New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: destruction of wafv2 rule group happens in wrong order #28331
Comments
Community NoteVoting for Prioritization
Volunteering to Work on This Issue
|
As a work around I had to delete the whole waf_web_acl_association and the waf_web_acl, and then I could delete the rule_group |
Hey all 👋 Thank you for taking the time to raise this! Terraform itself is responsible for generating the graph that determines order of operations, and doesn't currently have a way for providers to supply additional information regarding ordering. That said, you can control this to some degree with Can someone who has run into this test using the meta-argument to see if that corrects the issue? |
Hello, thank you for your suggestion – I have tested this solution, and it seems it works when you're just removing rule group from configuration, however most of the pain is a rule group modification. When you include
|
Thanks for getting back to me @Dominik-Gubrynowicz! I'm thinking this is something that we're going to need upstream Terraform changes for. Relates hashicorp/terraform#31309 |
Terraform Core Version
v1.3.6
AWS Provider Version
v4.46.0
Affected Resource(s)
Expected Behavior
On
aws_wafv2_rule_group
destroy, there should be different destruction order:aws_wafv2_rule_group
inaws_wafv2_web_acl
aws_wafv2_rule_group
itselfActual Behavior
Currently, destruction order is following:
aws_wafv2_rule_group
itselfaws_wafv2_rule_group
inaws_wafv2_web_acl
Relevant Error/Panic Output Snippet
Terraform Configuration Files
https://github.com/Dominik-Gubrynowicz/terraform-aws-wafv2-rulegroup-destruction-error/tree/master
Steps to Reproduce
Link attached above directs to the repo that have two branches:
master
(contains ACL with 2 rule_groups attached)feat/remove-rule-group
(contains ACL with 1 rule group attached, and the second one is commented)How to reproduce this bug:
master
branchfeat/remove-rule-group
(and wait few minutes to get an error)Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
None
The text was updated successfully, but these errors were encountered: