Open kaat-nnit opened 4 months ago
@kaat-nnit thanks for creating the issue!
Error: error creating Tag Binding 403 Forbidden: User is denied operation POST on resource catalog/v1/entity/tags/
It might imply SR API Key's owner lacks permissions 🤔 Could you confirm what RBAC roles it has?
404 Not Found: Instance sr_schema with unique attribute {qualifiedName=lsrc-9zwq70:.:100298} does not exist for tag binding resource
404 should result in an automated resource removal from TF state file, that seems like a bug.
@linouk23 Thank you for the quick reply. It's ResourceOwner role for the schema registry. And in a setup with multiple schemas and bindings, most of them got created correctly, except for 2 last ones throwing the exact same errors as in the issue. So it's strange that for the same SR some bindings are applied correctly, and some throw this error.
Yesterday I also tried to create tags and tag bindings for topics.
Unfortunately, I noticed that some of the tags I created disappear in the Confluent Cloud UI and reappear after 5-10 minutes, and then some disappear again. The situation is similar with Terraform, where the plan states that the resource has been deleted outside of Terraform.
As a result, tag bindings cannot be created at all or are inconsistent. The data portal and topics have the bindings one moment and apparently no longer have them the next.
However, if you then try to create them via the UI, you get an error message saying that the tag or binding already exists.
When testing adding tag and business metadata bindings to schemas with Confluent Terraform provider version 1.66, we encountered strange errors.
In the following simple example, a single schema was created. In a subsequent run, 1 tag and 1 business metadata binding should be added to the schema, as correctly output by plan:
Apply step produces the following, unencountered before errors:
At this point, business metadata resource with tainted status is in the state file, and the metadata is correctly showing in the UI.
Subsequent run with no changes to configuration:
The schema identifier cited as non existent in the errors was the correct id. We have tested the setup before and have not encountered this issue. Additionally, running Terraform in the debug mode produced this warning:
Any clues as to what could be causing this? Is there any way deprecating
confluent_schema_registry_region
data source andconfluent_schema_registry_cluster
could have impact?