search

PrefectHQ / terraform-provider-prefect

Terraform Provider for Prefect Cloud
https://registry.terraform.io/providers/PrefectHQ/prefect/latest/docs
Apache License 2.0
29 stars 13 forks source link

When importing `prefect_workspace_role`, the scopes do not get imported properly #113

Open jamiezieziula opened 8 months ago

jamiezieziula commented 8 months ago

I've defined my resource as follows:

resource "prefect_workspace_role" "jamie_test" {
  name = "jamie-test"
  description = "hi"
  scopes = [
    "manage_blocks"
  ]
}

I then subsequently ran:

 terraform import prefect_workspace_role.jamie_test a94f185e-c416-4667-a60a-68109be63f53
prefect_workspace_role.jamie_test: Importing from ID "a94f185e-c416-4667-a60a-68109be63f53"...
prefect_workspace_role.jamie_test: Import prepared!
  Prepared prefect_workspace_role for import
prefect_workspace_role.jamie_test: Refreshing state... [id=a94f185e-c416-4667-a60a-68109be63f53]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

but when I run a terraform plan without changing my defined resource, I receive this proposed change:

prefect_workspace_role.jamie_test: Refreshing state... [id=a94f185e-c416-4667-a60a-68109be63f53]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # prefect_workspace_role.jamie_test will be updated in-place
  ~ resource "prefect_workspace_role" "jamie_test" {
      ~ account_id  = "9a67b081-4f14-4035-b000-1f715f46231b" -> (known after apply)
      ~ created     = "2023-11-07T20:06:48Z" -> (known after apply)
        id          = "a94f185e-c416-4667-a60a-68109be63f53"
        name        = "jamie-test"
      + scopes      = [
          + "manage_blocks",
        ]
      ~ updated     = "2023-11-07T20:15:45Z" -> (known after apply)
        # (1 unchanged attribute hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.
parkedwards commented 8 months ago

ah. this is sort of a known issue / i'm unsure of how to solve for it. basically, the issue is that the Prefect Cloud API will return both (1) the scopes that you set in TF as well as (2) any scopes underneath it. for example, setting manage_blocks on create/import will see a response of manage_blocks, see_blocks, write_blocks from the API.

this kind of unexpected attribute conflict makes the plan/apply fail. right now, i'm not dealing with it, and instead having the user-defined TF configuration be the only thing saved into state (so the scopes in the response aren't persisted). not sure if there's another way to deal with dealing with API responses that are different than your input parameters like this

https://github.com/PrefectHQ/terraform-provider-prefect/blob/main/internal/provider/resources/workspace_role.go#L135-L141