search

spacelift-io / terraform-provider-spacelift

Terraform provider to interact with Spacelift
MIT License
76 stars 29 forks source link

Can't move stacks with AWS integration attached to a different space #478

Closed FidelusAleksander closed 7 months ago

FidelusAleksander commented 1 year ago

The problem

Moving stacks and AWS integrations to different spaces is failing at apply phase (succeeds plan if that matters)

Detailed description

So I have a module for creating the AWS Integration and attaching it to a stack (IAM role + Spacelift Integration resources, basicly the same as described in documentation https://docs.spacelift.io/integrations/cloud-providers/aws#programmatic-setup)

That module also accepts an input space_id for in which space the integration should be located

This is how I am calling it

module "aws_fastapi_integration" {
  source    = "./modules/aws_integration"
  role_name = "aws-fastapi-spacelift-integration"
  stack_id  = spacelift_stack.aws_fastapi.id
  iam_policy_arns = [
    "arn:aws:iam::aws:policy/AdministratorAccess"
  ]
  space_id = "root"
}

Initially I created these in the root space, but now I created a new spacelift_space

resource "spacelift_space" "workloads" {
...
}

And I wanted to move both the stack and the integration to that space, so I added that argument to the stack and the integration

resource "spacelift_stack" "aws_fastapi" {
  ...
  space_id  = spacelift_space.workloads.id # new
}
module "aws_fastapi_integration" {
  source    = "./modules/aws_integration"
  ...
  space_id = spacelift_space.workloads.id # changed from root
}

Neither the spacelift_aws_integration or the spacelift_stack can be moved to a new space because they depend on each other. That's the errors that I'm getting

│ Error: could not update stack: cannot move stack to a different space - there are attached entities that would become inaccessible in the following spaces: root

│ Error: could not update the AWS integration: cannot move the integration - some stacks that have this integration attached would no longer be able to access it



# Question
Is there a better way of doing it other than destroying the integration (or the attachment) manually before moving spaces?
marcinwyszynski commented 7 months ago

I think this could be solved by temporarily moving the AWS integration to a space that's a shared parent between the old stack's space and the new stack's space. Once that's done, and the integration is not used by anything else, you should be able to move it to the new stack's space.

I'm going to close this ticket now but feel free to reopen it if you need further assistance.