search

mongodb / terraform-provider-mongodbatlas

Terraform MongoDB Atlas Provider: Deploy, update, and manage MongoDB Atlas infrastructure as code through HashiCorp Terraform
https://registry.terraform.io/providers/mongodb/mongodbatlas
Mozilla Public License 2.0
241 stars 167 forks source link

inherited_roles are not correctly removed from custom_db_roles #280

Closed languitar closed 3 years ago

languitar commented 4 years ago

Due to #279 I have rebuilt an existing role (created via the Web UI) with basic permissions instead of inherited roles. As a consequence, the plan output includes adding actions and also removing the inherited roles:

  ~ resource "mongodbatlas_custom_db_role" "this" {
        id         = "cHJvamVjdF9pZA==:NWNhNDkzYjZhNmYyMzlhYzg0YzViOTg0-cm9sZV9uYW1l:YXBpTWFwcGluZw=="
        project_id = "5ca493b6a6f239ac84c5b984"
        role_name  = "apiMapping"

      + actions {
          + action = "FIND"

          + resources {
              + database_name = "cache"
            }
          + resources {
              + database_name = "catalog"
            }
        }
       // ... further actions

      - inherited_roles {
          - database_name = "catalog" -> null
          - role_name     = "readWrite" -> null
        }
      - inherited_roles {
          - database_name = "cache" -> null
          - role_name     = "readWrite" -> null
        }
    }

After applying this plan, the inherited roles are still present and the next plan iteration again tried to remove them: image

This happens with terraform v0.12.27 and provider 0.6.0.

themantissa commented 4 years ago

Just to keep the issues clear I'm going to close this but link to #279 as related for our devs to see but part of the larger issue.

themantissa commented 4 years ago

After chatting with our developers going to re-open this so we can split to two separate work items.

languitar commented 4 years ago

Alright, as my comment on #279 is probably more related to this issue, here it is again:

Another aspect of this thing could be the following:

      ~ inherited_roles {
          ~ database_name = "history" -> "userdata"
            role_name     = "readWrite"
        }
        inherited_roles {
            database_name = "catalog"
            role_name     = "readWrite"
        }
      ~ inherited_roles {
          ~ database_name = "userdata" -> "cache"
            role_name     = "readWrite"
        }
      ~ inherited_roles {
          ~ database_name = "cache" -> "history"
            role_name     = "readWrite"
        }

Seems the sorting wasn't correctly applied in the previous iteration and now this diff reappears everytime.

themantissa commented 4 years ago

Thank you @languitar for adding that and understanding the back and forth here. We'll update each issue as progress is made.

PacoDw commented 4 years ago

Hello, @languitar thank you so much for your review, I made changes resolving this issue could you test it to check if everything is okay? Also, let me know if you have another comment or concern, thanks.

themantissa commented 4 years ago

@languitar we've released a preview version that should allow you to test if this fixes the issue. If you can confirm we'd appreciate it. https://github.com/mongodb/terraform-provider-mongodbatlas/releases/tag/0.6.4

languitar commented 4 years ago

We will try our best within the next few days.

themantissa commented 4 years ago

@languitar certainly let us know when ever works for you. We will probably proceed w/ a full release of 0.6.4 as it looks good but happy to address any further issues. Just us know.

themantissa commented 3 years ago

@languitar just wanted to check in and see if we are good here?

languitar commented 3 years ago

Sorry, we somehow forgot testing this so far.

Jeinhaus commented 3 years ago

We got around to test this and it worked as expected. Thank you for the fix :+1:

themantissa commented 3 years ago

Thank you @Jeinhaus for the confirmation! I'll close this then but if any related issues feel free to open a new issue.