Description
Describe the bug
The bug occurs when I tried to manage Kubernetes package policy using the new elasticstack_fleet_package_policy resource. With kubernetes, there are multiple intputs to configure. The elasticstack_fleet_package_policy is working fine (it can create/update/delete the package policy), but the plan is always showing some differences in the inputs (and not in the same order). I suppose that inputs order in terraform code are not the same as the input order returned by the API.
Example:
After creating the policy, I execute then plan and can see some differences:
# module.ec.elasticstack_fleet_package_policy.kubernetes will be updated in-place
~ resource "elasticstack_fleet_package_policy" "kubernetes" {
id = "555443a0-b129-4cf9-8124-9c31b5182cef"
name = "kubernetes"
# (7 unchanged attributes hidden)
~ input {
~ input_id = "kube-scheduler-kubernetes/metrics" -> "kube-apiserver-kubernetes/metrics"
~ streams_json = (sensitive value)
# (1 unchanged attribute hidden)
}
~ input {
~ input_id = "events-kubernetes/metrics" -> "kube-state-metrics-kubernetes/metrics"
~ streams_json = (sensitive value)
# (1 unchanged attribute hidden)
}
~ input {
~ input_id = "audit-logs-filestream" -> "kube-proxy-kubernetes/metrics"
~ streams_json = (sensitive value)
# (1 unchanged attribute hidden)
}
~ input {
~ enabled = true -> false
~ input_id = "kube-state-metrics-kubernetes/metrics" -> "kube-controller-manager-kubernetes/metrics"
~ streams_json = (sensitive value)
}
~ input {
~ enabled = false -> true
~ input_id = "kube-apiserver-kubernetes/metrics" -> "container-logs-filestream"
~ streams_json = (sensitive value)
}
~ input {
~ enabled = false -> true
~ input_id = "kube-proxy-kubernetes/metrics" -> "events-kubernetes/metrics"
~ streams_json = (sensitive value)
}
~ input {
~ input_id = "kube-controller-manager-kubernetes/metrics" -> "kube-scheduler-kubernetes/metrics"
~ streams_json = (sensitive value)
# (1 unchanged attribute hidden)
}
~ input {
~ enabled = true -> false
~ input_id = "container-logs-filestream" -> "audit-logs-filestream"
~ streams_json = (sensitive value)
}
# (1 unchanged block hidden)
}
Executing the plan again will show changes again but in different order:
# module.ec.elasticstack_fleet_package_policy.kubernetes will be updated in-place
~ resource "elasticstack_fleet_package_policy" "kubernetes" {
id = "555443a0-b129-4cf9-8124-9c31b5182cef"
name = "kubernetes"
# (7 unchanged attributes hidden)
~ input {
~ enabled = false -> true
~ input_id = "kube-controller-manager-kubernetes/metrics" -> "kubelet-kubernetes/metrics"
~ streams_json = (sensitive value)
}
~ input {
~ enabled = true -> false
~ input_id = "events-kubernetes/metrics" -> "kube-apiserver-kubernetes/metrics"
~ streams_json = (sensitive value)
}
~ input {
~ input_id = "container-logs-filestream" -> "kube-state-metrics-kubernetes/metrics"
~ streams_json = (sensitive value)
# (1 unchanged attribute hidden)
}
~ input {
~ input_id = "audit-logs-filestream" -> "kube-proxy-kubernetes/metrics"
~ streams_json = (sensitive value)
# (1 unchanged attribute hidden)
}
~ input {
~ enabled = true -> false
~ input_id = "kubelet-kubernetes/metrics" -> "kube-controller-manager-kubernetes/metrics"
~ streams_json = (sensitive value)
}
~ input {
~ enabled = false -> true
~ input_id = "kube-apiserver-kubernetes/metrics" -> "container-logs-filestream"
~ streams_json = (sensitive value)
}
~ input {
~ enabled = false -> true
~ input_id = "kube-proxy-kubernetes/metrics" -> "events-kubernetes/metrics"
~ streams_json = (sensitive value)
}
~ input {
~ enabled = true -> false
~ input_id = "kube-state-metrics-kubernetes/metrics" -> "audit-logs-filestream"
~ streams_json = (sensitive value)
}
# (1 unchanged block hidden)
}
To Reproduce
Steps to reproduce the behavior:
- Create a package policy with multiple inputs
resource "elasticstack_fleet_package_policy" "kubernetes" {
name = "kubernetes"
namespace = "default"
description = "Kubernetes package policy"
agent_policy_id = elasticstack_fleet_agent_policy.kubernetes.policy_id
package_name = elasticstack_fleet_package.kubernetes.name
package_version = elasticstack_fleet_package.kubernetes.version
force = true
input {
enabled = true
input_id = "kubelet-kubernetes/metrics"
streams_json = jsonencode({...})
}
input {
enabled = false
input_id = "kube-apiserver-kubernetes/metrics"
streams_json = jsonencode({...})
}
input {
enabled = true
input_id = "kube-state-metrics-kubernetes/metrics"
streams_json = jsonencode({...})
}
input {
enabled = false
input_id = "kube-proxy-kubernetes/metrics"
streams_json = jsonencode({...})
}
input {
enabled = false
input_id = "kube-controller-manager-kubernetes/metrics"
streams_json = jsonencode({...})
}
input {
enabled = true
input_id = "container-logs-filestream"
streams_json = jsonencode({...})
}
input {
enabled = true
input_id = "events-kubernetes/metrics"
streams_json = jsonencode({...})
}
input {
enabled = false
input_id = "kube-scheduler-kubernetes/metrics"
streams_json = jsonencode({...})
}
input {
enabled = false
input_id = "audit-logs-filestream"
streams_json = jsonencode({...})
}
}
terraform plan
will then show some differences
Expected behavior
I except this resource to be idempotent to avoid confusion while applying some (real) changes.
Versions :
- OS: Mac OS Sonoma (M2)
- Terraform Version 1.6.3
- Provider version v0.10.0
- Elasticsearch Version 8.11.0