search

CrowdStrike / terraform-provider-crowdstrike

https://registry.terraform.io/providers/CrowdStrike/crowdstrike/latest/docs
Mozilla Public License 2.0
7 stars 5 forks source link

Bug: imported static host group error due to `assignment_rule` attribute #31

Open stmyers opened 2 months ago

stmyers commented 2 months ago

Hi, first off really happy to finally see an official TF provider for CrowdStrike! 🫶

I started exploring this today and wanted to manage host groups via TF, so I imported a static host group.

After importing, I checked the state file and I updated the TF code to match but there was a slight formatting change to the description which triggered an update to the resource. Not a problem - I ran the apply to let TF update the description, but I got an error:

Error: Error updating host group
with crowdstrike_host_group.my_host_group
on host_groups.tf line 1, in resource "crowdstrike_host_group" "my_host_group":
resource "crowdstrike_host_group" "my_host_group" {
Group type much be dynamic in order to use assignment_rule

Here is the code:

resource "crowdstrike_host_group" "my_host_group" {
  name            = "My Host Group"
  type            = "static"
  assignment_rule = "device_id:[''],hostname:['MY-HOST-1', 'MY-HOST-2', 'MY-HOST-3']"
  description     = <<-EOT
      This Group is for scoping certain hosts explicitly.

      See https://link-to-doc
      EOT
}

I didn't write the code by-hand, I read the values in state after importing the resource. It makes sense that an assignment_rule shouldn't be used for a static host group, but It's unclear how type = "static" is supposed to be used for assigning hosts to a group, and what is imported into state doesn't appear compatible.

Here's terraform state show output after import:

$ terraform state show crowdstrike_host_group.my_host_group

# crowdstrike_host_group.my_host_group:
resource "crowdstrike_host_group" "my_host_group" {
    assignment_rule = "device_id:[''],hostname:['MY-HOST-1', 'MY-HOST-2', 'MY-HOST-3']"
    description     = <<-EOT
        This Group is for scoping certain hosts explicitly.

        See https://link-to-doc
    EOT
    id              = "<redacted>"
    name            = "My Host Group"
    type            = "static"
}
ffalor commented 2 months ago

@stmyers great find and thank you for the detailed bug report.. Let me look into this and I'll get a fix out as soon as possible.

ffalor commented 2 months ago

I've started work on this. It looks like I may need to introduce two attributes

hostnames for static host groups and host_ids for staticByID host groups.

So your resource would look like this:

resource "crowdstrike_host_group" "my_host_group" {
    hostnames = ["MY-HOST-1",  "MY-HOST-2",  "MY-HOST-3"]
    description     = <<-EOT
        This Group is for scoping certain hosts explicitly.

        See https://link-to-doc
    EOT
    id              = "<redacted>"
    name            = "My Host Group"
    type            = "static"
}

I'll also be moving this validation

Error: Error updating host group
with crowdstrike_host_group.my_host_group
on host_groups.tf line 1, in resource "crowdstrike_host_group" "my_host_group":
resource "crowdstrike_host_group" "my_host_group" {
Group type much be dynamic in order to use assignment_rule

too happen during terraform plan & if you use a IDE that supports terraform it will also show up as inlay hints when you type.

Let me know if you have any concerns with the above approach.

ffalor commented 1 month ago

Newest version should solve this.

    crowdstrike = {
      source = "CrowdStrike/crowdstrike"
      version = "0.0.6"
    }