Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ForceNew doesn't trigger resource recreation when defined on TypeSet, which leads to Update error #1314

Open
annakhm opened this issue Feb 20, 2024 · 1 comment
Open

ForceNew doesn't trigger resource recreation when defined on TypeSet, which leads to Update error #1314

annakhm opened this issue Feb 20, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@annakhm
Copy link

annakhm commented Feb 20, 2024

SDK version

v2.29.0

Relevant provider source code

https://github.com/vmware/terraform-provider-nsxt

"roles_for_path": getRolesForPathSchema(false),
func getRolesForPathSchema(forceNew bool) *schema.Schema {
	return &schema.Schema{
		Type:        schema.TypeSet,
		Description: "List of roles that are associated with the user, limiting them to a path",
		Required:    true,
		ForceNew:    forceNew,
		Elem: &schema.Resource{
			Schema: map[string]*schema.Schema{
				"path": {
					Type:        schema.TypeString,
					Description: "Path of the entity in parent hierarchy.",
					Required:    true,
				},
				"roles": {
					Type:        schema.TypeSet,
					Description: "Applicable roles",
					Required:    true,
					Elem: &schema.Schema{
						Type: schema.TypeString,
					},
				},
			},
		},
	}
}

Terraform Configuration Files

resource "nsxt_principal_identity" "test_pi" {
  name            = "ci_principal_identity"
  node_id         = "ci_node"
  certificate_pem = <<EOF
-----BEGIN CERTIFICATE-----
certificate PEM
-----END CERTIFICATE-----
EOF

  roles_for_path {
    path = "/orgs/default"

    roles = ["test-value-1"]
  }
}

Debug Output

https://gist.github.com/annakhm/60101ee4667f879d650a017b00418121

Expected Behavior

When roles attribute is updated, resource should be recreated because parent type is defined as ForceNew.
Change of child attribute should have triggered resource recreation.
Alternatively, SDK should be consistent in not allowing to omit Update function if resource is not recreated on update, as it does for top-level resource attributes.

Actual Behavior

When roles attribute is updated, the update does not trigger resource recreation. Resource is updated instead.
Since Update function is missing, provider code was not invoked. Update fails with Error: doesn't support update. However, state is updated with new value for roles.

Steps to Reproduce

  1. compile terraform-provider-nsxt based on commit vmware/terraform-provider-nsxt@730330d.
  2. Alternatively, define a resource with schema definition similar to https://github.com/vmware/terraform-provider-nsxt/blob/master/nsxt/resource_nsxt_principal_identity.go#L61 and no Update function.
  3. Apply config pasted above
  4. Change roles = ["test-value-1"] to roles = ["test-value-2"]
  5. Apply

References

hashicorp/terraform#34691
@annakhm annakhm added the bug Something isn't working label Feb 20, 2024
@annakhm
Copy link
Author

annakhm commented Mar 5, 2024

This issue seems related to the incorrect state update

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@annakhm