search

opsgenie / terraform-provider-opsgenie

Terraform OpsGenie provider
https://registry.terraform.io/providers/opsgenie/opsgenie/latest/docs
Mozilla Public License 2.0
103 stars 137 forks source link

Cannot update Opsgenie escalation policy #345

Closed catalinmares closed 1 year ago

catalinmares commented 1 year ago

Hi there,

I came accross a bug using the opsgenie_escalation Terraform resource. Whenever I try updating the escalation by modifying the Terraform resource in the configuration file and hit apply, I get a forbidden error, complaining that I am not allowed to change the owner team of the escalation policy with the current API key.

Of course, I understand that in order to change the owner team I would need a global Opsgenie API key, not a team-scoped one, like I am currently using. But this is not my use case right now. I am not planning to change the owner team of the escalation policy, I just need to be able to update fields like name or the fields from the rules blocks. Also, in my organisation I am not allowed to used global API keys since it would interfere with the other teams' work.

I noticed that for the update, the PATCH method is used against the Opsgenie API (https://docs.opsgenie.com/docs/escalation-api#update-escalation-partial) and all the fields are optional, allowing you to specify only the fields that you need to update.

Terraform Version

Terraform v1.3.2 on linux_amd64

Affected Resource

opsgenie_escalation

Terraform Configuration Files

data "opsgenie_team" "BNS-AQUILA" {
    name = "BNS-AQUILA"
}

data "opsgenie_schedule" "BNS-AQUILA_schedule" {
    name = "BNS-AQUILA_schedule"
}

resource "opsgenie_escalation" "BNS-AQUILA_escalation" {
    name                    = "BNS-AQUILA_escalation"
    owner_team_id           = data.opsgenie_team.BNS-AQUILA.id

    rules {
        condition           = "if-not-acked"
        delay               = 0
        notify_type         = "default"

        recipient {
            id              = data.opsgenie_schedule.BNS-AQUILA_schedule.id
            type            = "schedule"
        }
    }
    rules {
        condition           = "if-not-acked"
        delay               = 5
        notify_type         = "next"

        recipient {
            id              = data.opsgenie_schedule.BNS-AQUILA_schedule.id
            type            = "schedule"
        }
    }
    rules {
        condition           = "if-not-acked"
        delay               = 10
        notify_type         = "all"

        recipient {
            id              = data.opsgenie_team.BNS-AQUILA.id
            type            = "team"
        }
    }
}

Debug Output

https://gist.github.com/catalinmares/3004d4dc4a8d47508a5f6d2692915664#file-opsgenie_escalation_debug-txt

Expected Behavior

With the escalation_policy in the Terraform state having the configuration provided above, when changing the delays, a request to the Opsgenie API should have been made specifying only the fields that changed.

Actual Behavior

Looks like all the fields are sent in the request (more like a PUT instead of a PATCH), making the request fail when a team-scoped API key is used because of the owner_team_id field.

Steps to Reproduce

  1. terraform apply
  2. Change any field except for owner_team_id
  3. terraform apply
frknyldz commented 1 year ago

Hi @catalinmares , thanks for the contribution and that detailed explanation. We released a new version and verified that the issue seems to be resolved. I'm closing this issue and I'm kindly asking you to test it with the latest version. If you encounter a problem again feel free to reopen this issue. Gday