confluent_api_key creation fails with provider 2.0.0

[pimperator]

Hi Guys, with the latest provider version 2.0.0 we were unable to create a resource confluent_api_key failing with the message:

│ Error: unexpected API Key "S3CR37"'s resource: {"api_version":"srcm/v2","environment":"env-a1b23","id":"lsrc-b2pff","kind":"SchemaRegistry","related":"https://api.confluent.cloud/srcm/v2/schema-registries/lsrc-b2pff","resource_name":"crn://api.confluent.cloud/organization=56e478d3-cafd-4363-83c9-971c090aadf6/schema-registry=lsrc-b2pff"}

having this code:

resource "confluent_api_key" "ksql_api_keys" {
  count = var.ksql_cluster_id != null ? 1 : 0

  display_name = "${var.name}-ksql-key"
  description  = var.name

  owner {
    id          = confluent_service_account.main.id
    api_version = confluent_service_account.main.api_version
    kind        = confluent_service_account.main.kind
  }

  managed_resource {
    id          = data.confluent_ksql_cluster.cluster[0].id
    api_version = data.confluent_ksql_cluster.cluster[0].api_version
    kind        = data.confluent_ksql_cluster.cluster[0].kind

    environment {
      id = var.kafka_environment_id
    }
  }
}

with a rollback to version 1.83.0 it resumed to operation

Additionally it is worth to note that the key is being created immediately but the failure happens only after like 4min 30sec.

[dobeerman]

Actually, the key is created every time I run "apply", but it is immediately fails with an error like:

Error: unexpected API Key "EA4...4FU"'s resource: {"api_version":"srcm/v2","environment":"env-...","id":"lsrc-...","kind":"SchemaRegistry","related":"https://api.confluent.cloud/srcm/v2/schema-registries/lsrc-...","resource_name":"crn://api.confluent.cloud/organization=8c13e8e4-...-69a362564b80/schema-registry=lsrc-..."}

My terraform code as follow:

# 1. Data Source: Schema Registry
data "confluent_schema_registry_cluster" "essentials" {
  environment {
    id = confluent_environment.demo.id
  }
}

# 2. Service Account: Data Steward
resource "confluent_service_account" "env_manager" {
  display_name = "env-manager"
  description  = "Service account to manage environment"
}

# 3. Role Binding: Data Steward
resource "confluent_role_binding" "env_manager_data_steward" {
  principal   = "User:${confluent_service_account.env_manager.id}"
  role_name   = "DataSteward"
  crn_pattern = confluent_environment.demo.resource_name
}

# 4. API Key: Data Steward
resource "confluent_api_key" "env_manager_schema_registry_api_key" {
  display_name = "env_manager_schema_registry_api_key"
  description  = "Schema Registry API Key that is owned by 'env_manager' service account"

  owner {
    id          = confluent_service_account.env_manager.id
    api_version = confluent_service_account.env_manager.api_version
    kind        = confluent_service_account.env_manager.kind
  }

  managed_resource {
    id          = data.confluent_schema_registry_cluster.essentials.id
    api_version = data.confluent_schema_registry_cluster.essentials.api_version
    kind        = data.confluent_schema_registry_cluster.essentials.kind

    environment {
      id = confluent_environment.demo.id
    }
  }

  lifecycle {
    prevent_destroy = false
  }

  depends_on = [
    confluent_role_binding.env_manager_data_steward
  ]
}

[pwstorm]

I am having the same issue with schema registry scoped api key

[linouk23]

Thanks for opening the issue!

We're able to reproduce the issue as well by running multiple-event-types-avro-schema example:

Error: unexpected API Key "O6UKMWCHUCSURIAV"'s resource: {"api_version":"srcm/v2","environment":"env-9z8n87","id":"lsrc-m6k37x","kind":"SchemaRegistry","related":"https://api.confluent.cloud/srcm/v2/schema-registries/lsrc-m6k37x","resource_name":"crn://api.confluent.cloud/organization=cc2d2db8-b889-4d72-8948-9d7cb37c6a9c/schema-registry=lsrc-m6k37x"}

Update: it seems like the fix is to update this method: https://github.com/confluentinc/terraform-provider-confluent/blob/master/internal/provider/resource_api_key.go#L508-L511

[channingdong]

Thank you for your patience, this issue will be fixed in the upcoming version 2.1.0 planned to be released today, please reach out to us in case of any question.

[linouk23]

update: the fix has been released on August 27th: https://github.com/confluentinc/terraform-provider-confluent/releases/tag/v2.1.0

cc @pimperator @dobeerman @pwstorm