In Terraform 0.12, how to skip creation of resource, if resource name already exists?

23
votes

I am using Terraform version 0.12. I have a requirement to skip resource creation if resource with the same name already exists.

I did the following for this :

Read the list of custom images, 

data "ibm_is_images" "custom_images" {
}

Check if image already exists, 

locals {
 custom_vsi_image = contains([for x in data.ibm_is_images.custom_images.images: "true" if x.visibility == "private" && x.name == var.vnf_vpc_image_name], "true")
}

output "abc" {
value="${local.custom_vsi_image}"
}

Create only if image exists is false. 

resource "ibm_is_image" "custom_image" {
  count            = "${local.custom_vsi_image == true ? 0 : 1}"
  depends_on       = ["data.ibm_is_images.custom_images"]
  href             = "${local.image_url}"
  name             = "${var.vnf_vpc_image_name}"
  operating_system = "centos-7-amd64"

  timeouts {
    create = "30m"
    delete = "10m"
  }
}

This works fine for the first time with "terraform apply". It finds that the image did not exists, so it creates image.

When I run "terraform apply" for the second time. It is deleting the resource "custom_image" that is created above. Any idea why it is deleting the resource, when it is run for the 2nd time ?

Also, how to create a resource based on some condition(like only when it does not exists) ?

1
resourcesterraformexists
All of the code to check resource existence and maintain its idempotence is unnecessary because the provider CRUD functions already provide that functionality. Try to remove all of that related code and focus only on the actual resource. If it is not behaving correctly, then debugging needs to go in that direction instead.Matt Schuchard
In this blog, itnext.io/… He is explaining the same behavior: The behavior I observed when mixing both styles was that if the standalone resources didn’t exist, they would be created. However, once created, if I ran terraform apply again, they would be deleted. If I tried one more time, they would be created and so on…Malar Kandasamy
That sounds like a bug or your state is not being saved / read correctly. Can you remove the locals check and show us the output from the apply that creates and the apply that tries to remove it?Andy Shinn
I have opened a bug here: github.com/hashicorp/terraform/issues/23772Malar Kandasamy
You just need to refactor your tf modules to avoid this wrong ideaAbdennour TOUMI

1 Answers

32
votes

In Terraform, you're required to decide explicitly what system is responsible for the management of a particular object, and conversely which systems are just consuming an existing object. There is no way to make that decision dynamically, because that would make the result non-deterministic and -- for objects managed by Terraform -- make it unclear which configuration's terraform destroy would destroy the object.

Indeed, that non-determinism is why you're seeing Terraform in your situation flop between trying to create and then trying to delete the resource: you've told Terraform to only manage that object if it doesn't already exist, and so the first time you run Terraform after it exists Terraform will see that the object is no longer managed and so it will plan to destroy it.

If you goal is to manage everything with Terraform, an important design task is to decide how object dependencies flow within and between Terraform configurations. In your case, it seems like there is a producer/consumer relationship between a system that manages images (which may or may not be a Terraform configuration) and one or more Terraform configurations that consume existing images.

If the images are managed by Terraform then that suggests either that your main Terraform configuration should assume the image does not exist and unconditionally create it -- if your decision is that the image is owned by the same system as what consumes it -- or it should assume that the image does already exist and retrieve the information about it using a data block.

A possible solution here is to write a separate Terraform configuration that manages the image and then only apply that configuration in situations where that object isn't expected to already exist. Then your configuration that consumes the existing image can just assume it exists without caring about whether it was created by the other Terraform configuration or not.

There's a longer overview of this situation in the Terraform documentation section Module Composition, and in particular the sub-section Conditional Creation of Objects. That guide is focused on interactions between modules in a single configuration, but the same underlying principles apply to dependencies between configurations (via data sources) too.