opentelekomcloud_dds_instance_v3 - availability_zone and flavor are missing in terraform state after importing resource

[mkarlheim]

Hello,

we are currently facing an issue while importing a DDS instance into our terraform state. There are the availability_zone and flavor missing after the import, which will lead to a replacement of the dds instance with next terraform apply.

Terraform provider version

Terraform v1.9.1
on darwin_arm64

• provider registry.terraform.io/opentelekomcloud/opentelekomcloud v1.36.20

Affected Resource(s)

• opentelekomcloud_dds_instance_v3

Terraform Configuration Files

resource "opentelekomcloud_kms_key_v1" "dds-mdb-tst-1" {
  key_alias       = "dds-mdb-tst-1"
  pending_days    = "31"
  key_description = "database encryptionkey"
  realm           = "eu-de"
  is_enabled      = true

  lifecycle {
    prevent_destroy = true
  }
}

resource "opentelekomcloud_dds_instance_v3" "dds-mdb-tst-1" {
  name   = "dds-mdb-tst-1"
  region = "eu-de"
  datastore {
    type           = "DDS-Community"
    version        = "4.4"
    storage_engine = "rocksDB"
  }

  availability_zone = "eu-de-01,eu-de-02,eu-de-03"
  vpc_id            = data.opentelekomcloud_vpc_v1.workload-vpc.id
  subnet_id         = one(data.opentelekomcloud_vpc_subnet_ids_v1.subnet_ids.ids)
  security_group_id = data.opentelekomcloud_networking_secgroup_v2.nodes-to-documentdb.id
  password          = "Change_Me4Sure"
  mode              = "ReplicaSet"
  flavor {
    type      = "replica"
    num       = 1
    storage   = "ULTRAHIGH"
    size      = 10                               // divisible by 10
    spec_code = "dds.mongodb.s2.medium.4.repset" # 1 vCPU | 4 GB
    # terraform state show data.opentelekomcloud_dds_flavors_v3.replica_flavors

  }
  disk_encryption_id = opentelekomcloud_kms_key_v1.dds-mdb-tst-1.id
  backup_strategy {
    start_time = "02:00-03:00"
    keep_days  = 30 // default for wellarchitected framework
  }
  ssl = true


  lifecycle {
    // API for passwordchange is not available
    ignore_changes = [
      password
    ]
    prevent_destroy = true
  }

  depends_on = [
    opentelekomcloud_kms_key_v1.dds-mdb-tst-1
  ]

  tags = {
    cost_center = "xxx"
    team        = "xxx"
    contact     = "xxx"
  }
}

Steps to Reproduce

1. Import an existing dds instance: terraform import opentelekomcloud_dds_instance_v3.dds-mdb-tst-1 c8064cd9402841c69f564f5b2aa70848in0
2. terraform apply

Expected Behavior

terraform apply should not lead to changes in infrastructure

Actual Behavior

Imported resource will be replaced with terraform apply:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform planned the following actions, but then encountered a problem:

  # opentelekomcloud_dds_instance_v3.dds-mdb-tst-1 must be replaced
-/+ resource "opentelekomcloud_dds_instance_v3" "dds-mdb-tst-1" {
      + availability_zone  = "eu-de-01,eu-de-02,eu-de-03" # forces replacement
      ~ created_at         = "2024-03-11T07:19:05" -> (known after apply)
      ~ db_username        = "rwuser" -> (known after apply)
      ~ id                 = "c8064cd9402841c69f564f5b2aa70848in02" -> (known after apply)
        name               = "dds-mdb-tst-1"
      ~ nodes              = [
          - {
              - id         = "143208dbcf274f69b5dbc82f04c8414dno02"
              - name       = "dds-mdb-tst-1_replica_node_2"
              - private_ip = "10.110.58.225"
              - role       = "Primary"
              - status     = "normal"
              - type       = "replica"
                # (1 unchanged attribute hidden)
            },
          - {
              - id         = "7a2260ee9147499b86d35f5d8d2e4a59no02"
              - name       = "dds-mdb-tst-1_replica_node_1"
              - private_ip = "10.110.38.102"
              - role       = "Secondary"
              - status     = "normal"
              - type       = "replica"
                # (1 unchanged attribute hidden)
            },
          - {
              - id         = "cc6d133713684b7b9322c99750c84d77no02"
              - name       = "dds-mdb-tst-1_replica_node_3"
              - private_ip = "10.110.34.174"
              - role       = "Hidden"
              - status     = "normal"
              - type       = "replica"
                # (1 unchanged attribute hidden)
            },
        ] -> (known after apply)
      + password           = (sensitive value)
      ~ pay_mode           = "0" -> (known after apply)
      ~ port               = 8635 -> (known after apply)
      ~ status             = "normal" -> (known after apply)
        tags               = {
            "contact"     = "xxx"
            "cost_center" = "xxx"
            "team"        = "xxx"
        }
      + time_zone          = (known after apply)
      ~ updated_at         = "2024-09-27T05:38:21" -> (known after apply)
        # (7 unchanged attributes hidden)

      ~ backup_strategy {
          ~ period     = "1,2,3,4,5,6,7" -> (known after apply)
            # (2 unchanged attributes hidden)
        }

      + flavor { # forces replacement
          + num       = 1
          + size      = 10
          + spec_code = "dds.mongodb.s2.medium.4.repset"
          + storage   = "ULTRAHIGH" # forces replacement
          + type      = "replica" # forces replacement
        }

      - timeouts {}

        # (1 unchanged block hidden)
    }

  # opentelekomcloud_kms_key_v1.dds-mdb-tst-1 will be updated in-place
  ~ resource "opentelekomcloud_kms_key_v1" "dds-mdb-tst-1" {
        id                      = "cdeb57b9-ce00-4972-8b12-2d97212fce92"
      + pending_days            = "31"
        tags                    = {}
        # (13 unchanged attributes hidden)
    }

Plan: 1 to add, 1 to change, 1 to destroy.
╷
│ Error: Instance cannot be destroyed
│ 
│   on dds-mdb-tst-1.tf line 13:
│   13: resource "opentelekomcloud_dds_instance_v3" "dds-mdb-tst-1" {
│ 
│ Resource opentelekomcloud_dds_instance_v3.dds-mdb-tst-1 has lifecycle.prevent_destroy set, but the plan calls for this resource to be destroyed. To avoid this error and continue with the plan, either disable
│ lifecycle.prevent_destroy or reduce the scope of the plan using the -target option.

[anton-sidelnikov]

Hi @mkarlheim please if you need this exact fields, open demand for changing API, because this fields does not returns in API response.

[mkarlheim]

Hi @anton-sidelnikov,
thanks for the fast reply. I will address this at OTC support.
Thank you

[anton-sidelnikov]

@mkarlheim i forgot to add, but if you want to import without this fields just use lifecycle block:

resource "opentelekomcloud_dds_instance_v3" "instance" {
    ...

  lifecycle {
    ignore_changes = [
      password, availability_zone, flavor, configuration,
    ]
  }
}

[mkarlheim]

Hey @anton-sidelnikov,

yes you are right. But that feels like a workaround, because OTC is not able to put (at least) fields in their API response that lead to a replacement of the resource.

Thanks for your reply
Best regards

[anton-sidelnikov]

HI @mkarlheim, yes this is a workaround, internal ticked still opened and on discussion with vendors.