search

deploymenttheory / terraform-provider-jamfpro

Jamf Pro Terraform Provider/Plugin written with the TF Provider SDK v2. Written in go
Mozilla Public License 2.0
24 stars 9 forks source link

Feature Request: Create a computer smart group with no criteria set #179

Closed ecanault closed 2 months ago

ecanault commented 2 months ago

Hi,

In release 0.0.49 it's not possible to create a smart group using jamfpro_computer_group resource if no criteria is set.

For example with this .tf part:

For example:
resource "jamfpro_computer_group" "object" {
  depends_on = [time_sleep.sites]
  for_each   = var.computer_groups_list
  name       = each.value.COMPUTER_GROUP_NAME
  site {
    name = each.value.COMPUTER_GROUP_SITE
  }
  is_smart = each.value.COMPUTER_GROUP_SMART
  dynamic "criteria" {
    for_each = var.computer_groups_list[each.key].CRITERIAS
    content {
      name          = criteria.value.NAME
      priority      = criteria.value.PRIORITY
      search_type   = criteria.value.SEARCH_TYPE
      value         = criteria.value.VALUE
      and_or        = criteria.value.AND_OR
      opening_paren = criteria.value.OPENING_PAREN
      closing_paren = criteria.value.CLOSING_PAREN
    }
  }
}

This .tfvars extract works:

This tfvars extract works:
  "D183CD90-FE23-46C2-8A09-D36C7B2BBD8C" = {
    COMPUTER_GROUP_NAME  = "smcg_enrolled_with_ade"
    COMPUTER_GROUP_SITE  = "None"
    COMPUTER_GROUP_SMART = true
    CRITERIAS = [
      {
        NAME          = "Enrolled via Automated Device Enrollment"
        PRIORITY      = 0
        SEARCH_TYPE   = "is"
        VALUE         = "Yes"
        AND_OR        = "and"
        OPENING_PAREN = false
        CLOSING_PAREN = false
      }
    ]
  }

But not this one:

The same for this variant, it doesn’t work:
  "D18BAA9E-7673-4858-A914-61F6A98CA191" = {
    COMPUTER_GROUP_NAME  = "smcg_all_setup"
    COMPUTER_GROUP_SITE  = "Setup"
    COMPUTER_GROUP_SMART = true
    CRITERIAS = []
  }

So is it possible to modify this to be able to add smart groups without criterias ?

For example our deployment workflows are based on sites (Setup, Production, Inventory) and the best and easiest way to collect all computers from within a specific site is to build a smartgroup linked on that site, without criteria.

Thanks a lot for your evaluation 🙂 !

ShocOne commented 2 months ago

computer groups has been refactored to support scenario's where a computer group is smart, assigned to a site and there is no criteria set. as part of pr #180 . this will be included in release v0.0.50. thanks

ecanault commented 2 months ago

As said in #terraform-provider-jamfpro: no need in my opinion to link this to the presence of a site or not. Let's just mimic the behaviour of a smart group creation when it's done by hand.

ShocOne commented 2 months ago

Site presence will always be optional from a hcl perspective. To be clear, this change supports both of these scenarios

resource "jamfpro_computer_group" "computer_group_003" {
  name     = "tf-localtest-smartcomputergroup-with_site-01"
  is_smart = true

  site {
    id = 967

  }

}
resource "jamfpro_computer_group" "computer_group_004" {
  name     = "tf-localtest-smartcomputergroup-shell-01"
  is_smart = true
}

The reason for confirming your ask is that i have had to change the customDiff behaviour to not iterate on the presence of the isSmart field in the schema for criteria field existence.

ShocOne commented 2 months ago

This change has been implemented as part of PR #180 and is part of release v0.0.50. Please test and confirm this functions as desired. thank you for your feedback.

ecanault commented 2 months ago

Hi,

I have just tested this new release : great 🙂 !

The creation of smart groups without criteria is working well, thanks. I just noticed the following behaviour when we build the same plan without any modification:

Terraform will perform the following actions:
  # jamfpro_computer_group.object["81F2EFA5-6611-4CF0-986E-F75929943566"] will be updated in-place
  ~ resource "jamfpro_computer_group" "object" {
        id       = "8"
        name     = "smcg_all_production"
        # (1 unchanged attribute hidden)
      ~ site {
          - id   = 25 -> null
          + name = "Production"
        }
    }

And of course during the apply we have:

jamfpro_computer_group.object["81F2EFA5-6611-4CF0-986E-F75929943566"]: Modifying... [id=8]
jamfpro_computer_group.object["81F2EFA5-6611-4CF0-986E-F75929943566"]: Modifications complete after 0s [id=8]

We can also confirm the modification in Jamf Pro:

History_for_Smart_Computer_Group_smcg_all_production__

Please note this occurs only when modifying the site name, regardless the presence of criterias or not.

This can be an issue if it's the same for configuration profiles (not tested yet) as they will be redistributed to the devices if they are updated by terraform, even if there is no change.

Regards, Emmanuel

ecanault commented 2 months ago

An update: plan is not reapplied and therefore smart groups are not modified in Jamf Pro if we use site IDs instead of site names.

ShocOne commented 2 months ago

Hi there, i've implemented a fix as part of v0.0.51 which i'm hoping will resolve the stating issues. thanks