Open Nargonath opened 3 months ago
Any update on this bug? We got the same one using Terraform v1.6.4 + Provider version 1.2.0.
Hi @jvanecek,
I hope you're having a wonderful day!
Firstly, I want to apologize for the delay in my response. I understand that timely assistance is crucial, especially when you're facing challenges. Rest assured, I'm here now, and I'm committed to providing you with the support you need.
To better assist you, could you please provide an example of the resource configuration that's causing the error? Understanding the specific context will enable me to offer more targeted guidance.
In the meantime, I've prepared an example for utilizing auth0_role_permissions
without explicitly relying on depends_on
, as per your preference. This example should help illustrate the approach we discussed earlier.
resource "auth0_resource_server" "resource_server" {
name = "test"
identifier = "test.example.com"
}
resource "auth0_resource_server_scopes" "resource_server_scopes" {
resource_server_identifier = auth0_resource_server.resource_server.identifier
scopes {
name = "store:create"
}
scopes {
name = "store:read"
}
scopes {
name = "store:update"
}
scopes {
name = "store:delete"
}
}
resource "auth0_role" "my_role" {
name = "My Role"
}
resource "auth0_role_permissions" "my_role_perms" {
role_id = auth0_role.my_role.id
dynamic "permissions" {
for_each = auth0_resource_server_scopes.resource_server_scopes.scopes
content {
name = permissions.value.name
resource_server_identifier = auth0_resource_server.resource_server.identifier
}
}
}
If you encounter any further questions or issues along the way, please don't hesitate to reach out. I'm here to help in any way I can.
Thank you for your patience and understanding.
Thanks @developerkunal for the example with the dynamic block. However how would go about it if you didn't need to have the whole set of scopes
from the resource server assigned to your role?
Hi @Nargonath,
Could you provide an example of that use case so I can better understand and assist you?
Thank you.
Hi @Nargonath,
I'm not entirely certain if this aligns with your requirements, but here's another approach for selectively assigning scopes:
resource "auth0_role_permissions" "my_role_perms" {
role_id = auth0_role.my_role.id
permissions {
name = tolist(auth0_resource_server_scopes.resource_server_scopes.scopes)[0].name # Assuming you want to assign the first scope
resource_server_identifier = auth0_resource_server.resource_server.identifier
}
permissions {
name = tolist(auth0_resource_server_scopes.resource_server_scopes.scopes)[1].name # Assuming you want to assign the second scope
resource_server_identifier = auth0_resource_server.resource_server.identifier
}
# Add more permissions as needed
}
Feel free to let me know if you have any further questions or if there's anything else I can assist you with.
Thank you!
@developerkunal Thanks for the other suggestion.
I didn't write a full repro but I gave instructions in the OP, if that could be helpful.
One thing I don't understand though, how come we can have Terraform trying to apply permissions that are not yet created when in the auth0_role_permissions
block, under the permissions
property we have a dynamic link to the resource server through the resource_server_identifier
property? Wouldn't it be enough for Terraform to determine whether the permission is already available or not?
Checklist
Description
We manage resource servers and roles through Terraform. We added a new permission to a resource server and granted that permission on an existing role through a
auth0_role_permissions
resource block. We got an error from Terraform when applying:We ran the apply a second time and it worked. This tells us that there was some dependencies problem at play. Terraform probably tried to add the permission to the role before it was created on the resource server.
We don't use the latest version of Auth0 provider but I read the changelog and nothing seems to relate to this problem.
Expectation
The block
auth0_role_permissions
has a ref to the resource server in thepermissions
block. I'd expect it to tell Terraform that there is a dependency between theauth0_role_permissions
and theauth0_resource_server
resources. The changes for the resource server should be applied before theauth0_role_permissions
changes.We plan on fixing the problem with a
depends_on
property on theauth0_role_permissions
but I thought it shouldn't be needed (perhaps I'm wrong).Reproduction
auth0_resource_server
.auth0_resource_server_scopes
block.auth0_role
.auth0_role_permissions
block.I haven't wrote a repro but this above might actually recreate the issue if all of these steps are performed in the same
terraform apply
. If not, we can then proceed to:terraform apply
.Auth0 Terraform Provider version
1.0.0
Terraform version
1.5.2