search

terraform-ibm-modules / terraform-ibm-powervs-infrastructure

Sets up and configures a ready-to-use Power Virtual Servers infrastructure with IBM Cloud landing zone.
Apache License 2.0
4 stars 11 forks source link

Module should ask for resource group ID instead of name #143

Closed ocofaigh closed 1 year ago

ocofaigh commented 1 year ago

I would suggest changing input variable powervs_resource_group_name to powervs_resource_group_id and removing the data lookups from your code. Why? Because data lookups are executed at the plan phase. And if you are executing this module as part of a higher module which also creates a resource group, the data lookup occurs on a resource group that does not yet exist because the the resource group name is not computed - it is known before the resource is even provisioned. Here is an example. The below code creates a new resource group, and calls the power infrastructure module as part of the same terraform execution....

##############################
terraform {
  required_version = ">=1.1"
  required_providers {
    ibm = {
      source  = "IBM-Cloud/ibm"
      version = "=1.45.1"
    }
    tls = {
      source  = "hashicorp/tls"
      version = "4.0.1"
    }
  }
}

##############################
provider "ibm" {
  region           = "syd"
  zone             = "syd05"
  ibmcloud_api_key = var.ibmcloud_api_key != null ? var.ibmcloud_api_key : null
}

provider "ibm" {
  alias            = "ibm-is"
  region           = "au-syd"
  zone             = "syd05"
  ibmcloud_api_key = var.ibmcloud_api_key != null ? var.ibmcloud_api_key : null
}
##############################
locals {
  powervs_workspace_name = "${var.prefix}-${var.powervs_zone}-${var.powervs_workspace_name}"
  powervs_sshkey_name    = "${var.prefix}-${var.powervs_zone}-${var.powervs_sshkey_name}"
}

resource "tls_private_key" "tls_key" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

resource "ibm_is_ssh_key" "ssh_key" {
  provider   = ibm.ibm-is
  name       = local.powervs_sshkey_name
  public_key = trimspace(tls_private_key.tls_key.public_key_openssh)
}

resource "ibm_resource_group" "resourceGroup" {
  name     = "test"
}

module "power_infrastructure" {
  source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure.git?ref=v5.0.0"

  powervs_zone                = "syd05"
  powervs_resource_group_name = ibm_resource_group.resourceGroup.name
  powervs_workspace_name      = local.powervs_workspace_name
  tags                        = []
  powervs_sshkey_name         = local.powervs_sshkey_name
  ssh_public_key              = ibm_is_ssh_key.ssh_key.public_key
  ssh_private_key             = trimspace(tls_private_key.tls_key.private_key_openssh)
  access_host_or_ip           = var.access_host_or_ip
  powervs_management_network  = var.powervs_management_network
  powervs_backup_network      = var.powervs_backup_network
  transit_gateway_name        = var.transit_gateway_name
  reuse_cloud_connections     = var.reuse_cloud_connections
  cloud_connection_count      = var.cloud_connection_count
  cloud_connection_speed      = var.cloud_connection_speed
  cloud_connection_gr         = var.cloud_connection_gr
  cloud_connection_metered    = var.cloud_connection_metered
  squid_config                = var.squid_config
  dns_forwarder_config        = var.dns_forwarder_config
  ntp_forwarder_config        = var.ntp_forwarder_config
  nfs_config                  = var.nfs_config
  perform_proxy_client_setup  = var.perform_proxy_client_setup
}

The problem with this code is that terraform plan fails with the error:

module.power_infrastructure.module.power_workspace.data.ibm_resource_group.resource_group_ds: Reading...
╷
│ Error: [ERROR] Given Resource Group is not found in the account : %!s(<nil>) {
│     "StatusCode": 200,
│     "Headers": {
│         "Cache-Control": [
│             "max-age=0, no-cache, no-store"
│         ],
│         "Content-Length": [
│             "16"
│         ],
│         "Content-Type": [
│             "application/json; charset=utf-8"
│         ],
│         "Date": [
│             "Tue, 15 Nov 2022 13:30:45 GMT"
│         ],
│         "Etag": [
│             "W/\"10-snEjXFi4SWmfY0hH7xVHSX5MF4M\""
│         ],
│         "Expires": [
│             "Tue, 15 Nov 2022 13:30:45 GMT"
│         ],
│         "Pragma": [
│             "no-cache"
│         ],
│         "Server": [
│             "istio-envoy"
│         ],
│         "Set-Cookie": [
│             "ak_bmsc=9023656E822830D2F5BCC746AFB82CB5~000000000000000000000000000000~YAAQJtERAkl6EnqEAQAAjyp8exFDPCBuTcSX7kfAnGQGV8qbvTbUNWjuhlnFQcqGH8RrfBEQuRgPrRB+nyNv3AXDjnwiRTLo7Di64ST4ZxOhulSA8QADYdeQQHwjSGAwIfYR1ffh6fPwarDT3i87SMxczz0SxdvlTAMmb5nC9G2TZeILemB9jI6IdMaSZv6cGVvMrWMC7zraJslAMRSEUdrT4aHfuufKQLFmA/DfAVstDRDGyPlJjK/BU0w9OxyHHhegJEI/0zsUSVqlYiLshpTPNEsW8k/SzCLsLIJdL8zDuWf0tYcVKas10pg3MdMPEFNKjbn5jcUxvHNCbVmgfIAevSMwoXF4fzbK3g8asP+o92LOCaFsxV1+Z8DcFxaJvwab51vgz9rn5KLrXg==; Domain=.cloud.ibm.com; Path=/; Expires=Tue, 15 Nov 2022 15:30:45 GMT; Max-Age=7200; HttpOnly"
│         ],
│         "Strict-Transport-Security": [
│             "max-age=31536000; includeSubDomains"
│         ],
│         "Transaction-Id": [
│             "abb5f462af7b42deb9ab3d6577f2f1bb"
│         ],
│         "Vary": [
│             "Accept-Encoding"
│         ],
│         "X-Content-Type-Options": [
│             "nosniff"
│         ],
│         "X-Envoy-Upstream-Service-Time": [
│             "368"
│         ],
│         "X-Ratelimit-Limit": [
│             "60"
│         ],
│         "X-Ratelimit-Remaining": [
│             "59"
│         ],
│         "X-Ratelimit-Reset": [
│             "0"
│         ],
│         "X-Request-Id": [
│             "abb5f462af7b42deb9ab3d6577f2f1bb"
│         ],
│         "X-Response-Time": [
│             "354.619ms"
│         ],
│         "_request_id": [
│             "abb5f462af7b42deb9ab3d6577f2f1bb"
│         ]
│     },
│     "Result": {
│         "resources": []
│     },
│     "RawResult": null
│ }
│ 
│ 
│   with module.power_infrastructure.module.power_workspace.data.ibm_resource_group.resource_group_ds,
│   on .terraform/modules/power_infrastructure/submodules/power_workspace/main.tf line 10, in data "ibm_resource_group" "resource_group_ds":
│   10: data "ibm_resource_group" "resource_group_ds" {
│

Current workaround is to add a depends_on = [ibm_resource_group.resourceGroup] when calling the power infrastrcuture module, but adding explicit depends_on is not a good practise and can lead to issues later on (see more here)

surajsbharadwaj commented 1 year ago

Will not be fixed due to other dependencies for extension flavour