Module not rerunable with ipam about terraform-aws-vpc HOT 13 CLOSED

Yea I have been racking my brain to try to come up with a solution for this type of thing so I am debating using some sort of cidr calculator to parse the values first but since terraform is single pass I'm struggling to find a good solution. If I come up with something I'll add it as a comment here. I will also try to reproduce the error I saw next week (got some issues I'm working on right now).

from terraform-aws-vpc.

v2.0 release was cut today so you should be able to use ipam as expected. we eliminated 2 of your problems:

1. you can now perform second apply with no issue
2. we do not use the data source and therefor do not query for multiple cidrs, you should not see the error when your pool is out of ranges

from terraform-aws-vpc.

Thank you for opening this issue. ill take a look

from terraform-aws-vpc.

Seems like there are 3 issues here:

1. 2nd apply is not working with ipam arguments (confirmed): This is definitely a problem and Im looking into how to fix that

2. If a pool cannot query for another CIDR the data source fails: This is interesting and may require an update to the provider to account. Can you please post the error you get when you run into the full event

3. Cannot create an ipam in the same root module. This is not so much of a bug but i agree we could potentially fix this race condition by referencing a non-computed value; for example we could use a bool ipam = bool and that would unblock the dependency issue

One thing to note. I do not believe you would be able to use for_each to loop over creating these resources if referencing ipam. The reason is because the query for a CIDR is done with the data source before the resource graph is built so each VPC will get the same CIDR block. There is, sadly, no easy way around this :/ The vpc resource can receive the next computed CIDR by specifying those arguments, however, then we cannot compute the subnets because theyre an attribute of the VPC resource itself (race condition)

from terraform-aws-vpc.

Yeah im struggling to fix the 2nd apply issue (and im sad i didnt catch this before now 😭 ). I can get the resources to work and require no changes but the outputs still change because the calculator still fires

from terraform-aws-vpc.

Alright, i got a fix coming regarding the 2nd apply issue but its going to be part of v2 which will have some breaking changes because im changing some inputs and outputs

I might release as alpha next week, if i have time to finish it... would love your input prior to raising it to GA if youre interested

from terraform-aws-vpc.

Alright, i got a fix coming regarding the 2nd apply issue but its going to be part of v2 which will have some breaking changes because im changing some inputs and outputs

I might release as alpha next week, if i have time to finish it... would love your input prior to raising it to GA if youre interested

100%
I'd definitely give it a whirl on Monday. Just let me know the branch name or tag me on the PR.

from terraform-aws-vpc.

I've rethought my implementation a bit regarding how to solve this issue. I proposed to hashi we add a modifier to the data source that prevents preview always grabbing a new CIDR. I dont think that behavior is even useful.

This however is bending the notion of a data source so I'm not certain how theyll respond.

from terraform-aws-vpc.

I've rethought my implementation a bit regarding how to solve this issue. I proposed to hashi we add a modifier to the data source that prevents preview always grabbing a new CIDR. I dont think that behavior is even useful.

This however is bending the notion of a data source so I'm not certain how theyll respond.

Yea I won't hold my breath on it. I am going to work on a cidr calculator for working with foreach loops.

from terraform-aws-vpc.

I tried implementing on my own locally but we're limited by what terraform core allows: hashicorp/terraform#31549

I'm going back to my original idea without run_once and just a bunch of greedy ignore_changes :/

Hopefully will have that out for testing in a day or 2

from terraform-aws-vpc.

issue closed by default. i got a couple more PRs coming before we cut a 2.0 release but, if youre able, would love your feedback on whats currently in main from #67

from terraform-aws-vpc.

Works great now for re-runability but if you want to move something it does fail (just changed the region and ipam region and got the following error):

│ Error: Error previewing next cidr from IPAM pool (ipam-pool-XXXXXXXXXX): InvalidParameterValue: The pool ipam-pool-XXXXXXXXXXXXX is not in the current region us-west-2.
│       status code: 400, request id: e83e2f8a-f81a-44a8-bccf-f59ca5936b21
│
│   with module.ci_vpc.data.aws_vpc_ipam_preview_next_cidr.main[0],
│   on .terraform/modules/ci_vpc/data.tf line 53, in data "aws_vpc_ipam_preview_next_cidr" "main":
│   53: data "aws_vpc_ipam_preview_next_cidr" "main" {

but that is out of scope from the issue I raised and something that I think will happen no matter what unless you target destroy first and then respool.

from terraform-aws-vpc.

I was also able to refactor a bit which should help with refresh times and allowed us to use the RESOURCE instead of the DATA SOURCE. ik that was causing an error for you when the pool ran out of cidrs. I had never considered that situation!

it also allows us to remove all the greedy ignore_changes

#69

from terraform-aws-vpc.