search

ministryofjustice / cloud-platform

Documentation on the MoJ cloud platform
MIT License
86 stars 45 forks source link

Bug: upgrading auth0 provider for the account tf #6361

Open jaskaransarkaria opened 1 month ago

jaskaransarkaria commented 1 month ago

Background

https://github.com/ministryofjustice/cloud-platform-infrastructure/blob/ee2997721c28a7e54f4565103985950d0ca15c63/terraform/aws-accounts/cloud-platform-aws/account/versions.tf#L6

We can't upgrade this possibly because of this issue https://github.com/alexkappa/terraform-provider-auth0/issues/157

Definition of done

Reference

How to write good user stories

kyphutruong commented 1 week ago

This is the error when trying to bump auth0 provider from 0.50.2 to 1.7.3

│ Error: Failed to decode resource from state
│ 
│ Error decoding "module.sso.auth0_client.saml" from previous state: missing expected [
╵
╷
│ Error: missing expected [
│ 
│   with auth0_client.opensearch_app_logs,
│   on app-opensearch.tf line 399, in resource "auth0_client" "opensearch_app_logs":
│  399:   addons {
│ 
╵
╷
│ Error: missing expected [
│ 
│   with auth0_client.opensearch,
│   on modsec-opensearch.tf line 218, in resource "auth0_client" "opensearch":
│  218:   addons {
│ 
╵
╷
│ Error: missing expected [
│ 
│   with module.sso.auth0_client.saml,
│   on .terraform/modules/sso/auth0.tf line 12, in resource "auth0_client" "saml":
│   12:   addons {
│

Also the same error on the TF plan check in the dependabot PR: https://github.com/ministryofjustice/cloud-platform-infrastructure/pull/3540

kyphutruong commented 1 week ago

Possible fix: Migration guide

kyphutruong commented 4 days ago

Need to test the steps in the Migration guide, which involves tinkering with the state file. The best place to test is in the ephemeral test account

kyphutruong commented 4 days ago

Blocked until https://github.com/ministryofjustice/cloud-platform/issues/6519 is done

kyphutruong commented 22 hours ago

Reproduced same kind of errors when trying to upgrade auth0 provider in ephemeral test account:

│ Error: Failed to decode resource from state
│ 
│ Error decoding "module.sso.auth0_client.saml" from previous state: missing expected [
╵
╷
│ Error: missing expected [
│ 
│   with module.sso.auth0_client.saml,
│   on .terraform/modules/sso/auth0.tf line 12, in resource "auth0_client" "saml":
│   12:   addons {