Open jeliker opened 3 years ago
This is still happening on 4.96.0. Very difficult to accommodate with a large number of RRSET entries. Each of these apply operations is causing a lot of lost time reviewing the changes to ensure nothing is unintentionally changing (since, as described above, NOTHING is actually changing yet it is triggering an update because of RRSET resource attributes that are highly dynamic that cannot be ignored).
Even ignore_changes=all doesn't help 😕
lifecycle {
ignore_changes = all
}
Thank you for reporting the issue. We have raised an internal ticket to track this. Our service engineers will get back to you.
@jeliker We are unable to reproduce this when specifying the zone, view, and rrset resources together. Were you doing that or were you looking up the zone or view ocid using a data source?
I am specifying view and zone IDs as reference to other resources like this:
resource "oci_dns_zone" "the_zone" {
#Required
compartment_id = var.compartment_id
name = "example.com"
zone_type = "PRIMARY"
scope = "PRIVATE"
view_id = oci_dns_view.the_view.id
}
resource "oci_dns_view" "the_view" {
#Required
compartment_id = var.compartment_id
scope = "PRIVATE"
}
resource "oci_dns_rrset" "the_rrset" {
#Required
domain = "my.example.com"
rtype = "SRV"
zone_name_or_id = oci_dns_zone.the_zone.id
#Optional
compartment_id = var.compartment_id
items {
#Required
domain = "my.example.com"
rdata = "0 100 389 example.com."
rtype = "SRV"
ttl = 300
}
scope = "PRIVATE"
view_id = oci_dns_view.the_view.id
}
terraform plan
# oci_dns_rrset.the_rrset will be updated in-place
~ resource "oci_dns_rrset" "the_rrset" {
id = "zoneNameOrId/ocid1.dns-zone.oc1.iad.aaaaxofwl6acaaaih6gdhdceosroceqlro4tjasxqp34pncymi7tuyxhsdaq/domain/my.example.com/rtype/SRV"
# (6 unchanged attributes hidden)
+ items {
+ domain = "my.example.com"
+ is_protected = (known after apply)
+ rdata = "0 100 389 example.com."
+ record_hash = (known after apply)
+ rrset_version = (known after apply)
+ rtype = "SRV"
+ ttl = 300
}
- items {
- domain = "my.example.com" -> null
- is_protected = false -> null
- rdata = "0 100 389 example.com." -> null
- record_hash = "d1d083776d0caabf956c46cf81c12ea1" -> null
- rrset_version = "13" -> null
- rtype = "SRV" -> null
- ttl = 300 -> null
}
}
Above tested with 4.118.0
@jeliker I'm unable to reproduce this using your exact configuration above. What is your Terraform version?
Still happening on this version:
Terraform v1.5.7
on darwin_arm64
+ provider registry.terraform.io/oracle/oci v6.4.0
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# oci_dns_rrset.wildcard_sub1_domain_com will be updated in-place
~ resource "oci_dns_rrset" "wildcard_sub1_domain_com" {
id = "zoneNameOrId/ocid1.dns-zone.oc1..aaaaaaaaftfvx2cbvoh7fcfbgeubgtcgyez7gsyqm2odnknwdyynakq4jnaq/domain/%2A.sub1.domain.com./rtype/A"
# (3 unchanged attributes hidden)
- items {
- domain = "*.sub1.domain.com" -> null
- is_protected = false -> null
- rdata = "10.1.0.8" -> null
- record_hash = "3f324139f47851f1d269078d54de682d" -> null
- rrset_version = "12" -> null
- rtype = "A" -> null
- ttl = 300 -> null
}
+ items {
+ domain = "*.sub1.domain.com."
+ is_protected = (known after apply)
+ rdata = "10.1.0.8"
+ record_hash = (known after apply)
+ rrset_version = (known after apply)
+ rtype = "A"
+ ttl = 300
}
}
# oci_dns_rrset.wildcard_sub2_domain_com will be updated in-place
~ resource "oci_dns_rrset" "wildcard_sub2_domain_com" {
id = "zoneNameOrId/ocid1.dns-zone.oc1..aaaaaaaaftfvx2cbvoh7fcfbgeubgtcgyez7gsyqm2odnknwdyynakq4jnaq/domain/%2A.sub2.domain.com./rtype/A"
# (3 unchanged attributes hidden)
- items {
- domain = "*.sub2.domain.com" -> null
- is_protected = false -> null
- rdata = "138.1.1.63" -> null
- record_hash = "bb18395a4568dbdd59ff39981312e872" -> null
- rrset_version = "13" -> null
- rtype = "A" -> null
- ttl = 300 -> null
}
+ items {
+ domain = "*.sub2.domain.com."
+ is_protected = (known after apply)
+ rdata = "138.1.1.63"
+ record_hash = (known after apply)
+ rrset_version = (known after apply)
+ rtype = "A"
+ ttl = 300
}
}
Plan: 0 to add, 2 to change, 0 to destroy.
Community Note
Terraform Version and Provider Version
Affected Resource(s)
affected_resources = oci_dns_rrset
Terraform Configuration Files
…apply above then apply a second time to find a change requiring destroy is detected:
I speculate the trigger to destroy comes from the auto-generated
record_hash
and mayberrset_version
.I tried to add
ignore_changes
on the items.record_hash and items.rrset_version attributes but couldn't find the means to specify block attributes. For example, none of these attempts work:Help!
Debug Output
Panic Output
Expected Behavior
oci_dns_rrset
resources to not trigger destroy/create when the resource is not actively changed OR I expect to have the means toignore_changes
are fields that may trigger the destroyActual Behavior
oci_dns_rrset
resource I find it will trigger a destroy/create when (presumably) the internalrecord_hash
and/orrrset_version
attributes are setSteps to Reproduce
Important Factoids
References