-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failure to update splunk_saved_search #2
Comments
@igaskin - I don't see the same issue when using the example.tf in the repo as an admin user. Does the user have proper permissions to make the schedule_priority change in your case? |
I can work to get an example of a |
Thanks @igaskin . Hmm, a |
I also have this issue. I made a basic saved search:
The added some alert actions and saw the problem
I am doing this from an admin role. |
Requiring admin privileges for an update while they are not needed on create and when working with the web interface is a bug for me. That's why I've implemented a workaround in which only the modified fields of a saved search are sent to the API by the Splunk Terraform provider. It's only a workaround and I'm not promoting it as a PR because a proper solution would require a serious rewrite of the saved searches code in the provider. In order to use it one has to build it and configure terraform to use a local provider. |
We are facing the same error and the workaround we are using is to group alerts into a module and recreate (destroy & apply) if there are bigger changes. |
I am also facing the same issue !! |
ok, so here is whats happening: in order to set or update the schedule_priority field you need to have the have the edit_search_schedule_priority capability in Splunk. If you dont have this, your requests to the api are not allowed to even have this field. If you dont set it in terraform, it will be left empty therefor Splunk is setting it to "default" on its own. Terraform will read this default value and write it back into the state. If there is now any update on the search, the update requests will contain schedule_priority="default". This request will fail now because you dont have the edit_search_schedule_priority capability. I think simply not saving this parameter into the state should fix it. I'll create a PR for that. |
Hello everyone. When I create a report with terraform, a chart also appears at the top of the report. Does anyone know which option applies to this and how to turn it off? |
A resource should be entirely managed by Terraform or entirely unmanaged by Terraform. If the managed resource needs If the issue described here is truly due to permissions/capabilities, the solution is also with permissions/capabilities, and not changes to the provider to ignore certain settings if/when the Terraform account doesn't have sufficient permissions to perform the operation. |
I think the issue seems to be with the incorrect saved search URL endpoint for a user acl. if you see here we are passing the values
REST API endpoint that worked for me was:
Now |
Is there a version that fixes this issue? |
My team is experiencing this issue as well. The first TF apply works fine without issue. Any consecutive TF apply fails with:
None of the changes we saw in the TF files were anything more than minor value changes (e.g. modifying the cron schedule), so they shouldn't have caused any error. We narrowed it down to something in changes made in v1.4.20. For the time being, we've asked people experiencing this issue to use v1.4.19, which works as expected. |
The difference between 1.4.19 and 1.4.20 is that it now bubbles up the 400 error to Terraform. Previously Terraform was acting like the update was applied when it actually wasn't. In the For us, the fix was to add the I added a comment in #127 which seems to be a duplicate of this issue. For reference, the full list of capabilities in our role is listed in this comment on #127. Hopefully this is helpful for others running into this issue. |
Hi, I am also facing a similar issue. I have created 2 users one is
it ignores the That resolved the issue for me but i cannot use I just wanted to post this here so if anyone runs into similar issue it could be helpful. |
Steps to reproduce:
splunk_saved_searches
resourceExpected Result:
splunk_saved_searches
resource should correctly update the saved searcherror output
The text was updated successfully, but these errors were encountered: