Cannot change condition type

[cori]

When applying a change to a vcl service with a conditioned header and trying to change the condition and header type the apply fails with a Bad Request: Cannot change type message. I believe this is when changing the Condition type, which also can't be done in the UI.

The below example fails when trying to change the condition type from CACHE to REQUEST and the header type from cache to request.

Terraform Version

Terraform v1.1.1
on darwin_amd64

• provider registry.terraform.io/fastly/fastly v0.34.0
• provider registry.terraform.io/hashicorp/aws v3.65.0
• provider registry.terraform.io/hashicorp/null v3.1.0
• provider registry.terraform.io/hashicorp/template v2.1.2

Affected Resource(s)

Please list the resources as a list, for example:

• fastly_service_v1 (specifically, I believe, the nested condition record)

Terraform Configuration Files

main module file

terraform {
  required_version = ">= 0.14.3"
  required_providers {
    fastly = {
      source  = "fastly/fastly"
      version = "~> 0.34.0"
    }
  }
}

provider "fastly" {
  api_key = var.api_key
}

resource "fastly_service_v1" "service" {
  name = var.name

  domain {
    name    = var.domain_name
    comment = "${var.name}-domain"
  }

  # currently we only support a single backend per service
  backend {
    address           = var.backend_hostname
    name              = "${var.name}-backend"
    shield            = "iad-va-us"
    ssl_check_cert    = true
    use_ssl           = true
    auto_loadbalance  = false
    ssl_cert_hostname = var.use_service_cert ? var.backend_hostname : var.domain_name
    ssl_sni_hostname  = var.use_service_cert ? var.backend_hostname : var.domain_name
    override_host     = var.use_service_cert ? var.backend_hostname : null
    port              = 443

  }

  dynamic "condition" {
    for_each = var.use_image_optimization ? [1] : []
    content {
      type      = "REQUEST"
      name      = "${var.name}-image-optimization-condition"
      statement = "req.*"
    }
  }

  dynamic "header" {
    for_each = var.use_image_optimization ? [1] : []
    content {
      action          = "set"
      destination     = "http.x-fastly-imageopto-api"
      type            = "request"
      source          = "\"fastly; qp=*\""
      name            = "${var.name}-image-optimization-header"
      cache_condition = "${var.name}-image-optimization-condition"
      priority        = 1 # image optimization headers should be first
    }
  }

  dynamic "header" {
    for_each = var.use_cors ? [1] : []
    content {
      action      = "set"
      destination = "http.Access-Control-Allow-Origin"
      type        = "cache"
      source      = "\"*\""
      name        = "${var.name}-CORS-allow-all-origins"
    }
  }

  dynamic "header" {
    for_each = var.use_cors ? [1] : []
    content {
      action      = "set"
      destination = "http.Access-Control-Allow-Methods"
      type        = "cache"
      source      = "\"GET, HEAD, POST\""
      name        = "${var.name}-CORS-allow-GET_HEAD_POST"
    }
  }


  force_destroy = true
}

resource "fastly_tls_subscription" "ssl_certificates" {

  domains               = [for domain in fastly_service_v1.service.domain : domain.name]
  certificate_authority = "lets-encrypt"

}

resource "aws_route53_record" "fastly_domain_validation_record" {
  depends_on = [fastly_tls_subscription.ssl_certificates]

  for_each = {
    for domain in fastly_tls_subscription.ssl_certificates.domains :
    domain => element([
      for obj in fastly_tls_subscription.ssl_certificates.managed_dns_challenges :
      obj if obj.record_name == "_acme-challenge.${replace(domain, "*.", "")}"
    ], 0)
  }
  name            = each.value.record_name
  type            = each.value.record_type
  zone_id         = var.aws_route53_zone_for_validation
  allow_overwrite = true
  records         = [each.value.record_value]
  ttl             = 60
}

resource "fastly_tls_subscription_validation" "fastly_ssl_validation" {
  subscription_id = fastly_tls_subscription.ssl_certificates.id
  depends_on      = [aws_route53_record.fastly_domain_validation_record]
}

"called" with a block like this

module "fastly_service_images" {
  source                          = "../modules/fastly_vcl"
  use_image_optimization          = true
  use_service_cert                = true
  use_cors                        = true
  name                            = "***"
  domain_name                     = "***"
  backend_hostname                = "***"
  environment                     = "production"
  api_key                         = file("secrets/fastly_api_key")
  aws_route53_zone_for_validation = module.route53.zone_id
}

Debug Output

https://gist.github.com/cori/74951793bd3f1acc4df89f89a5de4fc5

Expected Behavior

The condition will be replaced with an appropriate condition, removing and re-adding on as necessary without external involvement.

Actual Behavior

I receive this error message:

│ Error: 400 - Bad Request:
│
│     Title:  Bad request
│     Detail: Cannot change type
│
│   with module.fastly_service_images_glitch_global.fastly_service_v1.service,
│   on ../modules/fastly_vcl/main.tf line 15, in resource "fastly_service_v1" "service":
│   15: resource "fastly_service_v1" "service" {

line 15 is the opening of the fastly_service_v1 resource definition.

The apply does clone the active version, so I have a bunch of phantom versions hanging about now.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. Have an existing service with a CACHE condition and a cache header
2. change the condition type to REQUEST and the header type to request
3. terraform apply

[cori]

I ended up having to manually delete the condition in the UI (I also deleted the associated header, but that may not have been necessary) on one of the extra versions previous terraform apply executions had created, active that version, and then run another apply to get it in place (after sorting out that I had the wrong condition type on the header record).

[smaeda-ks]

Thanks. We will discuss in #518

[cori]

sounds great; thanks!

[smaeda-ks]

#518 is merged. Will be included in the next release. Closing this for now. Thanks for your feedback.