search

aminueza / terraform-provider-minio

Terraform provider for managing MinIO S3 buckets and IAM Users.
https://registry.terraform.io/providers/aminueza/minio
GNU Affero General Public License v3.0
243 stars 73 forks source link

Object Locking in new version forces replacement! #459

Closed ktaf closed 1 year ago

ktaf commented 1 year ago

Description

Object Locking in new version forces replacement:

module.minio_setup.minio_s3_bucket.buckets["vault-snapshot"] must be replaced

-/+ resource "minio_s3_bucket" "buckets" { ~ arn = "arn:aws:s3:::vault-snapshot" -> (known after apply) ~ bucket_domain_name = "http://minio-cluster:9000/minio/vault-snapshot" -> (known after apply) ~ id = "vault-snapshot" -> (known after apply)

Plan: 1 to add, 0 to change, 1 to destroy.

Versions

1.15.1

Additional Information

This value should be FALSE:

https://github.com/aminueza/terraform-provider-minio/blob/master/minio/resource_minio_s3_bucket.go#LL79C5-L79C13

felladrin commented 1 year ago

Thanks for reporting. @Eilyre added this feature, so I need to confirm with him.

@Eilyre, do you know if there's any side effect of changing this parameter to avoid requiring replacement? Was ForceNew: true set like this because it wouldn't work otherwise? https://github.com/aminueza/terraform-provider-minio/blob/3f09156bec3253382db84d4dfc4706ca9e7653c2/minio/resource_minio_s3_bucket.go#L75-L80

felladrin commented 1 year ago

Ok, let's make the change, and if necessary, we continue this discussion later.

Eilyre commented 1 year ago

Sorry for not answering quickly enough @felladrin.

ForceNew was set as true, as object locking is an inherent property that needs to be set during the creation of the bucket. For example, if you did it via the mc command line tool, you'd have to do:

mc mb s3/bucketname/ --with-lock

to enable object locking, otherwise the bucket will be created with no locking enabled.

And you cannot add or remove this property during the lifetime of the bucket, so I can't just go and turn this off without deleting the bucket. Reference: https://min.io/docs/minio/linux/administration/object-management/object-retention.html#id6

It made sense for me to force recreation of the bucket when this setting changes to conform to S3 behavior standards, but I may be misunderstanding the ForceNew option.

felladrin commented 1 year ago

No worries, @Eilyre ^^

For me, it also made sense to ForceNew for that case, but I also misunderstood it.