civo/terraform-provider-civo

Terraform tries to perform in-place update when there is no `firewall_id` set in configuration file

zulh-civo opened this issue · 0 comments

zulh-civo commented

We added firewall support when launching Kubernetes cluster in #73 where we are saving firewall_id in the state after the cluster is created.

Example configuration file:

# Query xsmall instance size
data "civo_instances_size" "xsmall" {
    filter {
        key = "type"
        values = ["kubernetes"]
    }

    sort {
        key = "ram"
        direction = "asc"
    }
}

# Create a cluster
resource "civo_kubernetes_cluster" "my-cluster" {
    name = "my-cluster"
    applications = "Portainer,Linkerd:Linkerd & Jaeger"
    num_target_nodes = 2
    target_nodes_size = element(data.civo_instances_size.xsmall.sizes, 0).name
}

Now, when we run terraform apply command again after the first terraform apply, the following error will appear:

$ tf apply --auto-approve

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # civo_kubernetes_cluster.my-cluster will be created
  + resource "civo_kubernetes_cluster" "my-cluster" {
      + api_endpoint           = (known after apply)
      + applications           = "Portainer,Linkerd:Linkerd & Jaeger"
      + created_at             = (known after apply)
      + dns_entry              = (known after apply)
      + id                     = (known after apply)
      + installed_applications = (known after apply)
      + instances              = (known after apply)
      + kubeconfig             = (sensitive value)
      + kubernetes_version     = (known after apply)
      + master_ip              = (known after apply)
      + name                   = "my-cluster"
      + network_id             = (known after apply)
      + num_target_nodes       = 2
      + pools                  = (known after apply)
      + ready                  = (known after apply)
      + region                 = (known after apply)
      + status                 = (known after apply)
      + target_nodes_size      = "g3.k3s.xsmall"
    }

Plan: 1 to add, 0 to change, 0 to destroy.
civo_kubernetes_cluster.my-cluster: Creating...
civo_kubernetes_cluster.my-cluster: Still creating... [10s elapsed]
civo_kubernetes_cluster.my-cluster: Still creating... [20s elapsed]
civo_kubernetes_cluster.my-cluster: Still creating... [30s elapsed]
civo_kubernetes_cluster.my-cluster: Still creating... [40s elapsed]
civo_kubernetes_cluster.my-cluster: Still creating... [50s elapsed]
civo_kubernetes_cluster.my-cluster: Still creating... [1m0s elapsed]
civo_kubernetes_cluster.my-cluster: Still creating... [1m10s elapsed]
civo_kubernetes_cluster.my-cluster: Still creating... [1m20s elapsed]
civo_kubernetes_cluster.my-cluster: Still creating... [1m30s elapsed]
civo_kubernetes_cluster.my-cluster: Still creating... [1m40s elapsed]
civo_kubernetes_cluster.my-cluster: Still creating... [1m50s elapsed]
civo_kubernetes_cluster.my-cluster: Still creating... [2m0s elapsed]
civo_kubernetes_cluster.my-cluster: Creation complete after 2m3s [id=ada61c67-3a2e-41d6-a4e1-cd508390f1ba]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.



$ tf apply --auto-approve
civo_kubernetes_cluster.my-cluster: Refreshing state... [id=ada61c67-3a2e-41d6-a4e1-cd508390f1ba]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # civo_kubernetes_cluster.my-cluster will be updated in-place
  ~ resource "civo_kubernetes_cluster" "my-cluster" {
      - firewall_id            = "2634fdcf-1048-4da2-af4c-83f7c84d8670" -> null
        id                     = "ada61c67-3a2e-41d6-a4e1-cd508390f1ba"
        name                   = "my-cluster"
        # (15 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.
civo_kubernetes_cluster.my-cluster: Modifying... [id=ada61c67-3a2e-41d6-a4e1-cd508390f1ba]
╷
│ Error: [ERR] Firewall change ("firewall_id") for existing cluster is not available at this moment
│
│   with civo_kubernetes_cluster.my-cluster,
│   on main.tf line 15, in resource "civo_kubernetes_cluster" "my-cluster":
│   15: resource "civo_kubernetes_cluster" "my-cluster" {
│
╵

The error was caused by this line since Civo API does not yet support firewall change for cluster after it's been created.

The issue here is, we didn't declare firewall_id in our configuration file and when we rerun the terraform apply command again, it thinks we want to change it to empty/null.

To fix this, we need to mark both Computed: true and Optional: true into the firewall_id schema. Currently, it only has Optional: true.