aws_api_gateway_deployment doesn't get updated after changes #6613
Comments
|
This is pretty important to me. The issue seems to be that a deployment isn't really a resource on the AWS side; it functions like a logical deployment. When you create a deployment, it makes the current state of your REST API active; it's essentially a "commit" operation on the current configuration. As a result:
My workaround for this is as follows:
|
|
This is pretty critical - basically means Further, setting TL;DR you can't rely on |
|
Hi all, The inability for Terraform to understand implicit update relationships between resources is known, and so far we've tended to solve it in more targeted ways by adding special "change detector" attributes to resources, such as the API Gateway doesn't make such a quick workaround simple because there isn't a good single thing we can take a hash of in order to represent a change. However, one possible semi-fix we could do in the mean time is to add a I understand that such a solution is non-ideal due to the fact that there are so many little details in an API Gateway REST API, but I wonder if it would fill this hole slightly in the mean time. What do you think? In the long run, something like what I proposed in #6810 could address this in a more robust way, though as proposed it would require a specific event annotation on every single API resource, which is not super-convenient. It would be nice to be able to easily specify the supposed common case of "re-deploy this API for any change to it". |
|
@apparentlymart The trigger seems a good idea :) |
You would probably only ever want that for e.g. |
|
we have the same problem with our APIGs, dependencies just don't work at all anyone figured out how to force redeployment with use of aws cli? |
|
Couldn't all these problems be effectively solved (or rather, a workaround could be baked into the system) if the suggested Something which says "if anything in any of these resources is being added/changed/destroyed then this resource needs to be updated". That would allow any and all of these implicit ordering issues to be addressed generically, rather than having to have issues filed and special solutions found for each thing. Perhaps with an option to say don't do it if any of those referenced things failed, which would preserve the intention of things like API Gateway deployments, where you're not meant to deploy something you know is broken. Specific to API Gateway, what would probably work best from an ergonomic point of view would be a collection of stages attached to the But without something, managing API Gateway using Terraform is always going to be problematic. Manual tainting of resources should be for exceptional cases, not everyday API updates. |
|
I ran into the same problem, but I'm not sure its such a bad thing. If I have multiple stages, I may not want to immediately release a deployment to The way I got around it was adding a export TF_VAR_deployed_at=$(date +%s)
terraform plan |
|
@coryodaniel I tried something similar: I was hoping this would just force a redeploy, instead of deleting and recreating like a taint does. Unfortunately both taint and a variable change deletes and recreates with Terraform 0.9.1 |
|
@ClaytonONeill I noticed that the But I'm still struggling with the deployment process the API gateway provides supporting multiple environments (stages?) from one API definition and integrating it in our other terraform scripting which creates a single environment. This would mean duplicate API definitions in the API gateway, but we only need a deployment per environment. Maybe we can switch off the creation of the definitions using |
|
@koenijn you're 100% correct. I've updated my resource to look like this: With this approach it forces a new deploy every time I run apply, which is a decent work around for the time being. |
|
@ClaytonONeill the |
|
@koenijn Tested again, and you're right again. I originally set mine to stage_description and validated that worked. Then thought it'd be nice to use description instead, but didn't test more than once. I've switched back to stage_description. |
|
I solved this using a hash of the file that described the gateway resources. Not sure if it's a good idea but it seems to work better than the timestamp option. |
|
Nice solution @charlieegan3 - that's the only sensible way of working around this TF bug. |
|
I have tried the workarounds mentioned above, but I keep getting the following error (using TF v0.10.6): Here's my resource definition: Did I miss anything from the helpful comments above, or does this simply not work with more recent versions of TF? |
|
From your error message I think the error is different this time, you still have APIs deployed there, in stages and AWS won't let you delete (you are doing a destroy right?) if that's the case. You need to 'empty' the gateway first and then destroy with TF. |
|
@aterreno I got the error message during an |
|
@szilveszter Had this issue today in I had the same issue today and fixed it like I mentioned. To verify, check the deployment timestamp of the final stage. |
Unfortunately the current setup still has the issue that prevents us from replacing the API-GW resources when the Swagger file changes. Fortunately someone else has chimed in with their solution, and this seemed to work during my tests: hashicorp/terraform#6613 (comment) Also changed the output of the module to reflect custom domains. (My test case was only about changing the description variable of the API Gateway module, which affects the Swagger file.)
|
Bouncing off of @koenijn and @charlieegan3 I also added the |
|
Since I define my api across several files in my module, I found it useful to define a computed local which combines the hashes of different files like so: That way, a new deployment will happen whenever any of the files are changed. |
|
@sebnyberg I'm using locals too but instead of having two locals I have only one that looks like this: |
|
I'm running into the same issue as @szilveszter, but I think it's because we're potentially using the idea of stages and deployments incorrectly. The deployment works great the first time, but after that it can't be destroyed because stages are pointing at it. I can't easily use @Puneeth-n's solution, because our API and it's two stages ( Going from the idea of deployments being like 'commits', it seems there's an inherent incompatibility between deployments and the Terraform model anyway, which works best with 'resources'. So, my solution for now. It's likely this will become a pain if I have to do it often, but at the moment when I need to force a redeploy I am removing the existing deployments from the state: This simply forces Terraform to 'forget' about the existing deployments and create new ones, which you pretty much don't want to do for normal resources... but it seems to me to fit in this situation (and no, it doesn't seem necessary to update the |
|
@tdmalone if in the deployment resource, if you pass empty The solution I suggested is old. Checkout my new module and how I do it: |
|
Using stage_description seems like a good work-around to solve this issue. Rather than just using the md5 of a file or something, I'm putting the ids of all dependent resources in the stage_description, so it's a little more targeted: |
|
I ran into this problem again today when using To resolve it, I changed the |
|
Best that I have got: Seems to work for most updates, but there are serious design issues in the deployement "resource". |
|
Varying the resource "aws_api_gateway_deployment" "service" {
depends_on = [
"aws_api_gateway_integration.lambda",
"aws_api_gateway_integration.lambda_root",
]
rest_api_id = "${aws_api_gateway_rest_api.service.id}"
stage_description = "${md5(file("${path.module}/api_gateway.tf"))}"
stage_name = "${var.env}"
lifecycle {
create_before_destroy = true
}
} |
|
Thanks for all the comments here. That helped a lot. Based on that I came up with something similar to redeploy whenever my local IP changes during testing. data "http" "icanhazip" {
url = "http://icanhazip.com"
}
locals {
whitelist_ips = [
"${data.http.icanhazip.body}",
"some.static.ip",
"another.static.ip",
]
whitelist_ips_hash = "${md5(join(",", local.whitelist_ips))}"
}
resource "aws_api_gateway_deployment" "..." {
...
variables {
whitelist_ips_hash = "${local.whitelist_ips_hash}"
}
} |
|
Hi all! This issue was migrated over to hashicorp/terraform-provider-aws#162 as part of splitting the providers into their own repositories. It looks like the bot that did it got its commenting privileges rate limited during the migration and so it unfortunately didn't post a specific note about it here at the time. The resource in question here is no longer in this repository, so please take further discussion on this issue over to hashicorp/terraform-provider-aws#162 where the AWS provider maintainers can see it. Thanks! |
and others
aws_api_gateway_deploymentdoesn't get updated after a dependent resource changes. For example, if I change aaws_api_gateway_integrationresource to modify therequest_templateproperty,aws_api_gateway_deploymentshould be triggered. Since that doesn't happen, the stage specified in the deployment continues to use the old configuration.depends_ondoesn't seem to be sufficient; I tried capturing that dependency and it didn't work, and as I understand it,depends_ononly captures ordering.A workaround is to taint the
aws_api_gateway_deploymentresource after a successful apply and re-running apply.The text was updated successfully, but these errors were encountered: