Open james-lawrence opened 10 months ago
edwardmedia
commented
10 months ago @james-lawrence can you share your use case in detail? Why do you need create_before_destroy? Has projects/-/regions/us-central1/instanceGroupManagers/rigm-faa688a5 been destroyed before you try to recreate it?
james-lawrence
commented
10 months ago @edwardmedia yes the manager would be destroy before it was recreated which would cause an outage. today it was caused by changing the zones/region of a internal resource.
we work around this atm by using a random_id and having to run terraform taint random_id.hack before terraform apply. but its annoying and error prone. basically most gcp resources have a unique name and can't be recreated safely without using create_before_destroy. roles, managers, load balancers, etc. its an ongoing struggle with gcp and terraform imo.
melinath
commented
10 months ago I think we expect this behavior - resources need unique IDs (aka names) in order to be referenced correctly by Terraform.
edwardmedia
commented
10 months ago @james-lawrence I am not clear what you meant below. What we expect is most resources shouldn't use create_before_destroy in the normal process.
basically most gcp resources have a unique name and can't be recreated safely without using create_before_destroy. Do you have specific config that can explain the issue?
james-lawrence
commented
10 months ago @edwardmedia I feel i already did explain the issue. without being able to generate unique names per resource created (aka: prefix) terraform is unable to recreate a resource when it needs to when create_before_destroy is enabled. this is a bug in the google provider where a standard feature of terraform doesn't work with many gcp resources. AWS provider has a name_prefix field for handling these situations.
resource "google_compute_region_instance_group_manager" "default" {}---- without create_before_destroy
---- with create_before_destroy
---- with create_before_destroy and the proposed fix
both situations are not desirable and one is due to a broken standard feature of terraform for gcp resources and the third one requires adding an existing pattern from other terraform providers to gcp resources.
the assertion create_before_destroy should be rare and somehow related to this problem is a non-starter (and in practical experience is completely incorrect, and in retrospect should have been the default behavior of terraform). this is just straight up broken terraform functionality within the GCP provider.
melinath
commented
10 months ago @james-lawrence thanks & apologies for misunderstanding your request previously. It looks like the google providers already support name_prefix on a few resources, including: google_compute_instance, google_container_node_pool, and google_compute_ssl_certificate. (AWS also supports name_prefix on the similar aws_launch_configuration resource: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration)
This is absolutely a valid request.
Community Note
modular-magicianuser, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned tohashibot, a community member has claimed the issue already.Terraform Version
google_compute_region_instance_group_manager resources can't be recreated safely because gcp treats names as unique.
will always fail if the manager needs to be recreated because the name will conflict.
b/311366305