Add custom external name configurations #43
+154
−7
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix import ID format for resources that require composite IDs: - PrivateNetwork: service_name/network_id - Subnet: service_name/network_id/subnet_id - User: service_name/user_id - S3Credentials: service_name/user_id/access_key_id - S3Policy: service_name/user_id - Gateway: service_name/region/gateway_id This fixes import failures for async resources after pod restart when using the Import fallback mechanism.
This fix prevents incomplete composite IDs from being set in Terraform state when resources are being created (before external-name is assigned). Problem: -------- When resources were being created with empty external-name, GetIDFn was constructing incomplete IDs like: - service_name/ (missing resource_id) - service_name/region/ (missing gateway_id) This caused Terraform refresh to fail with OVH API errors: - "Given data (...) is not valid for type uuid" - "expected 'userId' to be of type int" Solution: --------- Updated GetIDFn for the following resources to check if externalName is empty and return "" instead of constructing partial IDs: - PrivateNetwork (service_name/network_id) - Subnet (service_name/network_id/subnet_id) - User (service_name/user_id) - S3Credentials (service_name/user_id/access_key_id) - Gateway (service_name/region/gateway_id) S3Policy kept its existing behavior since it doesn't use external-name in its ID format (only service_name/user_id). Testing: -------- - ✅ Resources create successfully without refresh errors - ✅ Import works correctly with proper composite IDs - ✅ No incomplete IDs set in tfstate during creation Signed-off-by: Fabien Castarède <[email protected]>
Member
|
@fabiencastarede thank you for this PR, LGTM. Could you meanwhile fix the local-deploy job please? |
smileisak
approved these changes
Dec 20, 2025
Contributor
Author
|
@smileisak I'm not sure about what's wrong with the local-deploy job: the Dockerfile has not changed and the error log mentioned a 502 bad gateway: ERROR: failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/library/alpine/blobs/sha256:042a816809aac8d0f7d7cacac7965782ee2ecac3f21bcf9f24b1de1a7387b769: 502 Bad GatewayJob runs without error on my machine. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix: Handle empty external-name in GetIDFn to prevent incomplete composite IDs
Description
This PR fixes an issue where resources with composite ID formats were generating incomplete IDs in Terraform state when the
external-namewas empty (during initial resource creation). This caused Terraform refresh operations to fail with OVH API errors.Problem
When resources are being created, they don't yet have an
external-nameannotation set. However, theGetIDFnfunction was still being called during state initialization, causing it to construct incomplete composite IDs such as:f93f1228ddd841578fc3069b5cf2fd7d/(missing user_id for User resource)f93f1228ddd841578fc3069b5cf2fd7d/EU-WEST-PAR/(missing gateway_id for Gateway resource)f93f1228ddd841578fc3069b5cf2fd7d/network-id/(missing subnet_id for Subnet resource)These incomplete IDs were then set in the Terraform state, causing subsequent refresh operations to fail with OVH API errors:
Root Cause
The issue occurs in the following flow:
external-nameEnsureTFState()is called to initialize Terraform stateGetIDFn()is called with emptyexternalNameparameterGetIDFn()constructs partial composite ID (e.g.,service_name/)Solution
Updated
GetIDFnimplementations for resources with composite ID formats to check ifexternalNameis empty and return an empty string instead of constructing an incomplete ID.Changes
Modified
config/external_name.goto add emptyexternalNamechecks inGetIDFnfor:PrivateNetwork (
ovh_cloud_project_network_private)service_name/network_id""ifexternalNameis emptySubnet (
ovh_cloud_project_network_private_subnet)service_name/network_id/subnet_id""ifexternalNameis emptyUser (
ovh_cloud_project_user)service_name/user_id""ifexternalNameis emptyS3Credentials (
ovh_cloud_project_user_s3_credential)service_name/user_id/access_key_id""ifexternalNameis emptyGateway (
ovh_cloud_project_gateway)service_name/region/gateway_id""ifexternalNameis emptyS3Policy (
ovh_cloud_project_user_s3_policy)service_name/user_idexternalNamein ID, only added documentation commentTest Scenarios
Impact
externalNameis emptyRelated Work
ovh_cloud_project_storageNotes
This fix is essential for resources that use composite IDs (IDs composed of multiple parameters). When combined with the upjet Import fallback for async resources, it provides a complete solution for handling resource state across pod restarts and Velero backup/restore operations.
The S3Policy resource configuration was updated with documentation comments but doesn't require the empty check since its ID format (
service_name/user_id) doesn't depend on theexternalNamevalue.