search

mongodb / terraform-provider-mongodbatlas

Terraform MongoDB Atlas Provider: Deploy, update, and manage MongoDB Atlas infrastructure as code through HashiCorp Terraform
https://registry.terraform.io/providers/mongodb/mongodbatlas
Mozilla Public License 2.0
241 stars 167 forks source link

X509 user creation and update throws error #312

Closed nikhil-mongo closed 3 years ago

nikhil-mongo commented 4 years ago

Terraform CLI and Terraform MongoDB Atlas Provider Version

Terraform v0.13.0
+ provider registry.terraform.io/terraform-providers/mongodbatlas v0.6.4

Terraform Configuration File

locals {
  atlas_users = [
    {
      app : "NodeJS"
      username : "C=US,ST=California,L=SantaClara,O=PAN Inc.,OU=AppServices,CN=appsvc-dev"
      roles = [
        {
          role_name : "readWrite"
          database_name : "sample_geo"
        }
      ]
    },
    {
      app : "Python"
      username : "C=US,ST=California,L=SantaClara,O=PAN Inc.,OU=AppServices,CN=appsvc-qa"
      roles = [
        {
          role_name : "atlasAdmin"
          database_name : "admin"
        }
      ]
    }
  ]
}
resource "mongodbatlas_database_user" "atlas" {
  for_each = {
    for user in local.atlas_users : "${user.app}-${user.username}" => user
  }
  username           = each.value.username
  x509_type          = "CUSTOMER"
  project_id           = var.project_id
  auth_database_name = "$external"
  dynamic roles {
    for_each = {
      for role in each.value.roles : "${role.database_name}-${role.role_name}" => role
    }
    content {
      role_name     = roles.value.role_name
      database_name = roles.value.database_name
    }
  }
}

Steps to Reproduce

Please list the full steps required to reproduce the issue, for example:

  1. terraform init
  2. terraform apply

The user is created but the Terraform throws 500 error.

Error: error getting database user information: GET https://cloud.mongodb.com/api/atlas/v1.0/groups/5dd0f66379358e17e49d6c40/databaseUsers/$external/C%3DUS%2CST%3DCalifornia%2CL%3DSantaClara%2CO%3DPAN+Inc.%2COU%3DAppServices%2CCN%3Dappsvc-dev: 500 (request "Internal Server Error") Unexpected error.

  on atlas.tf line 29, in resource "mongodbatlas_database_user" "atlas":
  29: resource "mongodbatlas_database_user" "atlas" {

Error: error getting database user information: GET https://cloud.mongodb.com/api/atlas/v1.0/groups/5dd0f66379358e17e49d6c40/databaseUsers/$external/C%3DUS%2CST%3DCalifornia%2CL%3DSantaClara%2CO%3DPAN+Inc.%2COU%3DAppServices%2CCN%3Dappsvc-qa: 500 (request "Internal Server Error") Unexpected error.

  on atlas.tf line 29, in resource "mongodbatlas_database_user" "atlas":
  29: resource "mongodbatlas_database_user" "atlas" {

Expected Behavior

The user created without any error.

Actual Behavior

The user is created with 500 error.

Debug Output

debug.log

Another scenario:

locals {
  atlas_users = [
    {
      app : "NodeJS"
      username : "C=US,ST=California,L=SantaClara,O=PANInc.,OU=AppServices,CN=appsvc-dev"
      roles = [
        {
          role_name : "readWrite"
          database_name : "sample_geo"
        }
      ]
    },
    {
      app : "Python"
      username : "C=US,ST=California,L=SantaClara,O=PANInc.,OU=AppServices,CN=appsvc-qa"
      roles = [
        {
          role_name : "atlasAdmin"
          database_name : "admin"
        }
      ]
    }
  ]
}
resource "mongodbatlas_database_user" "atlas" {
  for_each = {
    for user in local.atlas_users : "${user.app}-${user.username}" => user
  }
  username           = each.value.username
  x509_type          = "CUSTOMER"
  project_id           = var.project_id
  auth_database_name = "$external"
  dynamic roles {
    for_each = {
      for role in each.value.roles : "${role.database_name}-${role.role_name}" => role
    }
    content {
      role_name     = roles.value.role_name
      database_name = roles.value.database_name
    }
  }
}

Steps to Reproduce

Please list the full steps required to reproduce the issue, for example:

  1. terraform init
  2. terraform apply

Expected Behavior

The user is created successfully

Actual Behavior

The user is created successfully

Change any parameter such as database_name : "admin" to `database_name : "sample_flix" and run

  1. terraform apply

Expected Behavior

The existence of the user should be validated agains $external db and update should be applied.

Actual Behavior

The existence of the user is validated agains the admin database which is incorrect.

Debug Output

debug.log

Crash Output

mongodbatlas_database_user.atlas["NodeJS-C=US,ST=California,L=SantaClara,O=PANInc.,OU=AppServices,CN=appsvc-dev"]: Modifying... [id=cHJvamVjdF9pZA==:NWRkMGY2NjM3OTM1OGUxN2U0OWQ2YzQw-dXNlcm5hbWU=:Qz1VUyxTVD1DYWxpZm9ybmlhLEw9U2FudGFDbGFyYSxPPVBBTkluYy4sT1U9QXBwU2VydmljZXMsQ049YXBwc3ZjLWRldg==-YXV0aF9kYXRhYmFzZV9uYW1l:JGV4dGVybmFs]

Error: error updating database user(C=US,ST=California,L=SantaClara,O=PANInc.,OU=AppServices,CN=appsvc-dev): PATCH https://cloud.mongodb.com/api/atlas/v1.0/groups/5dd0f66379358e17e49d6c40/databaseUsers/admin/C=US,ST=California,L=SantaClara,O=PANInc.,OU=AppServices,CN=appsvc-dev: 404 (request "Not Found") No user with username C=US,ST=California,L=SantaClara,O=PANInc.,OU=AppServices,CN=appsvc-dev exists.

  on atlas.tf line 29, in resource "mongodbatlas_database_user" "atlas":
  29: resource "mongodbatlas_database_user" "atlas" {

Additional Context

References

nikhil-mongo commented 4 years ago

If this seems to be the entire duplicate of 292, feel free to close it but this has other issues as well.

themantissa commented 4 years ago

Leaving this open @nikhil-mongo as you are correct 292 covers auth as was already in progress but the spacing issue should be reviewed as well @leofigy fyi, left on current tracking card.

themantissa commented 3 years ago

Fixed in 0.6.5 and released!