search

confluentinc / terraform-provider-confluent

Terraform Provider for Confluent
Apache License 2.0
31 stars 64 forks source link

Update to confluent_group_mapping filter forces replacement #468

Open S1M0NM opened 4 weeks ago

S1M0NM commented 4 weeks ago

Terraform Provider Version: 2.1.0 Terraform Version: 1.8.5 & 1.9.5

I wanted to update the filter value for a confluent_group_mapping because a group that is to be evaluated during SSO has changed. This is easily possible via the Confluent Cloud UI without the group changing and receiving a new group ID.

However, using Terraform I get the result in the plan that the resource has to be recreated due to the change in the filter.

  # confluent_group_mapping.group_mapping["Unclassified"] must be replaced
-/+ resource "confluent_group_mapping" "group_mapping" {
      ~ filter       = "\"Old-Group-Name\" in groups" -> "\"New-Group-Name\" in groups" # forces replacement
      ~ id           = "group-EMBR" -> (known after apply)
        # (1 unchanged attribute hidden)
    }

The recreate would cause problems because all role bindings for this group would have to be recreated.

cryoshida commented 3 weeks ago

Hi @S1M0NM ! Thank you for reporting this issue. We have filed an internal ticket to patch this capability.