-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v3.87.0 introduced a delete issue with the google_compute_resource_policy resource #10385
Comments
@suckowbiz can you try adding lifecycle.create_before_destroy in your instance? |
Thanks @edwardmedia. This is a good suggestion. I will try that. IMHO: Shouldn't it be the case that the provider takes care of replacement object handling in an appropriate way without the need of additional configuration? |
I tested with the suggested lifecycle rule. Unfortunately adding: lifecycle {
create_before_destroy = true
} to Error: Error creating instance: googleapi: Error 409: The resource 'projects/<removed>/zones/europe-west3-a/instances/test-vm' already exists, alreadyExists So this is not a generic workaround. |
@suckowbiz the fix seems appropriate. We don't want to recreate the instance if its policy is updated. But that change appears to cause reorder of the execution sequence ( in your case among two resources ) which is controlled by Terraform core. Adding
|
Please find the debug output here: The issue (with the lifecycle workaround in place) occurred when changing an attribute of the vm that enforces re-creation of the vm (
Yes, exactly.
This would be possible but removes all the magic of Terraform. How can we explain the DevOps colleagues that Terraform cannot handle the calculated plan and they must apply their changes slice-wise. |
@slevenick What do you think about this issue? |
Unfortunately I don't think we have any options here. From my understanding this used to work prior to 3.87.0 because the force replacement allowed the dependency to be removed before the resource policy would be deleted. The new behavior is more correct, but results in this common issue. Similar issues have been run into here and here The upstream issue in Terraform core is still open, and we don't have a lot of options within the provider to handle this. You may be able to fix the To reproduce the previous behavior you may be able to work around this by forcing the instance to recreate when there are changes to the resource policy. I could imagine handling this by using the resource policy's name in a field on the instance that forces recreate when it is changed but that isn't important to you. For example the metadata_startup_script. This adds some complexity, but may allow you to reproduce the previous behavior |
Hi @edwardmedia, are there plans now to fix the |
We cannot fix the create_before_destroy issue within the provider. A fix would need to come from Terraform core, but we don't have any indication on when that would happen. I'll mark this as upstream to indicate we cannot fix this within the provider |
…ult) (hashicorp#10385) [upstream:269a04f051a4ad1b9ec610e81a8996dd14e0cfaa] Signed-off-by: Modular Magician <magic-modules@google.com>
Community Note
modular-magician
user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned tohashibot
, a community member has claimed the issue already.Terraform Version
# terraform -v Terraform v1.0.9 on linux_amd64
Affected Resource(s)
Terraform Configuration Files
Debug Output
https://gist.github.com/suckowbiz/40258a28d25ab3ee681361814116f158
Expected Behavior
It should remain possible to deconfigure a resource policy from a compute instance AND delete that resource policy in the same
terraform apply
step.Actual Behavior
Terraform fails with:
Steps to Reproduce
Important Factoids
References
b/308756190
The text was updated successfully, but these errors were encountered: