Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Circular Dependency project_id #677

Open
jamesgeddes opened this issue Nov 24, 2023 · 3 comments
Open

Circular Dependency project_id #677

jamesgeddes opened this issue Nov 24, 2023 · 3 comments
Labels
bug Something isn't working

Comments

@jamesgeddes
Copy link

jamesgeddes commented Nov 24, 2023
edited
Loading

Terraform Version and Provider Version

Terraform version:  1.6.0
HCP provider version: 0.77.0

Affected Resource(s)

  • hcp_project
  • hcp_vault_secrets_app

Debug Output

The provider is working as currently intended.

Expected Behavior

When using the HashiCorp Cloud Platform (HCP) Terraform provider, it is anticipated that one should be able to dynamically create an HCP project using the hcp_project resource and then use the output of this resource (specifically the project_id) within the same Terraform configuration to configure other HCP resources, like hcp_vault_secrets_app. This is based on the expectation that Terraform should handle the flow of data between resources and allow the use of outputs from one resource as inputs to others, or even as part of the provider configuration, within the same execution plan.

Actual Behavior

In practice, when attempting to use the hcp_project resource to create an HCP project and then reference its project_id in subsequent resources or as part of the provider configuration, a circular dependency error is encountered. The HCP Terraform provider requires the project_id to be set at the provider level. However, this project_id is only known after the hcp_project resource is created, leading to a situation where the provider configuration is dependent on a resource that, in turn, depends on the provider. This results in Terraform being unable to resolve the order of creation and configuration, causing a cycle error.

Important Factoids Facts

  • Provider Design: The design of the HCP provider necessitates that the project_id be known and set at the provider level, which is not feasible when the project ID is supposed to be dynamically generated within the same Terraform run.
  • Use Case Scenario: This issue particularly impacts scenarios where infrastructure management is intended to be dynamic and automated, without manual intervention or a two-phase approach.
  • Workarounds Limitations: Potential workarounds, like splitting the Terraform configuration into two separate phases or predefining the project ID, may not align with all use cases, especially those seeking full automation and integration within a single Terraform execution.
  • Impact on Infrastructure as Code Practices: This limitation can impact common Infrastructure as Code practices, where dynamic resource provisioning and referencing are key components of automation.

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
@jamesgeddes jamesgeddes added the bug Something isn't working label Nov 24, 2023
@jamesgeddes jamesgeddes changed the title Circular Dependency Circular Dependency project_id Nov 24, 2023
@manish-hashicorp manish-hashicorp mentioned this issue Mar 26, 2024
Merged
3 tasks
@manish-hashicorp
Copy link
Contributor

#808 fixes the issue with hcp_vault_secrets_app resource. Kindly check. We've to still confirm if problem exists with other resources.

@jamesgeddes
Copy link
Author

Sorry @manish-hashicorp, I'm not sure I understand, as this is not a Vault Secrets specific problem. The intent of this ticket was to allow a project to be defined and then other resources to use that project; something like this,

resource "hcp_project" "example" {
  name        = "example-project"
  description = "My new project!"
}
resource "hcp_vault_secrets_app" "example" {
  app_name    = "example-app-name"
  description = "My new app!"
  project_id  = hcp_project.example.project_id
}
resource "hcp_consul_cluster" "example" {
  cluster_id = "consul-cluster"
  hvn_id     = hcp_hvn.example.hvn_id
  tier       = "development"
  project_id = hcp_project.example.project_id
}

Does #808 fix that?

@manish-hashicorp
Copy link
Contributor

Does #808 fix that?

Yes. The above tf should work except that hcp_project exposes resource_id. So following tf:

resource "hcp_project" "example" {
  name        = "example-project"
  description = "My new project!"
}
resource "hcp_vault_secrets_app" "example" {
  app_name    = "example-app-name"
  description = "My new app!"
  project_id  = hcp_project.example.resource_id
}
resource "hcp_consul_cluster" "example" {
  cluster_id = "consul-cluster"
  hvn_id     = hcp_hvn.example.hvn_id
  tier       = "development"
  project_id = hcp_project.example.resource_id
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jamesgeddes @manish-hashicorp