CBR typeset change for cbr rule/zone and adding CBR retries #5246
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tyao117
changed the title
|
showing the change of the retry: ...
{"trace":"3a1c7778-0c97-44e3-a46d-1ab29f7c6740","errors":[{"code":"rule_not_found_in_store","message":"The rule 'd38463f844a13ed98eb97c48f909cb5a' is not found in store.","target":{"type":"parameter","name":"rule_id","value":"d38463f844a13ed98eb97c48f909cb5a"}}],"status_code":404}: timestamp=2024-03-28T17:19:52.226-0500
2024-03-28T17:19:52.228-0500 [INFO] provider.terraform-provider-ibm: Read cbr rule response status code: 404, provider will try again. The rule 'd38463f844a13ed98eb97c48f909cb5a' is not found in store.: timestamp=2024-03-28T17:19:52.228-0500
ibm_cbr_rule.cbr_rule: Still creating... [10s elapsed]
ibm_cbr_rule.cbr_rule: Still creating... [20s elapsed]
2024-03-28T17:20:12.231-0500 [INFO] provider.terraform-provider-ibm: 2024/03/28 17:20:12 [Debug] Request:
GET /v1/rules/d38463f844a13ed98eb97c48f909cb5a HTTP/1.1
Host: testing-1-ap-south.network-policy.cloud.ibm.com
User-Agent: platform-services-go-sdk/0.61.2 (lang=go; arch=arm64; os=darwin; go.version=go1.21.6)
Accept: application/json
Authorization: [redacted]
X-Original-User-Agent: terraform-provider-ibm/1.64.0-beta0
Accept-Encoding: gzip
: timestamp=2024-03-28T17:20:12.231-0500
2024-03-28T17:20:12.231-0500 [INFO] provider.terraform-provider-ibm: 2024/03/28 17:20:12 [DEBUG] GET https://testing-1-ap-south.network-policy.cloud.ibm.com/v1/rules/d38463f844a13ed98eb97c48f909cb5a: timestamp=2024-03-28T17:20:12.231-0500
2024-03-28T17:20:12.810-0500 [INFO] provider.terraform-provider-ibm: 2024/03/28 17:20:12 [Debug] Response:
HTTP/2.0 200 OK
Content-Length: 973
Akamai-Grn: 0.b8764017.1711664412.1a11d10
Cache-Control: max-age=0, no-cache, no-store
Content-Type: application/json; charset=utf-8
Date: Thu, 28 Mar 2024 22:20:12 GMT
Etag: 1-e7fe6ccc1aa9b260cf9a75f5545918a6
Expires: Thu, 28 Mar 2024 22:20:12 GMT
Pragma: no-cache
Set-Cookie: ak_bmsc=37096D28113F036166B2AA3D9403EEE0~000000000000000000000000000000~YAAQuHZAFxv5bIWOAQAAWTgmhxePEw5ueSfjnxhMfnqRSHvgfHLXQektil3fPL3Z0SUvHu2h6pLB3B7YDwaLWizjHNS/f1G5g9SFMt4CWlxyu8IdhW+Jt4gUpZw8JJnPpiuarrtOa9v1KbHRW3lw8eAWbvZIgIOcfRCpiK1/sp1S0MiQkKINLh6hy47fecDPglJ5fivjKV0qTear550LZBdJxwJyx26o8grj2jW0ldNNa+Zz5c4XWs4F5970JSGTNXjKVF1NLpneYyNIA1JX/JAWnMdAzeZIi33Gu3LB5GDxquX4rEGvMDcqL5ZK50It9YcEeLJbrFPD68YEf6sgqIhqvjeemNAdWD0ySPt4wSodL60hdDI2IqSLWacKPO854YPdM3icg6bgi8d1XXGwZWtTj5ycQ/nq6K8=; Domain=.network-policy.cloud.ibm.com; Path=/; Expires=Fri, 29 Mar 2024 00:20:12 GMT; Max-Age=7200; HttpOnly
Strict-Transport-Security: max-age=31536000; includeSubDomains
Transaction-Id: 4ed26f8b-658b-4676-8c30-aabca0a75ef8
X-Content-Type-Options: nosniff
X-Correlation-Id: 4ed26f8b-658b-4676-8c30-aabca0a75ef8
X-Proxy-Upstream-Service-Time: 91
X-Ratelimit-Limit: 10
X-Ratelimit-Remaining: 9
X-Ratelimit-Reset: 1711664413
{"description":"test rule config basic","resources":[{"attributes":[{"name":"accountId","value":"37cb83958369439db2ef3d6156f82b9d"},{"name":"serviceName","value":"user-management"}],"tags":[{"name":"tag_name","value":"tag_value"}]}],"contexts":[{"attributes":[{"name":"networkZoneId","value":"3cbe2e308ead56b8021b8a8618089776"}]}],"operations":{"api_types":[{"api_type_id":"crn:v1:bluemix:public:context-based-restrictions::::api-type:","display_name":"All","description":"Protects all service APIs."}]},"enforcement_mode":"disabled","id":"d38463f844a13ed98eb97c48f909cb5a","crn":"crn:v1:bluemix:public:context-based-restrictions:global:a/37cb83958369439db2ef3d6156f82b9d::rule:d38463f844a13ed98eb97c48f909cb5a","href":"https://testing-1-ap-south.network-policy.cloud.ibm.com/v1/rules/d38463f844a13ed98eb97c48f909cb5a","created_at":"2024-03-28T22:19:51Z","created_by_id":"IBMid-550003PATQ","last_modified_at":"2024-03-28T22:19:51Z","last_modified_by_id":"IBMid-550003PATQ"}: timestamp=2024-03-28T17:20:12.810-0500
2024-03-28T17:20:12.811-0500 [INFO] provider.terraform-provider-ibm: 2024/03/28 17:20:12 [Debug] Request:
GET /v1/rules/d38463f844a13ed98eb97c48f909cb5a HTTP/1.1
Host: testing-1-ap-south.network-policy.cloud.ibm.com
User-Agent: platform-services-go-sdk/0.61.2 (lang=go; arch=arm64; os=darwin; go.version=go1.21.6)
Accept: application/json
Authorization: [redacted]
X-Original-User-Agent: terraform-provider-ibm/1.64.0-beta0
Accept-Encoding: gzip
: timestamp=2024-03-28T17:20:12.811-0500
2024-03-28T17:20:12.811-0500 [INFO] provider.terraform-provider-ibm: 2024/03/28 17:20:12 [DEBUG] GET https://testing-1-ap-south.network-policy.cloud.ibm.com/v1/rules/d38463f844a13ed98eb97c48f909cb5a: timestamp=2024-03-28T17:20:12.811-0500
2024-03-28T17:20:13.333-0500 [INFO] provider.terraform-provider-ibm: 2024/03/28 17:20:13 [Debug] Response:
HTTP/2.0 200 OK
Content-Length: 973
Akamai-Grn: 0.b8764017.1711664412.1a12088
Cache-Control: max-age=0, no-cache, no-store
Content-Type: application/json; charset=utf-8
Date: Thu, 28 Mar 2024 22:20:13 GMT
Etag: 1-e7fe6ccc1aa9b260cf9a75f5545918a6
Expires: Thu, 28 Mar 2024 22:20:13 GMT
Pragma: no-cache
Set-Cookie: ak_bmsc=57DD90F650B835369E48F77FAEB2209C~000000000000000000000000000000~YAAQuHZAF1D5bIWOAQAAOjomhxest+gYrOohHxPLLJ83wAD9MzG8dUVxhgdKHMc3nlUQUU8NEYV9NDYf1/GotFqwYBMCldU3hN36WPunj/nkexg3SAiBV9hW9LCedE6shpGNOGvHuIQaAylZebiHhDKzGVfT73oyPasa/latgu49ImB9I3dYwrFfmmaAHNJB+ABx7g/JNjZ3V0tkunACjGG3tXgzBGwTi0MX/jREZdrmgZpqTW3OLo3iZr3eZcnxyI9c4kxO13Xv+h3Mm6kTfHcC5/BzXYyV0UMzP/fWq4+jfn0Z+X9JjSSAJGvWLr4Cr6Jkb6MdifKUH+PdX4uM7RQPf1mzhuGqpuDYmz0rbRwOT0nNRFFhdWZp1XuDLp0VeXSQyE3xnP+/AvxdM1yxppEPNhF4RGUWKww=; Domain=.network-policy.cloud.ibm.com; Path=/; Expires=Fri, 29 Mar 2024 00:20:12 GMT; Max-Age=7199; HttpOnly
Strict-Transport-Security: max-age=31536000; includeSubDomains
Transaction-Id: 9bbf37ef-3261-4dc2-90ed-991ccb535306
X-Content-Type-Options: nosniff
X-Correlation-Id: 9bbf37ef-3261-4dc2-90ed-991ccb535306
X-Proxy-Upstream-Service-Time: 54
X-Ratelimit-Limit: 10
X-Ratelimit-Remaining: 8
X-Ratelimit-Reset: 1711664413
{"description":"test rule config basic","resources":[{"attributes":[{"name":"accountId","value":"37cb83958369439db2ef3d6156f82b9d"},{"name":"serviceName","value":"user-management"}],"tags":[{"name":"tag_name","value":"tag_value"}]}],"contexts":[{"attributes":[{"name":"networkZoneId","value":"3cbe2e308ead56b8021b8a8618089776"}]}],"operations":{"api_types":[{"api_type_id":"crn:v1:bluemix:public:context-based-restrictions::::api-type:","display_name":"All","description":"Protects all service APIs."}]},"enforcement_mode":"disabled","id":"d38463f844a13ed98eb97c48f909cb5a","crn":"crn:v1:bluemix:public:context-based-restrictions:global:a/37cb83958369439db2ef3d6156f82b9d::rule:d38463f844a13ed98eb97c48f909cb5a","href":"https://testing-1-ap-south.network-policy.cloud.ibm.com/v1/rules/d38463f844a13ed98eb97c48f909cb5a","created_at":"2024-03-28T22:19:51Z","created_by_id":"IBMid-550003PATQ","last_modified_at":"2024-03-28T22:19:51Z","last_modified_by_id":"IBMid-550003PATQ"}: timestamp=2024-03-28T17:20:13.332-0500
2024-03-28T17:20:13.335-0500 [WARN] Provider "provider[\"github.ibm.com/ibm-cloud/ibm\"]" produced an unexpected new value for ibm_cbr_rule.cbr_rule, but we are tolerating it because it is using the legacy plugin SDK.
The following problems may be the cause of any confusing errors from downstream operations:
- .transaction_id: was null, but now cty.StringVal("")
- .x_correlation_id: was null, but now cty.StringVal("")
- .resources[0].tags[0].operator: was null, but now cty.StringVal("")
ibm_cbr_rule.cbr_rule: Creation complete after 22s [id=d38463f844a13ed98eb97c48f909cb5a]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed. |
|
@zhenwan you might want to review? |
hkantare
reviewed
Mar 30, 2024
| if response != nil && response.StatusCode == 404 { | ||
| d.SetId("") |
There was a problem hiding this comment.
Chane the retry logic to use Resource.RetryContext
There was a problem hiding this comment.
Resource.RetryContext is considered deprecated.
https://pkg.go.dev/github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource#RetryContext
| getZoneOptions.SetZoneID(d.Id()) | ||
|
|
||
| zone, response, err := contextBasedRestrictionsClient.GetZoneWithContext(context, getZoneOptions) | ||
| if err != nil { | ||
| if response != nil && response.StatusCode == 404 { | ||
| d.SetId("") | ||
| return nil | ||
| // Manual change. leverage retry for the read due to eventual consistency of the service. |
There was a problem hiding this comment.
Resource.RetryContext is considered deprecated.
https://pkg.go.dev/github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource#RetryContext
There was a problem hiding this comment.
We can use retry.RetryContext instead of Resource.RetryContext as sugested in deprecation
There was a problem hiding this comment.
|
@ocofaigh yes |
zhenwan
reviewed
Apr 3, 2024
| getRuleOptions := &contextbasedrestrictionsv1.GetRuleOptions{} | ||
| getRuleOptions.SetRuleID(id) | ||
| _, response, err := cbrClient.GetRuleWithContext(context, getRuleOptions) | ||
| if err != nil && response.StatusCode == 404 { |
There was a problem hiding this comment.
better to have log output with error and waiting time for next try if the retry does not do it
zhenwan
reviewed
Apr 3, 2024
| if response != nil && response.StatusCode == 404 { | ||
| d.SetId("") | ||
| return nil | ||
| log.Printf("[INFO] Read cbr rule response status code: 404, provider will try again. %s", err) |
There was a problem hiding this comment.
add sleeping time before call waitForCbrRuleRead ?
zhenwan
reviewed
Apr 3, 2024
| getZoneOptions := &contextbasedrestrictionsv1.GetZoneOptions{} | ||
| getZoneOptions.SetZoneID(id) | ||
| _, response, err := cbrClient.GetZoneWithContext(context, getZoneOptions) | ||
| if err != nil && response.StatusCode == 404 { |
There was a problem hiding this comment.
better to have log output with error and waiting time for next try if the retry does not do it
zhenwan
reviewed
Apr 3, 2024
| d.SetId("") | ||
| return nil | ||
| // Manual change. leverage retry for the read due to eventual consistency of the service. | ||
| log.Printf("[INFO] Read cbr zone response status code: 404, provider will try again. %s", err) |
There was a problem hiding this comment.
add sleeping time before call waitForCbrZoneRead ?
hkantare
reviewed
Apr 18, 2024
| // end Manual Change | ||
| } else { | ||
| log.Printf("[DEBUG] GetRuleWithContext failed %s\n%s", err, response) | ||
| return diag.FromErr(fmt.Errorf("GetRuleWithContext failed %s\n%s", err, response)) | ||
| } |
There was a problem hiding this comment.
This logic handle the case when CBR rule is deleted outside Terraform context and when user runs plan it should diff a new resource will be created instead of throwing error
Move this wait logic here after creation wait till its acauires desired state
There was a problem hiding this comment.
@hkantare I don't agree with your comment above. The code you highlighted above is already in the master branch which is utilized to manage rule read errors if the StatusCode is not 404
The logic Tim updated to the function resourceIBMCbrRuleRead is to handle the Eventual consistency issue that a user reported here. The Eventual Consistency issue arises because the rule was created in one region, but the read call for the rule went to another region before the rule data became available in the second region.
Tim updated
if response != nil && response.StatusCode == 404 { } code block is updated by adding some retry logic if the rule can not be found after run terraform apply (404 error), we need to use the code you highlighted to handle other errors.
Please let me know if I miss understood your comment.
|
@zhenwan I understood we added this logic to support Eventual but we are breaking the scenario which currently exists in master branch Steps
|
|
@hkantare ok, Now I understand what you meant. I will update the code. |
|
@hkantare code has been updated, please re-review. |
|
Thanks |
hkantare
approved these changes
Apr 23, 2024
|
@hkantare Resolved the conflicts. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Community Note
Relates OR Closes #0000
Closes #4171
Closes #5002
Closes #4971
Output from acceptance testing:
$ make testacc TESTARGS='-run=TEST=./ibm/service/contextbasedrestrictions' === RUN TestAccIBMCbrRuleDataSourceBasic --- PASS: TestAccIBMCbrRuleDataSourceBasic (12.91s) === RUN TestAccIBMCbrRuleDataSourceAllArgs --- PASS: TestAccIBMCbrRuleDataSourceAllArgs (11.39s) === RUN TestAccIBMCbrZoneDataSourceBasic --- PASS: TestAccIBMCbrZoneDataSourceBasic (10.23s) === RUN TestAccIBMCbrZoneDataSourceAllArgs --- PASS: TestAccIBMCbrZoneDataSourceAllArgs (9.41s) === RUN TestAccIBMCbrRuleBasic --- PASS: TestAccIBMCbrRuleBasic (10.01s) === RUN TestAccIBMCbrRuleAllArgs --- PASS: TestAccIBMCbrRuleAllArgs (18.06s) === RUN TestAccIBMCbrZoneBasic --- PASS: TestAccIBMCbrZoneBasic (9.40s) === RUN TestAccIBMCbrZoneAllArgs --- PASS: TestAccIBMCbrZoneAllArgs (18.45s) PASS ...