search

birchb1024 / terraform-provider-universe

A generic Terraform Provider with which you can code dynamic providers in any scripting language.
Mozilla Public License 2.0
14 stars 2 forks source link

Cannot handle resource references in config #9

Open ykryshchuk opened 2 years ago

ykryshchuk commented 2 years ago

Hi there, we were trying to use the universe provider to manage our shared drives on google.

Basically we create a drive ("shared_drive") and give the permissions ("shared_drive_permission") on that drive to particular group. All that is implemented in provider scripts using the Google API.

Our terraform file snippet looks like this:

  "resource": {
    "universe": {
      "google_shared_drive_to_delete": {
        "config": "{\"driveName\":\"ATestSharedDriveToDelete\"}",
        "provider": "universe.shared_drive"
      },
      "group_access_to_shared_drive_to_delete": {
        "config": "{\"drive\": \"${universe.google_shared_drive_to_delete.id}\", \"role\": \"fileOrganizer\", \"type\": \"group\", \"email\": \"my-group@domain.com\"}",
        "provider": "universe.shared_drive_permission",
        "depends_on": [
                "universe.google_shared_drive_to_delete"
        ]
      }
    }
  }

I skip the definition of provider for simplicity, but that does not really matter for reproducing the issue.

The problem is that when creating the permission we need an id of the drive created as other resource, so we must specify the resource reference in this case. But, the call to "terraform plan" cannot understand this reference handled by provider, and it shows the config as empty. 

  + create

Terraform will perform the following actions:

  # universe.google_shared_drive_to_delete will be created
  + resource "universe" "google_shared_drive_to_delete" {
      + config = jsonencode(
            {
              + driveName = "ATestSharedDriveToDelete"
            }
        )
      + id     = (known after apply)
    }

  # universe.group_access_to_shared_drive_to_delete will be created
  + resource "universe" "group_access_to_shared_drive_to_delete" {
      + id = (known after apply)
    }

Plan: 2 to add, 0 to change, 0 to destroy.

I found some warnings while the terraform processed, maybe it is related:

2022-01-17T14:38:02.109+0200 [DEBUG] refresh: universe.resistance_at_resistancetests_dot_com_access_to_shared_drive_to_delete: no state, so not refreshing
2022-01-17T14:38:02.110+0200 [DEBUG] provider.terraform-provider-universe: 2022/01/17 14:38:02 diffSuppressComputed() true for ""  "74D93920-ED26-11E3-AC10-0800200C9A66" 
2022-01-17T14:38:02.110+0200 [WARN]  Provider "github.com/birchb1024/universe" produced an invalid plan for universe.group_access_to_shared_drive_to_delete, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .config: planned value cty.StringVal("") does not match config value cty.UnknownVal(cty.String)

However, I can still execute the apply and the first resource gets created. The permission resource fails as following:

2022-01-17T14:42:29.207+0200 [DEBUG] provider.terraform-provider-universe: 2022/01/17 14:42:29 diffSuppressComputed() false for ""  "{\"drive\": \"0AGc8XdYGSA0pUk9PVA\", \"role\": \"fileOrganizer\", \"type\": \"group\", \"email\": \"resistance@resistancetests.com\"}" 
2022-01-17T14:42:29.207+0200 [ERROR] vertex "universe.group_access_to_shared_drive_to_delete" error: Provider produced inconsistent final plan
╷
│ Error: Provider produced inconsistent final plan
│ 
│ When expanding the plan for universe.group_access_to_shared_drive_to_delete to include new values learned so far during apply, provider "github.com/birchb1024/universe" produced an invalid new value for
│ .config: was cty.StringVal(""), but now cty.StringVal("{\"drive\": \"0AGc8XdYGSA0pUk9PVA\", \"role\": \"fileOrganizer\", \"type\": \"group\", \"email\": \"my-group@domain.com\"}").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
2022-01-17T14:42:29.211+0200 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"

now, when I run it second time then second resource is created:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # universe.group_access_to_shared_drive_to_delete will be created
  + resource "universe" "group_access_to_shared_drive_to_delete" {
      + config = jsonencode(
            {
              + drive = "0AGc8XdYGSA0pUk9PVA"
              + email  = "my-group@domain.com"
              + role   = "fileOrganizer"
              + type   = "group"
            }
        )
      + id     = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.
...
...
universe.group_access_to_shared_drive_to_delete: Creating...
universe.group_access_to_shared_drive_to_delete: Creation complete after 1s [id=0AGc8XdYGSA0pUk9PVA:07676998097178547347]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Could you please advice us what we are doing wrong or if that is really a bug on provider? How would you suggest to workaround the problem?

In case you need some complete setup (all files) I can prepare one for you.

Thank you

Muelsy commented 8 months ago

Hi @ykryshchuk,

I'm currently running into this issue, did you find a workaround?