search

newrelic / terraform-provider-newrelic

Terraform provider for New Relic
https://registry.terraform.io/providers/newrelic/newrelic/latest/docs
Mozilla Public License 2.0
200 stars 244 forks source link

Resource `newrelic_group`: Update is failing when removing a user when the user_id list is build by Terraform #2636

Open Mallear opened 2 months ago

Mallear commented 2 months ago

Hi there,

Terraform Version

Terraform v1.5.0
on darwin_arm64
+ provider registry.terraform.io/hashicorp/aws v5.39.1
+ provider registry.terraform.io/newrelic/newrelic v3.34.1

Affected Resource(s)

Please list the resources as a list, for example:

Terraform Configuration

data "newrelic_authentication_domain" "this" {
  name = "MyDomain"
}

locals {
  user_name = [
    "John.Doe",
    "Jane.Doe",
    "John.Smith",
    "Jane.Smith"
  ]
}

resource "newrelic_user" "viewer" {
  for_each = toset(local.user_name)
  name                     = each.key
  email_id                 = "${each.key}@domain.com"
  authentication_domain_id = data.newrelic_authentication_domain.this.id
  user_type                = "FULL_USER_TIER"
}

resource "newrelic_group" "viewer" {
  name                     = "Viewer Group Test"
  authentication_domain_id = data.newrelic_authentication_domain.this.id
  user_ids                 = [for user in newrelic_user.viewer : user.id]
}

terraform {
  required_version = ">= 1.5.0"

  required_providers {
    newrelic = {
      source  = "newrelic/newrelic"
      version = ">= 3.14"
    }
  }
}

provider "newrelic" {
}

Actual Behavior

When removing a user from the list, the user is deleted but the group update fails with the following logs:

╷
│ Error: maximum retries reached: The following ids were not found: user_ids: 1005916831
│ 
│   with newrelic_group.viewer,
│   on newrelic_groups.tf line 22, in resource "newrelic_group" "viewer":
│   22: resource "newrelic_group" "viewer" {
│ 
|

On New Relic, the user is removed from the group.

Expected Behavior

The group succesfully update.

Steps to Reproduce

  1. terraform apply
  2. Comment a user name in local.user_name
  3. terraform apply

Debug Output

╷
│ Error: maximum retries reached: The following ids were not found: user_ids: 1005916831
│ 
│   with newrelic_group.viewer,
│   on newrelic_groups.tf line 22, in resource "newrelic_group" "viewer":
│   22: resource "newrelic_group" "viewer" {
│ 
|

References

N/A

pranav-new-relic commented 2 months ago

@Mallear thank you for reporting this issue. We shall take a look soon and keep you posted.

My first thoughts suggest this could be happening because the user is first being destroyed/deleted, after which Terraform tries removing the user from the group; however, since the mutation on NerdGraph that removes users from a group validates if the ID of the user given in the input is still valid, the mutation throws an error, hence the issue. However, in the UI, the user is no longer part of the group as the user doesn't even exist anymore.

We might need to fix this by (possibly, if feasible) introducing a dependency that would ensure the user is not deleted until the user is removed from the group, or internally have the user removed from the group, if they have been deleted. The feasibility of the options above aren't clear at this point, so we'll take a look further and keep you posted.