Hello, I am doing my lab for terraform commands section. I am on question 5 where I need to validate and correct the main.tf file, however after correcting still I am unable to do terraform apply. I get the error as below, I am also attaching screenshot for the question 5 which shows the main.tf content, please advise if this is known issue.
Error: Provider produced inconsistent final plan
When expanding the plan for tls_cert_request.csr to include new values learned
so far during apply, provider “Terraform Registry” produced
an invalid new value for .private_key_pem: inconsistent values for sensitive
attribute.
This is a bug in the provider, which should be reported in the provider’s own
issue tracker.
Hello, @Sal
In the question already described, do not change the resource “private key” block and you have changed that “RSA” to “ECDSA” that’s why validation is not passed.
You have to make small changes in the resource “tls_cert_request” block, key_algorithm to “RSA” instead of “ECDSA”. Hope it clears your doubt. Please try again.
I don’t understand what you’re saying, @Tej-Singh-Rana . I am also hitting this same problem as @Sal .
The question states:
The error in the configuration is inside the resource block for the tls_private_key type resource.
It contains the configuration that we needed for generating rsa type key…
Inspect the resource block and fix the issue.
Once done, run terraform plan and then apply to created the resources.
The question directly says the problem is in the tls_private_key resource. You instead suggest we edit the tls_cert_request resource. Further, the suggested edit to the tls_cert_request resource yields another error, that the key_algorithm field is a read-only property. In neither case can I complete the lab - nor is it clear what the “intended” error in the block is. Despite the mismatched algorithm, removing the ECDSA curve type doesn’t fix it either.
@Sal The actual problem seems to be the versions of the providers baked into that lab. You can delete the .terraform.lock.hcl file and then re-run terraform init to get new versions of the provider(s). The lab can then be executed by removing the ECDSA curve specification from the tls_private_key resource.
