Issue with the terraform lab - Commands

Hello, I am doing my lab for terraform commands section. I am on question 5 where I need to validate and correct the file, however after correcting still I am unable to do terraform apply. I get the error as below, I am also attaching screenshot for the question 5 which shows the content, please advise if this is known issue.

Error: Provider produced inconsistent final plan

When expanding the plan for tls_cert_request.csr to include new values learned
so far during apply, provider “Terraform Registry” produced
an invalid new value for .private_key_pem: inconsistent values for sensitive

This is a bug in the provider, which should be reported in the provider’s own
issue tracker.

Hello, @Sal
In the question already described, do not change the resource “private key” block and you have changed that “RSA” to “ECDSA” that’s why validation is not passed.
You have to make small changes in the resource “tls_cert_request” block, key_algorithm to “RSA” instead of “ECDSA”. Hope it clears your doubt. Please try again.

I don’t understand what you’re saying, @Tej-Singh-Rana . I am also hitting this same problem as @Sal .

The question states:

The error in the configuration is inside the resource block for the tls_private_key type resource.
It contains the configuration that we needed for generating rsa type key…

Inspect the resource block and fix the issue.

Once done, run terraform plan and then apply to created the resources.

The question directly says the problem is in the tls_private_key resource. You instead suggest we edit the tls_cert_request resource. Further, the suggested edit to the tls_cert_request resource yields another error, that the key_algorithm field is a read-only property. In neither case can I complete the lab - nor is it clear what the “intended” error in the block is. Despite the mismatched algorithm, removing the ECDSA curve type doesn’t fix it either.

@Sal The actual problem seems to be the versions of the providers baked into that lab. You can delete the .terraform.lock.hcl file and then re-run terraform init to get new versions of the provider(s). The lab can then be executed by removing the ECDSA curve specification from the tls_private_key resource.


Please start your own thread. This lab has been updated since January 2021.

You can also set the value to null. If you review the terraform plan you will see what is happening.

Refer to the Terraform Registry documentation site and the samples for creating a private key and csr.
Docs overview | hashicorp/tls | Terraform | Terraform Registry

That’s works fine. Thank you :slight_smile: