[Bug]: changes to multiple custom_db_role resources only applies a subset of them

SimonVHB commented 5 days ago

Is there an existing issue for this?

[X] I have searched the existing issues

Provider Version

1.17.3

Terraform Version

1.9.0

Terraform Edition

Terraform Open Source (OSS)

Current Behavior

When updating multiple custom in one terraform apply, only a subset (mostly 1 or 2) of custom roles are actually updated. For example when updating a database name in multipe custom roles, the database name will only be updated in 1 or 2 custom roles.

To actually apply the changes, I need to apply the terraform config multiple times.

Terraform configuration to reproduce the issue

terraform {

  required_providers {
    mongodbatlas = {
      source  = "mongodb/mongodbatlas"
      version = "~> 1.17.3"
    }
  }
}

resource "mongodbatlas_custom_db_role" "test_role_1" {
  project_id = var.atlas_project_id
  role_name  = "custom_role_1"

  inherited_roles {
    role_name     = "readWrite"
    database_name = "db-1"
  }
}

resource "mongodbatlas_custom_db_role" "test_role_2" {
  project_id = var.atlas_project_id
  role_name  = "custom_role_2"

  inherited_roles {
    role_name     = "readWrite"
    database_name = "db-2"
  }
}

resource "mongodbatlas_custom_db_role" "test_role_3" {
  project_id = var.atlas_project_id
  role_name  = "custom_role_3"

  inherited_roles {
    role_name     = "readWrite"
    database_name = "db-3"
  }
}

resource "mongodbatlas_custom_db_role" "test_role_4" {
  project_id = var.atlas_project_id
  role_name  = "custom_role_4"

  inherited_roles {
    role_name     = "readWrite"
    database_name = "db-4"
  }
}

resource "mongodbatlas_custom_db_role" "test_role_5" {
  project_id = var.atlas_project_id
  role_name  = "custom_role_5"

  inherited_roles {
    role_name     = "readWrite"
    database_name = "db-5"
  }
}

Steps To Reproduce

Terraform init and first apply (creates all resources succesfully at once)
Update the database_name for all the custom roles, for example from db-1 or db-2 to db-test-1 and db-test-2.
Apply these new changes, every custom role should say Modifications complete after ...
Observe the changes made in the Atlas UI. Only some custom roles will be updated.
Apply again to see that changes will need to be made again.

Logs

mongodbatlas_custom_db_role.test_role_1: Refreshing state... [id=cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfMQ==]
mongodbatlas_custom_db_role.test_role_4: Refreshing state... [id=cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfNA==]
mongodbatlas_custom_db_role.test_role_2: Refreshing state... [id=cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfMg==]
mongodbatlas_custom_db_role.test_role_5: Refreshing state... [id=cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfNQ==]
mongodbatlas_custom_db_role.test_role_3: Refreshing state... [id=cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfMw==]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # mongodbatlas_custom_db_role.test_role_1 will be updated in-place
  ~ resource "mongodbatlas_custom_db_role" "test_role_1" {
        id         = "cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfMQ=="
        # (2 unchanged attributes hidden)

      - inherited_roles {
          - database_name = "db-1" -> null
          - role_name     = "readWrite" -> null
        }
      + inherited_roles {
          + database_name = "dbbbb-1"
          + role_name     = "readWrite"
        }
    }

  # mongodbatlas_custom_db_role.test_role_2 will be updated in-place
  ~ resource "mongodbatlas_custom_db_role" "test_role_2" {
        id         = "cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfMg=="
        # (2 unchanged attributes hidden)

      - inherited_roles {
          - database_name = "db-2" -> null
          - role_name     = "readWrite" -> null
        }
      + inherited_roles {
          + database_name = "dbbbb-2"
          + role_name     = "readWrite"
        }
    }

  # mongodbatlas_custom_db_role.test_role_3 will be updated in-place
  ~ resource "mongodbatlas_custom_db_role" "test_role_3" {
        id         = "cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfMw=="
        # (2 unchanged attributes hidden)

      - inherited_roles {
          - database_name = "db-3" -> null
          - role_name     = "readWrite" -> null
        }
      + inherited_roles {
          + database_name = "dbbbb-3"
          + role_name     = "readWrite"
        }
    }

  # mongodbatlas_custom_db_role.test_role_4 will be updated in-place
  ~ resource "mongodbatlas_custom_db_role" "test_role_4" {
        id         = "cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfNA=="
        # (2 unchanged attributes hidden)

      - inherited_roles {
          - database_name = "db-4" -> null
          - role_name     = "readWrite" -> null
        }
      + inherited_roles {
          + database_name = "dbbbb-4"
          + role_name     = "readWrite"
        }
    }

  # mongodbatlas_custom_db_role.test_role_5 will be updated in-place
  ~ resource "mongodbatlas_custom_db_role" "test_role_5" {
        id         = "cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfNQ=="
        # (2 unchanged attributes hidden)

      - inherited_roles {
          - database_name = "db-5" -> null
          - role_name     = "readWrite" -> null
        }
      + inherited_roles {
          + database_name = "dbbbb-5"
          + role_name     = "readWrite"
        }
    }

Plan: 0 to add, 5 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

mongodbatlas_custom_db_role.test_role_3: Modifying... [id=cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfMw==]
mongodbatlas_custom_db_role.test_role_1: Modifying... [id=cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfMQ==]
mongodbatlas_custom_db_role.test_role_4: Modifying... [id=cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfNA==]
mongodbatlas_custom_db_role.test_role_2: Modifying... [id=cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfMg==]
mongodbatlas_custom_db_role.test_role_5: Modifying... [id=cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfNQ==]
mongodbatlas_custom_db_role.test_role_4: Modifications complete after 1s [id=cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfNA==]
mongodbatlas_custom_db_role.test_role_1: Modifications complete after 1s [id=cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfMQ==]
mongodbatlas_custom_db_role.test_role_3: Modifications complete after 1s [id=cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfMw==]
mongodbatlas_custom_db_role.test_role_2: Modifications complete after 1s [id=cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfMg==]
mongodbatlas_custom_db_role.test_role_5: Modifications complete after 1s [id=cHJvamVjdF9pZA==:NjVjZjdkNDE4MGZiN2M2MDUwYWJkZThl-cm9sZV9uYW1l:Y3VzdG9tX3JvbGVfNQ==]

Apply complete! Resources: 0 added, 5 changed, 0 destroyed.

Code of Conduct

[X] I agree to follow this project's Code of Conduct

github-actions[bot] commented 5 days ago

Thanks for opening this issue! Please make sure you've followed our guidelines when opening the issue. In short, to help us reproduce the issue we need:

Terraform configuration file used to reproduce the issue
Terraform log files from the run where the issue occurred
Terraform Atlas provider version used to reproduce the issue
Terraform version used to reproduce the issue
Confirmation if Terraform OSS, Terraform Cloud, or Terraform Enterprise deployment

The ticket CLOUDP-259047 was created for internal tracking.

EspenAlbert commented 5 days ago

Hi @SimonVHB ! Thank you for reporting this issue. I was able to reproduce it. We will contact you with an estimate on when a fix will be available.

EspenAlbert commented 1 day ago

@SimonVHB, a little Friday update 😅 This bug doesn't seem to be related to the Terraform Provider; it is the upstream API it uses. Therefore, it might take a bit longer before a fix is available.

mongodb / terraform-provider-mongodbatlas