search

mongodb / terraform-provider-mongodbatlas

Terraform MongoDB Atlas Provider: Deploy, update, and manage MongoDB Atlas infrastructure as code through HashiCorp Terraform
https://registry.terraform.io/providers/mongodb/mongodbatlas
Mozilla Public License 2.0
241 stars 167 forks source link

Renaming a custom_db_role with attached users is not possible #284

Closed languitar closed 4 years ago

languitar commented 4 years ago

Changing the name of an existing custom_db_role is currently not possible without ending in an error in the apply step. The plan for a name change currently indicates the replacement due to the name change:

  # module.versioner.mongodbatlas_custom_db_role.this must be replaced
-/+ resource "mongodbatlas_custom_db_role" "this" {
      ~ id         = "someid" -> (known after apply)
        project_id = "5c860ed2a6f2396cd47f4785"
      ~ role_name  = "old_name" -> "newName" # forces replacement

Applying this results in the following error:

Error: error deleting custom db role (mongoversioner): DELETE https://cloud.mongodb.com/api/atlas/v1.0/groups/projectid/customDBRoles/roles/old_name: 409 (request "Conflict") Deleting specified custom role would leave the following users without a role: someuser.

I understand that this is not possible directly without unassigning the user, but some indication for this issue already in the plan phase would make things much easier to handle.

themantissa commented 4 years ago

@languitar understood it would be easier to handle but that would require an ability for the underlying API to allow a "test run" submit to get that error earlier, which it does not. Otherwise we'd have to build all the logic of the underlying system into the provider which is quite an anti-pattern. I appreciate that more errors earlier would be useful and we add as we can and it makes sense but would be more of a feature request. There is a section for feature requests in our issue templates.

languitar commented 4 years ago

I understand this. But the feature request template was included in the repo right after I posted this issue, so I couldn't use that one ;-)

themantissa commented 4 years ago

@languitar lol, very good point ;) If you don't mind submitting there it would help a great deal. Do appreciate your input!

languitar commented 4 years ago

Here is is: https://feedback.mongodb.com/forums/924145-atlas/suggestions/41140231-indicate-operation-errors-already-in-the-plan-phas

I have no idea how to properly format the code snippet there.