search

okta / terraform-provider-okta

A Terraform provider to manage Okta resources, enabling infrastructure-as-code provisioning and management of users, groups, applications, and other Okta objects.
https://registry.terraform.io/providers/okta/okta
Mozilla Public License 2.0
253 stars 206 forks source link

Wrong definition of email_domain_id in brand resource #1855

Open MichaelOtte-lhsystems opened 9 months ago

MichaelOtte-lhsystems commented 9 months ago

Community Note

Terraform Version

1.6.6

Affected Resource(s)

Terraform Configuration Files

resource "okta_brand" "brand" {
  name                           = "Custom"
  custom_privacy_policy_url      = var.okta_brand.custom_privacy_policy_url 
  remove_powered_by_okta         = var.okta_brand.remove_powered_by_okta 
  email_domain_id                = var.email_domain_id
}

Debug Output

  terrafrom validate 

Error: Invalid Configuration for Read-Only Attribute
β”‚ 
β”‚   with okta_brand.brand,
β”‚   on brands.tf line 36, in resource "okta_brand" "brand":
β”‚   36:   email_domain_id                = var. email_domain_id
β”‚ 
β”‚ Cannot set value for this attribute as the provider has marked it as read-only. Remove the configuration line setting the value.
β”‚ 
β”‚ Refer to the provider documentation or contact the provider developers for additional information about configurable and
β”‚ read-only attributes that are supported.

Panic Output

Expected Behavior

terraform apply will change the "email_domain_id" for brand so it should not be defined as Read-Only

Can this be done in the Admin UI?

Can this be done in the actual API call?

Actual Behavior

Steps to Reproduce

  1. terraform validate

Important Factoids

References

mvitt commented 9 months ago

Hey @MichaelOtte-lhsystems,

This was changed from argument to attribute for the okta_brand resource because it you have the email_domain_id argument set and have brand_id argument set on the okta_email_domain resource you will get a Terraform cyclical error.

The way this should be done is:

  1. Set the brand without email_domain_id.
  2. Grab the brand id from the output of of step 1.
  3. On the okta_email_domain set the brand_id with the id you retrieve from step 2.
MichaelOtte-lhsystems commented 9 months ago

I recognised that there was a change https://github.com/okta/terraform-provider-okta/issues/1824 but how could the email_domain_id attached to brand if you have multiple brands as okta_email_domain only support one brand_id?

` resource "okta_brand" "example1" { name = "example1 } resource "okta_brand" "example1" { name = "example1 }

resource "okta_email_domain" "example" { brand_id = "example1" domain = "example.com" display_name = "test" user_name = "paul_atreides" }`

MichaelOtte-lhsystems commented 9 months ago

Hey @MichaelOtte-lhsystems,

This was changed from argument to attribute for the okta_brand resource because it you have the email_domain_id argument set and have brand_id argument set on the okta_email_domain resource you will get a Terraform cyclical error.

The way this should be done is:

  1. Set the brand without email_domain_id.
  2. Grab the brand id from the output of of step 1.
  3. On the okta_email_domain set the brand_id with the id you retrieve from step 2.

@mvitt Thanks for clarification.

How I can assign multiple brand_id's to the same okta_email_domain?

duytiennguyen-okta commented 9 months ago

There is only one brand id per email_domain https://developer.okta.com/docs/api/openapi/okta-management/management/tag/EmailDomain/#tag/EmailDomain/operation/createEmailDomain

MichaelOtte-lhsystems commented 9 months ago

@duytiennguyen-okta thanks for pointing me to API with only one brand_id

If you request the email domains one "emailDomainId" could be assigned to multiple brands.

/api/v1/email-domains?expand=brands Ho to assign one email domain to multiple brands now? Until 4.6.1 https://registry.terraform.io/providers/okta/okta/4.6.1/docs/resources/brand this was possible by setting resource "okta_brand" "example1" { name = "example1 email_domain_id = "12345" } resource "okta_brand" "example2" { name = "example2 email_domain_id = "12345" }
duytiennguyen-okta commented 8 months ago

OKTA internal reference https://oktainc.atlassian.net/browse/OKTA-690454

MichaelOtte-lhsystems commented 4 months ago

Are there any change planned? We still stuck on Okta TF plugin 4.4.3 until this issue is fixed.