Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make consul_keys behavior less surprising #5210

Merged
merged 2 commits into from
Mar 10, 2016
Merged

Make consul_keys behavior less surprising #5210

merged 2 commits into from
Mar 10, 2016

Conversation

apparentlymart
Copy link
Contributor

The consul_keys resource has a number of rough edges that make its behavior rather surprising. @phinze addressed a lot of its bugginess in a recent change, but its general design and implementation approach remained rather unusual.

In particular:

  • Since @phinze's earlier bugfixes, the value attribute in the key blocks is not updated on refresh. This meant that Terraform does not notice "drift" in the configuration and show it in the plan, but the Update implementation secretly updates those changed keys anyway, leading to surprise and confusion.
  • The delete attribute in key blocks applies only when the entire resource is removed, and not when individual key blocks are removed. This means the resource is able to add and update keys but not to remove keys.

The main driver for this change is to make delete work for individual key blocks, so removing a key block and applying has the expected effect of removing just that key from the store.

The implementation of this depends on using set difference to detect added and removed key blocks, which in turn required restoring the behavior of refreshing value so that Terraform would actually identify and fix differences in the underlying store. An unintended but positive side-effect of this implementation choice was fixing the first point above, so that Terraform will now report correctly in the plan that it intends to update the affected key.

In the process of implementing this I altered the implementation style to be what I'd consider a more "conventional" Terraform provider implementation, with separately-implemented Create and Update. However, that created a lot of code repetition and so I factored out the noise of interacting with the Consul API into a separate private client that is designed around Terraform's needs.

There are several confusing aspects of this resource that this PR does not address and, as far as I can tell, that can't be addressed without a breaking interface change:

  • There is no way for Terraform to take ownership of a particular key prefix within the store, and then detect and remove errant keys that are not present in the configuration. (See consul_key_subtree resource #5211)
  • The fact that the key blocks are implemented as a set rather than as a map (with path as the key) means that the resource still produces some rather confusing diffs in cases where the value of a particular key is being updated: rather than appearing as an update of the value field as you'd expect, it instead appears as a removal of an entire set member and the addition of another one with the same path.

I've intentionally not attempted to address these in this PR, but wanted to call them out.

@apparentlymart apparentlymart mentioned this pull request Feb 19, 2016
Closed
@phinze
Copy link
Contributor

phinze commented Feb 23, 2016

First review of these changes looks good.

In #4787 the reason I pulled out the value update was to avoid spurious diffs when using default - does this revert that behavior or is there something to mitigate that here?

I'd like to get the consul provider nightly acctests spun up before we merge (something I've been meaning to do for a few weeks now).

@apparentlymart
Copy link
Contributor Author

@phinze I am attempting to work around that diffing issue by updating value only when there's already a value, with the goal of then only updating the keys that are attempting to write to Consul, and ignoring the ones that are only reading. I'm assuming here that the "default" diffs are only an issue when we write back the default into the value attribute on an unsuccessful read.

Having the nightly acctests for Consul sounds great. (Kinda surprised that isn't already true since that sounds a lot easier than setting up the environment for AWS acctests! 😀)

@phinze
Copy link
Contributor

phinze commented Mar 10, 2016

Alrighty the consul nightlies are in place and I've given this another look - LGTM!

@apparentlymart
Specialized client for interacting with Consul keys
df2ce58 
This deals with some of the quirks of interacting with the Consul API,
with the goal of making the consul_keys resource implementation, and
later the consul_keys data source, less noisy to read.
@apparentlymart
Treat each consul key as having its own lifecycle
2e33f53 
Previously this resource managed the set of keys as a whole rather than
the individual keys, and so it was unable to recognize when a particular
managed key is removed and delete just that one key from Consul.

Here this is addressed by recognizing that each key actually has its own
lifecycle, and detecting when individual keys are added and removed
without replacing the entire consul_keys instance.

Additionally this restores the behavior of updating the "value" attribute
on read, but restricts it only to blocks that already had a value so as
to avoid the quirkiness seen previously when we updated blocks that were
intended to be read-only. Updating the value is important now, because we
rely on this to detect and repair discrepancies between values stored in
Consul and values given in the configuration.

This change produces a change in the handling of the "delete" attribute.
Before it was considered only when the entire consul_keys resource was
deleted, but now it is considered also when a particular key block is
removed from within a resource.
apparentlymart added a commit that referenced this pull request Mar 10, 2016
@apparentlymart
Merge pull request #5210 from apparentlymart/consul-keys-revamp
ec87a1b 
Make consul_keys behavior less surprising
@apparentlymart apparentlymart merged commit ec87a1b into hashicorp:master Mar 10, 2016
@apparentlymart apparentlymart deleted the consul-keys-revamp branch March 10, 2016 16:02
@phinze phinze mentioned this pull request Mar 16, 2016
Closed
@apparentlymart apparentlymart mentioned this pull request Apr 2, 2016
Closed
@ghost
Copy link

ghost commented Apr 27, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 27, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement provider/consul
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@apparentlymart @phinze