search

fly-apps / terraform-provider-fly

Terraform provider for the Fly.io API
BSD 3-Clause "New" or "Revised" License
113 stars 37 forks source link

Fly Volume Encrypted Option Not Reflected #103

Open stepbrobd opened 2 years ago

stepbrobd commented 2 years ago

Please see following:

Volume:

resource "fly_volume" "volume" {
  app        = var.config["proejct_name"]
  name       = replace(format("%s-volume", var.config["proejct_name"]), "-", "_")
  region     = var.config["region"]
  size       = tonumber(var.config["disk_size"])
  depends_on = [fly_app.app]
}

Machine:

resource "fly_machine" "machine" {
...
  mounts = [{
    encrypted = true
    path      = "/data"
    volume    = fly_volume.volume.name
  }]
...
}

Resulted in:

=> fly volumes list 
ID          STATE   NAME            SIZE    REGION  ZONE    ENCRYPTED       ATTACHED VM     CREATED AT    
<vol id>    created <volume name>   5GB     sjc     91af    false           <vm id>         9 minutes ago

It seems like the encrypted option shouldn't be in the mounts block inside fly_machine resource, it should be a part of fly_volume resource.

DAlperin commented 2 years ago

Yeah that makes sense. I'll fix in next release.

OJFord commented 1 year ago

Aside from not working, it also means a permanent diff in terraform plan if it's set to true - since it will always see false on refresh.