View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Circular dependency between bucket and access key creation in Terraform
Log in to Ask a Question

Circular dependency between bucket and access key creation in Terraform

Hi, not sure if this is an understanding problem or a technical one.

I'm trying to provision a Linode object storage bucket and its access key at the same time using Terraform. It looks something like this:

# Bucket encryption key.
resource "linode_object_storage_key" "this" {
  label = var.name

  bucket_access {
    # Scope this key to the bucket.
    cluster     = local.cluster_id
    bucket_name = var.name
    permissions = "read_write"
  }
}

# Object storage bucket.
resource "linode_object_storage_bucket" "this" {
  label   = var.name
  cluster = local.cluster_id
  acl     = "private"

  # Use the access key to provision the bucket.
  access_key = linode_object_storage_key.this.access_key
  secret_key = linode_object_storage_key.this.secret_key
}

Notice that there is not actually a circular dependency in Terraform here: the key can be created using var.name for bucket_name.

When I apply this configuration however, I get the following error:

Error: Error creating a Linode Object Storage Key: [400] [bucket_access[0].bucket_name] Bucket not found

Looks like I can't create an access key if the bucket doesn't exist. And I can't create a bucket if the access key doesn't exist. I assume I can probably add an access key after creating the bucket, but I don't think that's feasible with Terraform.

Open to suggestions :)

1 Reply

Yeah this is a tricky one.

From what I understand about object storage, the ACLs are attached with IDs to buckets/keys, so a bucket would need to exist in order for the new key to be attached to its ACL.

Why do you feel creating the access key after the bucket wouldn’t work?

Does Terraform use the Linode API to do these operations, in which case it would already have an authorisation to create both buckets and access keys? So it could create the bucket and then create the access key (limited to that bucket) after?

Essentially this is the same process as if you were doing it through the UI - you need the bucket to exist before you can allocate permissions for it to an access key.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct