DeviaVir / terraform-provider-gsuite

A @HashiCorp Terraform provider for managing G Suite resources.
MIT License
271 stars 77 forks source link

Frequent 404s on "gsuite_group_member" #90

Open ryno75 opened 4 years ago

ryno75 commented 4 years ago

Occasionally I will get 404s when attempting to add a group member that is definitely a valid address in the gsuite domain. In fact... I may be able to add that address just fine to one group but it will fail on others in the same terraform run.

Here is a typical response:

2 errors occurred:
    * 1 error occurred:
    * [ERROR] Error updating memberships: [ERROR] Error updating groupMember: googleapi: Error 404: Resource Not Found: memberKey, notFound,

    * gsuite_group_members.staging: 1 error occurred:
    * gsuite_group_members.staging: [ERROR] Error updating memberships: [ERROR] Error updating groupMember: googleapi: Error 404: Resource Not Found: memberKey, notFound,

Meanwhile... that very same member was added to the prod group without issue. My intuition say it might be an issue with the pagination of results. That could definitely explain intermittent 404s. I'm not seeing anything obvious in a TF_LOG=debug run either.

If I manually add the user in the web console and re-run, the errors goes away.

ryno75 commented 4 years ago

possible gsuite API bug/behavior?

In this case... perhaps adding a timeout attribute to the provider def would solve this?

DeviaVir commented 4 years ago

We've been adding retries to a bunch of things on 404's, but it slows down everything else. I don't know of a great solution.

My intuition say it might be an issue with the pagination of results.

Did we verify it's not this? I don't think there is pagination in the way here.

ryno75 commented 4 years ago

I'm not sure exactly when, but I've noticed this issue has completely gone away sometime over the past 4-8 weeks. I've updated to the latest release a few times over that span so I'm not sure which version did it but it is working quite well now.

ryno75 commented 4 years ago

Just encountered this again. I guess it hasn't been resolved.

elisiano commented 3 years ago

I'm facing this as well. I did try to set the timeout_minutes to 4 in the provider definition, but it didn't help.

The amusing part is that the group was created and all other members were part of it, only one member could not be added somehow. Adding it manually made it work (but clearly is not a good/tenable solution).

DeviaVir commented 3 years ago

Are the members being added external to the domain? Is the error message still exactly the same?

I haven't seen it for quite a while, and use the provider extensively.

elisiano commented 3 years ago

@DeviaVir sorry for the delay, the notification must have slipped through the cracks. Yes, the message is still the same. And not every time is the same member of that group. And no, the member are not external. All the same domain.

kaefferlein commented 3 years ago

Hi @DeviaVir

Is there any progress on this issue? We are also running in this error and it quite blocks us right now.

we are using the provider:

    gsuite = {
      source  = "DeviaVir/gsuite"
      version = "~> 0.1.54"

and trying to add a member to a group via the resource gsuite_group_members. The members are internal and also available within gsuite. Yet it fails with the error:

Error updating memberships: [ERROR] Error updating groupMember: googleapi: Error 404: Resource Not Found: memberKey, notFound,
kaefferlein commented 3 years ago

Another update from my side.

We have a other gsuite group within the group I want to add members to.

The member I want to add is already within the group in the group. so hasMember.IsMember is true. Therefore an update will be performed.

Which - of course - will fail as the member is not a direkt member of the gsuite group but is only a member of the sub-group.

Edit: Link to problematic part: