Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not sort okta_users datasource results #1155

Closed
cbrgm opened this issue Jun 7, 2022 · 5 comments
Closed

Do not sort okta_users datasource results #1155

cbrgm opened this issue Jun 7, 2022 · 5 comments
Assignees
@monde
Labels
bug

Comments

@cbrgm
Copy link
Contributor

cbrgm commented Jun 7, 2022
edited
Loading

Due to a new sorting query parameter in the users datasource, some strange sorting of user ids happen when terraform tries to apply changes to our state. This behavior does not appear in v3.25.1 but was introduces in v3.26.0.

In my setup, I'm using the okta_users datasource to receive a list of users, create a map structure from the received results in the form user.email -> user object to assign users to applications, groups and so on.

data "okta_users" "example" {
  search {
    expression = "status eq \"ACTIVE\" or status eq \"PASSWORD_EXPIRED\""
  }
}

locals {
  users = merge([
    for user in data.okta_users.example.users : {
      "${user.login}" : {
        "id" = "${user.id}"
      }
    }
  ]...)
}

So using this map, users can we assigned via the email address as key to applications

resource "okta_group_memberships" "some-membership" {
  group_id = okta_group.some-group.id
  users = [
    local.users["foo@bar.com"].id,
    local.users["bar@foo"].id,
    ...

This worked fine for months since I started using the provider, however after v3.26.0, when I run terraform plan, all user id's will be removed and added again, something like:

Terraform will perform the following actions:
  # okta_group_memberships.some-group-memberships will be updated in-place
  ~ resource "okta_group_memberships" "some-group-memberships" {
        id       = "00g125..."
      ~ users    = [
          - "00ua2f1...",
          - "00ug06...",
          - "00ugvg...",
          - "00uh3teb...",
          ...
          + "00ua2f1...",
          + "00ug06...",
          + "00ugvg...",
          + "00uh3teb...",
            # (414 unchanged elements hidden)
        ]
        # (1 unchanged attribute hidden)
    }

In the end, it's not a big deal since every user removed, will be added again, but it completely destroys the use case of terraform plan as you cannot really spot important changes anymore.

I guess it's a problem related to order not beeing an attribute of map structures, but of lists and since sorting was introduced to the okta_users datasource in v3.26.0 it's becoming a problem now. I'm not sure whether this is a bug, but it's definetly a breaking change. I'd appreciate any suggestions how to deal with this behavior, thanks in advance.

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

v3.26.0+

Affected Resource(s)

  • okta_users datasource

Expected Behavior

terraform apply should display only new changes only and not re-apply every datasource element due to datasource result sorting.

Actual Behavior

See description.

Steps to Reproduce

Create a map structure from okta_users datasource results. Apply objects to any okta_*_resource

  1. terraform plan
@monde monde self-assigned this Jun 7, 2022
@monde monde added the bug label Jun 7, 2022
@monde
Copy link
Collaborator

monde commented Jun 7, 2022

Thanks @cbrgm I'll be getting okta_group_memberships sorted out in #1149

@cbrgm
Copy link
Contributor Author

cbrgm commented Jun 7, 2022

Ah, sorry @monde ! Didn't notice there are already a couple of issues addressing this behaviour. Shall I close this one here?

@monde
Copy link
Collaborator

monde commented Jun 7, 2022

Ah, sorry @monde ! Didn't notice there are already a couple of issues addressing this behaviour. Shall I close this one here?

Let's keep this one open as well.

@monde
Copy link
Collaborator

monde commented Jun 10, 2022

@cbrgm let me know if https://github.com/okta/terraform-provider-okta/releases/tag/v3.29.0 fixes this for you. okta_group_memberships reverted back to it's original behavior. If you want it to track all users set the property track_all_users=true. Also took extra care to not deviate from the ordering of users ids as they were originally assigned in the update.
https://registry.terraform.io/providers/okta/okta/latest/docs/resources/group_memberships

@cbrgm
Copy link
Contributor Author

cbrgm commented Jun 13, 2022

Hey @monde,

that looks great! I can confirm that v3.29.0 fixes the problem and restores the old behavior of v.3.25.0. Thanks for your work and feedback!

@cbrgm cbrgm closed this as completed Jun 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@monde monde

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@monde @cbrgm