Dependency graph bottleneck


I’m curious if there is a way to remove a bottle neck when you link resources.

I want to create a create dns zone and create a dns zone link. And I needed to add a sleep between (because of propagation of dns zones).

But the procedure looks like the following: Batch 1 (dns zone) → batch 2 (sleep) → batch 3 (links)

resource "azurerm_private_dns_zone" "dns_zone" {
  for_each = var.dns_zones

  name                = each.value
  resource_group_name = var.resource_group_name

resource "time_sleep" "deploy_dns_zone" {
  for_each = var.dns_zones

  triggers = {
    id   = azurerm_private_dns_zone.dns_zone[each.key].id
    name = azurerm_private_dns_zone.dns_zone[each.key].name

  create_duration = "3m"

resource "azurerm_private_dns_zone_virtual_network_link" "dns_link" {
  for_each = var.dns_zones

  name                  = "dnsl-${each.value}"
  resource_group_name   = var.resource_group_name
  private_dns_zone_name = time_sleep.deploy_dns_zone[each.key]
  virtual_network_id    = var.virtual_network_id

Is there a way to unbatch them, so as soon as each dns zone will get created the sleep will begin?

Hi @pszypowicz,

Dependencies are between whole resource blocks rather than between individual instances, because the for_each expression itself also creates dependencies and so Terraform must build the dependency graph before resolving the individual instances.

There is no way to achieve a more precise dependency graph unless you write a separate resource block for each instance, instead of using for_each.

I think perhaps a better path here would be to fix the Azure provider so that its own azurerm_private_dns_zone resource type will wait until the object is actually ready before telling Terraform Core it is complete, thereby avoid the need for this hardcoded delay.

If there isn’t already an issue open for that then I’d suggest opening one in the provider’s own repository.