DeviaVir / terraform-provider-gsuite

A @HashiCorp Terraform provider for managing G Suite resources.
MIT License
271 stars 77 forks source link

Issue with upper case in group member email address #35

Closed apsureda closed 5 years ago

apsureda commented 5 years ago

If I add a group member with upper case letters in the email address:

resource "gsuite_group_members" "glb_operations_members" {
  group_email = "${gsuite_group.glb_operations.email}"

  member {
    email = "Donald.Knuth@apszaz.com",
    role  = "MEMBER"
  }
}

Whenever I run plan/apply, the gsuite_group_members resource is recreated:

-/+ gsuite_group_members.glb_operations_members (new resource required)
      id:                       "vd-glb-operations@apszaz.com" => <computed> (forces new resource)
      group_email:              "vd-glb-operations@apszaz.com" => "vd-glb-operations@apszaz.com"
      member.#:                 "1" => "1"
      member.1273162383.email:  "donald.knuth@apszaz.com" => "" (forces new resource)
      member.1273162383.role:   "MEMBER" => ""
      member.2230400061.email:  "" => "Donald.Knuth@apszaz.com" (forces new resource)
      member.2230400061.etag:   "" => <computed>
      member.2230400061.kind:   "" => <computed>
      member.2230400061.role:   "" => "MEMBER"
      member.2230400061.status: "" => <computed>
      member.2230400061.type:   "" => <computed>

Using lower case email addresses solves the issue.

DeviaVir commented 5 years ago

What version of the gsuite provider are you using? We added lowercasing quite a while ago: https://github.com/DeviaVir/terraform-provider-gsuite/blob/master/gsuite/resource_group_members.go#L188

apsureda commented 5 years ago

I downloaded the latest prebuilt binary for MacOS: terraform-provider-gsuite_0.1.9_darwin_amd64.tgz

apsureda commented 5 years ago

I've never coded in Go, so I may be wrong but, could it be that in line 163 the entry is being removed because the lower-case entry is not found in the the config map (with still contains the entry in upper case)? Shouldn't the lower-case conversion be done right after reading the config instead of when adding the entry to the updated group member map?

DeviaVir commented 5 years ago

@apsureda would you mind testing with https://github.com/DeviaVir/terraform-provider-gsuite/releases/tag/v0.1.10 ?

apsureda commented 5 years ago

It still doesn't work, but now the output is slightly different. Now the resource recreation doesn't seem due to the email address in the member's email. Notice that in the previous error there were two different member ID's in the output, whereas now there is only one:

-/+ gsuite_group_members.glb_operations_members (new resource required)
      id:                       "vd-glb-operations@apszaz.com" => <computed> (forces new resource)
      group_email:              "vd-glb-operations@apszaz.com" => "vd-glb-operations@apszaz.com"
      member.#:                 "0" => "1"
      member.1376856182.email:  "" => "donald.knuth@apszaz.com" (forces new resource)
      member.1376856182.etag:   "" => <computed>
      member.1376856182.kind:   "" => <computed>
      member.1376856182.role:   "" => "MEMBER"
      member.1376856182.status: "" => <computed>
      member.1376856182.type:   "" => <computed>

So that part of the problem seems solved now. However, we still have this line about the id of the group_members resource as being recomputed. If I edit my tf file and change the email to lowercase, terraform sees no changes to make:

$ terraform apply -var-file=gsuite_test/variables.tfvars -target=gsuite_group_members.glb_operations_members gsuite_test/
gsuite_group.glb_operations: Refreshing state... (ID: 00z337ya0yg2a8t)
gsuite_group_members.glb_operations_members: Refreshing state... (ID: vd-glb-operations@apszaz.com)

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

I am short of ideas here...

DeviaVir commented 5 years ago

@apsureda sorry for the silence here, could you try with https://github.com/DeviaVir/terraform-provider-gsuite/releases/tag/v0.1.11 ?

DeviaVir commented 5 years ago

Sorry, auto-closed by merging that PR, let me know if this needs to be re-opened.

apsureda commented 5 years ago

Sorry to say that it still doesn't work... I've added a new member with upper-case letter in the email address.

resource "gsuite_group_members" "fin_operations_members" {
  group_email = "${gsuite_group.fin_operations.email}"

  member {
    email = "brian.kernighan@apszaz.com",
    role  = "MEMBER"
  }
  member {
    email = "Jamie.Zawinski@apszaz.com",
    role  = "MEMBER"
  }
}

After applying the change, if I run the apply command again, I get this output:

Terraform will perform the following actions:

-/+ gsuite_group_members.fin_operations_members (new resource required)
      id:                       "vd-fin-operations@apszaz.com" => <computed> (forces new resource)
      group_email:              "vd-fin-operations@apszaz.com" => "vd-fin-operations@apszaz.com"
      member.#:                 "2" => "2"
      member.1967262796.email:  "jamie.zawinski@apszaz.com" => "" (forces new resource)
      member.1967262796.role:   "MEMBER" => ""
      member.3830306382.email:  "brian.kernighan@apszaz.com" => "brian.kernighan@apszaz.com"
      member.3830306382.etag:   "\"TN30oD80QTVK45AAxvl_wbzs4vs/YswVwa4GllZSIiGMV7PRSxo7Gnc\"" => <computed>
      member.3830306382.kind:   "admin#directory#member" => <computed>
      member.3830306382.role:   "MEMBER" => "MEMBER"
      member.3830306382.status: "ACTIVE" => <computed>
      member.3830306382.type:   "USER" => <computed>
      member.4293144837.email:  "" => "jamie.zawinski@apszaz.com" (forces new resource)
      member.4293144837.etag:   "" => <computed>
      member.4293144837.kind:   "" => <computed>
      member.4293144837.role:   "" => "MEMBER"
      member.4293144837.status: "" => <computed>
      member.4293144837.type:   "" => <computed>

Plan: 1 to add, 0 to change, 1 to destroy.

But if I replace the email address with lower cases, I get this:

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Have you been able to reproduce the issue yourself?

DeviaVir commented 5 years ago

I have reproduced it, and attempted to resolve it, but found that it's not possible to fix it on our side. Terraform's diff function sees a change, all I can do is try to suppress the diff, but it is impossible because it's in a list, which means that old and new move from empty to value. I know this is a bug, but not one we can fix at this time. I think the only thing you can do for now is force lowercase to be used in your .tf files.

apsureda commented 5 years ago

OK. Makes sense. Thanks for the explanation. It's OK for me to make sure the emails are in lower case. You should make it clear somewhere in the documentation, so people know. Thanks a lot for looking into this.