Not all records created during apply

[chris-zenfolio]

Problem Description

When I am trying to build multiple zones with multiple records in a single run, most times, the run will partially fail with errors because one or more zones are not implemented at the time the records for implemented. This is because record creation does not wait for zone creation to be complete before beginning. If I wait a minute or two (or 5), then the zone will be there and the failed-to-be-created records will create just fine.

Terraform Version

$ terraform -v
Terraform v0.12.19
+ provider.ns1 v1.6.4

Affected Resource(s)

Please list the resources as a list, for example:

• ns1_zone (4 zones total)
• ns1_records (18 records total)

Terraform Configuration Files

This is a large config that would need to be zipped and encrypted.  Where can I find NS1's public GPG key?

Debug Output

1. This is a link to the CLI output and, if you look at the order of operations, my Problem Description will make more sense.
   https://gist.github.com/chris-zenfolio/16d5dd35c61a3874faec3a72ae841ecc
2. This is a link to the TRACE output from the 2 runs I needed to successfully complete the terraform apply.
   https://gist.github.com/chris-zenfolio/41583b21834ad1008b21679ab8483c40

Panic Output

No panic/crash was detected

Expected Behavior

terraform apply should create/modify all objects in one run

Actual Behavior

Two runs were needed because record creation did not verify zone existence prior to creation.

Steps to Reproduce

1. Configure Terraform to create multiple zones and multiple records (of any type) for multiple zones.
2. terraform apply

Important Factoids

This implementation is highly iterative. All of the specific information is contained inside the variables.tf file.

References

I ran similar, highly-iterative, configurations (creating resource groups, vnets, ip addresses, subnets, vpns, etc.) using the azurerm provider that had object-creation dependencies without this particular problem happening.

[mburtless]

👋 Hi there - This doesn't sound like an issue with this provider so much as an issue with dependency detection in Terraform. This is likely due to the fact that when Terraform constructs it's dependency graph to figure out the order in which to create resources, it doesn't see any dependency between your records and your zones.

Maybe you're already aware, but in case you're not, Terraform provides two ways for you to list a dependency between resources: implicit and explicit. Terraform discovers implicit dependencies when you use an interpolation in a resource configuration that references another resource.

If implicit dependencies cannot be used in your configuration, you can create an explicit dependency by using a depends_on argument in the resource configuration that references another resource. Terraform has a great Getting Started guide on this subject that I'd recommend reading through if you're not familiar with this.

From your CLI output I can see that you are creating your zones and records in separate modules, so Terraform likely doesn't view these as dependent resources, which leads to the race condition on creation that you're experiencing.

Creating dependencies between modules is historically not very straightforward, but there are some workarounds that allow this. I'd recommend reading up on these or restructuring your modules to make denoting these dependencies simpler.

[chris-zenfolio]

I counter that I did the same thing and Azure's provider handled it with no issues, and there were most definitely dependencies. I'd upload the config, but need the GPG key mentioned in the "New Issue" text.

As for explicitly using depends_on, I feel like that's a provider problem to resolve because the provider knows that a record can't be created without a zone. I am sure others would exxperience this problem, too.

[mburtless]

I can't speak to how this worked for your previous configurations (maybe you were creating implicit dependencies via interpolation), but, as mentioned above, dependency detection (both implicit and explicit) is implemented within Terraform core itself and not the providers. Unfortunately, we have no ability to change this behavior within our provider.

Please take a look at How Terraform Works for further info (Construction of the Resource Graph is called out as one of the primary responsibilities of Terraform core). Terraform's documentation on the Resource Graph walks through how Terraform detects the dependencies and constructs the graph. Note that creating edges between the nodes (i.e. ns1 record and zone resources) via implicit or explicit dependencies is the only way to control the order in which Terraform will reach them when it walks the graph to create the resources.

Terraform has some useful documentation on module composition that may help you refactor your configuration to get this working the way you want.

[chris-zenfolio]

I've taken a look at my previous Azure work and can see how I had a ton of implicit dependencies. I reviewed the documentation on how to use depends_on and tried to implement it, but ran into hashicorp/terraform#17101. I will have to rewrite what I have done to figure out how to create implicit dependencies, since explicit dependencies are not supported for modules (or many other resource types).