terraform-plugin-sdk icon indicating copy to clipboard operation
terraform-plugin-sdk copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

ForceNew doesn't trigger resource recreation when defined on TypeSet, which leads to Update error

Open annakhm opened this issue 1 year ago • 1 comments

SDK version

v2.29.0

Relevant provider source code

https://github.com/vmware/terraform-provider-nsxt

"roles_for_path": getRolesForPathSchema(false),

func getRolesForPathSchema(forceNew bool) *schema.Schema {
	return &schema.Schema{
		Type:        schema.TypeSet,
		Description: "List of roles that are associated with the user, limiting them to a path",
		Required:    true,
		ForceNew:    forceNew,
		Elem: &schema.Resource{
			Schema: map[string]*schema.Schema{
				"path": {
					Type:        schema.TypeString,
					Description: "Path of the entity in parent hierarchy.",
					Required:    true,
				},
				"roles": {
					Type:        schema.TypeSet,
					Description: "Applicable roles",
					Required:    true,
					Elem: &schema.Schema{
						Type: schema.TypeString,
					},
				},
			},
		},
	}
}

Terraform Configuration Files

resource "nsxt_principal_identity" "test_pi" {
  name            = "ci_principal_identity"
  node_id         = "ci_node"
  certificate_pem = <<EOF
-----BEGIN CERTIFICATE-----
certificate PEM
-----END CERTIFICATE-----
EOF

  roles_for_path {
    path = "/orgs/default"

    roles = ["test-value-1"]
  }
}

Debug Output

https://gist.github.com/annakhm/60101ee4667f879d650a017b00418121

Expected Behavior

When roles attribute is updated, resource should be recreated because parent type is defined as ForceNew. Change of child attribute should have triggered resource recreation. Alternatively, SDK should be consistent in not allowing to omit Update function if resource is not recreated on update, as it does for top-level resource attributes.

Actual Behavior

When roles attribute is updated, the update does not trigger resource recreation. Resource is updated instead. Since Update function is missing, provider code was not invoked. Update fails with Error: doesn't support update. However, state is updated with new value for roles.

Steps to Reproduce

  1. compile terraform-provider-nsxt based on commit https://github.com/vmware/terraform-provider-nsxt/commit/730330d397141745e9de20e2cd75a3f0412b18ae.
  2. Alternatively, define a resource with schema definition similar to https://github.com/vmware/terraform-provider-nsxt/blob/master/nsxt/resource_nsxt_principal_identity.go#L61 and no Update function.
  3. Apply config pasted above
  4. Change roles = ["test-value-1"] to roles = ["test-value-2"]
  5. Apply

References

https://github.com/hashicorp/terraform/issues/34691

annakhm avatar Feb 20 '24 22:02 annakhm

This issue seems related to the incorrect state update

annakhm avatar Mar 05 '24 01:03 annakhm