-
Notifications
You must be signed in to change notification settings - Fork 9.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Removing OCI security list and updating associated subnet fails #31068
Comments
I asked this on https://discuss.hashicorp.com/t/removing-oci-security-list-and-updating-associated-subnet/39539 as well, but since it looks like a bug, I figure I'd report it here as well. As a start, I would like to learn if this is a Terraform bug or a bug in the OCI provider. Perhaps someone with more experience can shed some light on this? |
I did some digging and found basically the same bug report in the OCI provider repository: oracle/terraform-provider-oci#909. That was back in 2019 and closed with a comment that it's a bug in Terraform. Now that we are 2,5 years further, has the situation improved? |
Hi @martijndwars, Sorry you are having difficulty with this. The replacement order for resource is well-defined, with the default always being to destroy before creating or updating. If you want a dependent resource to update before the removal of it's dependency, you need to use the Thanks! |
@jbardin thanks for your reply. The Fwiw, it's also not clear which resource would get the |
Yes, technically I made some notes about the operational orderings in a document here: https://github.com/hashicorp/terraform/blob/main/docs/destroying.md |
Thanks again for all your help @jbardin. I noticed that if I add That's with version 1.1.9. With version 0.13.5, which is admittedly a bit old, this does not work as intended (Terraform still tries to delete the security list before the subnet). In the future, would it be possible for Terraform providers to declare these ordering constraints, so that end-users are not required to sprinkle their code with |
It's been discussed several times about having providers include some feedback about dependencies and ordering. The problem is that if a resource requires a different order of operations, that ordering can affect other resources, which may be from other providers that are not able to handle |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Terraform Version
Terraform Configuration Files
Debug Output
See https://gist.github.com/martijndwars/4d9ef71f59fbc9c273dcb60dcc17cae2 for the debug output of the planning phase. I'm not sure if this is enough, because the bug manifests during the applying phase.
Expected Behavior
Terraform should 1. update the subnet (to no longer use the security list) and 2. remove the security list (note the order!).
Actual Behavior
Terraform tries to 1. remove the security list before 2. updating the subnet. But because the subnet uses the security list, it is not possible to remove the security list, so Terraform gets stuck at step 1 until it times out:
Steps to Reproduce
Given the configuration from the Terraform Configuration Files section,
The text was updated successfully, but these errors were encountered: