Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

project_user not properly created in combination with ignore_missing_user #175

Closed
4 tasks done
Danielku15 opened this issue Nov 18, 2024 · 0 comments · Fixed by #177
Closed
4 tasks done

project_user not properly created in combination with ignore_missing_user #175

Danielku15 opened this issue Nov 18, 2024 · 0 comments · Fixed by #177
Assignees
@alexhung
Labels
bug Something isn't working

Comments

@Danielku15
Copy link
Contributor

Describe the bug
When you set ignore_missing_user to true the project_user resources will not be properly created once the user is actually in the system.

When I implemented the ignore_missing_user I missed an important detail. The project_user will be added to the TF state and it does not detect any change due to that thinking the user is there. The TF provider needs additional mechanisms to detect whether a user is missing and attempt re-creation on the next apply.

resource "project" "myproject" {
    key = "myproject"
    display_name = "myproject"
    description = "test description"
    admin_privileges {
        manage_members = true
        manage_resources = true
        index_resources = true
    }
    max_storage_in_gibibytes = 1
    block_deployments_on_limit = true
    email_notification = false

    use_project_user_resource = true
}

resource "project_user" "myuser" {
    project_key = project.myproject.key
    name = "myuser"
    roles = ["Developer"]
    ignore_missing_user = true
}

Requirements for and issue

  • A fully functioning terraform snippet that can be copy&pasted (no outside files or ENV vars unless that's part of the issue)
  • Your version of artifactory (you can curl it at $host/artifactory/api/system/version 7.100.2
  • Your version of terraform: 1.5.6
  • Your version of terraform provider 1.9.0

Expected behavior

  1. You apply this TF code and you get a warning about the missing user but the user is added to the state.
  2. Manually create the user in artifactory (e.g. in a SSO scenario the user would login the first time becoming available as user)
  3. Apply this TF code again and you will notice on the plan and apply that it will not do anything thinking nothing changed, nothing to be done.

Additional context
In the TF State / Plan there is no information about whether a user is considered missing or not. Unfortunately the TF API doesn't allow checking if a user exists unless you're an admin with global user administration rights. Hence the best choice is attempting to create the project_user and check the response but there is no real way to differenciate between "user not existing" and "user not assigned to project", the responses are the same.

I am thinking of a solution that we do not add the project_user to the state in this case so that the next run will re-try the create. But we do not fail in this case, just skip the state add/update.

My goal is to contribute a fix, but due to license and test environment limitations I might need assistence getting the integration tests green after manual testing.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexhung alexhung

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
2 participants
@alexhung @Danielku15