Open Ak-sky opened 3 months ago
is this the problem where the update doesn't recognize the update from the main.tf?
my main.tf:
if that is the case, the attribute contexts
needs to become a TypeSet
rather than a TypeList
@zhenwan With the terraform provider my understanding is its only possible to create new CBR zones or rules. We are looking for the ability to update an existing zone or rule using terraform. Our use case is that we may have one terraform state that creates the zones and rules, but then as more resource get created in our account (in different terraform state files) we want to ability to update the zones / rules with the new resources. Does this make sense?
Previous CBR zones or rules can be updated. I tried the command locally and it does update a previous cbr rule.
$ terraform plan
ibm_cbr_rule.cbr_rule: Refreshing state... [id=db37786887b117ce3481b987d78d9a77]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# ibm_cbr_rule.cbr_rule will be updated in-place
~ resource "ibm_cbr_rule" "cbr_rule" {
+ description = "this is an example of rule with two contexts"
id = "db37786887b117ce3481b987d78d9a77"
# (8 unchanged attributes hidden)
~ contexts {
~ attributes {
~ name = "endpointType" -> "networkZoneId"
~ value = "private,public,direct" -> "dba984bd974c1ec08d414896538ac390"
}
~ attributes {
~ name = "networkZoneId" -> "endpointType"
~ value = "dba984bd974c1ec08d414896538ac390" -> "private"
}
}
~ resources {
~ attributes {
~ name = "serviceInstance" -> "serviceName"
- operator = "stringEquals" -> null
~ value = "7484f1cc-09c4-4953-88f4-f36180fe1415" -> "cloud-object-storage"
}
- attributes {
- name = "serviceName" -> null
- value = "cloud-object-storage" -> null
}
+ tags {
+ name = "tag_name"
+ value = "tag_value"
}
# (1 unchanged block hidden)
}
# (1 unchanged block hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
$ terraform apply tf.plan
ibm_cbr_rule.cbr_rule: Modifying... [id=db37786887b117ce3481b987d78d9a77]
ibm_cbr_rule.cbr_rule: Modifications complete after 1s [id=db37786887b117ce3481b987d78d9a77]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
I checked the Update Resource code. It does call an Update provided from the SDK. https://github.com/IBM-Cloud/terraform-provider-ibm/blob/bba25291c9e05a7e01c1d2db14bcbe0f1946b241/ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone.go#L436
I think in order to achieve this, we would need a new provider resource (e.g. ibm_cbr_rule_context
) in order to be able to update existing CBR resources. Something similar to the way ibm_is_security_group_rule
can be used to update an existing security group
@zhenwan @Ak-sky Should we sync up internally on this? This is blocking one of our committed AHA items for 2Q
@ocofaigh please look at the response Tim provided above https://github.com/IBM-Cloud/terraform-provider-ibm/issues/5235#issuecomment-2022915184 Tim has opened a PR https://github.com/IBM-Cloud/terraform-provider-ibm/pull/5246 that fixed rule/zone update issues. Please let me know if this new PR will address your issue. If not, can you please provide us a test case?
@zhenwan I don't think Tim's updates will cover our use case. As per above comment, our use case is that we have one terraform state that creates the zones and rules, but then as more resource get created in our account (in different terraform states) we need the ability to update the contexts of the existing zones / rules we with the new resources we created.
So for this to work, we would need a new provider resource (e.g. ibm_cbr_rule_context
) in order to be able to update existing CBR zones / rules. Something similar to the way ibm_is_security_group_rule
can be used to update an existing security group.
Suggest to name the resource attachment. This is conceptually the same as https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_instance_network_attachment or https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_instance_volume_attachment where objects are created, and then another resource is used to attach an object to another. This follows best practices in terraform / IaC in general around idempotency.
Hello, can you please provide an update on this issue. Thanks.
Community Note
Description
As of now there is no way to update the existing CBR zones and rules except from the UI. We have a requirement where few of the base CBR rules/zones will be created before and later we want to update both existing zones and rules based on newly created VPCs etc.
New or Affected Resource(s)
Potential Terraform Configuration
References
0000