search

hashicorp / terraform-provider-googleworkspace

Terraform Provider for Google Workspace
https://registry.terraform.io/providers/hashicorp/googleworkspace
Mozilla Public License 2.0
129 stars 58 forks source link

user resource create consistency checks should backoff retry after 404 error received #286

Closed ghost closed 2 years ago

ghost commented 2 years ago

Terraform Version

[I] ➜ ~ terraform -v Terraform v1.1.8 on linux_amd64

Affected Resource(s)

Please list the resources as a list, for example:

Terraform Configuration Files

No special configuration

Debug Output

https://gist.github.com/cstadach-otto/a98e5710014b4d06973aaf686d467bae

Expected Behavior

The user should have been created and marked consistent in the terraform state

Actual Behavior

the get request to check consistency of the user is initially send to quickly and returns a 404 which lets the consistency check fail

Steps to Reproduce

  1. terraform apply

Important Factoids

We poc'ed a simple sleep before the consistency check get request and compiled It worked We suppose a 404 should be caught with a simple backoff to try the consistency check again

cstadach commented 2 years ago

I merged my two github accounts. The gist was apparently not transfered. Here is the missing log...

https://gist.github.com/cstadach/6f5b95f44cd56be6a522b36026094701

kan-bayashi commented 2 years ago

I have the same problem.

spunkedy commented 2 years ago

Same problem here

Luis-3M commented 2 years ago

We're facing the same issue.

kan-bayashi commented 2 years ago

@megan07 Any progress?

damir-dezeljin commented 2 years ago

I've bumped into same problem a few times already. As I never had time so far, I usually imported the created user into tfstate using:

terraform import 'googleworkspace_user.users["name.lastname@mydomain.io"]' name.lastname@mydomain.io

Of course this is a dirty work-around I used for the time being. Now it got quite frustrating already, as my CI/CD pipeline is failing and I have to setup my TF_VAR_... every time and especially doing it manually.

I had an idea of using a shell provider to run some delay, but I guess that wouldn't work either, as the check is part of the single creation of the googleworkspace_user.

Any news when we could expect a fix?

vkbytes commented 2 years ago

I have the same problem with this resource creation. What the best way or a work around atleast to get things working in the CI tool

 Error: unexpected error during retries of user: googleapi: Error 404: Resource Not Found: userKey, notFound
│
│   with googleworkspace_user.Testing,
│   on users.tf line 1, in resource "googleworkspace_user" "Testing":
│    1: resource "googleworkspace_user" "Testing" {
vkbytes commented 2 years ago

Looks like there is an issue in the provider or the SDK has been updated for Google. This is breaking our onboarding functions immensely 

022-05-17T17:28:17.779+0530 [WARN]  Provider "registry.terraform.io/hashicorp/googleworkspace" produced an unexpected new value for googleworkspace_user.Major during refresh.
      - .non_editable_aliases: was null, but now cty.ListVal([]cty.Value{cty.StringVal("major@vkbytes.in.test-google-a.com")})
      - .suspended: was null, but now cty.False
      - .suspension_reason: was null, but now cty.StringVal("")
      - .is_enforced_in_2_step_verification: was null, but now cty.False
      - .is_mailbox_setup: was null, but now cty.True
      - .org_unit_path: was null, but now cty.StringVal("/")
      - .thumbnail_photo_url: was null, but now cty.StringVal("")
      - .archived: was null, but now cty.False
      - .change_password_at_next_login: was null, but now cty.False
      - .customer_id: was null, but now cty.StringVal("C02ys4nxk")
      - .deletion_time: was null, but now cty.StringVal("")
      - .etag: was null, but now cty.StringVal("\"3JCqvIdgH-Km0Y2jsJAgKcFVVQJm9KnqLpctgNBBLbw/By0gB2MqSpO5RgwI3XDXzOdVufw\"")
      - .last_login_time: was null, but now cty.StringVal("1970-01-01T00:00:00.000Z")
      - .agreed_to_terms: was null, but now cty.False
      - .recovery_phone: was null, but now cty.StringVal("")
      - .thumbnail_photo_etag: was null, but now cty.StringVal("")
      - .aliases: was null, but now cty.ListValEmpty(cty.String)
      - .creation_time: was null, but now cty.StringVal("2022-05-17T11:52:57.000Z")
      - .ip_allowlist: was null, but now cty.False
      - .is_admin: was null, but now cty.False
      - .is_delegated_admin: was null, but now cty.False
      - .is_enrolled_in_2_step_verification: was null, but now cty.False
      - .recovery_email: was null, but now cty.StringVal("")
      - .languages: block count changed from 0 to 1
      - .emails: block count changed from 0 to 2
      - .name[0].full_name: was cty.StringVal(""), but now cty.StringVal("major Khandagle")
2022-05-17T17:28:17.782+0530 [WARN]  Provider "provider[\"registry.terraform.io/hashicorp/googleworkspace\"]" produced an unexpected new value for data.googleworkspace_users.my-domain-users.
      - .users[1].creation_time: was cty.StringVal("2022-05-17T11:42:02.000Z"), but now cty.StringVal("2022-05-17T11:52:57.000Z")
2022-05-17T17:28:17.792+0530 [WARN]  Provider "registry.terraform.io/hashicorp/googleworkspace" produced an invalid plan for googleworkspace_org_unit.work, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .block_inheritance: planned value cty.False for a non-computed attribute
2022-05-17T17:28:17.796+0530 [WARN]  Provider "registry.terraform.io/hashicorp/googleworkspace" produced an invalid plan for googleworkspace_user.Major, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .include_in_global_address_list: planned value cty.True for a non-computed attribute
      - .languages: attribute representing nested block must not be unknown itself; set nested attribute values to unknown instead
2022-05-17T17:28:18.663+0530 [INFO]  provider.terraform-provider-googleworkspace: 2022/05/17 17:28:18 [DEBUG] Google Workspace API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 200 OK
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
vkbytes commented 2 years ago

I hope someone is looking into this issue!!! this seems to break the fundamental function of the plugin.

victuos commented 2 years ago

Same problem here, this broke our onboarding flow.

cstadach commented 2 years ago

The check for the eventually consistent resources on create needed a 404 check. What we did in our onboarding process is compile my branch and use it to create users. @damir-dezeljins solution works as well but needed to muss manual activity for my taste ;)

JacquesLd commented 2 years ago

Is there any estimate on when this will be fixed ?

megan07 commented 2 years ago

Here is an open PR, we're waiting for one last, small change. We're balancing priorities across our team as best we're able and aim to merge this in the next two weeks. Thank you all for your patience!

cstadach commented 2 years ago

I fixed the PR, should be good to go now.

megan07 commented 2 years ago

closed by #287