search

hashicorp / terraform-provider-googleworkspace

Terraform Provider for Google Workspace
https://registry.terraform.io/providers/hashicorp/googleworkspace
Mozilla Public License 2.0
130 stars 58 forks source link

Indirect members saved into the state? #449

Closed emas80 closed 1 year ago

emas80 commented 1 year ago

Terraform Version

1.3.5

    googleworkspace = {
      source  = "hashicorp/googleworkspace"
      version = "0.7.0"
    }
    google = {
      source  = "hashicorp/google"
      version = "~> 4.46.0"
    }

Affected Resource(s)

Please list the resources as a list, for example:

Terraform Configuration Files


resource "googleworkspace_group" "my_group" {
  email       = "my_group@xxx.com"
  name        = "my_group"
}

resource "googleworkspace_group_settings" "my_group" {
  email = googleworkspace_group.my_group.email

  lifecycle {
    ignore_changes = [
      is_archived,
    ]
  }

  allow_external_members = false

  who_can_join             = "CAN_REQUEST_TO_JOIN"
  who_can_leave_group      = "NONE_CAN_LEAVE"
  who_can_moderate_content = "NONE"
  who_can_moderate_members = "NONE"

  # Privacy
  who_can_post_message    = "ANYONE_CAN_POST"
  who_can_discover_group  = "ALL_IN_DOMAIN_CAN_DISCOVER"
  who_can_view_group      = "ALL_IN_DOMAIN_CAN_VIEW"
  who_can_view_membership = "ALL_IN_DOMAIN_CAN_VIEW"
}

resource "googleworkspace_group_members" "my_group" {
  group_id = googleworkspace_group.my_group.id

  members {
    email = "other-group@xxx.com"
    role  = "MEMBER"
    type  = "GROUP"
  }
}

Expected Behavior

If if run terraform plan and nothing has changed, nothing should happen

Actual Behavior

Terraform ALWAYS detects a drift in the state, and it wants to remove or to add from the members every user who is part of other-group@xxx.com.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example: 1 - First time you run apply, things are good on Google Workspace. 2 - Second time you run it - when nothing has changed - terraform wants to add the indirect members to the group, so all the members appear in the Google Group as indirect members (while before only the other-group appeared. 3 - Third time you run it - when nothing has changed - terraform wants to remove the members from it's state and from the Google group, resetting the situation to 1.

And the cycle keeps repeating itself.