Closed TieyanFu closed 9 months ago
Hi @TieyanFu ,
in general if you aim to manage the infrastructure via Terraform it is not recommended to manipulate the managed infrastructure manually as this causes state deviations. Especially if you delete some managed infrastructure the Terraform planning might cause issues in order to align the setup stored in the state and the one on the platform. The solution to resolve these issues depends on the scenario. I think in your setup a terraform destroy
might have put you back to start.
Your state seems to try to delete and recreate role collection assignment which causes some errors down the line when an environment instance should be created.
Be aware that if you are the one that executed the TF script, your user will automatically assigned as subaccount admin. Do not add yourself explicitly via the resource btp_subaccount_role_collection_assignment
as subaccount admin, only assign this role to additional users. Otherwise follow-up errors will occur that would enforce you to make adjustments of your state file. See also this issue comment.
I do not know how our current Terraform state and your resources on BTP look like, but I would recommend the following procedure:
*.tfstate*
)terraform plan
to validate that the setup gets created from scratch. The planning should result in resources to be added, but no resources to be changed or deleted. Please let me know if this works.
Thanks @lechnerc77 , your feedback definitely describes the best practice. After deleting the state files, the apply works.
Is there an existing issue for this?
What version of the Terraform provider are you using?
1.0.0.rc1
What version of the Terraform CLI are you using?
1.6.6
What type of issue are you facing
bug report
Describe the bug
I tried to go through sample , and run into a rookie mistake. Basically I tried to terraform apply first, the subaccount got created correctly, however the free-tier services are not entitled in my global account, so I tried to delete the subaccount manually in BTP Cockpit (to have a clean slate), however, in my next try terraform reported that my user does not have sufficient authorisation, although the subaccount is indeed created by my user (through Terraform). The error log is following:
I tried with "Terraform init" hoping to reinitialise everything locally, but clearly the server side is not cleaned up. So now I am not able to run terraform apply. How can I rectify the error? I assume it could happen that user changes the configuration (e.g. delete subaccount or service in BTP Cockpit), what is the expected behavior and how to rectify the situation?
Expected Behavior
Is above error expected? What is the step to rectify the situation?
Steps To Reproduce
User's Role Collections
-Subaccount Admin
Add screenshots to help explain your problem
No response
Additional context
No response