fix: use terraform_data instead of null_resource (#924)

Author: Aashiq-J

README.md

@@ -366,8 +366,8 @@ Optionally, you need the following permissions to attach Access Management tags
 | [kubernetes_config_map_v1_data.set_autoscaling](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map_v1_data) | resource |
 | [null_resource.config_map_status](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.confirm_network_healthy](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [null_resource.install_required_binaries](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.ocp_console_management](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [terraform_data.install_required_binaries](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
 | [time_sleep.wait_for_auth_policy](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [external_external.ocp_addon_versions](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |
 | [ibm_container_addons.existing_addons](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/container_addons) | data source |

main.tf

@@ -125,9 +125,9 @@ locals {
   default_wp_validation = local.rhcos_check ? true : tobool("If RHCOS is used with this cluster, the default worker pool should be created with RHCOS.")
 }
 
-resource "null_resource" "install_required_binaries" {
+resource "terraform_data" "install_required_binaries" {
   count = var.install_required_binaries && (var.verify_worker_network_readiness || var.enable_ocp_console != null || lookup(var.addons, "cluster-autoscaler", null) != null) ? 1 : 0
-  triggers = {
+  triggers_replace = {
     verify_worker_network_readiness = var.verify_worker_network_readiness
     cluster_autoscaler              = lookup(var.addons, "cluster-autoscaler", null) != null
     enable_ocp_console              = var.enable_ocp_console
@@ -516,7 +516,7 @@ resource "null_resource" "confirm_network_healthy" {
   # Worker pool creation can start before the 'ibm_container_vpc_cluster' completes since there is no explicit
   # depends_on in 'ibm_container_vpc_worker_pool', just an implicit depends_on on the cluster ID. Cluster ID can exist before
   # 'ibm_container_vpc_cluster' completes, so hence need to add explicit depends on against 'ibm_container_vpc_cluster' here.
-  depends_on = [null_resource.install_required_binaries, ibm_container_vpc_cluster.cluster, ibm_container_vpc_cluster.cluster_with_upgrade, ibm_container_vpc_cluster.autoscaling_cluster, ibm_container_vpc_cluster.autoscaling_cluster_with_upgrade, module.worker_pools]
+  depends_on = [terraform_data.install_required_binaries, ibm_container_vpc_cluster.cluster, ibm_container_vpc_cluster.cluster_with_upgrade, ibm_container_vpc_cluster.autoscaling_cluster, ibm_container_vpc_cluster.autoscaling_cluster_with_upgrade, module.worker_pools]
 
   triggers = {
     verify_worker_network_readiness = var.verify_worker_network_readiness
@@ -536,7 +536,7 @@ resource "null_resource" "confirm_network_healthy" {
 ##############################################################################
 resource "null_resource" "ocp_console_management" {
   count      = var.enable_ocp_console != null ? 1 : 0
-  depends_on = [null_resource.install_required_binaries, null_resource.confirm_network_healthy]
+  depends_on = [terraform_data.install_required_binaries, null_resource.confirm_network_healthy]
   triggers = {
     enable_ocp_console = var.enable_ocp_console
   }
@@ -613,7 +613,7 @@ locals {
 
 resource "null_resource" "config_map_status" {
   count      = lookup(var.addons, "cluster-autoscaler", null) != null ? 1 : 0
-  depends_on = [null_resource.install_required_binaries, ibm_container_addons.addons]
+  depends_on = [terraform_data.install_required_binaries, ibm_container_addons.addons]
 
   triggers = {
     cluster_autoscaler = lookup(var.addons, "cluster-autoscaler", null) != null

modules/kube-audit/README.md

@@ -70,9 +70,9 @@ No modules.
 | Name | Type |
 |------|------|
 | [helm_release.kube_audit](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [null_resource.install_required_binaries](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.set_audit_log_policy](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.set_audit_webhook](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [terraform_data.install_required_binaries](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
 | [time_sleep.wait_for_kube_audit](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [ibm_container_cluster_config.cluster_config](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/container_cluster_config) | data source |
 | [ibm_container_vpc_cluster.cluster](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/container_vpc_cluster) | data source |

modules/kube-audit/main.tf

@@ -2,9 +2,9 @@ locals {
   binaries_path = "/tmp"
 }
 
-resource "null_resource" "install_required_binaries" {
+resource "terraform_data" "install_required_binaries" {
   count = var.install_required_binaries ? 1 : 0
-  triggers = {
+  triggers_replace = {
     audit_log_policy                        = var.audit_log_policy
     audit_deployment_name                   = var.audit_deployment_name
     audit_namespace                         = var.audit_namespace
@@ -38,7 +38,7 @@ locals {
 }
 
 resource "null_resource" "set_audit_log_policy" {
-  depends_on = [null_resource.install_required_binaries]
+  depends_on = [terraform_data.install_required_binaries]
   triggers = {
     audit_log_policy = var.audit_log_policy
   }
@@ -60,7 +60,7 @@ locals {
 }
 
 resource "helm_release" "kube_audit" {
-  depends_on    = [null_resource.install_required_binaries, null_resource.set_audit_log_policy, data.ibm_container_vpc_cluster.cluster]
+  depends_on    = [terraform_data.install_required_binaries, null_resource.set_audit_log_policy, data.ibm_container_vpc_cluster.cluster]
   name          = var.audit_deployment_name
   chart         = local.kube_audit_chart_location
   timeout       = 1200
@@ -116,7 +116,7 @@ locals {
 # }
 
 resource "null_resource" "set_audit_webhook" {
-  depends_on = [null_resource.install_required_binaries, time_sleep.wait_for_kube_audit]
+  depends_on = [terraform_data.install_required_binaries, time_sleep.wait_for_kube_audit]
   triggers = {
     audit_log_policy = var.audit_log_policy
   }

modules/kube-audit/scripts/install-binaries.sh

@@ -8,13 +8,11 @@ set -o errexit
 set -o pipefail
 
 DIRECTORY=${1:-"/tmp"}
+export PATH=$PATH:$DIRECTORY
 # renovate: datasource=github-tags depName=terraform-ibm-modules/common-bash-library
 TAG=v0.2.0
 # Running multiple Terraform executions on the same environment that share a /tmp directory can lead to conflicts during script execution.
-SUFFIX=""
-for _ in {1..4}; do
-    SUFFIX+=${RANDOM:0:1}
-done
+TMP_DIR=$(mktemp -d "${DIRECTORY}/common-bash-XXXXX")
 
 echo "Downloading common-bash-library version ${TAG}."
 
@@ -28,22 +26,22 @@ curl --silent \
     --fail \
     --show-error \
     --location \
-    --output "${DIRECTORY}/common-bash-${SUFFIX}.tar.gz" \
+    --output "${TMP_DIR}/common-bash.tar.gz" \
     "https://github.com/terraform-ibm-modules/common-bash-library/archive/refs/tags/$TAG.tar.gz"
 
-mkdir -p "${DIRECTORY}/common-bash-library-${SUFFIX}"
-tar -xzf "${DIRECTORY}/common-bash-${SUFFIX}.tar.gz" -C "${DIRECTORY}/common-bash-library-${SUFFIX}"
-rm -f "${DIRECTORY}/common-bash-${SUFFIX}.tar.gz"
+mkdir -p "${TMP_DIR}/common-bash-library"
+tar -xzf "${TMP_DIR}/common-bash.tar.gz" -C "${TMP_DIR}"
+rm -f "${TMP_DIR}/common-bash.tar.gz"
 
 # The file doesn’t exist at the time shellcheck runs, so this check is skipped.
 # shellcheck disable=SC1091,SC1090
-source "${DIRECTORY}/common-bash-library-${SUFFIX}/common-bash-library-${TAG#v}/common/common.sh"
+source "${TMP_DIR}/common-bash-library-${TAG#v}/common/common.sh"
 
 echo "Installing jq."
 install_jq "latest" "${DIRECTORY}" "true"
 echo "Installing kubectl."
 install_kubectl "latest" "${DIRECTORY}" "true"
 
-rm -rf "${DIRECTORY}/common-bash-library-${SUFFIX}"
+rm -rf "$TMP_DIR"
 
 echo "Installation complete successfully"