-
Notifications
You must be signed in to change notification settings - Fork 9.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Plannable Import: Don't fail, but create resource, if not exist #33633
Comments
This is definitely the more common use case for us. We reuse a lot of our terraform code.
Having something like Also possibly related to #33624 where we want to possibly switch off the |
This would definitely help by allowing to predefine imports in modules we provide to our devs. We're mostly migrating existing infrastructure, and handling terraform imports outside the CI pipeline is a time waster right now. |
I thought I'd be able to workaround this by using |
This patch 350f9b8 works, though it assumes any import error should be ignored: diff --git a/internal/terraform/node_resource_plan_instance.go b/internal/terraform/node_resource_plan_instance.go
index a4bbaa5359..561faa7371 100644
--- a/internal/terraform/node_resource_plan_instance.go
+++ b/internal/terraform/node_resource_plan_instance.go
@@ -165,7 +165,11 @@ func (n *NodePlannableResourceInstance) managedResourceExecute(ctx EvalContext)
// If the resource is to be imported, we now ask the provider for an Import
// and a Refresh, and save the resulting state to instanceRefreshState.
if importing {
- instanceRefreshState, diags = n.importState(ctx, addr, importId, provider, providerSchema)
+ var importDiags tfdiags.Diagnostics
+ instanceRefreshState, importDiags = n.importState(ctx, addr, importId, provider, providerSchema)
+ if importDiags.HasErrors() {
+ importing = false
+ }
} else {
var readDiags tfdiags.Diagnostics
instanceRefreshState, readDiags = n.readResourceInstanceState(ctx, addr) Looks like ignoring
|
We have a very similar use-case: our AWS account configuration is managed using Terraform. |
I disagree the |
Something like this would be hugely helpful. We are forced to use local backends for our terraform and have had cases where our state file was lost. Being able to have something equivalent to "import if exists else create" would be amazing. Given @antoinedeschenes comment about only catching missing resources error being insufficient, I would suggest something along the lines of |
The property name doesn't have to decribe the behavior in the code.
This sounds too generic... What about errors e.g. regarding permissions? Would be great, if there is already something in place, that is able to search the given ID using the providers implementation. Catching an import error (and deciding to throw it or not) feels not right to me and could lead into unexpected behaviors for some providers.
This would cause one additional API call during the import, but only once! |
@jbardin are you able to share a timeframe when this might be included? And in the meantime, are there any recommended patterns for workarounds? I'm also hitting the issue with cloud watch log groups that are automatically created by other AWS services. I need to:
|
@kevinkuszyk, No there is no timeline yet, but it does not sound like it would fit your use case. The import action and planning decisions all need to happen during the plan, so if there are log groups created implicitly by other resources, you're still going to end up creating conflicting log groups during apply. What you're describing is a much more complex feature which requires support from providers and a new protocol to handle. It's something we're aware of, but not directly related to import. |
This issue is critical to what I'm trying to build. I have an immutable kubernetes secret which I want to import if it exists, but if not I wish to have it created. I'm relying on the |
I also would love to have a create_if_not_exists option on the import block, or something similar. |
Now that |
Bump. This would be exceptionally helpful for our Org where we migrate tens of thousands of cloud resources and are continuing to deploy infrastructure. Side note: Our work around is to place all of our import blocks in an
|
This is exactly what we are running into. I was so excited about for_each in import, but quickly running into issues where I won't be able to use the same code for import and create. Please add this feature. Thanks. |
Allowing Take for example a scenario where a namespace that was auto generated by flux helm install is now moving to be managed by terraform state. Rollout of this case for (n) environments would require scripts to align state where as |
We also ran against this issue. Please plan in it the roadmap. |
Terraform Version
Use Cases
In our CI/CD system, I want to import resources, that eventually already had been created. If they do not exist, terraform could safely create them using the existing configuration.
My concrete example:
I have some (AWS) Lambda functions, that had been created by terraform. When being executed for the first time, the functions will create a LogGroup with the function name in CloudWatch. Unfortunately, the default config for these LogGroups doesn't fit our needs (e.g. no log retention being set). When I add the LogGroup to the terraform configuration, applying will fail in most (but not all!) cases, because it tries to create the LogGroup with the existing name.
Attempted Solutions
In similar situations, we added some commands before doing the "apply" and imported the resources using the CLI import command or just deleted the resource. The new
import
block would be a game changer for us...Thanks to CDKTF, as a workaround we can make the "import" block optional and check the existence of the resource using AWS API.
Proposal
I see to possible ways to tackle this:
Option 2 feels best for me, because the behavior can be configured individually for each resource/import. The config could look like:
More "positiv" sounding proposal by @acdha:
References
No response
The text was updated successfully, but these errors were encountered: