Check if firewall exists before deleting
zulh-civo opened this issue · 0 comments
zulh-civo commented
When we have the following configuration...
resource "civo_network" "my_custom_network" {
label = "my-custom-network"
}
resource "civo_firewall" "my_custom_firewall" {
name = "my-custom-firewall"
network_id = civo_network.my_custom_network.id
}
resource "civo_firewall_rule" "http" {
firewall_id = civo_firewall.my_custom_firewall.id
protocol = "tcp"
start_port = "80"
end_port = "80"
direction = "ingress"
label = "web-server"
depends_on = [civo_firewall.my_custom_firewall]
}
resource "civo_kubernetes_cluster" "my_cluster" {
name = "my_cluster"
num_target_nodes = 1
target_nodes_size = "g3.k3s.medium"
network_id = civo_network.my_custom_network.id
firewall_id = civo_firewall.my_custom_firewall.id
}...and we want to run terraform destroy command to delete all the resources above, Civo API will auto-delete the firewall when civo_kubernetes_cluster gets deleted. Meaning, when the plugin tries to delete the firewall, the firewall is already deleted — which will throw an error like below:
tf destroy --auto-approve
civo_network.my_custom_network: Refreshing state... [id=beebbc30-0658-445f-a740-7450b17d84de]
civo_firewall.my_custom_firewall: Refreshing state... [id=226bbccb-5a54-4a28-9af8-28be9cec63fa]
civo_firewall_rule.http: Refreshing state... [id=ad383bee-b10b-4126-9d06-7afdc14a6beb]
civo_kubernetes_cluster.my_cluster: Refreshing state... [id=19db89ad-857d-4c32-a3e7-5242e47977f5]
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the last "terraform apply":
# civo_firewall_rule.http has been changed
~ resource "civo_firewall_rule" "http" {
- direction = "ingress" -> null
id = "ad383bee-b10b-4126-9d06-7afdc14a6beb"
# (6 unchanged attributes hidden)
}
Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these changes.
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# civo_firewall.my_custom_firewall will be destroyed
- resource "civo_firewall" "my_custom_firewall" {
- id = "226bbccb-5a54-4a28-9af8-28be9cec63fa" -> null
- name = "my-custom-firewall" -> null
- network_id = "beebbc30-0658-445f-a740-7450b17d84de" -> null
}
# civo_firewall_rule.http will be destroyed
- resource "civo_firewall_rule" "http" {
- cidr = [
- "",
] -> null
- end_port = "80" -> null
- firewall_id = "226bbccb-5a54-4a28-9af8-28be9cec63fa" -> null
- id = "ad383bee-b10b-4126-9d06-7afdc14a6beb" -> null
- label = "web-server" -> null
- protocol = "tcp" -> null
- start_port = "80" -> null
}
# civo_kubernetes_cluster.my_cluster will be destroyed
- resource "civo_kubernetes_cluster" "my_cluster" {
- api_endpoint = "https://212.2.243.51:6443" -> null
- created_at = "2021-08-27 06:20:50 +0000 UTC" -> null
- dns_entry = "19db89ad-857d-4c32-a3e7-5242e47977f5.k8s.civo.com" -> null
- firewall_id = "226bbccb-5a54-4a28-9af8-28be9cec63fa" -> null
- id = "19db89ad-857d-4c32-a3e7-5242e47977f5" -> null
- installed_applications = [] -> null
- instances = [
- {
- cpu_cores = 2
- disk_gb = 15
- hostname = "k3s-my-cluster-f661f3fc-node-pool-c760"
- ram_mb = 4096
- size = ""
- status = "ACTIVE"
- tags = []
},
] -> null
- kubeconfig = (sensitive value)
- kubernetes_version = "1.20.0-k3s1" -> null
- master_ip = "212.2.243.51" -> null
- name = "my_cluster" -> null
- network_id = "beebbc30-0658-445f-a740-7450b17d84de" -> null
- num_target_nodes = 1 -> null
- pools = [
- {
- count = 1
- id = "1acabb3c-fa67-4d6c-92f1-b159552d19fd"
- instance_names = [
- "k3s-my-cluster-f661f3fc-node-pool-c760",
]
- instances = [
- {
- cpu_cores = 2
- disk_gb = 15
- hostname = "k3s-my-cluster-f661f3fc-node-pool-c760"
- ram_mb = 4096
- size = "g3.k3s.medium"
- status = "ACTIVE"
- tags = []
},
]
- size = "g3.k3s.medium"
},
] -> null
- ready = true -> null
- status = "ACTIVE" -> null
- target_nodes_size = "g3.k3s.medium" -> null
}
# civo_network.my_custom_network will be destroyed
- resource "civo_network" "my_custom_network" {
- default = false -> null
- id = "beebbc30-0658-445f-a740-7450b17d84de" -> null
- label = "my-custom-network" -> null
- name = "cust-433e075e-a401-my-custom-network" -> null
}
Plan: 0 to add, 0 to change, 4 to destroy.
civo_firewall_rule.http: Destroying... [id=ad383bee-b10b-4126-9d06-7afdc14a6beb]
civo_kubernetes_cluster.my_cluster: Destroying... [id=19db89ad-857d-4c32-a3e7-5242e47977f5]
civo_firewall_rule.http: Destruction complete after 2s
civo_kubernetes_cluster.my_cluster: Destruction complete after 4s
civo_firewall.my_custom_firewall: Destroying... [id=226bbccb-5a54-4a28-9af8-28be9cec63fa]
╷
│ Error: [ERR] an error occurred while tring to delete the firewall 226bbccb-5a54-4a28-9af8-28be9cec63fa, DatabaseFirewallNotFoundError: Failed to find that firewall in the internal database
│
│
╵
What we should do here is, we should first check if the firewall exists or not. If exists, delete it. If not exist, ignore it.