Invalid plan leads to: Error creating instance template: googleapi: Error 409: The resource 'projects/foo/global/instanceTemplates/foo-integration-test' already exists, alreadyExists

AndreasBergmeier6176 commented 2 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform v1.0.11 on linux_amd64

Affected Resource(s)

google_compute_instance_template

Terraform Configuration Files

resource "google_compute_instance_template" "integration_test" {
  name        = "${var.prefix}integration-test"
  description = "This template is used to spawn integration tests."
  tags        = []

  labels = var.labels

  machine_type = "c2-standard-4"

  // Create a new boot disk from an image
  disk {
    source_image = var.compute_image.id
    labels       = var.labels
    resource_policies = []
  }

  network_interface {
    network    = var.service_networking_connection_network.self_link
    subnetwork = var.subnetwork.self_link
    queue_count = 0
  }

  metadata = {
    user-data              = local.cloud_init_content
    google-logging-enabled = "true"
  }

  service_account { # forces replacement
    email = var.service_account.email
    scopes = [
      "https://www.googleapis.com/auth/cloud-platform",
    ]
  }
}

Debug Output

2022-01-24T17:00:49.103+0100 [WARN]  Provider "registry.terraform.io/hashicorp/google" produced an invalid plan for module.foo.google_compute_instance_template.integration_test, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .can_ip_forward: planned value cty.False for a non-computed attribute
      - .confidential_instance_config: attribute representing nested block must not be unknown itself; set nested attribute values to unknown instead
      - .disk[0].auto_delete: planned value cty.True for a non-computed attribute
      - .scheduling: attribute representing nested block must not be unknown itself; set nested attribute values to unknown instead

Expected Behavior

For a replacement it should execute first a delete and then a create.

Actual Behavior

For an replacement, it is not executing delete but only a create which leads to:

Error creating instance template: googleapi: Error 409: The resource 'projects/foo/global/instanceTemplates/foo-integration-test' already exists, alreadyExists

Steps to Reproduce

terraform apply

b/308756477

c2thorn commented 2 years ago

@AndreasBergmeier6176 can you share a sanitized debug log of your error executing?

HieronyM commented 2 years ago

Wondering whether someone found work-around related this.

RonLek commented 2 years ago

Facing the same issue with this. Is this fixed? @c2thorn

c2thorn commented 2 years ago

Hello @RonLek, It is not clear to me what is happening or how to recreate. An invalid config from the start fails during apply but still creates the template? Did you also recreate due to the service_account field? A sanitized log would help me debug.

RonLek commented 2 years ago

@c2thorn I started with applying this terraform. My use case involves having a default service account for the VMs and I realized the example didn't have it already, so I added the service_account field following the resource docs for the instance template post creation.

On doing a plan it says "forces replacement" but on apply it gives the above error. Consequently I had to do a terraform destroy followed by an apply as a workaround.

harsha-chamarthi commented 2 years ago

I am facing the same issue too, works only after i do a terraform destroy. Expected behaviour is, for a replacement it should execute first a delete and then a create

MattPumphrey commented 2 years ago

I am also having this issue, and I have a lifecycle rule in place, I can provide you with logs at the trace level. Basically I am attempting to use the random_id with the google_compute_instance_template to generate a new template when something changes.

I would also like to note here that I am using a lifecycle meta that is not being honored properly, however that might be due to the fact that it "already exists" and I need to work around it with my random_id to adjust this a bit more.

But here are some trace logs, however this is alot so I apologize and I am aware and currently working on this. terraform.log.gz

jakewan commented 8 months ago

Using name_prefix instead of name seems to work. This causes Terraform to generate a unique name each time the template needs to be recreated, allowing the create/delete sequence to proceed without conflict. The value can only be 36 characters long, so something like format("%s-", substr(var.template_name_base, 0, 35)) might be needed.

karolgorc commented 3 months ago

Couldn't recreate the issue on the original terraform config that was provided.

But this doc has an invalid configuration.

It has name instead of name_prefix set. The lifecycle rule create_before_destroy=true allows for dynamic change of a used template in the MIG without destroying every resource tied to it, but when using it with name it will just fail with error already exists etc.

When using name_prefix it will create a random string of numbers that will be used as the template name and allow the create before destroy action because the 2 resources have unique names.

Here is how it goes with a correct configuration

google_compute_instance_template.instance_template: Creating...
google_compute_instance_template.instance_template: Still creating... [10s elapsed]
google_compute_instance_template.instance_template: Creation complete after 12s [id=projects/iac-poc-krakow/global/instanceTemplates/l7-ilb-mig-template-20240817085222513400000001]
google_compute_region_instance_group_manager.mig: Modifying... [id=projects/iac-poc-krakow/regions/europe-west1/instanceGroupManagers/l7-ilb-mig1]
google_compute_region_instance_group_manager.mig: Still modifying... [id=projects/iac-poc-krakow/regions/europe-west1/instanceGroupManagers/l7-ilb-mig1, 10s elapsed]
google_compute_region_instance_group_manager.mig: Still modifying... [id=projects/iac-poc-krakow/regions/europe-west1/instanceGroupManagers/l7-ilb-mig1, 20s elapsed]
google_compute_region_instance_group_manager.mig: Still modifying... [id=projects/iac-poc-krakow/regions/europe-west1/instanceGroupManagers/l7-ilb-mig1, 31s elapsed]
google_compute_region_instance_group_manager.mig: Modifications complete after 33s [id=projects/iac-poc-krakow/regions/europe-west1/instanceGroupManagers/l7-ilb-mig1]
google_compute_instance_template.instance_template (deposed object 9f32e407): Destroying... [id=projects/iac-poc-krakow/global/instanceTemplates/l7-ilb-mig-template-20240817085017446300000001]
google_compute_instance_template.instance_template: Still destroying... [id=projects/iac-poc-krakow/global/instance...ig-template-20240817085017446300000001, 10s elapsed]
google_compute_instance_template.instance_template: Destruction complete after 11s

Will escalate this doc change.

adamenger commented 3 months ago

@karolgorc just hit this issue and can confirm, switching from name to name-prefix works.

hashicorp / terraform-provider-google