Terraform null_resources does not detect changes , I have to manually do taint to recreate it


I am using null_resource for the generation of few modules , I am running terraform plan,
these resources does not exist still terraform plan not able to detect , i have to manually do taint like below command to get the resource created for me .

terraform taint module.ingress.module.letsencrypt_issuers.null_resource.kubernetes_manifest

how I can make these resource triggered automatically as part of terraform plan/apply

Hi @Snehil03,

We would need to see a more complete example of the configuration in order to know what is happening. Any change to the triggers attribute of null_resource.kubernetes_manifest will cause it to be replaced.

My only guess would be that the data referenced from null_resource.kubernetes_manifest is statically known in the config and not changing, even though it may also be used in a resource which is being replaced. If that is the case, the solution is to ensure that any resource you want to trigger the null resource replacement has a computed attribute somehow combined into the triggers map.

Hello @jbardin
I am using the solution suggested as part of these thread,

this is how , I am invoking trigger

    locals {
      template_input = {
      url = var.url
      manifest = var.data
      validate = var.validate
      namespace = var.namespace
      kubeconfig = var.kubeconfig

resource "null_resource" "kubernetes_manifest" {

  triggers = {
    manifest_sha1 = sha1(jsonencode(var.trigger == null ? local.template_input : var.trigger))
    provisioner_script = templatefile("${path.module}/kubectl_apply.tpl.sh", local.template_input)

  provisioner "local-exec" {
    environment = {
      KUBECONFIG = "/tmp/kubeconfig_${uuid()}"
    command = self.triggers.provisioner_script
    //command = templatefile("${path.module}/kubectl_apply.tpl.sh", local.template_input)

Thanks @Snehil03, but unfortunately that is still not sufficient to determine what is going on, as we need to be able to see how all the input to the triggers block are evaluated, and exactly what commands are being executed.

When applying a change, the null resource will be replaced if any of the values in triggers have changes. If the resource is not being replaced when you expect it, it means that the values for manifest_sha1 and provisioner_script are identical to those that are named in the state. If var.trigger, local.template_input and kubectl_apply.tpl.sh have no changes, then the resource will not be replaced, so I would start buy inspecting how those values are derived.

Thanks @jbardin : After your detailed description , I had revalidated my entire code with respect to trigger, made few changes to make it work , It seems to be working now.