Unable to update members in an existing "mongodbatlas_teams" as the provider attempts to remove all users first

[willmayne]

Terraform CLI and Terraform MongoDB Atlas Provider Version

Terraform v0.14.10
mongodb/mongodbatlas version = "1.4.3"

Terraform Configuration File

provider "mongodbatlas" {
  public_key  = var.atlas_public_key
  private_key = var.atlas_private_key
}

terraform {
  required_providers {
    mongodbatlas = {
      source = "mongodb/mongodbatlas"
    }
  }
  required_version = ">= 0.13"
}

resource "mongodbatlas_teams" "default" {
  org_id    = var.atlas_organisation
  name      = var.atlas_team_name
  usernames = var.atlas_team_members
}

variable "atlas_organisation" {}
variable "atlas_public_key" {}
variable "atlas_private_key" {}
variable "atlas_team_name" {}
variable "atlas_team_members" {
  type    = set(string)
  default = []
}

Steps to Reproduce

1. Change the value of atlas_team_members from: ["user1", "user2"] to ["user1", "user2", "user3"]
2. Run terraform init and terraform apply

   user3 should have been added to the team

   Actual Behavior

   user2 is removed from the team and Terraform errors trying to remove user1.

   Debug Output

   
   An execution plan has been generated and is shown below.
   Resource actions are indicated with the following symbols:
     ~ update in-place
   
   Terraform will perform the following actions:
   
     # mongodbatlas_teams.default will be updated in-place
     ~ resource "mongodbatlas_teams" "default" {
           id        = ""
           name      = "redacted"
         ~ usernames = [
             + "redacted",
               # (2 unchanged elements hidden)
           ]
           # (2 unchanged attributes hidden)
       }
   
   Plan: 0 to add, 1 to change, 0 to destroy.
   
   ------------------------------------------------------------------------
   
   This plan was saved to: tfplan
   
   To perform exactly these actions, run the following command to apply:
       terraform apply "tfplan"

   Crash Output

   mongodbatlas_teams.default: Modifying... [id=redacted]
   
   Error: error deleting Atlas User (redacted) information: DELETE https://cloud.mongodb.com/api/atlas/v1.0/orgs/redacted/teams/redacted/users/redacted: 403 (request "CANNOT_DELETE_LAST_ORG_USER_FROM_TEAM") Cannot remove the only team user from the organization. First, add another user to the team and then continue with deleting them from your organization.
   
     on team.tf line 1, in resource "mongodbatlas_teams" "default":
      1: resource "mongodbatlas_teams" "default" {
   
   ERRO[0019] Hit multiple errors:
   Hit multiple errors:
   exit status 1

   Additional Context

   References

[themantissa]

Thank you for the report. I will have the team take a look. @martinstibbe @evertsd

[akierstein-insider]

I'll note this has affected our group as well. Thanks for reporting this @willmayne

[GertVil]

Is there a way to work around this? Just ran into this issue too.

[martinstibbe]

@themantissa This issue appears in older versions of provider as well verified in 1.3.1 current design removes entire user list to update so API might have introduced a breaking change. Workaround would be to edit team structure members to match current Terraform config if it is blocking other updates unrelated to teams API

[themantissa]

@martinstibbe sounds good - let's figure out next steps today at our meeting

[themantissa]

Internal ticket INTMDB-352

[kbachand]

I am also experiencing this issue. Was on 1.3.1 and upgraded to 1.4.3 in hopes of fixing the issue with no luck. Thank you for reporting @willmayne

[themantissa]

All - it looks like this was caused by a change in the underlying API the provider users. We are expecting a reversion of the change, which should correct the issue. As soon as that's done we'll update here.

[martinstibbe]

@themantissa I verified it should be working now

[themantissa]

Okay all - the reversion worked per Martin's tests. Should be good to go here.