Fix kubernetes_job updates

[pdecat]

This is marked as WIP because it needs:

• complete acceptance test run
• documentation updates
• Add ExpectedDiffChanges to assert expected diff change type in acceptance test steps terraform-plugin-sdk#329

This PR allows to update the following fields of a kubernetes_job resource without recreating it:

• active_deadline_seconds
• backoff_limit
• parallelism

It also forces the recreation of a job resource when its pod template image field is modified.
Previously, it would detect a change was needed:

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # kubernetes_job.terraform will be updated in-place
  ~ resource "kubernetes_job" "terraform" {
        id = "default/terraform"

        metadata {
            annotations      = {}
            generation       = 0
            labels           = {}
            name             = "terraform"
            namespace        = "default"
            resource_version = "10107"
            self_link        = "/apis/batch/v1/namespaces/default/jobs/terraform"
            uid              = "c1f56d3b-b9cb-40ad-abb3-0ca76a677329"
        }

      ~ spec {
            active_deadline_seconds = 0
            backoff_limit           = 1
            completions             = 1
            manual_selector         = false
            parallelism             = 1

          ~ selector {
              + match_labels = {}
            }

          ~ template {
                metadata {
                    annotations = {}
                    generation  = 0
                    labels      = {}
                }

              ~ spec {
                    active_deadline_seconds          = 0
                    automount_service_account_token  = true
                    dns_policy                       = "ClusterFirst"
                    host_ipc                         = false
                    host_network                     = false
                    host_pid                         = false
                    node_selector                    = {}
                    restart_policy                   = "Never"
                    service_account_name             = "terraform"
                    share_process_namespace          = false
                    termination_grace_period_seconds = 30

                  ~ container {
                        args                     = []
                        command                  = [
                            "sh",
                            "-c",
2020/02/18 16:44:31 [DEBUG] command: asking for input: "Do you want to perform these actions?"
                            "set && set -x && apk --no-cache add curl && mkdir -p ~/.terraform.d/plugins && curl https://storage.googleapis.com/pdecat-builds/terraform-provider-kubernet
es_v1.11.1-dev > ~/.terraform.d/plugins/terraform-provider-kubernetes_v1.11.1-dev && chmod +x ~/.terraform.d/plugins/* && mkdir /tf && cd /tf && cp /configuration/main.tf . && TF_LOG=TR
ACE terraform init && TF_LOG=TRACE terraform plan && TF_LOG=TRACE terraform apply -auto-approve ; sleep 60 && terraform destroy -auto-approve",
                        ]
                      ~ image                    = "hashicorp/terraform:0.12.20" -> "hashicorp/terraform:0.12.13"
                        image_pull_policy        = "IfNotPresent"
                        name                     = "terraform"
                        stdin                    = false
                        stdin_once               = false
                        termination_message_path = "/dev/termination-log"
                        tty                      = false

                        resources {
                        }

                        volume_mount {
                            mount_path        = "/configuration"
                            mount_propagation = "None"
                            name              = "configuration"
                            read_only         = false
                        }
                        volume_mount {
                            mount_path        = "/root"
                            mount_propagation = "None"
                            name              = "home"
                            read_only         = false
                        }
                    }

                    volume {
                        name = "configuration"

                        config_map {
                            default_mode = "0644"
                            name         = "terraform"
                        }
                    }
                    volume {
                        name = "home"

                        empty_dir {}
                    }
                }
            }
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

But submit an empty patch operation:

2020-02-18T16:46:07.508+0100 [DEBUG] plugin.terraform-provider-kubernetes_v1.11.1-dev: 2020/02/18 16:46:07 [DEBUG] Kubernetes API Request Details:
2020-02-18T16:46:07.508+0100 [DEBUG] plugin.terraform-provider-kubernetes_v1.11.1-dev: ---[ REQUEST ]---------------------------------------
2020-02-18T16:46:07.508+0100 [DEBUG] plugin.terraform-provider-kubernetes_v1.11.1-dev: PATCH /apis/batch/v1/namespaces/default/jobs/terraform HTTP/1.1
2020-02-18T16:46:07.508+0100 [DEBUG] plugin.terraform-provider-kubernetes_v1.11.1-dev: Host: 192.168.39.222:8443
2020-02-18T16:46:07.508+0100 [DEBUG] plugin.terraform-provider-kubernetes_v1.11.1-dev: User-Agent: HashiCorp/1.0 Terraform/0.12.20
2020-02-18T16:46:07.508+0100 [DEBUG] plugin.terraform-provider-kubernetes_v1.11.1-dev: Content-Length: 2
2020-02-18T16:46:07.508+0100 [DEBUG] plugin.terraform-provider-kubernetes_v1.11.1-dev: Accept: application/json, */*
2020-02-18T16:46:07.508+0100 [DEBUG] plugin.terraform-provider-kubernetes_v1.11.1-dev: Content-Type: application/json-patch+json
2020-02-18T16:46:07.508+0100 [DEBUG] plugin.terraform-provider-kubernetes_v1.11.1-dev: Accept-Encoding: gzip
2020-02-18T16:46:07.508+0100 [DEBUG] plugin.terraform-provider-kubernetes_v1.11.1-dev:
2020-02-18T16:46:07.508+0100 [DEBUG] plugin.terraform-provider-kubernetes_v1.11.1-dev: []

[pdecat]

Only added ForceNew: !isUpdatable here as that's what made me notice the issue, but it should probably be generalized to other fields.

[pdecat]

This used to force recreation of the resource so the previous acceptance passed anyway: https://github.com/terraform-providers/terraform-provider-kubernetes/pull/769/files#diff-de5bc44a1e838d53cd603bc71a631b48R74

[pdecat]

patchJobSpec() was not invoked anywhere before.

[pdecat]

@alexsomesan do you know of a way to ensure a resource is updated or recreated during acceptance test steps checks?

In the context of kubernetes, this could probably be achieved comparing resource uid between steps, but it is not trivial, and it could most certainly be achieved more generically at the terraform TestStep level.

[alexsomesan]

There isn't any canonical way. For Kubernetes specifically I would look at metadata.generation or metadata.creation_timestamp and track those between the different test steps. I'm not entirely sure how generation behaves between updates, but the creation timestamp should not change.

[pdecat]

I'll try this. In the mean time, I found https://github.com/hashicorp/terraform-plugin-sdk/issues/77

[pdecat]

I've submitted hashicorp/terraform-plugin-sdk#329, based on hashicorp/terraform-plugin-sdk#222

[dak1n1]

@pdecat you were right about looking at the UID, btw. I've been adding a bunch of checks to ensure resources aren't deleted and re-created. I built off of someone else's work who implemented the ForceNew checks in the provider tests. So that's how the UID comparison is done.

[pdecat]

Acceptance test results with the new TestStep.ExpectedDiffChanges() assertions:

# make testacc TEST=./kubernetes TESTARGS='-run=TestAccKubernetesJob -count=1'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./kubernetes -v -run=TestAccKubernetesJob -count=1 -timeout 120m
go: finding k8s.io/client-go v12.0.0+incompatible
go: finding k8s.io/client-go v12.0.0+incompatible
go: finding github.com/terraform-providers/terraform-provider-google v2.17.0+incompatible
go: finding github.com/terraform-providers/terraform-provider-aws v2.32.0+incompatible
go: finding github.com/terraform-providers/terraform-provider-google v2.17.0+incompatible
go: finding github.com/terraform-providers/terraform-provider-aws v2.32.0+incompatible
=== RUN   TestAccKubernetesJob_basic
--- PASS: TestAccKubernetesJob_basic (32.57s)
PASS
ok      github.com/terraform-providers/terraform-provider-kubernetes/kubernetes 32.616s

[pdecat]

I believe this PR is still useful, so I'm going to remove all references to ExpectedDiffChanges that I was trying to introduce in hashicorp/terraform-plugin-sdk#329 PR which was declined because of the Terraform SDK v2 transition.

[pdecat]

The hashicorp/terraform-plugin-sdk#329 PR that was introducing ExpectedDiffChanges was declined because of the Terraform SDK v2 transition.

[pdecat]

The hashicorp/terraform-plugin-sdk#329 PR that was introducing ExpectedDiffChanges was declined because of the Terraform SDK v2 transition.

[pdecat]

The hashicorp/terraform-plugin-sdk#329 PR that was introducing ExpectedDiffChanges was declined because of the Terraform SDK v2 transition.

[pdecat]

The hashicorp/terraform-plugin-sdk#329 PR that was introducing ExpectedDiffChanges was declined because of the Terraform SDK v2 transition.

[pdecat]

Some terrafmt errors are not picked up by the CI:

$ make tests-lint
go install github.com/bflad/tfproviderdocs
go install github.com/client9/misspell/cmd/misspell
go install github.com/katbyte/terrafmt
go mod tidy
go mod vendor
==> Checking acceptance test terraform blocks code with terrafmt...
ERRO[0000] block 1 @ kubernetes/resource_kubernetes_job_test.go:340 failed to find end of block 
ERRO[0000] block 2 @ kubernetes/resource_kubernetes_job_test.go:340 failed to find end of block 
The command "make tests-lint" exited with 0.

[dak1n1]

Thanks for this PR! I just noticed it. I happen to have a bunch of related work in progress. I think I can fit your changes into my PR, since it's related to PodSpec. I'll make sure you get credit for the work too (co-author in github).

[dak1n1]

I pulled your changes into this PR #1074, so I'll go ahead and close this old PR. Thanks for these contributions!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!