BUG | SSO new group creation produces a failure in account_assign module

[juanmatias]

Describe the Bug

Given an SSO layer at management/global/sso. Adding a new group in locals.tf file. Running leverage tf plan. It gives this error:

│ Error: no Identity Store Group found matching criteria
│ [{0xc002bb37d0 0xc002bb37e0 {}}]; try different search
│ 
│   with module.account_assignments.data.aws_identitystore_group.this["SentinelFieldEngineer"],
│   on .terraform/modules/account_assignments/modules/account-assignments/main.tf line 1, in data "aws_identitystore_group" "this":
│    1: data "aws_identitystore_group" "this" {

Expected Behavior

The group is created and then the account assignment takes place.

Steps to Reproduce

1. CD into management/global/sso layer
2. Add a new group in locals.tf file.
3. Run leverage tf plan
4. See error:

│ Error: no Identity Store Group found matching criteria
│ [{0xc002bb37d0 0xc002bb37e0 {}}]; try different search
│ 
│   with module.account_assignments.data.aws_identitystore_group.this["SentinelFieldEngineer"],
│   on .terraform/modules/account_assignments/modules/account-assignments/main.tf line 1, in data "aws_identitystore_group" "this":
│    1: data "aws_identitystore_group" "this" {

Screenshots

N/A

Environment (please complete the following information):

Anything that will help us triage the bug will help. Here are some ideas:

❯ uname -r
5.15.146-1-MANJARO
❯ leverage --version
leverage, version 1.11.2

Additional Context

This seems to be a dependencies issue.

The new group is created in the user_groups file.

Since the module account_assignment has no dependency to resources in that file, when it looks for the group it does not exist.

Proposed solution.

Adding a dependency sentence in the account_assignment module should fix it:

depends_on = [resource.aws_identitystore_group.default]