terraform-google-modules/terraform-google-lb-internal

data lookup forcing new resource on apply

Closed this issue · 1 comments

hawksight commented

Using the module as follows:

module "internal-lb" {
  source      = "../gcloud-lb-internal"
  project     = "${var.project}"
  region      = "${var.region}"
  name        = "${var.vpc}-es-lb-internal"
  network     = "${var.vpc}"
  subnetwork  = "${data.google_compute_subnetwork.link.name}"
  ports       = ["9200"]
  health_port = "9200"
  source_tags = "${var.lb_source_tags}"
  target_tags = ["${module.cluster.K8S_TAG}"]

  # Related to number of instances / cluster_zones in module.cluster
  backends = [
    { group = "${module.cluster.K8S_INSTANCE_GROUP_URLS[0]}" },
  ]
}

I have found that because of the data lookup within the module code, for the subnetwork name / self_link, this means that terraform always plans to recreate the forwawrding_rule.

Example (minus all the things that stay the same):

-/+ module.elastic.module.internal-lb.google_compute_forwarding_rule.default (new resource required)
      id:                                  "vpc-du-es-lb-internal" => <computed> (forces new resource)
      network:                             "https://www.googleapis.com/compute/v1/projects/sopost-infra-dev/global/networks/vpc-du" => "${data.google_compute_network.network.self_link}" (forces new resource)
      self_link:                           "https://www.googleapis.com/compute/v1/projects/sopost-infra-dev/regions/us-central1/forwardingRules/vpc-du-es-lb-internal" => <computed>
      service_name:                        "" => <computed>
      subnetwork:                          "https://www.googleapis.com/compute/v1/projects/sopost-infra-dev/regions/us-central1/subnetworks/elastic-sub" => "${data.google_compute_subnetwork.network.self_link}" (forces new resource)

Normally not an issue, but its not the quickest of actions to perform on google cloud, however I can see why you've done it that way (less inputs).

I happen to be wrapping this module and passing the the subnetwork to ensure everything is created in a specific subnetwork, but I get the same result when I hard code the value of subnetwork for the input.

Not sure how this is avoidable currently without taking the data lookups out and passing the value explicitly. Unless I am missing something?

paulpalamarchuk commented

The bug is not reproducible on TF0.12 (based on PR)
Test conf:

module "gce-ilb" {
  source       = "../../"
  region       = var.region
  name         = "group-ilb"
  project      = var.project
  network      = "cft-gke-test-jpuo" //local.network
  subnetwork   = data.google_compute_subnetwork.link.name
  ports        = [local.named_ports[0].port]
  source_tags  = local.source_tags
  target_tags  = local.target_tags
  health_check = local.health_check

  backends = [
    {
      group = "https://www.googleapis.com/compute/v1/projects/.../regions/us-central1/instanceGroups/mig2-mig"
    },
    {
      group = "https://www.googleapis.com/compute/v1/projects/.../regions/us-central1/instanceGroups/mig3-mig"
    },
  ]
}

image