You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Import Admin user without specific namespace configuration into terraform state. The goal is to avoid specifying all namespaces in this case. It works auto of box in UI. Another reason to do it is, whenever I specify all namespaces in the user resource terraform plan shows the changes, which mean the on the Temporal Cloud side namespaces aren't mandatory and even lead to unpredictable changes in access.
Describe the bug
Terraform plan:
# temporalcloud_user.user["[email protected]"] will be updated in-place
~ resource "temporalcloud_user" "user" {
id = "56426e17f4a343b889ec2df65883abc4"
+ namespace_accesses = [
]
# (3 unchanged attributes hidden)
}
Error during terraform apply:
temporalcloud_user.user: Destroying... [id=c298f2d6da4b4e119e61401044390423]
temporalcloud_user.user["[email protected]"]: Modifying... [id=56426e17f4a343b889ec2df65883abc4]
temporalcloud_user.user: Destruction complete after 2s
╷
│ Error: Failed to update user
│
│ with temporalcloud_user.user["[email protected]"],
│ on main.tf line 19, in resource "temporalcloud_user" "user":
│ 19: resource "temporalcloud_user" "user" {
│
│ rpc error: code = InvalidArgument desc = nothing to change
╵
Minimal Reproduction
Create terraform deployment with admin Temporal Cloud User without namespaces.
Apply the changes.
Environment/Versions
OS and processor: M2 Pro Mac
Temporal Version: Terraform provider: registry.terraform.io/temporalio/temporalcloud: 0.0.11
The text was updated successfully, but these errors were encountered:
This PR addresses #119, #116, and #115 by decoupling the definition of user accesses from the user itself, via a new resource: `temporalcloud_user_namespace_access`. This resource is intended to provide a many-to-many mapping between namespaces and users. Under the hood, this resource is manipulating a single User object via the API (as the underlying data model stashes all namespaces accesses on the user object), while also preserving the invariant that adding or removing a single user from a single namespace won't obliterate the list of permissions that a user has.
I do intend to write some more tests but I wanted to get this out quickly for review for some fast feedback before I write a bunch of tests that exercise things that might change in review.
What are you really trying to do?
Import Admin user without specific namespace configuration into terraform state. The goal is to avoid specifying all namespaces in this case. It works auto of box in UI. Another reason to do it is, whenever I specify all namespaces in the user resource
terraform plan
shows the changes, which mean the on the Temporal Cloud side namespaces aren't mandatory and even lead to unpredictable changes in access.Describe the bug
Terraform plan:
Error during
terraform apply
:Minimal Reproduction
Environment/Versions
OS and processor: M2 Pro Mac
Temporal Version: Terraform provider: registry.terraform.io/temporalio/temporalcloud: 0.0.11
The text was updated successfully, but these errors were encountered: