Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Import of google_cloud_asset_folder_feed forces replacement despite matching config #9461

Open
mchesler opened this issue Jun 29, 2021 · 13 comments
Open

Import of google_cloud_asset_folder_feed forces replacement despite matching config #9461

mchesler opened this issue Jun 29, 2021 · 13 comments
Labels
forward/linked persistent-bug Hard to diagnose or long lived bugs for which resolutions are more like feature work than bug work service/cloudasset size/s
Milestone
Goals

Comments

@mchesler
Copy link

mchesler commented Jun 29, 2021
edited by modular-magician
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform version 0.12.31
Google Provider version 3.74.0

Affected Resource(s)

  • google_cloud_asset_folder_feed

Terraform Configuration Files

resource "google_cloud_asset_folder_feed" "my_feed" {
  billing_project = "my-project"
  folder          = "folders/1234567890"
  feed_id         = "my-feed"
  content_type    = "RESOURCE"
  asset_types     = ["compute.googleapis.com/Instance"]

  feed_output_config {
    pubsub_destination {
      topic = "projects/my-project/topics/instance-events"
    }
  }
}

Expected Behavior

After import, terraform plan should show no changes to apply

Actual Behavior

After import, terraform plan shows output like below:

  # google_cloud_asset_folder_feed.my_feed must be replaced
-/+ resource "google_cloud_asset_folder_feed" "my_feed" {
      - asset_names   = [] -> null
        asset_types   = [
          "compute.googleapis.com/Instance",
        ]
      + billing_project = "my-project" # forces replacement
        content_type    = "RESOURCE"
      + feed_id         = "my-feed" # forces replacement
      + folder          = "folders/1234567890" # forces replacement
      + folder_id       = (known after apply)
      ~ id              = "folders/1234567890/feeds/my-feed" -> (known after apply)
      ~ name            = "folders/1234567890/feeds/my-feed" -> (known after apply)

        feed_output_config {
          pubsub_destination {
            topic = "projects/my-project/topics/instance-events"
          }
        }

      - timeouts {}
    }

Steps to Reproduce

  1. terraform import google_cloud_asset_folder_feed.my-feed folders/1234567890/feeds/my-feed
  2. terraform plan

Important Factoids

None

References

  • None

b/374161733
@mchesler mchesler added the bug label Jun 29, 2021
@edwardmedia edwardmedia self-assigned this Jun 29, 2021
@edwardmedia
Copy link
Contributor

@mchesler can you see if below records are in the state?

      + billing_project = "my-project" # forces replacement
      + feed_id         = "my-feed" # forces replacement
      + folder          = "folders/1234567890" # forces replacement

@mchesler
Copy link
Author

@edwardmedia no, I see this in the state:

{
  "mode": "managed",
  "type": "google_cloud_asset_folder_feed",
  "name": "my_feed",
  "provider": "provider.google",
  "instances": [
    {
      "schema_version": 0,
      "attributes": [
        "asset_names": [
        ],
        "asset_types": [
        ]
      ],
      "billing_project": null,
      "condition": [
      ],
      "content_type": "RESOURCE",
      "feed_id": null,
      "feed_output_config": [
        {
          "pubsub_destination": [
            {
              "topic": "projects/my-project/topics/instance-events"
            }
          ]
        }
      ],
      "folder": null,
      "folder_id": "",
      "id": "folders/1234567890/feeds/my-feed",
      "name": "folders/1234567890/feeds/my-feed",
      "timeouts": {
          "create": null,
          "delete": null,
          "update": null,
        }
      },
      "private": "abcdef1234567890abcdef1234567890abcdef1234567890"
    }
  ]
}

@edwardmedia
Copy link
Contributor

@mchesler below fields are null or empty in the state. That is why. Can you check the debug log to see if they were included in the response from api? If not, you may need to re-apply the config to sync the config. After that, let's check to see if you still see the difference.

      "billing_project": null,
      "feed_id": null,
      "folder": null,
      "folder_id": "",

@mchesler
Copy link
Author

mchesler commented Jul 1, 2021
edited
Loading

@edwardmedia Looks like those fields were not included in the API response:

2021-07-01T17:30:09.317-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/01 17:30:09 [DEBUG] Google API Request Details:
---[ REQUEST ]---------------------------------------
GET /v1/folders/1234567890/feeds/my-feed?alt=json HTTP/1.1
Host: cloudasset.googleapis.com
User-Agent: Terraform/0.12.31 (+https://www.terraform.io) Terraform-Plugin-SDK/2.5.0 terraform-provider-google/3.74.0
Content-Type: application/json
Accept-Encoding: gzip


-----------------------------------------------------: timestamp=2021-07-01T17:30:09.317-0400
2021-07-01T17:30:09.867-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/01 17:30:09 [DEBUG] Google API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 200 OK
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Cache-Control: private
Content-Type: application/json; charset=UTF-8
Date: Thu, 01 Jul 2021 21:30:10 GMT
Server: ESF
Vary: Origin
Vary: X-Origin
Vary: Referer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
  "name": "folders/1234567890/feeds/my-feed",
  "assetTypes": [
"compute.googleapis.com/Instance"
  ],
  "contentType": "RESOURCE",
  "feedOutputConfig": {
    "pubsubDestination": {
      "topic": "projects/my-project/topics/instance-events"
    }
  }
}

-----------------------------------------------------: timestamp=2021-07-01T17:30:09.867-0400

The issue with re-applying is as I originally stated above - terraform is going to force replacement of the resource, which I do not want to happen.

@edwardmedia
Copy link
Contributor

@mchesler exactly. The provider does not have control over what api sends back. Did you create the resource via Terraform? If not, did you provided the data for these fields? I understood you didn't want to re-apply, but by doing so we may be able to see if these fields are captured by API. Make sense?

Looks like those fields were not included in the API response

@edwardmedia
Copy link
Contributor

@mchesler is this still an issue?

@mchesler
Copy link
Author

@edwardmedia yes, still an issue. It seems as though the values get stored in terraform state when terraform creates the resource, so it's not constantly trying to destroy and recreate. While I can recreate at will for testing, I'm not able to destroy and recreate the resource in production, so I'm somewhat stuck.

@edwardmedia
Copy link
Contributor

edwardmedia commented Jul 19, 2021
edited
Loading

@mchesler was the state created via imported or when you created the resource ? Did something happen after the resource initially created?

I am trying to understand (the below) how the Terraform forces replacement despite matching config?

Import of google_cloud_asset_folder_feed forces replacement despite matching config

@mchesler
Copy link
Author

@edwardmedia the state appears to be created correctly when I create the resource via terraform apply, but not via import. Here's the debug output from the creation via terraform apply:

google_cloud_asset_folder_feed.my_feed: Creating...
2021/07/20 09:22:48 [DEBUG] google_cloud_asset_folder_feed.my_feed: applying the planned Create change
2021-07-20T09:22:48.012-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/20 09:22:48 [DEBUG] Creating new FolderFeed: map[string]interface {}{"feed":map[string]interface {}{"assetTypes":[]interface {}{"compute.googleapis.com/Instance"}, "contentType":"RESOURCE", "feedOutputConfig":map[string]interface {}{"pubsubDestination":map[string]interface {}{"topic":"projects/my-project/topics/instance-events"}}}}: timestamp=2021-07-20T09:22:48.012-0400
2021-07-20T09:22:48.012-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/20 09:22:48 [DEBUG] Waiting for state to become: [success]: timestamp=2021-07-20T09:22:48.012-0400
2021-07-20T09:22:48.012-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/20 09:22:48 [DEBUG] Retry Transport: starting RoundTrip retry loop: timestamp=2021-07-20T09:22:48.012-0400
2021-07-20T09:22:48.012-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/20 09:22:48 [DEBUG] Retry Transport: request attempt 0: timestamp=2021-07-20T09:22:48.012-0400
2021-07-20T09:22:48.013-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/20 09:22:48 [DEBUG] Google API Request Details:
---[ REQUEST ]---------------------------------------
POST /v1/folders/1234567890/feeds?alt=json&feedId=my-feed HTTP/1.1
Host: cloudasset.googleapis.com
User-Agent: Terraform/0.12.31 (+https://www.terraform.io) Terraform-Plugin-SDK/2.5.0 terraform-provider-google/3.74.0
Content-Length: 180
Content-Type: application/json
X-Goog-User-Project: my-project
Accept-Encoding: gzip

{
 "feed": {
  "assetTypes": [
   "compute.googleapis.com/Instance"
  ],
  "contentType": "RESOURCE",
  "feedOutputConfig": {
   "pubsubDestination": {
    "topic": "projects/my-project/topics/instance-events"
   }
  }
 }
}

-----------------------------------------------------: timestamp=2021-07-20T09:22:48.013-0400
2021-07-20T09:22:48.907-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/20 09:22:48 [DEBUG] Google API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 200 OK
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Cache-Control: private
Content-Type: application/json; charset=UTF-8
Date: Tue, 20 Jul 2021 13:22:48 GMT
Server: ESF
Vary: Origin
Vary: X-Origin
Vary: Referer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
  "name": "folders/1234567890/feeds/my-feed",
  "assetTypes": [
"compute.googleapis.com/Instance"
  ],
  "contentType": "RESOURCE",
  "feedOutputConfig": {
    "pubsubDestination": {
      "topic": "projects/my-project/topics/instance-events"
    }
  }
}

-----------------------------------------------------: timestamp=2021-07-20T09:22:48.907-0400
2021-07-20T09:22:48.908-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/20 09:22:48 [DEBUG] Retry Transport: Stopping retries, last request was successful: timestamp=2021-07-20T09:22:48.907-0400
2021-07-20T09:22:48.908-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/20 09:22:48 [DEBUG] Retry Transport: Returning after 1 attempts: timestamp=2021-07-20T09:22:48.907-0400
2021-07-20T09:22:48.908-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/20 09:22:48 [DEBUG] Finished creating FolderFeed "folders/1234567890/feeds/my-feed": map[string]interface {}{"assetTypes":[]interface {}{"compute.googleapis.com/Instance"}, "contentType":"RESOURCE", "feedOutputConfig":map[string]interface {}{"pubsubDestination":map[string]interface {}{"topic":"projects/my-project/topics/instance-events"}}, "name":"folders/1234567890/feeds/my-feed"}: timestamp=2021-07-20T09:22:48.908-0400
2021-07-20T09:22:48.908-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/20 09:22:48 [DEBUG] Waiting for state to become: [success]: timestamp=2021-07-20T09:22:48.908-0400
2021-07-20T09:22:48.908-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/20 09:22:48 [DEBUG] Retry Transport: starting RoundTrip retry loop: timestamp=2021-07-20T09:22:48.908-0400
2021-07-20T09:22:48.908-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/20 09:22:48 [DEBUG] Retry Transport: request attempt 0: timestamp=2021-07-20T09:22:48.908-0400
2021-07-20T09:22:48.908-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/20 09:22:48 [DEBUG] Google API Request Details:
---[ REQUEST ]---------------------------------------
GET /v1/folders/1234567890/feeds/my-feed?alt=json HTTP/1.1
Host: cloudasset.googleapis.com
User-Agent: Terraform/0.12.31 (+https://www.terraform.io) Terraform-Plugin-SDK/2.5.0 terraform-provider-google/3.74.0
Content-Type: application/json
Accept-Encoding: gzip


-----------------------------------------------------: timestamp=2021-07-20T09:22:48.908-0400
2021-07-20T09:22:49.122-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/20 09:22:49 [DEBUG] Google API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 200 OK
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Cache-Control: private
Content-Type: application/json; charset=UTF-8
Date: Tue, 20 Jul 2021 13:22:49 GMT
Server: ESF
Vary: Origin
Vary: X-Origin
Vary: Referer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
  "name": "folders/1234567890/feeds/my-feed",
  "assetTypes": [
"compute.googleapis.com/Instance"
  ],
  "contentType": "RESOURCE",
  "feedOutputConfig": {
    "pubsubDestination": {
      "topic": "projects/my-project/topics/instance-events"
    }
  }
}

-----------------------------------------------------: timestamp=2021-07-20T09:22:49.122-0400
2021-07-20T09:22:49.122-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/20 09:22:49 [DEBUG] Retry Transport: Stopping retries, last request was successful: timestamp=2021-07-20T09:22:49.122-0400
2021-07-20T09:22:49.122-0400 [INFO]  plugin.terraform-provider-google_v3.74.0_x5: 2021/07/20 09:22:49 [DEBUG] Retry Transport: Returning after 1 attempts: timestamp=2021-07-20T09:22:49.122-0400
google_cloud_asset_folder_feed.my_feed: Creation complete after 1s [id=folders/1234567890/feeds/my-feed]

And the resulting state shows the correct information:

$ terraform state show google_cloud_asset_folder_feed.my_feed                                                                                                                                                    [21-07-20 9:31:25]
# google_cloud_asset_folder_feed.my_feed:
resource "google_cloud_asset_folder_feed" "my_feed" {
    asset_names     = []
    asset_types     = [
        "compute.googleapis.com/Instance",
    ]
    billing_project = "my-project"
    content_type    = "RESOURCE"
    feed_id         = "my-feed"
    folder          = "folders/1234567890"
    id              = "folders/1234567890/feeds/my-feed"
    name            = "folders/1234567890/feeds/my-feed"

    feed_output_config {
        pubsub_destination {
            topic = "projects/my-project/topics/instance-events"
        }
    }
}

However, if I remove and reimport the resource, the state looks like this:

$ terraform state show google_cloud_asset_folder_feed.my_feed                                                                                                                                                    [21-07-20 9:34:25]
# google_cloud_asset_folder_feed.my_feed:
resource "google_cloud_asset_folder_feed" "my_feed" {
    asset_names  = []
    asset_types  = [
        "compute.googleapis.com/Instance",
    ]
    content_type = "RESOURCE"
    id           = "folders/1234567890/feeds/my-feed"
    name         = "folders/1234567890/feeds/my-feed"

    feed_output_config {
        pubsub_destination {
            topic = "projects/my-project/topics/instance-events"
        }
    }

    timeouts {}
}

To recap, the API responses on create vs import look identical, but resource creation results in correct/complete terraform state, while resource import does not and forces resource replacement on the next apply.

@edwardmedia
Copy link
Contributor

@mchesler I think I understood your issue now. After import, you still need to construct the resource config, google_cloud_asset_folder_feed manually, by adding those fields with the data obtained from the import. There is no automatic process that can handle that in the provider. Do I address your issue?

@mchesler
Copy link
Author

@edwardmedia I think that covers the issue. Stated slightly differently - after importing a google_cloud_assets_folder_feed resource, the real state of the resource is not accurately reflected in terraform state.

@edwardmedia
Copy link
Contributor

I see. We can populate folder and feed_id for the import but not the billing_project as it is not directly available. Add label of persistent-bug

@edwardmedia edwardmedia added the persistent-bug Hard to diagnose or long lived bugs for which resolutions are more like feature work than bug work label Jul 22, 2021
@edwardmedia edwardmedia removed their assignment Jul 22, 2021
@rileykarson rileykarson added size/s and removed bug labels Jul 22, 2021
@rileykarson rileykarson added this to the Goals milestone Jul 26, 2021
@github-actions github-actions bot added forward/review In review; remove label to forward service/cloudasset labels Aug 17, 2023
modular-magician added a commit to modular-magician/terraform-provider-google that referenced this issue Nov 13, 2023
@modular-magician
Update doc links for lifecycle meta argument (hashicorp#9461)
9098972 
[upstream:5320b7984e43c4f7ff843058ea029551327e4a06]

Signed-off-by: Modular Magician <magic-modules@google.com>
modular-magician added a commit that referenced this issue Nov 13, 2023
@modular-magician
Update doc links for lifecycle meta argument (#9461) (#16526)
473488f 
[upstream:5320b7984e43c4f7ff843058ea029551327e4a06]

Signed-off-by: Modular Magician <magic-modules@google.com>
@melinath melinath removed the forward/review In review; remove label to forward label Oct 17, 2024
@roaks3
Copy link
Collaborator

roaks3 commented Oct 25, 2024

I've confirmed this is still an issue. Import is effectively broken for this resource, in that it requires a subsequent recreation to resolve (or hand-editing the state).

Recommendation is to:

  • Update the import id to include billing_project, since it can't be fetch from the API. So it might look something like:
identity:
  - billingProject
  • Update the custom import to parse the name, and explicitly set folder, folder_id, feed_id, and billing_project. None of these are populated automatically during read. It might help to change self_link to folders/{{folder_id}}/feeds/{{feed_id}}.

Note that a similar fix might be needed for the other *Feed resources.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
forward/linked persistent-bug Hard to diagnose or long lived bugs for which resolutions are more like feature work than bug work service/cloudasset size/s
Projects
None yet
Milestone
Goals
Development

No branches or pull requests
6 participants
@melinath @mchesler @rileykarson @roaks3 @modular-magician @edwardmedia