Name clash when creating custom roles

ocofaigh commented 1 month ago

It seems you have a name clash with the standard test and upgrade test (they run in parallel)

Error: UpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │ Error: [ERROR] Error creating Custom Roles: This role name has already been used, please update the existing one or change the role name.

Can the role name be exposed so in the example we could use the var.prefix value (which is unique per test).

Alternatively you can remove the parallel flag from the tests, but this will: a) double the pipeline execution time b) not fully solve the problem as you may have multiple PRs running in parallel, or even custom roles in the test account that may not of been cleanup up properly by an old test

chrisw-ibm commented 1 month ago

There appears to be two conflicts occurring.

The naming of the custom IAM roles
Creation of the billing report exports

1 is trivial to solve and can be done with updating the naming. 2 is not so easy. An account can only have billing reports exported to a single bucket. So if one test is enabling billing exports then the other test will have a conflict.

Custom role conflicts

Error: UpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │ Error: [ERROR] Error creating Custom Roles: This role name has already been used, please update the existing one or change the role name.
...
TestRunUpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │   with module.cloudability_bucket_access.ibm_iam_custom_role.cos_custom_role,
TestRunUpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │   on modules/cloudability-bucket-access/main.tf line 18, in resource "ibm_iam_custom_role" "cos_custom_role":
TestRunUpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │   18: resource "ibm_iam_custom_role" "cos_custom_role" {
TestRunUpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │ 
TestRunUpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │ ---
TestRunUpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │ id: terraform-a8d57e63
TestRunUpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │ summary: |
TestRunUpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │   [ERROR] Error creating Custom Roles: This role name has already been used, please update the existing one or change the role name.
...
Error: UpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │ Error: [ERROR] Error creating Custom Roles: This role name has already been used, please update the existing one or change the role name.
...
TestRunUpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │   with module.cloudability_enterprise_access[0].ibm_iam_custom_role.list_enterprise_custom_role,
TestRunUpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │   on modules/cloudability-enterprise-access/main.tf line 5, in resource "ibm_iam_custom_role" "list_enterprise_custom_role":
TestRunUpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │    5: resource "ibm_iam_custom_role" "list_enterprise_custom_role" {
...
Error: UpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │ Error: [ERROR] Error creating servicePolicy: The policy wasn't created because an access policy with identical attributes already exists. Please update the roles in the existing policy (6cf47412-b4a0-41a0-bb16-a92575934d5e), or update the one you're trying to assign to include a different attribute assignment. {
...
TestRunUpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │   with module.cloudability_enterprise_access[0].ibm_iam_service_policy.billing_policy,
TestRunUpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │   on modules/cloudability-enterprise-access/main.tf line 27, in resource "ibm_iam_service_policy" "billing_policy":
TestRunUpgradeSolution 2024-09-19T20:54:26Z logger.go:66: │   27: resource "ibm_iam_service_policy" "billing_policy" {
...
TestRunUpgradeSolution 2024-09-19T20:54:26Z retry.go:99: Returning due to fatal error: FatalError{Underlying: error while running command: exit status 1; ╷
Error: [0m Error: [ERROR] Error creating Custom Roles: This role name has already been used, please update the existing one or change the role name.
...
│   with module.cloudability_bucket_access.ibm_iam_custom_role.cos_custom_role,
│   on modules/cloudability-bucket-access/main.tf line 18, in resource "ibm_iam_custom_role" "cos_custom_role":
│   18: resource "ibm_iam_custom_role" "cos_custom_role" {
│ 
│ ---
│ id: terraform-a8d57e63
│ summary: |
│   [ERROR] Error creating Custom Roles: This role name has already been used, please update the existing one or change the role name.
...
│ severity: error
│ resource: ibm_iam_custom_role
│ operation: create
│ component:
│   name: github.com/IBM-Cloud/terraform-provider-ibm
│   version: 1.69.2
│ ---
│ 
╵
╷
Error: [0m Error: [ERROR] Error creating Custom Roles: This role name has already been used, please update the existing one or change the role name.
...
│ 
│   with module.cloudability_enterprise_access[0].ibm_iam_custom_role.list_enterprise_custom_role,
│   on modules/cloudability-enterprise-access/main.tf line 5, in resource "ibm_iam_custom_role" "list_enterprise_custom_role":
│    5: resource "ibm_iam_custom_role" "list_enterprise_custom_role" {
│ 
│ ---
│ id: terraform-a8d57e63
│ summary: |
│   [ERROR] Error creating Custom Roles: This role name has already been used, please update the existing one or change the role name.
...
│ severity: error
│ resource: ibm_iam_custom_role
│ operation: create
│ component:
│   name: github.com/IBM-Cloud/terraform-provider-ibm
│   version: 1.69.2
│ ---
│

Creation of the billing report exports

TestRunDefaultSolution 2024-09-19T20:54:27Z logger.go:66: │ Error: ---
TestRunDefaultSolution 2024-09-19T20:54:27Z logger.go:66: │ id: terraform-3a35498d
TestRunDefaultSolution 2024-09-19T20:54:27Z logger.go:66: │ summary: 'CreateReportsSnapshotConfigWithContext failed: Conflict configuration document'
TestRunDefaultSolution 2024-09-19T20:54:27Z logger.go:66: │ severity: error
TestRunDefaultSolution 2024-09-19T20:54:27Z logger.go:66: │ resource: ibm_billing_report_snapshot
TestRunDefaultSolution 2024-09-19T20:54:27Z logger.go:66: │ operation: create
TestRunDefaultSolution 2024-09-19T20:54:27Z logger.go:66: │ component:
TestRunDefaultSolution 2024-09-19T20:54:27Z logger.go:66: │   name: github.com/IBM-Cloud/terraform-provider-ibm
TestRunDefaultSolution 2024-09-19T20:54:27Z logger.go:66: │   version: 1.69.2
TestRunDefaultSolution 2024-09-19T20:54:27Z logger.go:66: │ ---
TestRunDefaultSolution 2024-09-19T20:54:27Z logger.go:66: │ 
TestRunDefaultSolution 2024-09-19T20:54:27Z logger.go:66: │ 
TestRunDefaultSolution 2024-09-19T20:54:27Z logger.go:66: │   with module.billing_exports[0].ibm_billing_report_snapshot.billing_report_snapshot_instance,
TestRunDefaultSolution 2024-09-19T20:54:27Z logger.go:66: │   on modules/billing-exports/main.tf line 78, in resource "ibm_billing_report_snapshot" "billing_report_snapshot_instance":
TestRunDefaultSolution 2024-09-19T20:54:27Z logger.go:66: │   78: resource "ibm_billing_report_snapshot" "billing_report_snapshot_instance" {
TestRunDefaultSolution 2024-09-19T20:54:27Z logger.go:66: │ 
TestRunDefaultSolution 2024-09-19T20:54:27Z logger.go:66: ╵
TestRunDefaultSolution 2024-09-19T20:54:27Z retry.go:99: Returning due to fatal error: FatalError{Underlying: error while running command: exit status 1; ╷
│ Error: ---
│ id: terraform-3a35498d
│ summary: 'CreateReportsSnapshotConfigWithContext failed: Conflict configuration document'
│ severity: error
│ resource: ibm_billing_report_snapshot
│ operation: create
│ component:
│   name: github.com/IBM-Cloud/terraform-provider-ibm
│   version: 1.69.2
│ ---
│ 
│ 
│   with module.billing_exports[0].ibm_billing_report_snapshot.billing_report_snapshot_instance,
│   on modules/billing-exports/main.tf line 78, in resource "ibm_billing_report_snapshot" "billing_report_snapshot_instance":
│   78: resource "ibm_billing_report_snapshot" "billing_report_snapshot_instance" {
│ 
╵}
=== NAME  TestRunDefaultSolution
    tests.go:879: 
            Error Trace:    /go/pkg/mod/github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper@v1.38.2/testhelper/tests.go:879
                                        /go/pkg/mod/github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper@v1.38.2/testhelper/tests.go:804
                                        /__w/terraform-ibm-cloudability-onboarding/terraform-ibm-cloudability-onboarding/tests/pr_test.go:33
            Error:          Expected nil, but got: retry.FatalError{Underlying:(*shell.ErrWithCmdOutput)(0xc000a96408)}
            Test:           TestRunDefaultSolution
            Messages:       Failed%!(EXTRA retry.FatalError=FatalError{Underlying: error while running command: exit status 1; ╷
                            │ Error: ---
                            │ id: terraform-3a35498d
                            │ summary: 'CreateReportsSnapshotConfigWithContext failed: Conflict configuration document'
                            │ severity: error
                            │ resource: ibm_billing_report_snapshot
                            │ operation: create
                            │ component:
                            │   name: github.com/IBM-Cloud/terraform-provider-ibm
                            │   version: 1.69.2
                            │ ---
                            │ 
                            │ 
                            │   with module.billing_exports[0].ibm_billing_report_snapshot.billing_report_snapshot_instance,
                            │   on modules/billing-exports/main.tf line 78, in resource "ibm_billing_report_snapshot" "billing_report_snapshot_instance":
                            │   78: resource "ibm_billing_report_snapshot" "billing_report_snapshot_instance" {
                            │ 
                            ╵})

terraform-ibm-modules-ops commented 1 month ago

:tada: This issue has been resolved in version 1.0.1 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket:

terraform-ibm-modules / terraform-ibm-cloudability-onboarding

Name clash when creating custom roles #7

Custom role conflicts

Creation of the billing report exports