search

Mongey / terraform-provider-kafka

Terraform provider for managing Apache Kafka Topics + ACLs
MIT License
520 stars 131 forks source link

ACL created without resource_pattern_type_filter can't be removed #81

Closed mmajis closed 4 years ago

mmajis commented 4 years ago

Putting this to good use with a Confluent Cloud setup. Many thanks for writing the provider!

Given an ACL resource like this:

resource "kafka_acl" "allow_idempotent_write_in_cluster" {
  resource_name       = "kafka-cluster"
  resource_type       = "Cluster"
  acl_principal       = var.principal
  acl_host            = "*"
  acl_operation       = "IdempotentWrite"
  acl_permission_type = "Allow"
}

When that gets removed from the terraform config, applying the ACL deletion will fail with:

2019/11/20 14:06:42 [DEBUG] module.topic_write_acl.kafka_acl.allow_idempotent_write_in_cluster: apply errored, but we're indicating that via the Error pointer rather than returning it: There were no acls matching this filter
2019/11/20 14:06:42 [TRACE] module.topic_write_acl: eval: *terraform.EvalWriteState
2019/11/20 14:06:42 [TRACE] EvalWriteState: writing current state object for module.topic_write_acl.kafka_acl.allow_idempotent_write_in_cluster
2019/11/20 14:06:42 [ERROR] module.topic_write_acl: eval: *terraform.EvalApplyPost, err: There were no acls matching this filter
2019/11/20 14:06:42 [ERROR] module.topic_write_acl: eval: *terraform.EvalSequence, err: There were no acls matching this filter
2019/11/20 14:06:42 [ERROR] module.topic_write_acl: eval: *terraform.EvalOpFilter, err: There were no acls matching this filter
2019/11/20 14:06:42 [TRACE] [walkApply] Exiting eval tree: module.topic_write_acl.kafka_acl.allow_idempotent_write_in_cluster (destroy)

A related error during terraform plan may be:

2019/11/20 14:05:57 [WARN] Provider "kafka" produced an invalid plan for module.topic_write_acl.kafka_acl.allow_idempotent_write_in_cluster, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .resource_pattern_type_filter: planned value cty.StringVal("Literal") does not match config value cty.NullVal(cty.String)

It seems the resource_pattern_type_filter variable is not required and defaults to "Literal" which could cause this discrepancy between the planned value and config?

https://github.com/Mongey/terraform-provider-kafka/blob/master/kafka/resource_kafka_acl.go#L35

mmajis commented 4 years ago

So yeah, I was creating the same ACL entry from multiple resources and that’s why removal failed for the second resource after the first resource had removed the ACL. So I guess this is not a bug.

The deprecation warning may be something to look at.