Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Root resource was present, but now absent. #163

Open
mtponcho opened this issue Dec 28, 2022 · 2 comments
Open

Root resource was present, but now absent. #163

mtponcho opened this issue Dec 28, 2022 · 2 comments

Comments

@mtponcho
Copy link

Success! The configuration is valid.

│ Error: Provider produced inconsistent result after apply

│ When applying changes to ad_ou.ou_client, provider
│ "provider["registry.terraform.io/hashicorp/ad"]" produced an unexpected
│ new value: Root resource was present, but now absent.

│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.

time=2022-12-27T17:01:25Z level=error msg=Terraform invocation failed in
@eatonc
Copy link

eatonc commented Jan 13, 2023

I was seeing a similar error when attempting to create a computer account. In my case, I suspect the issue is related to AD replication. In my initial configuration of the ad provider, I left the optional domain_controller parameter out. Once I added the domain_controller parameter to my configuration, it started working consistently.

Not specifying a domain controller causes the PowerShell commands to be executed using the domain name, as shown in the below trace logs where it successfully created the object:

2023-01-13T09:48:33.027-0600 [INFO] provider.terraform-provider-ad_v0.4.4_x5: 2023/01/13 09:48:33 [DEBUG] Checking to see if a domain controller was specified.: timestamp=2023-01-13T09:48:33.027-0600
2023-01-13T09:48:33.027-0600 [INFO] provider.terraform-provider-ad_v0.4.4_x5: 2023/01/13 09:48:33 [DEBUG] Using the domain name instead of a specific domain controller for PowerShell commands.: timestamp=2023-01-13T09:48:33.027-0600
2023-01-13T09:48:33.027-0600 [INFO] provider.terraform-provider-ad_v0.4.4_x5: 2023/01/13 09:48:33 [DEBUG] Constructing powerrshell command: $Password = ConvertTo-SecureString -String "" -AsPlainText -Force
$User = "domain_service_account_example"
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $Password
New-ADComputer -Passthru -Name "test1234" -Path "OU=Development,OU=Environment,DC=EXAMPLE,DC=com" -Credential $Credential -Server EXAMPLE.COM | ConvertTo-Json: timestamp=2023-01-13T09:48:33.027-0600
2023-01-13T09:48:33.027-0600 [INFO] provider.terraform-provider-ad_v0.4.4_x5: 2023/01/13 09:48:33 [DEBUG] Executing command on remote host: timestamp=2023-01-13T09:48:33.027-0600
2023-01-13T09:48:33.027-0600 [TRACE] provider.stdio: received data: channel=STDERR len=319
2023-01-13T09:48:33.027-0600 [WARN] unexpected data: registry.terraform.io/hashicorp/ad:stderr="{"@caller":"/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/hashicorp/terraform-provider-ad/vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/logging/helper_schema.go:21","@Level":"trace","@message":"Calling downstream","@module":"sdk.helper_schema","@timestamp":"2023-01-13T09:48:33.027582-06:00"}"
2023-01-13T09:48:33.027-0600 [TRACE] provider.stdio: waiting for stdio data
2023-01-13T09:48:35.167-0600 [INFO] provider.terraform-provider-ad_v0.4.4_x5: 2023/01/13 09:48:35 [DEBUG] Powershell command exited with code 0: timestamp=2023-01-13T09:48:35.166-0600
2023-01-13T09:48:35.167-0600 [INFO] provider.terraform-provider-ad_v0.4.4_x5: 2023/01/13 09:48:35 [DEBUG] Powershell command exited with code 0: timestamp=2023-01-13T09:48:35.166-0600

On the post-creation check, the same type of command is used. However, this time we see PowerShell returns a "Directory object not found" error.

2023-01-13T09:48:35.167-0600 [INFO] provider.terraform-provider-ad_v0.4.4_x5: 2023/01/13 09:48:35 [DEBUG] Checking to see if a domain controller was specified.: timestamp=2023-01-13T09:48:35.167-0600
2023-01-13T09:48:35.167-0600 [INFO] provider.terraform-provider-ad_v0.4.4_x5: 2023/01/13 09:48:35 [DEBUG] Using the domain name instead of a specific domain controller for PowerShell commands.: timestamp=2023-01-13T09:48:35.167-0600
2023-01-13T09:48:35.167-0600 [INFO] provider.terraform-provider-ad_v0.4.4_x5: 2023/01/13 09:48:35 [DEBUG] Constructing powerrshell command: $Password = ConvertTo-SecureString -String "" -AsPlainText -Force
$User = "domain_service_account_example"
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $Password
Get-ADComputer -Identity "a430198b-4558-4dcd-b517-ed49f669b94d" -Properties * -Credential $Credential -Server EXAMPLE.COM | ConvertTo-Json: timestamp=2023-01-13T09:48:35.167-0600
2023-01-13T09:48:35.167-0600 [INFO] provider.terraform-provider-ad_v0.4.4_x5: 2023/01/13 09:48:35 [DEBUG] Executing command on remote host: timestamp=2023-01-13T09:48:35.167-0600
2023-01-13T09:48:37.215-0600 [INFO] provider.terraform-provider-ad_v0.4.4_x5: 2023/01/13 09:48:37 [DEBUG] Powershell command exited with code 1: timestamp=2023-01-13T09:48:37.215-0600
2023-01-13T09:48:37.215-0600 [INFO] provider.terraform-provider-ad_v0.4.4_x5: 2023/01/13 09:48:37 [DEBUG] Powershell command exited with code 1: timestamp=2023-01-13T09:48:37.215-0600
2023-01-13T09:48:37.216-0600 [INFO] provider.terraform-provider-ad_v0.4.4_x5: 2023/01/13 09:48:37 [DEBUG] Stdout: , Stderr: #< CLIXML
System.Management.Automation.PSCustomObjectSystem.Object1Preparing modules for first use.0-1-1Completed-1 1Preparing modules for first use.0-1-1Completed-1 1Preparing modules for first use.0-1-1Completed-1 Get-ADComputer : Directory object not found_x000D__x000A_At line:4 char:2_x000D__x000A_+ Get-ADComputer -Identity "a430198b-4558-4dcd-b517-ed49f669b94d" -Pro ...x000D__x000A+x000D__x000A + CategoryInfo : ObjectNotFound: (a430198b-4558-4dcd-b517-ed49f669b94d:ADComputer) [Get-ADComputer], ADId x000D__x000A entityNotFoundException_x000D__x000A_ + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,M x000D__x000A icrosoft.ActiveDirectory.Management.Commands.GetADComputer_x000D__x000A_ x000D__x000A: timestamp=2023-01-13T09:48:37.215-0600

In my AD environment, there are more than 20 DCs, so there's a good chance that when "EXAMPLE.com" gets resolved on the Get-ADComputer command, it will choose a different DC than what was used on the New-ADComputer command and the new AD object is likely not fully replicated across the environment yet. Specifying a domain controller in the provider configuration helps resolve this.

To prevent this from happening without specifying a domain controller, perhaps it would make sense for the provider to resolve the domain name to a specific domain controller beforehand, and then use that same DC for the New-ADComputer and Get-ADComputer commands executed within the same Terraform run.

@matkozera
Copy link

matkozera commented Jul 30, 2024
edited
Loading

ad_group.g: Creating...

│ Error: Provider produced inconsistent result after apply

│ When applying changes to ad_group.g, provider "provider["registry.terraform.io/hashicorp/ad"]" produced an unexpected new value: Root resource was present, but now
│ absent.

│ This is a bug in the provider, which should be reported in the provider's own issue tracker.

Same here 2 out of 10 times
Windows server 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mtponcho @eatonc @matkozera