Terraform: Defer resource "completion"

Created on 24 Sep 2019  ยท  6Comments  ยท  Source: hashicorp/terraform

I think a nice way to tackle this is a property that exists on _all_ resources (like depends_on) that simply delays reporting that the resource has been provisioned/created by the specified period of time.

Some providers cough.. azure like to report back that everything is good to go but in fact if you dont wait a few seconds before using it it will fail.

Current Terraform Version

Terraform v0.12.7
+ provider.azuread v0.6.0
+ provider.azurerm v1.33.1
+ provider.helm v0.10.2
+ provider.kubernetes v1.9.0
+ provider.null v2.1.2
+ provider.random v2.2.0

Use-cases

I've got a scenario where I am provisioning a service principal, setting a password etc and then use it to create a kubernetes cluster. This consistently fails with 

StatusCode=400 -- Original Error: Code="BadRequest" Message="The credentials in ServicePrincipalProfile were invalid. Please see https://aka.ms/aks-sp-help for more details. (Details: adal: Refresh request failed. Status Code = '401'. Response body: {\"error\":\"invalid_client\",\"error_description\":\"AADSTS7000215: Invalid client secret is provided.

Translation: _I said that service principal was ready but I lied, ha ha ha hope your day is ruined_

In another case I am provisioning cert manager via helm and then immediately try to create issuers for letsencrypt but it always fails with a message the cert service not being ready yet.

Providers (the library authors) can't really solve this for us. Especially when the behaviour is inconsistent.

Proposal

resource "azuread_service_principal_password" "aks_sp_password" {
  service_principal_id = "${azuread_service_principal.aks_sp.id}"
  value                = "${random_uuid.password.result}"
  end_date_relative    = "17520h"# 2 years

  defer_completion = "5s" # some time notation
}

References

  • #17726
config enhancement
Source
picture worldspawn
👍3

Most helpful comment

Yeah but I'm looking for a cross platform solution

picture worldspawn on 26 Sep 2019
👍3

All 6 comments

You could I think do:

  provisioner "local-exec" {
    command = "sleep 5"
  }

?

OJFord picture OJFord on 25 Sep 2019

Yeah but I'm looking for a cross platform solution

worldspawn picture worldspawn on 26 Sep 2019
👍3

I'm having the exact same problem when creating a managed Kubernetes cluster on Azure @worldspawn, for now I'll use @OJFord solution, but indeed would be nice if they add your proposed solution.

rodrigoviola picture rodrigoviola on 5 Oct 2019

did the sleep resolve your issue Im getting the same problem even with 30 second sleeps

HizzyCO picture HizzyCO on 15 Nov 2019

Good news!

We just released the time_sleep resource in the time provider.

https://www.terraform.io/docs/providers/time/r/sleep.html

This gives you a straightforward, cross-platform sleep option. This resource should, almost exclusively, be considered a workaround for issues that we hope would be reported and handled in Terraform Provider logic.

Downstream resources can usually introduce or adjust retries in their code to handle time delay issues for all Terraform configurations. Upstream resources can be improved to better wait for a resource to be fully ready and available.

That said, I believe this addresses the need documented in this issue and I'm going to close it.

pkolyvas picture pkolyvas on 13 May 2020

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 13 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rkulagowski picture rkulagowski  ยท  3Comments
ronnix picture ronnix  ยท  3Comments
ketzacoatl picture ketzacoatl  ยท  3Comments
c4milo picture c4milo  ยท  3Comments
rjinski picture rjinski  ยท  3Comments