search

IBM-Cloud / terraform-provider-ibm

https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs
Mozilla Public License 2.0
339 stars 663 forks source link

Attempts to create existing resource group #602

Closed TheFuzz4 closed 2 years ago

TheFuzz4 commented 5 years ago

Terraform Version 0.11.14 IBM Provider Version 0.17.1

When I run terraform apply to generate the items within my config if the resource group already exists within the cloud terraform throws an error that it already exists. With all other items it works just fine but with the resource group instead of seeing that it exists it instead attempts to just create a new one.

To reproduce just insert the resource block for an existing resource group and let terraform run with it.

hkantare commented 5 years ago

Its working as per API design..We can create multiple resource group with same name. We can't enforce restriction If api supports.

You can find similar issues in cli also https://github.ibm.com/Bluemix/bluemix-cli/issues/1924

hkantare commented 5 years ago

I can create a resource groups with same with a unique ID. Its working as per API desgin.

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + ibm_resource_group.test
      id:      <computed>
      default: <computed>
      name:    "test"
      state:   <computed>

  + ibm_resource_group.test1
      id:      <computed>
      default: <computed>
      name:    "test"
      state:   <computed>

Plan: 2 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

ibm_resource_group.test: Creating...
  default: "" => "<computed>"
  name:    "" => "test"
  state:   "" => "<computed>"
ibm_resource_group.test1: Creating...
  default: "" => "<computed>"
  name:    "" => "test"
  state:   "" => "<computed>"
ibm_resource_group.test: Creation complete after 4s (ID: 35534eacb05344dab79fa7009e9e08f9)
ibm_resource_group.test1: Creation complete after 4s (ID: e7bb6a81778c4b52b0b80ec62456c9ff)
davetropeano commented 5 years ago

@TheFuzz4 apologies - an internal link to GitHub Enterprise was included in the reply and you likely cannot access that. As stated before, that issue pertained to a discussion around resource group names. By design the back end systems allow multiple resource groups to have the same name. There is no expected change in underlying API behavior. The policy of the provider is to allow what the API allows so in this case your observation is correct but there is no remediation planned.

Can you describe your use case a little?

If you are looking to generate random names you can use the Random provider to assist (https://www.terraform.io/docs/providers/random/index.html)

TheFuzz4 commented 5 years ago

My apologies on my previous comment apparently I was having a minor DNS issue.

As you can see in this error the resource name already exists. The terraform plan never said it would create it but doing the apply it says hey I'm going to create this. But then it fails because the name is already in use. This is fine I don't want to create duplicate resource groups. I want it to see that this group exists and just ignore it. It does that with all of the Access Groups and Access Group Policies.

This is also related to IBM Support Case CS0303737

`An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols:

Terraform will perform the following actions:

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve.

Enter a value: yes

ibm_resource_group.resourceGroup: Creating... default: "" => "" name: "" => "RG-CSG-PLAYGROUND-CFEE" state: "" => ""

Error: Error applying plan:

1 error occurred:

hkantare commented 5 years ago

@TheFuzz4 We are not able reproduce the error "RESOURCE_GROUP_NAME_UNIQUENESS",..I tried the below scenario 1) Create a terraform configuration file(with s3 backend and resource grp)

terraform {
backend "s3" 
{
    bucket = "terraform"
    key = "terraform.tfstate"
    region = "us-south"
    skip_region_validation = true
    skip_credentials_validation = true
    skip_get_ec2_platforms = true
    skip_requesting_account_id = true
    skip_metadata_api_check = true
    endpoint = "s3.us-south.cloud-object-storage.appdomain.cloud"
    access_key = "Key"
    secret_key = "Key"
    }}
resource "ibm_resource_group" "accgrp" {
  name = "RG-CSG-PLAYGROUND-CFEE"
}

When I run first time terraform apply...It will try to create resource grp successfully.

Now run again terraform plan and terraform apply..I see no changes

Harinis-MacBook-Pro:accessgrp hkantare$ terraform plan

Warning: provider.ibm: "bluemix_api_key": [DEPRECATED] This field is deprecated please use ibmcloud_api_key

Warning: provider.ibm: "bluemix_timeout": [DEPRECATED] This field is deprecated please use ibmcloud_timeout

Warning: provider.ibm: "riaas_endpoint": [DEPRECATED] This field is deprecated use generation

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + ibm_resource_group.accgrp
      id:      <computed>
      default: <computed>
      name:    "RG-CSG-PLAYGROUND-CFEE"
      state:   <computed>

Plan: 1 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

Harinis-MacBook-Pro:accessgrp hkantare$ terraform apply

Warning: provider.ibm: "bluemix_api_key": [DEPRECATED] This field is deprecated please use ibmcloud_api_key

Warning: provider.ibm: "bluemix_timeout": [DEPRECATED] This field is deprecated please use ibmcloud_timeout

Warning: provider.ibm: "riaas_endpoint": [DEPRECATED] This field is deprecated use generation

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + ibm_resource_group.accgrp
      id:      <computed>
      default: <computed>
      name:    "RG-CSG-PLAYGROUND-CFEE"
      state:   <computed>

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

ibm_resource_group.accgrp: Creating...
  default: "" => "<computed>"
  name:    "" => "RG-CSG-PLAYGROUND-CFEE"
  state:   "" => "<computed>"
ibm_resource_group.accgrp: Creation complete after 2s (ID: 02fbc027f99f438cb118bbafaf624a09)

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Harinis-MacBook-Pro:accessgrp hkantare$ terraform plan

Warning: provider.ibm: "bluemix_api_key": [DEPRECATED] This field is deprecated please use ibmcloud_api_key

Warning: provider.ibm: "bluemix_timeout": [DEPRECATED] This field is deprecated please use ibmcloud_timeout

Warning: provider.ibm: "riaas_endpoint": [DEPRECATED] This field is deprecated use generation

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

ibm_resource_group.accgrp: Refreshing state... (ID: 02fbc027f99f438cb118bbafaf624a09)

------------------------------------------------------------------------

No changes. Infrastructure is up-to-date.

This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.
Harinis-MacBook-Pro:accessgrp hkantare$ terraform apply

Warning: provider.ibm: "bluemix_api_key": [DEPRECATED] This field is deprecated please use ibmcloud_api_key

Warning: provider.ibm: "bluemix_timeout": [DEPRECATED] This field is deprecated please use ibmcloud_timeout

Warning: provider.ibm: "riaas_endpoint": [DEPRECATED] This field is deprecated use generation

ibm_resource_group.accgrp: Refreshing state... (ID: 02fbc027f99f438cb118bbafaf624a09)

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
TheFuzz4 commented 5 years ago

Well this is interesting because it throws this error each time for us. Now we did create the RG outside of TF but I wouldn't think that should matter

TheFuzz4 commented 5 years ago

For the record we initially created the RG with the ibmcloud cli and not TF.

TheFuzz4 commented 5 years ago

I did some extensive troubleshooting with our IBM rep @dwakeman We are on a theory that this is due to the fact that the resource group was created outside of TF and is not contained within the statefile. But we believe that TF should be intelligent enough to refresh the states of the current resource groups. I also demonstrated to @dwakeman that it does indeed throw an error when the existing RG does actually exist.

teruz commented 4 years ago

It seems that this issue is not resolved today.

stevestrutt commented 4 years ago

@teruz errors when resources are created outside of TF are annoying, but it is down to the design of Terraform and how it tracks resources in the Cloud. It is not a behaviour that the IBM Terraform provider can influence.

TF depends on its state file for a view of the resources it has created and is managing. Anything created by the Cloud UI or CLI it is not aware of and if requested will attempt to create an exact duplicate resource. Hence the failure here, if the resource group already exists, the Apply will error as the IBM Cloud platform will not allow another RG to be created with the same name. The failure is TF protecting itself and telling the user that there is an inconsistency.

With Terraform the responsibility is on the user to ensure nothing is created outside of Terraform. If resources are created outside of TF, they can be imported into the TF state using the import command. This is supported in the standalone TF executable, but not yet in the Schematics service.

teruz commented 4 years ago

@stevestrutt yeah, I also think the point is

TF state using the import command. This is supported in the standalone TF executable, but not yet in the Schematics service

Also Schematics hides tfstate file so users can not see or edit it. If we can do, at least, we can manualy add states for resources created outside Schematics, IMHO.

stevestrutt commented 4 years ago

Do create a customer requirement in AHA for import functionality in Schematics, or plus one for any existing request. I think its important, but development is driven by customer requirements and others are shouting for their own requirements and we need data to prioritize.

kavya498 commented 2 years ago

Closing this issue.. Import resources using schematics import command.. https://cloud.ibm.com/docs/schematics?topic=schematics-schematics-cli-reference#schematics-workspace-import

Thanks..