search

ionos-cloud / terraform-provider-ionoscloud

The IonosCloud Terraform provider gives the ability to deploy and configure resources using the IonosCloud APIs.
Mozilla Public License 2.0
34 stars 23 forks source link

Provider produced inconsistent result after apply in ionoscloud_share #489

Closed malhussan closed 8 months ago

malhussan commented 9 months ago

Description

Using the following configuration:

locals {
  admins  = { for user in var.users : user.username => user if contains(user["roles"], "admin") }
  editors = { for user in var.users : user.username => user if contains(user["roles"], "user") }
  readers = { for user in var.users : user.username => user if contains(user["roles"], "reader") }
}

data "ionoscloud_user" "admins" {
  for_each = local.admins
  email    = each.value.username
}

data "ionoscloud_user" "editors" {
  for_each = local.editors
  email    = each.value.username
}

data "ionoscloud_user" "readers" {
  for_each = local.readers
  email    = each.value.username
}

resource "ionoscloud_datacenter" "this" {
  name                = "${var.workspace_id}-${var.project_id}"
  location            = var.dc_location
  description         = var.dc_description
  sec_auth_protection = false
}

resource "ionoscloud_share" "admin" {
  count           = length(local.admins) > 0 ? 1 : 0
  group_id        = ionoscloud_group.admin[0].id
  resource_id     = ionoscloud_datacenter.this.id
  edit_privilege  = true
  share_privilege = false
}

resource "ionoscloud_share" "editor" {
  count           = length(local.editors) > 0 ? 1 : 0
  group_id        = ionoscloud_group.editor[0].id
  resource_id     = ionoscloud_datacenter.this.id
  edit_privilege  = true
  share_privilege = false
}

resource "ionoscloud_share" "reader" {
  count           = length(local.readers) > 0 ? 1 : 0
  group_id        = ionoscloud_group.reader[0].id
  resource_id     = ionoscloud_datacenter.this.id
  edit_privilege  = true
  share_privilege = false
}

resource "ionoscloud_group" "admin" {
  count                          = length(local.admins) > 0 ? 1 : 0
  name                           = "${var.workspace_id}-${var.project_id}-admins"
  user_ids                       = [for d in data.ionoscloud_user.admins : d["id"]]
  create_datacenter              = true
  create_snapshot                = true
  reserve_ip                     = true
  create_pcc                     = true
  s3_privilege                   = true
  create_backup_unit             = true
  create_internet_access         = true
  create_k8s_cluster             = true
  create_flow_log                = true
  access_and_manage_monitoring   = true
  access_and_manage_certificates = true
  manage_dbaas                   = true
}

resource "ionoscloud_group" "editor" {
  count                          = length(local.editors) > 0 ? 1 : 0
  name                           = "${var.workspace_id}-${var.project_id}-editors"
  user_ids                       = [for d in data.ionoscloud_user.editors : d["id"]]
  reserve_ip                     = true
  s3_privilege                   = true
  access_and_manage_monitoring   = true
  access_and_manage_certificates = true
  manage_dbaas                   = true
}

resource "ionoscloud_group" "reader" {
  count    = length(local.readers) > 0 ? 1 : 0
  name     = "${var.workspace_id}-${var.project_id}-readers"
  user_ids = [for d in data.ionoscloud_user.readers : d["id"]]
}

produces the following error:

│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to ionoscloud_share.admin[0], provider "provider[\"registry.terraform.io/ionos-cloud/ionoscloud\"]" produced an unexpected new value: Root resource was present, but now
│ absent.
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
╷
│ Error: an error occured while creating a share: 500 Internal Server Error {
│   "httpStatus" : 500,
│   "messages" : [ {
│     "errorCode" : "301",
│     "message" : "Oops! Something went very wrong. Please contact the administrator"
│   } ]
│ }
│ 
│ 
│   with ionoscloud_share.editor[0],
│   on main.tf line 37, in resource "ionoscloud_share" "editor":
│   37: resource "ionoscloud_share" "editor" {
│

Note that e.g. after re-applying, it works fine

Expected behavior

Shares are created on first apply

Environment

Terraform version: 

1.5

Provider version: 

terraform {
  required_providers {
    ionoscloud = {
      source = "ionos-cloud/ionoscloud"
      version = "= 6.4.10"
    }
  }
}

OS:

Darwin Kernel Version 23.0.0,  x86_64 Linux

Configuration Files

vars.tfvars:

dc_location    = "de/txl"
dc_description = "ionos-user-permissions"
workspace_id   = "mo-s-customer"
project_id     = "ionos-test-dev"
users = [
  {
    "identifier" : "<uuid>",
    "username" : "example@example.com",
    "firstName" : "Example",
    "lastName" : "User",
    "email" : "example@example.com",
    "euid" : "example@example.com
    "roles" : [
      "admin",
      "user",
      "reader"
    ]
  }
]
cristiGuranIonos commented 9 months ago

Thanks for raising this, we will investigate and see why it happened.

cristiGuranIonos commented 9 months ago

Does this happen consistently? Can you try again and see if it reproduces?

cristiGuranIonos commented 9 months ago

We have a limitation with shares where we get an error if multiple shares are created at the same time. You can either try to set parallelism=1 when running terraform, or you can set depends_on between them so creation is done sequentially.

malhussan commented 9 months ago

We have a limitation with shares where we get an error if multiple shares are created at the same time. You can either try to set parallelism=1 when running terraform, or you can set depends_on between them so creation is done sequentially.

Thanks for your help. Setting depends_on to run sequentially solved it for me.