auth0_client_grant scopes false differences

bennesp commented 1 month ago

Checklist

[X] I have looked into the README and have not found a suitable solution or answer.
[X] I have looked into the documentation and have not found a suitable solution or answer.
[X] I have searched the issues and have not found a suitable solution or answer.
[X] I have upgraded to the latest version of this provider and the issue still persists.
[X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
[X] I agree to the terms within the Auth0 Code of Conduct.

Description

Sorting of the property scopes of resource auth0_client_grant is reporting in the plan a difference but it is very difficult to spot real differences because of the sorting. In fact, the plan tells that some scopes will be removed and the same scopes will be added in different lines

Example of plan:


  ~ resource "auth0_client_grant" "my_api" {
      ~ scopes    = [
          - "read:users",
          - "update:users",
          - "delete:users",
          + "create:clients",
          + "create:organization_connections",
          + "create:organization_member_roles",
          + "create:organization_members",
          + "create:organizations",
          + "create:resource_servers",
          + "create:role_members",
          + "create:roles",
          + "create:user_tickets",
            "create:users",
          - "read:users_app_metadata",
          - "update:users_app_metadata",
          - "delete:users_app_metadata",
            "create:users_app_metadata",
          - "create:user_tickets",
          - "read:clients",
          - "update:clients",
            "delete:clients",
          - "create:clients",
          - "read:client_keys",
          - "read:resource_servers",
          - "update:resource_servers",
          + "delete:organization_connections",
          + "delete:organization_member_roles",
          + "delete:organizations",
            "delete:resource_servers",
          - "create:resource_servers",
          - "read:logs",
          - "read:roles",
          - "create:roles",
          - "delete:roles",
          - "update:roles",
          - "create:role_members",
          - "read:role_members",
            "delete:role_members",
          + "delete:roles",
          + "delete:users",
          + "delete:users_app_metadata",
          + "read:client_credentials",
          + "read:client_keys",
          + "read:clients",
          + "read:logs",
          + "read:organization_member_roles",
            "read:organizations",
          - "update:organizations",
          - "create:organizations",
          - "delete:organizations",
          - "create:organization_members",
          - "create:organization_connections",
          + "read:resource_servers",
          + "read:role_members",
          + "read:roles",
          + "read:users",
          + "read:users_app_metadata",
          + "update:clients",
            "update:organization_connections",
          - "delete:organization_connections",
          - "create:organization_member_roles",
          - "read:organization_member_roles",
          - "delete:organization_member_roles",
          - "read:client_credentials",
          + "update:organizations",
          + "update:resource_servers",
          + "update:roles",
          + "update:users",
          + "update:users_app_metadata",
        ]
        # (2 unchanged attributes hidden)
    }

Expectation

I would expect scopes to be a set and not a list, so that real differences would be far easier to spot and no false differences are reported

Reproduction

Create a client
Assign some scopes from terraform and some scopes from the UI to the client using auth0_client_grant
Run terraform plan

Auth0 Terraform Provider version

1.6.1

Terraform version

1.8.0

duedares-rvj commented 1 month ago

@bennesp Hello, hope you're well.

I'm trying to understand the steps to reproduce this.

Create a client
Assign some scopes from terraform
Assign some scopes from UI to the client using auth0_client_grant?

Did you mean just assign some scope from UI? If so, you might have to import the state of the client since it has been updated externally (outside of terraform)

I'd be happy to connect and understand the issue that you're facing. Thanks!

bennesp commented 1 week ago

Thank you for the answer and the patience

Did you mean just assign some scope from UI?

Yes, "using auth0_client_grant" is a typo

Today I tried again to run a terraform plan and I did not received any issue, unlike 3 weeks ago.

I will keep trying in our configurations in the next days and let you know if this issue re-appear.

Thank you

duedares-rvj commented 1 week ago

Lovely! Delighted to hear that you are no more facing the issue. I'm going to close this issue for now, but do not hesitate to create a new one if it re-appears. We'd be happy to triage and assist you!

Thanks again!

auth0 / terraform-provider-auth0