch-logfile"
enabled = true
streams_json = jsonencode({
"elasticsearch.audit": {
"enabled": true,
"vars": {
"paths": [
"/var/log/elasticsearch/*_audit.json"
]
}
},
"elasticsearch.deprecation": {
"enabled": true,
"vars": {
"paths": [
"/var/log/elasticsearch/*_deprecation.json"
]
}
},
"elasticsearch.gc": {
"enabled": true,
"vars": {
"paths": [
"/var/log/elasticsearch/gc.log.[0-9]*",
"/var/log/elasticsearch/gc.log"
]
}
},
"elasticsearch.server": {
"enabled": true,
"vars": {
"paths": [
"/var/log/elasticsearch/*_server.json"
]
}
},
"elasticsearch.slowlog": {
"enabled": true,
"vars": {
"paths": [
"/var/log/elasticsearch/*_index_search_slowlog.json",
"/var/log/elasticsearch/*_index_indexing_slowlog.json"
]
}
}
})
}
input {
input_id = "elasticsearch-elasticsearch/metrics"
enabled = true
vars_json = jsonencode({
"hosts": [
"https://elastic.test.domain:9200"
],
"api_key": var.elastic_api_key,
"scope": "node",
"ssl": "#certificate_authorities: [\"/etc/ca.crt\"]\n#certificate: \"/etc/client.crt\"\n#key: \"/etc/client.key\"\n",
"leaderelection": false
})
streams_json = jsonencode({
"elasticsearch.stack_monitoring.ccr": {
"enabled": true,
"vars": {
"period": "10s"
}
},
"elasticsearch.stack_monitoring.cluster_stats": {
"enabled": true,
"vars": {
"period": "10s"
}
},
"elasticsearch.stack_monitoring.enrich": {
"enabled": true,
"vars": {
"period": "10s"
}
},
"elasticsearch.stack_monitoring.index": {
"enabled": true,
"vars": {
"period": "10s"
}
},
"elasticsearch.stack_monitoring.index_recovery": {
"enabled": true,
"vars": {
"active.only": true,
"period": "10s"
}
},
"elasticsearch.stack_monitoring.index_summary": {
"enabled": true,
"vars": {
"period": "10s"
}
},
"elasticsearch.ingest_pipeline": {
"enabled": true,
"vars": {
"ingest_pipeline_processor_sampling_rate": "0.25"
}
},
"elasticsearch.stack_monitoring.ml_job": {
"enabled": true,
"vars": {
"period": "10s"
}
},
"elasticsearch.stack_monitoring.node": {
"enabled": true,
"vars": {
"period": "10s"
}
},
"elasticsearch.stack_monitoring.node_stats": {
"enabled": true,
"vars": {
"period": "10s"
}
},
"elasticsearch.stack_monitoring.pending_tasks": {
"enabled": true,
"vars": {
"period": "10s"
}
},
"elasticsearch.stack_monitoring.shard": {
"enabled": true,
"vars": {
"period": "10s"
}
}
})
}
}
- TF operations to execute to get the error:
terraform apply -auto-approve
- See the error in the output:
# elasticstack_fleet_package_policy.elasticstack_monitoring will be updated in-place
~ resource "elasticstack_fleet_package_policy" "elasticstack_monitoring" {
id = "8179954f-de86-48c6-9240-eaf7c33afa21"
name = "elasticsearch"
# (6 unchanged attributes hidden)
~ input {
~ input_id = "elasticsearch-elasticsearch/metrics" -> "elasticsearch-logfile"
~ streams_json = (sensitive value)
# (2 unchanged attributes hidden)
}
~ input {
~ input_id = "elasticsearch-logfile" -> "elasticsearch-elasticsearch/metrics"
~ streams_json = (sensitive value)
~ vars_json = (sensitive value)
# (1 unchanged attribute hidden)
}
}
Expected behavior
Input order should be allways the same. But at the moment the order is changing sometimes
Versions (please complete the following information):
- OS: Linux (RHEL), same with macOS
- Terraform Version v1.6.4
- Provider version v0.10.0
- Elasticsearch Version 8.11.1
Additional context
I had the same issue with package_policy.checkpoint_firewall:
# elasticstack_fleet_package_policy.checkpoint_firewall will be updated in-place
~ resource "elasticstack_fleet_package_policy" "checkpoint_firewall" {
id = "1b566afe-e556-44e2-9a72-d9648f83ff7a"
name = "checkpoint.firewall"
# (7 unchanged attributes hidden)
~ input {
~ enabled = false -> true
~ input_id = "checkpoint-udp" -> "checkpoint-tcp"
~ streams_json = (sensitive value)
# (1 unchanged attribute hidden)
}
~ input {
~ input_id = "checkpoint-logfile" -> "checkpoint-udp"
~ streams_json = (sensitive value)
~ vars_json = (sensitive value)
# (1 unchanged attribute hidden)
}
~ input {
~ enabled = true -> false
~ input_id = "checkpoint-tcp" -> "checkpoint-logfile"
~ streams_json = (sensitive value)
~ vars_json = (sensitive value)
}
}
and package_policy.system:
# elasticstack_fleet_package_policy.linux_default_system_st will be updated in-place
~ resource "elasticstack_fleet_package_policy" "linux_default_system_st" {
id = "69337e6a-2908-49bd-a765-d0f6c8657908"
name = "Linux Default System Short Term"
# (6 unchanged attributes hidden)
~ input {
~ enabled = false -> true
~ input_id = "system-system/metrics" -> "system-logfile"
~ streams_json = (sensitive value)
# (1 unchanged attribute hidden)
}
~ input {
~ input_id = "system-httpjson" -> "system-winlog"
~ streams_json = (sensitive value)
# (2 unchanged attributes hidden)
}
~ input {
~ enabled = true -> false
~ input_id = "system-logfile" -> "system-system/metrics"
~ streams_json = (sensitive value)
}
~ input {
~ input_id = "system-winlog" -> "system-httpjson"
~ streams_json = (sensitive value)
+ vars_json = (sensitive value)
# (1 unchanged attribute hidden)
}
}
# elasticstack_fleet_package_policy.linux_default_system_lt will be updated in-place
~ resource "elasticstack_fleet_package_policy" "linux_default_system_lt" {
id = "11fb4cfa-3bbf-4edc-b53d-0ea190ef5a00"
name = "Linux Default System Long Term"
# (6 unchanged attributes hidden)
~ input {
~ enabled = false -> true
~ input_id = "system-httpjson" -> "system-logfile"
~ streams_json = (sensitive value)
# (1 unchanged attribute hidden)
}
~ input {
~ enabled = true -> false
~ input_id = "system-logfile" -> "system-winlog"
~ streams_json = (sensitive value)
}
~ input {
~ input_id = "system-winlog" -> "system-system/metrics"
~ streams_json = (sensitive value)
# (1 unchanged attribute hidden)
}
~ input {
~ input_id = "system-system/metrics" -> "system-httpjson"
~ streams_json = (sensitive value)
~ vars_json = (sensitive value)
# (1 unchanged attribute hidden)
}
}