Actions not respecting resource dependencies #37975
Description
Terraform Version
Terraform v1.15.0-alpha20251203Terraform Configuration Files
terraform {
required_providers {
foxcon = {
source = "registry.terraform.io/fox-md/foxcon"
}
confluent = {
source = "confluentinc/confluent"
version = "2.54.0"
}
}
}
provider "foxcon" {
schema_registry_rest_endpoint = "http://localhost:8081"
schema_registry_api_key = "admin"
schema_registry_api_secret = "admin-secret"
}
provider "confluent" {
schema_registry_id = "lsrc-abc123"
schema_registry_rest_endpoint = "http://localhost:8081"
schema_registry_api_key = "admin"
schema_registry_api_secret = "admin-secret"
}
variable "subject_name" {
default = "test2"
}
locals {
json_schema = <<-EOT
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "http://example.com/myURI.schema.json",
"title": "SampleRecord",
"description": "Sample schema to help",
"type": "object",
"additionalProperties": false,
"properties": {
"myField1": {
"type": "integer",
"description": "The integer type is used for integral numbers."
}
}
}
EOT
}
resource "confluent_subject_mode" "test" {
subject_name = var.subject_name
mode = "READONLY"
}
resource "confluent_schema" "this" {
depends_on = [ confluent_subject_mode.test ]
subject_name = var.subject_name
format = "JSON"
schema = jsonencode(local.json_schema)
lifecycle {
action_trigger {
events = [after_create, after_update]
actions = [action.foxcon_set_subject_mode.ro]
}
action_trigger {
events = [before_create, before_update]
actions = [action.foxcon_set_subject_mode.rw]
}
}
}
action "foxcon_set_subject_mode" "ro" {
config {
subject_name = var.subject_name
mode = "READONLY"
}
}
action "foxcon_set_subject_mode" "rw" {
config {
subject_name = var.subject_name
mode = "READWRITE"
}
}
Debug Output
Dependency graph:
terraform graph
digraph G {
rankdir = "RL";
node [shape = rect, fontname = "sans-serif"];
"confluent_schema.this" [label="confluent_schema.this"];
"confluent_subject_mode.test" [label="confluent_subject_mode.test"];
"confluent_schema.this" -> "confluent_subject_mode.test";
}
Action kicks in before any other resources are being created:
Plan: 2 to add, 0 to change, 0 to destroy. Actions: 2 to invoke.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
Action started: action.foxcon_set_subject_mode.rw (triggered by confluent_schema.this)
Action action.foxcon_set_subject_mode.rw (triggered by confluent_schema.this):
Subject test2 mode has been set to 'READWRITE'
Action complete: action.foxcon_set_subject_mode.rw (triggered by confluent_schema.this)
confluent_subject_mode.test: Creating...
confluent_subject_mode.test: Still creating... [00m10s elapsed]
confluent_subject_mode.test: Creation complete after 10s [id=lsrc-abc123/test2]
confluent_schema.this: Creating...
╷
│ Error: error creating Schema: 422 Unprocessable Entity: Subject test2 is in read-only mode
│
│ with confluent_schema.this,
│ on main.tf line 67, in resource "confluent_schema" "this":
│ 67: resource "confluent_schema" "this" {
│
╵
Expected Behavior
I was expecting terraform to create the confluent_subject_mode.test first before executing actions for another resource, according to the dependency graph. Before action should be executed right before the target resource is being changed or immediately after the target resource is being changed.
Actual Behavior
Terraform executes before actions before any resources are being created/updated, disrespecting dependency graph.
Steps to Reproduce
Create any configuration with 2 or more resources.
Make sure that resource B has a before action configured and that resource B is dependent on the resource A.
Run terraform init, plan, apply.
Verify execution order.
Additional Context
No response
References
Generative AI / LLM assisted development?
No response