search

onelogin / terraform-provider-onelogin

GNU General Public License v3.0
27 stars 19 forks source link

onelogin_app_role_attachments does not apply changes correctly #31

Closed tkallenberg-tw closed 1 year ago

tkallenberg-tw commented 3 years ago

When applying role_attachments for the first time to an app, the provider crashes with an error message: App abc does not have role 123. The result in the UI is that some roles are attached and some are not. Sometimes also no roles are attached. The next run with the provider only works if the roles are selected manually in the app to reflect the persisted state.

data.terraform_remote_state.apps: Refreshing state...
data.external.app_newrelic_roles: Refreshing state... [id=-]

module.onelogin_roles.module.onelogin_app["aaaa"].onelogin_app_role_attachments.app_role["xxxx"]: Refreshing state... [id=aaaa]
module.onelogin_roles.module.onelogin_app["bbbb"].onelogin_app_role_attachments.app_role["zzz"]: Refreshing state... [id=bbbb]
module.onelogin_roles.module.onelogin_app["bbbb"].onelogin_app_role_attachments.app_role["xxxx"]: Refreshing state... [id=bbbb]
module.onelogin_roles.module.onelogin_app["bbbb"].onelogin_app_role_attachments.app_role["zzzz"]: Refreshing state... [id=bbbb]
module.onelogin_roles.module.onelogin_app["aaaa"].onelogin_app_role_attachments.app_role["zzzz"]: Refreshing state... [id=aaaa]

Error: App bbbb does not have role zzzz
Error: App aaaa does not have role xxxx

This could also be another outcome of the race condition in #30

TwSimoneRoselli commented 3 years ago

Hi,

We are experiencing the same problem. We initially thought that the problem was our Terraform code using the _foreach construct within a module, therefore we tried to break the code down like this:

resource onelogin_app_role_attachments example {
    app_id = 123456
    role_id = 00001
}

resource onelogin_app_role_attachments example2 {
    app_id = 123456
    role_id = 00002
}

but getting the same error: Error: App 123456 does not have role 00002

Meaning that, the Terraform provider is not able to attach more than one role to the application, at the same time.

Thanks in advance for any help here.

Jmfwolf commented 1 year ago

We are in the process of standardizing our SDKs by using OpenAPI specifications. I have an OpenAPI generated terraform-provider-onelogin in prerelease if you would like t try it out. https://github.com/onelogin/terraform-provider-onelogin/tree/openapi

Jmfwolf commented 1 year ago

New version of the SDK released