Edu-DevOps
commented
4 weeks ago In my case this become an issue more than an enhancement:
I have a local Nexus user and a LDAP Nexus user which both users have the same userid
Due to how the provider refresh the terraform resource for the local user, it reads the LDAP user before than the local one which ends in a resource that will never be aligned:
~ resource "nexus_security_user" "local_users" {
+ email = "myemail@test.com" # TF wants to add the email because the LDAP user doesn't have it
~ firstname = "<ldap user firstname>" -> "My" # TF wants to modify the firstname field because the LDAP user firstname differs
id = "my-user"
+ lastname = "User # TF wants to add lastname field because LDAP user doesn't have it
~ roles = [
+ "my-role", # TF wants to add a role because LDAP users doesn't have it
]
# (3 unchanged attributes hidden)
}This is happening because how the user tf resource is being refreshed is querying the API using only the id as parameter like v1/security/users?userId=my-user and if you have a couple of users with differente source which shares the userid, as my case, the API will give you most than one user.
Potential solution: add the source parameter to the API query to ensure the API gives you 1 result.
Is there an existing issue for this?
Community Note
Description
Due to limitations Nexus on Kubernetes has, API calls to query security users seem to randomly timeout when searching across all realms (LDAP, local, etc) when using LDAP, local users, etc. This timeout happens very random.
Could the
sourceargument be added in your next release to be able to have a more precise query to avoid timeouts (a way to increase timeouts during lookups would be a nice to have too).Thanks!
https://github.com/datadrivers/go-nexus-client/blob/main/nexus3/schema/security/user.go
New or Affected Resource(s)/Data Source(s)
nexus_security_user
Pro feature
Community Plugin
No response
Potential Terraform Configuration
References
No response