-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nomad_job : provider updates state on failure #385
Comments
Hi @the-nando 👋 This an interesting problem 🤔 I imagine the token you used the second time had read permission, but not write, so Terraform was able to refresh the state, but not apply the change. And since it has already the state refreshed, it thinks there's nothing to do the second time. Unfortunately the provider doesn't have any control over this flow. Terraform calls the One possibility could be to verify in the I will check with the Terraform team if they've seen something like this before and if there's a better way forward. |
hey @lgfa29 😄 Yes indeed, the Nomad token used in the second run lacked submit-job, hence the 403 permission denied error returned by Nomad. Other than doing pre-flight checks in the Create or Read methods, shouldn't the Update return the correct (partial) response? If I undertand correctly the Update method should update the response and diagnostic error accordingly on failure. The response gets a pre-populated state by the plan which needs to be updated to reflect the possibly partial update. Thanks for checking with the Terraform team, I'm curious to hear if they have any suggestion to better handle this. |
I've just realised that the provider isn't using the plugin framework but the SDK, so what I wrote above doesn't apply unfortunately. I've found this issue which describes the same problem: hashicorp/terraform-plugin-sdk#476 |
The Terraform team gave a nice suggestion to mark the job update as partial, meaning it will rollback state changes on error: #412 |
When QoS profile resource is updated with incorrect value that NSX rejects, the value would still get updated in the state, even though Update returned an error. This is terraform SDK bug: hashicorp/terraform-provider-nomad#385 This change implements the suggested workaround. Signed-off-by: Anna Khmelnitsky <[email protected]>
Nomad Version
1.6.2+ent
Provider Configuration
Which values are you setting in the provider configuration?
Affected Resource(s)
Terraform Configuration Files
After applying the job with a Nomad token with enough permissions, I edit the job's spec and re-run Terraform with a Nomad token which lacks permissions:
A subsequent plan runs clean, even though the job itself is still running with the old spec and the state is updated:
Expected Behavior
The state isn't updated.
Actual Behavior
The state is updated and diverges from reality.
The text was updated successfully, but these errors were encountered: