MrLuje commented 1 week ago

Describe the bug Deleting a platform_permission destination (https://registry.terraform.io/providers/jfrog/platform/latest/docs/resources/permission#destination) property is not working

Requirements for and issue

[X] Your version of artifactory (you can curl it at $host/artifactory/api/system/version (self-hosted v7.84.12)
[X] Your version of terraform (1.9.7)
[X] Your version of terraform provider (1.14)

Expected behavior Ability to manage platform_permission destinations

terraform {
  required_providers {
    artifactory = {
      source  = "jfrog/artifactory"
      version = "12.2.0"
    }
    platform = {
      source  = "jfrog/platform"
      version = "1.14.0"
    }
  }
}

provider "platform" {
  url               = "xxx"
  access_token      = "xxx"
  myjfrog_api_token = "xxx"
}

provider "artifactory" {
  url          = "xxx"
  access_token = "xxx"
}

resource "artifactory_group" "test_mrluje" {
  name      = "test_mrluje"
  auto_join = false
}

resource "platform_permission" "test-reader" {
  name = "test-mrluje"

  artifact = {
    actions = {
      groups = [{
        name        = artifactory_group.test_mrluje.name
        permissions = ["READ"]
      }]
    }

    targets = [{
      name             = artifactory_local_helm_repository.test-mrluje.key
      include_patterns = ["**/test/**"]
    }]
  }

  destination = {
    actions = {
      groups = [{
        name        = artifactory_group.test_mrluje.name
        permissions = ["READ"]
      }]
    }

    targets = [{
      name             = artifactory_local_helm_repository.test-mrluje.key
      include_patterns = ["**/test/**"]
    }]
  }
}

resource "artifactory_local_helm_repository" "test-mrluje" {
  key             = "test-mrluje"
  repo_layout_ref = "simple-default"
}

Next comment the destination block and apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # platform_permission.test-reader will be updated in-place
  ~ resource "platform_permission" "test-reader" {
      - destination = {
          - actions = {
              - groups = [
                  - {
                      - name        = "test_mrluje" -> null
                      - permissions = [
                          - "READ",
                        ] -> null
                    },
                ] -> null
            } -> null
          - targets = [
              - {
                  - include_patterns = [
                      - "**/test/**",
                    ] -> null
                  - name             = "test-mrluje" -> null
                },
            ] -> null
        } -> null
        name        = "test-mrluje"
        # (1 unchanged attribute hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.
╷
│ Warning: Attribute Deprecated
│ 
│   with provider["registry.terraform.io/jfrog/platform"],
│   on artifactory_test.tf line 17, in provider "platform":
│   17:   myjfrog_api_token = "xxx"
│ 
│ MyJFrog API token is deprecated. Use provider 'jfrog/myjfrog' https://registry.terraform.io/providers/jfrog/myjfrog instead.
│ 
│ (and one more similar warning elsewhere)
╵

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

platform_permission.test-reader: Modifying... [name=test-mrluje]
platform_permission.test-reader: Modifications complete after 0s [name=test-mrluje]

Plan again


Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place

Terraform will perform the following actions:

platform_permission.test-reader will be updated in-place

~ resource "platform_permission" "test-reader" {

destination = {
- actions = {
  - groups = [
    - {
      - name = "test_mrluje" -> null
      - permissions = [
        
        "READ", ] -> null }, ] -> null } -> null
- targets = [
  - {
    - include_patterns = [
      - "/test/", ] -> null
    - name = "test-mrluje" -> null }, ] -> null } -> null name = "test-mrluje"
      (1 unchanged attribute hidden)
      
      }

Plan: 0 to add, 1 to change, 0 to destroy.

alexhung commented 1 week ago

@MrLuje Thanks for the report. I've added this to our plan to investigate.

alexhung commented 1 week ago

@MrLuje Just want to point out that destination does not accept repository key as name. It should be name of the edge node. See https://jfrog.com/help/r/jfrog-platform-administration-documentation/add-destinations

alexhung commented 1 week ago

@MrLuje I am unable to reproduce your issue. Using your TF configuration (with modification to run on my local Artifactory instance), there is no plan change after apply even using repo key in the destination.targets.name.

MrLuje commented 2 days ago

@alexhung Thanks for checking. Maybe related to our artifactory version (v7.84.12), I'll try with an updated instance in the coming weeks.

jfrog / terraform-provider-platform

platform_permission destination property not working #141

platform_permission.test-reader will be updated in-place

(1 unchanged attribute hidden)