0

I am working on terraform with openstack as the cloud provider. I have a deploy.tf script that creates a role:

resource "openstack_identity_role_v3" "role_example" {
  name = "creator"
}

My finding on how terraform creates resources:

  • If the role does not exist in openstack, terraform creates one with no problem.
  • If the role exists in openstack and is created with the same terraform script, ie. terraform.state has an entry of it, terraform returns with no errors.

my issue is: if I remove the state file or if the role is created out of bands either manually or by some other terraform script.I get the following error:

* openstack_identity_role_v3.role_example: Error creating OpenStack role: Expected HTTP response code [201] when accessing [POST https://<example-openstack-url>/v3/roles], but got 409 instead
{"error": {"message": "Conflict occurred attempting to store role - Duplicate Entry", "code": 409, "title": "Conflict"}}

I am trying to find a workaround so that if the role doesn't exist, terraform apply creates it, and if it already exists, despite having created manually or by any other terraform deployment script, terraform skips its creation and throw no error.

Vedant Aggrawal
  • 400
  • 4
  • 17
  • 1
    Run terraform import – victor m Mar 28 '19 at 14:59
  • Import certainly helps with manual creation, but managing it in another TF module or removing the state file are both circumstances that should not occurr. – Matthew Schuchard Mar 28 '19 at 15:34
  • thanks for the suggestion. What I can see is that "terraform import" requires two arguments; "address" and "ID". I wish to achive the same without providing ID. because, if the role doesn't exist, I cannot know the value for Id. – Vedant Aggrawal Mar 28 '19 at 15:37
  • The ID is the resource in your config. – Matthew Schuchard Mar 28 '19 at 15:40
  • "terraform import openstack_identity_role_v3.role_example " is the correct syntax. Please help me substitute the value for ID. This works if I provide a hardcoded hash ID, but I want to provide it programmatically. thanks – Vedant Aggrawal Mar 28 '19 at 15:52
  • Well, terraform is telling you that the resource (ID) already exists. The ID is the role name and it should already exist or you have a duplicate role name in your terraform template. – victor m Mar 28 '19 at 16:36
  • I am trying to automate the role creation process. so if the ID exists, rather than throwing an error that the role already exists, i want terraform to be silent about it and skip the role creation. also if I use the command: "terraform import openstack_identity_role_v3.role_example creator", terraform throws this error: Terraform detected a resource with this ID doesn't exist. – Vedant Aggrawal Mar 28 '19 at 16:44
  • Terraform will not be silent if something already exists and if something exists it is not managed by terraform, so you need to import it so that terraform can manage it moving forward. Maybe the ID is different in open_stack, figure out what resources are already created and try to figure out the ID. – victor m Mar 28 '19 at 21:12

0 Answers0