Newly created Cloud Zones do not have compute resources

[BerryR-RBA]

Code of Conduct

This project has a Code of Conduct that all participants are expected to understand and follow:

• [x] I have read and agree to the project's Code of Conduct

vRA Version

VMware Aria Automation 8.14.1.33478

Terraform Version

Terraform v1.7.2 on windows_amd64

vRA Terraform Provider Version

local/vmware/vra v0.8.6

Affected Resource(s)

• vra_zone

Terraform Configuration Files

resource "vra_cloud_account_vsphere" "demo" {
    name     = "Demo Account"
    hostname = var.vcenter_hostname
    username = var.vcenter_username
    password = var.vcenter_password
    regions  = [var.vcenter_region]

    accept_self_signed_cert = true
}

data "vra_region" "demo" {
    cloud_account_id = vra_cloud_account_vsphere.demo.id
    region           = var.vcenter_region
}

resource "vra_zone" "demo" {
    name      = "Demo Zone"
    region_id = data.vra_region.demo.id
}

output "demo-zone" {
    value = vra_zone.demo
}

Expected Behavior

Newly created Cloud Zones have compute resources

Actual Behavior

Newly created Cloud Zones do not have compute resources

Steps to Reproduce

1. Apply the config to an empty Aria Automation instance:

   Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
   
   Outputs:
   
   demo-zone = {
     "cloud_account_id" = "96a25f7f-e2f9-46ce-b173-254348e6537a"
     "compute_ids" = toset([])
     "created_at" = "2024-02-14"
     "custom_properties" = tomap({
       "zone_overlapping_migrated" = "true"
     })
     "description" = ""
     "external_region_id" = "Datacenter:datacenter-21"
     "folder" = ""
     "id" = "8f4e64ec-26a4-449c-aaa7-1c2bbcf6c141"
     "links" = toset([
       {
         "href" = "/iaas/api/cloud-accounts/96a25f7f-e2f9-46ce-b173-254348e6537a"
         "hrefs" = toset([])
         "rel" = "cloud-account"
       },
       {
         "href" = "/iaas/api/regions/fbefc259-684b-4fad-9e1d-33094cd33fd8"
         "hrefs" = toset([])
         "rel" = "region"
       },
       {
         "href" = "/iaas/api/zones/8f4e64ec-26a4-449c-aaa7-1c2bbcf6c141"
         "hrefs" = toset([])
         "rel" = "self"
       },
       {
         "href" = "/iaas/api/zones/8f4e64ec-26a4-449c-aaa7-1c2bbcf6c141/computes"
         "hrefs" = toset([])
         "rel" = "computes"
       },
     ])
     "name" = "Demo Zone"
     "org_id" = "79516f41-df2d-4e20-a2b9-5d0387c483bb"
     "owner" = ""
     "placement_policy" = "DEFAULT"
     "region_id" = "fbefc259-684b-4fad-9e1d-33094cd33fd8"
     "tags" = toset([])
     "tags_to_match" = toset([])
     "updated_at" = "2024-02-14"
   }

   Debug log is https://gist.github.com/BerryR-RBA/ea0975a819c05116414883f64c9c37ac#file-20240214-36-debug

2. Inspect the Cloud Zone in Assembler, which shows 0 compute resources.

   

3. Reapply the config multiple times. Results are identical.

4. Delete the zone from the config:

   resource "vra_cloud_account_vsphere" "demo" {
       name     = "Demo Account"
       hostname = var.vcenter_hostname
       username = var.vcenter_username
       password = var.vcenter_password
       regions  = [var.vcenter_region]
   
       accept_self_signed_cert = true
   }
   
   data "vra_region" "demo" {
       cloud_account_id = vra_cloud_account_vsphere.demo.id
       region           = var.vcenter_region
   }

5. Reapply:

   Apply complete! Resources: 0 added, 0 changed, 1 destroyed.

6. Confirm that the Cloud Zone is deleted from Assembler.

7. Restore the previous version of the config, and reapply:

   Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
   
   Outputs:
   
   demo-zone = {
     "cloud_account_id" = "96a25f7f-e2f9-46ce-b173-254348e6537a"
     "compute_ids" = toset([
       "2c4c5266-4784-4bdf-811a-5776540b0a82",
       "362e8297-2112-4aba-ad72-c6df1b44e086",
       "5786b193-8974-4850-9dd8-1a3c79c81b48",
       "685faac2-38e3-4f11-a0cf-d9505040fe5e",
       "9d624317-af84-4e4d-aa09-bc0859e79f2f",
     ])
     "created_at" = "2024-02-14"
     "custom_properties" = tomap({
       "zone_overlapping_migrated" = "true"
     })
     "description" = ""
     "external_region_id" = "Datacenter:datacenter-21"
     "folder" = ""
     "id" = "8f77a142-8a01-4d83-8bd1-4088331fc5e6"
     "links" = toset([
       {
         "href" = "/iaas/api/cloud-accounts/96a25f7f-e2f9-46ce-b173-254348e6537a"
         "hrefs" = toset([])
         "rel" = "cloud-account"
       },
       {
         "href" = "/iaas/api/regions/fbefc259-684b-4fad-9e1d-33094cd33fd8"
         "hrefs" = toset([])
         "rel" = "region"
       },
       {
         "href" = "/iaas/api/zones/8f77a142-8a01-4d83-8bd1-4088331fc5e6"
         "hrefs" = toset([])
         "rel" = "self"
       },
       {
         "href" = "/iaas/api/zones/8f77a142-8a01-4d83-8bd1-4088331fc5e6/computes"
         "hrefs" = toset([])
         "rel" = "computes"
       },
     ])
     "name" = "Demo Zone"
     "org_id" = "79516f41-df2d-4e20-a2b9-5d0387c483bb"
     "owner" = ""
     "placement_policy" = "DEFAULT"
     "region_id" = "fbefc259-684b-4fad-9e1d-33094cd33fd8"
     "tags" = toset([])
     "tags_to_match" = toset([])
     "updated_at" = "2024-02-14"
   }

   Debug log is https://gist.github.com/BerryR-RBA/ea0975a819c05116414883f64c9c37ac#file-20240214-40-debug

8. Inspect the Cloud Zone in Assembler, which shows 5 compute resources.

   

Why does an identical config produce different results?

Screenshots

See above

Debug Output

See above

Panic Output

N/A

Important Factoids

• Terraform is running under Azure Devops Server
• Terraform does not have internet access
• vRA Provider is installed locally

References

N/A

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[cars]

@BerryR-RBA [I'm going to preface this by saying it's been a while since I worked directly with vRA] but this tickled a memory. If memory serves, once the cloud account is configured/created it may be a few minutes before the inventory of all the resources in the vCenter occurs, so if you create the Zone immediately after it may not know about the compute resources yet, so you might need a delay between the creation of the cloud account and the zone (maybe using something like time_sleep?)

[BerryR-RBA]

I think you are correct.

If I create the cloud account on its own, then add the cloud zone in a second pass, it works.

[BerryR-RBA]

Adding a 60 second delay to the cloud account resource works around the issue:

resource "vra_cloud_account_vsphere" "demo" {
  name     = "Demo Account"
  hostname = var.vcenter_hostname
  username = var.vcenter_username
  password = var.vcenter_password
  regions  = [var.vcenter_region]

  accept_self_signed_cert = true

  provisioner "local-exec" {
    interpreter = ["pwsh", "-Command"]
    command     = "Start-Sleep -Seconds 60"
  }
}

[BerryR-RBA]

It would be ideal if we could wait for a resource to be ready, not just created. But there is no interface in Terraform or the vRA provider to support that, so this workaround will have to do.

Also noting that a time_sleep resource is preferred to the local-exec provisioner. We've avoided it because the provider is not currently available in our environment.

Thanks @cars for the help.