Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Non specific namespace management access #116

Open
DmytroRomantsovM opened this issue Aug 14, 2024 · 0 comments
Open

[Bug] Non specific namespace management access #116

DmytroRomantsovM opened this issue Aug 14, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@DmytroRomantsovM
Copy link

What are you really trying to do?

Import Admin user without specific namespace configuration into terraform state. The goal is to avoid specifying all namespaces in this case. It works auto of box in UI. Another reason to do it is, whenever I specify all namespaces in the user resource terraform plan shows the changes, which mean the on the Temporal Cloud side namespaces aren't mandatory and even lead to unpredictable changes in access.

Describe the bug

Terraform plan:

 # temporalcloud_user.user["[email protected]"] will be updated in-place
  ~ resource "temporalcloud_user" "user" {
        id                 = "56426e17f4a343b889ec2df65883abc4"
      + namespace_accesses = [
        ]
        # (3 unchanged attributes hidden)
    }

Error during terraform apply:

temporalcloud_user.user: Destroying... [id=c298f2d6da4b4e119e61401044390423]
temporalcloud_user.user["[email protected]"]: Modifying... [id=56426e17f4a343b889ec2df65883abc4]
temporalcloud_user.user: Destruction complete after 2s
╷
│ Error: Failed to update user
│ 
│   with temporalcloud_user.user["[email protected]"],
│   on main.tf line 19, in resource "temporalcloud_user" "user":
│   19: resource "temporalcloud_user" "user" {
│ 
│ rpc error: code = InvalidArgument desc = nothing to change
╵

Minimal Reproduction

  1. Create terraform deployment with admin Temporal Cloud User without namespaces.
  2. Apply the changes.

Environment/Versions

OS and processor: M2 Pro Mac
Temporal Version: Terraform provider: registry.terraform.io/temporalio/temporalcloud: 0.0.11
@DmytroRomantsovM DmytroRomantsovM added the bug Something isn't working label Aug 14, 2024
swgillespie added a commit that referenced this issue Sep 24, 2024
@swgillespie
feature: temporalcloud_user_namespace_access
678da87 
This PR addresses #119, #116, and #115 by decoupling the definition of user accesses from the user itself, via a new resource: `temporalcloud_user_namespace_access`. This resource is intended to provide a many-to-many mapping between namespaces and users. Under the hood, this resource is manipulating a single User object via the API (as the underlying data model stashes all namespaces accesses on the user object), while also preserving the invariant that adding or removing a single user from a single namespace won't obliterate the list of permissions that a user has.

I do intend to write some more tests but I wanted to get this out quickly for review for some fast feedback before I write a bunch of tests that exercise things that might change in review.
@swgillespie swgillespie mentioned this issue Sep 24, 2024
Draft
@swgillespie swgillespie mentioned this issue Oct 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@DmytroRomantsovM