Bug: resource "anypoint_bg" can not be created in for_each loop

[artem-kosenko]

I have a map with just 2 business groups to be created (later it will be much more). I described the resource like this:

resource "anypoint_bg" "this" {
  for_each = var.business_groups

  name                   = each.key
  parent_organization_id = each.value.parent_organization_id
  owner_id               = each.value.owner_id 

  entitlements_createsuborgs      = false
  entitlements_createenvironments = true
  entitlements_globaldeployment   = false
}

and during terraform apply (and destroy) it failed each time both business_groups (BG) should be created/deleted at the same time.

In case I add 1st BG in the var.business_groups, then perform terraform apply, then add 2nd BG in var.business_groups, then perform terraform apply one more time - everything works perfect. But in case I run terraform destroy and it tries to delete both of then at the same time it failed randomly on BG1 of or BG2. 2nd try to run terraform destroy deletes failed resource w/o an issue.

so, it look like it is some library or api limitation under the hood that does not allows to create/delete 2 an more business groups at the same time, but works fine in case that are creating/deleting one by one. I thing some retry logic inside the provider for that kind of resource might help.

Or it might be implemented as a separate resource definition like below, that will perform each business_group block as a separate API call.

resource "anypoint_bgs" "this" {

  dynamic "business_group" {
    for_each =  var.business_groups
    content = {
      name                   = business_group.key
      parent_organization_id = business_group.value.parent_organization_id
      owner_id               = business_group.value.owner_id 
    }
}

[artem-kosenko]

Workaround is to run terraform with -parallelism=1 option (by default it is 10).
I'm managing quite complex terraform setup with terragrunt on top, so I added that for destroy,apply actions in the terragrunt.chl for that specific module. Works perfect now. Anyway, it looks like some MuleSoft Anypoint API limitation under the hood.

https://developer.hashicorp.com/terraform/cli/commands/apply#parallelism-n
https://terragrunt.gruntwork.io/docs/reference/config-blocks-and-attributes/#terraform (see extra_arguments examples here)

[soufi]

Do you have any error message @artem-kosenko pointing to the provider itself ?

It might be a limitation of the Mulesoft API.

[Tarzac]

I'm using the provider without any issue. Here is my code :

resource "anypoint_bg" "bg" {
  for_each = {
    for p in local.bg_list :
    p.id => p
  }

  name                                              = each.value.name
  parent_organization_id                            = var.root_org_id
  owner_id                                          = var.org_admin
  entitlements_createsuborgs                        = false
  entitlements_createenvironments                   = true
  entitlements_globaldeployment                     = true
  entitlements_vcoresproduction_assigned            = each.value.vcores_production
  entitlements_vcoressandbox_assigned               = each.value.vcores_sandbox
  entitlements_vcoresdesign_assigned                = each.value.vcores_design

  # default values (for terraform diff)
  is_federated                                      = true
  entitlements_anypointsecurityedgepolicies_enabled = false
  entitlements_anypointsecuritytokenization_enabled = false
  entitlements_apiquery_enabled                     = false
  entitlements_designcenter_mozart                  = false
  entitlements_messaging_assigned                   = 0
  entitlements_mqadvancedfeatures_enabled           = false
  entitlements_mqmessages_base                      = 0
  entitlements_mqrequests_base                      = 0
  entitlements_monitoringcenter_productsku          = 2
}

PS: Just the flag entitlements_createenvironments is not working (always set to false)