search

hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.33k stars 1.73k forks source link

`google_compute_instance_template` (immutable resources) cannot be updated due to `terraform_labels` when upgrading to v5 #16424

Closed michaellzc closed 11 months ago

michaellzc commented 1 year ago

Community Note

Terraform Version

Affected Resource(s)

Terraform Configuration Files

resource "google_compute_instance_template" "some_template" {
    // some minimal fields
    labels = {
        "terraform = "true"
    }
}

Debug Output

plan

  # google_compute_instance_template.someaddr will be updated in-place
  ~ resource "google_compute_instance_template" "someaddr" {
      ~ terraform_labels        = {
          + "somelabel"       = "somevalue"
        }
        # (12 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

apply

2023-11-01T22:24:01.470Z [DEBUG] State storage *cloud.State declined to persist a state snapshot
2023-11-01T22:24:01.470Z [ERROR] vertex "google_compute_instance_template.executors_v2codeintelexecutors_instancetemplate_047663F4" error: doesn't support update
2023-11-01T22:24:01.470Z [TRACE] vertex "google_compute_instance_template.executors_v2codeintelexecutors_instancetemplate_047663F4": visit complete, with errors
2023-11-01T22:24:01.471Z [DEBUG] State storage *cloud.State declined to persist a state snapshot
2023-11-01T22:24:01.471Z [ERROR] vertex "google_compute_instance_template.executors_v2batchchangesexecutors_instancetemplate_2F8E67B6" error: doesn't support update
2023-11-01T22:24:01.471Z [TRACE] vertex "google_compute_instance_template.executors_v2batchchangesexecutors_instancetemplate_2F8E67B6": visit complete, with errors
2023-11-01T22:24:01.471Z [TRACE] dag/walk: upstream of "provider[\"registry.terraform.io/hashicorp/google\"] (close)" errored, so skipping
2023-11-01T22:24:01.471Z [TRACE] dag/walk: upstream of "root" errored, so skipping
2023-11-01T22:24:01.471Z [DEBUG] cloud/state: state read serial is: 9; serial is: 9
2023-11-01T22:24:01.471Z [DEBUG] cloud/state: state read lineage is: 60802778-6926-08dd-b0ec-968e50de0e40; lineage is: 60802778-6926-08dd-b0ec-968e50de0e40
╷
│ Error: doesn't support update
│
│   with google_compute_instance_template.executors_v2batchchangesexecutors_instancetemplate_2F8E67B6,
│   on cdk.tf.json line 580, in resource.google_compute_instance_template.executors_v2batchchangesexecutors_instancetemplate_2F8E67B6:
│  580:       },
│
╵
╷
│ Error: doesn't support update
│
│   with google_compute_instance_template.executors_v2codeintelexecutors_instancetemplate_047663F4,
│   on cdk.tf.json line 630, in resource.google_compute_instance_template.executors_v2codeintelexecutors_instancetemplate_047663F4:
│  630:       }
│

Panic Output

N/A

Expected Behavior

Actual Behavior

We are upgrading from v4 to v5, and I am aware of the new terraform_labels change https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/version_5_upgrade#provider

According to terraform plan, the computed terraform_labels field will be populated. Upon terraform apply, we got an error complaining Error: doesn't support update.

Steps to Reproduce

  1. have a module with a minimal google_compute_instance_template and apply it using v4 provider
  2. bump provider to v5
  3. terraform plan - you should see addition of terraform_labels
  4. terraform apply - you shoue see Error: doesn't support update.

Important Factoids

References

google_compute_instance_template is immutable. Hence other fields contain a ForceNew=true in the schema definition:

https://github.com/hashicorp/terraform-provider-google/blob/3a7a8eb2282a112f92cbc16b1f4f143bde67a1f6/google/services/compute/resource_compute_instance_template.go#L156-L164

However, terraform_labels does not have this attribute, introduced in https://github.com/hashicorp/terraform-provider-google/commit/3e00cfbafa1ef13ebfd7e039bcec77407b824bfc#diff-ac874ea0db4bd5f5a83e2c2ed7f1dcb0514262d10a386b119e882986c2c58bd6R869-R873

https://github.com/hashicorp/terraform-provider-google/blob/3a7a8eb2282a112f92cbc16b1f4f143bde67a1f6/google/services/compute/resource_compute_instance_template.go#L869-L875

The workaround is manually tainting all instances of google_compute_instance_template prior to running terraform apply during the upgrade; this will force a replacement.

b/309602560

khtelus commented 12 months ago

Also: https://github.com/hashicorp/terraform-provider-google/issues/16374

joemiller commented 12 months ago

The upgrade guide states that terraform_labels is an output-only attribute. Is it possible to make the resource not forceCreate on change? I have a number of MIGs where this would be a burdensome interruption for essentially a no-op if this is truly output-only.

EDIT: I ended up updating state entries manually since this appears to be an output-only change. Leaving my jq query here in case it helps others:

cat state.tfstate \
  | jq '(.serial += 1) | (.resources[] | select(.type == "google_compute_instance_template").instances[].attributes) |= . + {terraform_labels: .labels}' \
  >state.tfstate2
github-actions[bot] commented 10 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.