-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
updates to ec_deployment resource destroys ec_deployment_traffic_filter_association resources #419
Comments
I have a same problem |
Same issue here. |
Hi folks, based on the description, it looks like you are trying to modify resources created by Terraform outside of Terraform. This will obviously cause a drift. Based on the description, it looks like our Terraform provider is behaving as expected in the case of drift. I would suggest 2 possible options:
|
Hi @artemnikitin thanks for getting back to me. I can't agree that this is the expected behaviour and I am not managing resources outside of terraform. I am however using multiple separate terraform state files to manage different resources, something which I have done successfully in similar scenarios with other providers for some time. I have the following state files:
The following is a quote from the doc for the ec_deployment resources: This implies that if you avoid using traffic_filter on ec_deployment terraform will not manage the filters via that resource allowing the use of the traffic_filter and ec_deployment_traffic_filter_association resources, unyet any attempt to deploy a state file which does not contain all the association resources results in terraform treating it as a diff and removing them. I cannot speak to the intended behaviour but its my opinion that the provider in this case does not behave as I would expect based on the docs. I also looked at the code and was able to create a clone which works as I expected, it is interesting to note that there is code which excludes the traffic_filter attribute of ec_deployment when determining if changes have been made to the resource but this is then ignored and the update to the filters carried out anyway. As to workarounds for this issue, I ended up using the terraform lifecycle argument to ignore the attribute on the ec_deployment resource as follows: Again thanks for responding, hopefully the above assists in improving the solution / docs or failing that at least provides clarification for others encountering this issue. |
@artemnikitin I just wanted to chime in with a minimal, self-contained example that shows that this is indeed a bug. Even if this can be worked around with a To reproduce:
terraform {
required_version = ">= 1.1.0"
required_providers {
ec = {
source = "elastic/ec"
version = "~> 0.3.0"
}
}
}
data "ec_stack" "latest" {
version_regex = "latest"
region = "us-east-1"
}
resource "ec_deployment" "example_minimal" {
name = "my_example_deployment"
region = "us-east-1"
version = data.ec_stack.latest.version
deployment_template_id = "aws-io-optimized-v2"
elasticsearch {}
kibana {}
apm {}
enterprise_search {}
}
resource "ec_deployment_traffic_filter" "this" {
name = "example-filter"
region = "us-east-1"
type = "ip"
rule {
source = "0.0.0.0/0"
}
}
resource "ec_deployment_traffic_filter_association" "this" {
deployment_id = ec_deployment.example_minimal.id
traffic_filter_id = ec_deployment_traffic_filter.this.id
}
|
Are there any progress on this for last year? |
The workaround I use is adding this to the
I add the respective |
Readiness Checklist
Expected Behavior
When applying an update to ec_deployment resource without the traffic_filter attribute set, terraform should not destroy related ec_deployment_traffic_filter_association resources.
From the documentation:
Current Behavior
ec_deployment_traffic_filter_association resources linked to the ec_deployment resource which is being updated are destroyed. The provider is treating the ec_deployment resource as if it has its traffic_filter attribute set to an empty list.
Terraform Definition
Steps to Reproduce
Context
There doesn't seem to be anyway to apply an update to the ec_deployment resource without destroying the associated traffic filters.
My specific use case requires me to be able to create an ec_deployment and then separately and at a later time create and destroy additional traffic filters on that resource. This would allow us to create and destroy log shippers to ingest data without impacting the ec_deployment resource. While this is possible any subsequent update to the ex_deployment resource removes all the associations.
Possible Solution
Potential fix might be to check if the traffic_filter attribute exists and if it doesn't forgo updating the traffic filters during the ec_deployment resource update. This check is done to determine if the resource has changed but the traffic filters are then updated regardless.
Your Environment
The text was updated successfully, but these errors were encountered: