lays147 commented 4 months ago

Description

I'm using the data source aws_ecr_image to get the most recent pushed image from my repository. However, if I'm in the process of creating the ecr repository, the data source will fail in my plan stage.

The scenario that I have is: If I don't have any image on the ECR repository, fallback to an image on docker hub, if I have an image in the ECR, use it (this is for a task definition). However, if I try to use this data source and there's no image on the ECR repository, the plan is failing, like the following image shows:

I think that the failure of the query inside the data source, in the case that founds nothing, does not break the planning process. Is it possible?

Because right now, I need to comment the data source, alter my code to use the docker hub image, apply my changes, and then, only after I push an image to ECR I'll be able to plan again without a hard-coded image as input.

The following code is the one that I tried, and fails.

data "aws_ecr_image" "this" {
  repository_name = "${local.project}-${terraform.workspace}"
  most_recent     = true
}

locals {
  kong_base_tag       = "kong:3.5.0-ubuntu"
  latest_tag                = data.aws_ecr_image.this.image_tags[0]
 kong_image_uri      = try(local.latest_tag, "") != "" ? "${local.ecr_repository}:${local.latest_tag}" : local.kong_base_tag
}

Affected Resource(s) and/or Data Source(s)

data aws_ecr_image

Potential Terraform Configuration

No response

References

No response

Would you like to implement a fix?

None

github-actions[bot] commented 4 months ago

Community Note

Voting for Prioritization

Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
Please see our prioritization guide for information on how we prioritize.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.

justinretzolk commented 4 months ago

Hey @lays147 👋 Thank you for taking the time to raise this! There's a fairly well established theme for data sources in the AWS provider to fail when attempting to look up a single resource and getting more or less than one result (aws_instance and aws_ami come to mind), so I have reservations at the idea of changing aws_ecr_image in that way. That said, I'd like to try to get a better idea of what you're trying to do, in case I'm missing something.

if I'm in the process of creating the ecr repository, the data source will fail in my plan stage.

Are you creating all of the resources with the same configuration? If you're able to provide the configuration and/or debug logs (redacted as needed), that often sheds light on things.

booi commented 1 month ago

@justinretzolk I'm running into this issue as well. We're basically trying to use terraform to provision an ECR repository and the service at the same time. Since the ECR will be empty at provisioning, it's very common for us to use nginx or hello-world or some other image just to get the service running. Once everything is set up, then we hook in CI/CD and deploy the actual image.

This is a classic "first start" problem that terraform has where it expects something to be there when it was just created requiring multiple runs or as the previous commenter said, to basically comment it out, run it, push to it then comment it back in and continue. Not great from a reproducibility standpoint.

If the data source returned null instead of erroring entirely, then we could have logic that substitutes something else in or to disable the service until the image has arrived.

tetienne-zenchef commented 1 week ago

Is there any workaround we can use now?

hashicorp / terraform-provider-aws