Comments (5)
Thanks for the detailed response. I don't have capacity to report the issue upstream as I'm not particularly confident I understand what you're saying about the underlying problem :)
StrongDM's product team to consider supporting backend type changes of resources
TBH, this is the only TF provider I use that holds TF resources this way. It feels like an antipattern to have a top-level resource
with lower-level blocks the way you've designed sdm_resource
.
It would feel more idiomatic (to me, anyway) if there was sdm_azure_mysql_datasource
as a full-blown resource
itself, rather than a 'generic' sdm_resource
. If you could pass that feedback on, I'd appreciate it. I recognise that'd be a massive breaking change in the provider, so have no expectations that it'll actually get shipped any time soon!
from terraform-provider-sdm.
Thanks for the report; we'll add ForceNew: true
to the resource type selection, and probably add this for other polymorphic SDK types (nodes) as well. I've opened an internal ticket for tracking this, feel free to raise additional questions or data points.
from terraform-provider-sdm.
Unfortunately, attemping a pattern where top level fields are ForceNew
results in the following terraform plugin error:
All fields are ForceNew or Computed w/out Optional, Update is superfluous
In other words, Terraform believes that with this configuration, all operations are creates and none are updates, which isn't preferred. If every change caused a re-create, then historical logs, healthchecks, etc will lose consistency in the resource they are referring to.
We (or you) could open a bug with https://github.com/hashicorp/terraform-plugin-sdk
to better support this architecture. It appears via tests that subfields underneath top level ForceNew
fields do not, in their changes, cause terraform to believe the top level has changed, so this could be considered a bug.
In the meantime I'll raise a (much less simple) note to StrongDM's product team to consider supporting backend type changes of resources with or without terraform.
from terraform-provider-sdm.
@200sc I agree with @cailyoung here - I think the issue is that this is just not a typical structure for a Terraform resource; sdm_resource
(and sdm_node
etc) actually represents several completely exclusive resource types, which isn't how Terraform expects a resource to behave. The "real" resources are the blocks like ssh_cert
or postgres
; when you define a sdm_resource
you define exactly 1 child block and nothing else, so it's just acting like a sort of pseudo container object for the real resource definition inside it. This is a fundamental deviation from how Terraform resources are structured, so I would not expect them to alter the core functionality to accommodate it.
The most "correct" solution here would seem to be as cailyoung suggested, to replace these "polymorphic" types that are unsupported by Terraform and with more "normal" Terraform resources like "sdm_postgres" or "sdm_ssh_cert" or what have you.
This would have the added (and not insignificant) benefit of making the provider more intuitive to use for Terraform users who are accustomed to the way most Terraform providers behave.
from terraform-provider-sdm.
We've opened an internal ticket for discussion on this proposed de-polymorphization; the only downside obvious to me is it would make it much more complicated to query for sets of resources covering multiple types in the datasource equivalent of these types, but that may not be a common use case.
from terraform-provider-sdm.
Related Issues (20)
- Import example for Secrets Store is incorrect HOT 1
- Example in Data Source documentation for `sdm_resource` is incorrect HOT 1
- Tags option not working for some Data Source filters HOT 1
- cannot read SecretStore: unauthenticated: cannot find auth GUID HOT 1
- Support for mapping sdm_roles with sdm_datasource using "name" as identifier instead of relying on tags or id HOT 5
- Bump the module version to `v2` HOT 1
- add way to set default tags HOT 1
- Split sdm_role resource and use attachments HOT 2
- username is not imported for mongo db resources HOT 3
- Using SDM in module causes terraform to insist on trying to get non-existent "hashicorp/sdm" module
- Add support for default_tags in the SDM Provider HOT 1
- Terraform does not catch username and password changes done on the website HOT 4
- secret_store_id change should force new resource HOT 3
- secret store id change still doesn't force re-creation on all resource types HOT 3
- Fix sdm_resource > google_gke > healthcheck_namespace so that it's not permanently diffed HOT 2
- Add port_override to google_gke resource HOT 2
- Changing a port_override creates a plan that cannot be applied HOT 1
- data sdm_peering_group: small bug? HOT 3
- sdm_account cannot apply new tags to users HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-sdm.