search

dynatrace-oss / terraform-provider-dynatrace

Apache License 2.0
71 stars 33 forks source link

[Potential Bug] export dynatrace_iam_group return empty result #299

Closed ghost closed 1 year ago

ghost commented 1 year ago

Describe the bug After following the Terraform documentation to configure the required provider and Dynatrace provider (dt_env_url, dt_api_token, iam_client_id, etc.) and calling the exporter by:

.\.terraform\providers\registry.terraform.io\dynatrace-oss\dynatrace\1.35.2\windows_amd64\terraform-provider-dynatrace_v1.35.2.exe -export dynatrace_iam_group
we receive the following output in the terminal:
Post-Processing Resources ...
Writing ___resources___.tf
Writing ___datasources___.tf
- dynatrace_iam_group
Writing main.tf
Writing ___variables___.tf
Writing ___providers___.tf
Executing 'terraform init'

and also we get the following files in the (default) output directory: image

It seems that we do not receive the resources and we double checked the scope for the OAuth Client. We do have the required scope as stated in prerequisites.

Expected behavior The resources in the specific output directory.

Desktop (please complete the following information):

Dynatrace-Reinhard-Pilz commented 1 year ago

Hello @arnauagithub,

Let's check whether this is perhaps a simple configuration issue. The export functionality requires environment variables to be set. The example shown in prerequisites isn't particularly clear about that, I'm afraid.

So, before executing terraform-provider-dynatrace_v1.35.2.exe -export dynatrace_iam_group you should have the following environment variables defined.

DT_CLIENT_ID=dt####.########
DT_ACCOUNT_ID=urn:dtaccount:########-####-####-####-############
DT_CLIENT_SECRET=dt####.########.################################################################

The prefix urn:dtaccount: for DT_ACCOUNT_ID is meanwhile optional, but it doesn't hurt to add it for diagnosis.

In addition to that you can also define the environment variables

DYNATRACE_DEBUG=true
DT_DEBUG_IAM_BEARER=true

which would produce a log file with additional information regarding oauth communication.

If none of that helps, I can offer to jump on a zoom call with you where we can figure out the root case here together. Feel free to reach out to us via terraform@dynatrace.com if that's an option for you.

best regards, Reinhard

ghost commented 1 year ago

Dear Reinhard,

thank you very much for the information. We used the DT_CLIENT_ID, DT_ACCOUNT_ID and DT_CLIENT_SECRET and also added the urn:dtaccount: for DT_ACCOUNT_ID.

Now it works!

Please add this to the documentation.

Thank you very much and best regads, Arnel

Dynatrace-Reinhard-Pilz commented 1 year ago

Great news! I just added a few clarifying words to the docs - will be visible with the next release.