description field in nexus_role does not get updated in state about terraform-provider-nexus HOT 10 CLOSED

Hi @AliAllomani,

this should be fixed with release v1.9.0.

from terraform-provider-nexus.

Hi @AliAllomani,

this should be fixed with release v1.9.0.

Hi @Nosmoht ,
Have just tested out.
It's not fixed.

I still get number of roles being touched all the time.
What I see is that it sees description and name fields as equal to id one. Even though they are not.
Roles assignment is re-do each time as well. Like role has sub-roles. And those roles are evaluated as to be added each time.
I have an assumption that it's due to ID filed having the value in UPPERCASE:

# nexus_role.UPPER_USERS will be updated in-place
  ~ resource "nexus_role" "UPPER_USERS" {
      ~ description = "UPPER_USERS" -> "LDAP role for UPPER_USERS" # but the field already has its final value. It's not equal to ID one.
        id          = "UPPER_USERS" # defined in upper case string.
      ~ name        = "UPPER_USERS" -> "ldap-some_value_users" # but the field already has its final value. It's not equal to ID one.
        privileges  = []
        roleid      = "UPPER_USERS"
      ~ roles       = [
          + "docker-group-read",
          + "docker-internal-some-read",
          + "internal-some-read",
          + "maven-group-some-read",
...
        ]
    }

Regards,
Taras.

from terraform-provider-nexus.

Hi @fog1985 ,

could you please provide a full Terraform file which we can use to reproduce this? With the current test i'm not able to reproduce it.

from terraform-provider-nexus.

Hi @fog1985 ,

could you please provide a full Terraform file which we can use to reproduce this? With the current test i'm not able to reproduce it.

Hi @Nosmoht ,
I can't easily copy-paste whole tf file due to data sensitivity, but one of those roles which are re-created declaration is as follow:

resource "nexus_role" "SOME_USERS" {
  roleid      = "SOME_USERS"
  name        = "ldap-some_users"
  description = "LDAP role for SOME_USERS"
  privileges  = []
  roles       = ["npm-group-read", "docker-group-read", "maven-group-some-read", "internal-some-read", "pypi-group-read", "docker-internal-some-read"]
}

And those roles this role is referencing are defined in the same manner but they have privileges defined. Not the roles. So only this one main is referencing sub-roles.
Please let me know if still will not be reproducible from your side. Will try to get more details.

Regards,
Taras.

from terraform-provider-nexus.

Hi @fog1985,

i'm testing with the following code, which hopefully reflects your real code, but i'm not able to reproduce the behaviour.

provider "nexus" {
  url      = "http://127.0.0.1:8081"
  username = "admin"
  password = "admin123"
}

resource "nexus_role" "npm_group_read" {
  name       = "npm-group-read"
  privileges = ["nx-repository-view-npm-*-read"]
  roleid     = "npm-group-read"
}

resource "nexus_role" "docker_group_read" {
  name       = "docker-group-read"
  privileges = ["nx-repository-view-docker-*-read"]
  roleid     = "docker-group-read"
}

resource "nexus_role" "maven_group_read" {
  name       = "maven-group-read"
  privileges = ["nx-repository-view-maven2-*-read"]
  roleid     = "maven-group-read"
}

resource "nexus_role" "some_users" {
  name = "some-users"
  roles = [
    nexus_role.npm_group_read.name,
    nexus_role.docker_group_read.name,
    nexus_role.maven_group_read.name,
  ]
  roleid = "some-users"
}

If this does not reflect your code, could you please modify it so i've something which brings up the change ?

from terraform-provider-nexus.

Hi @fog1985,

i'm testing with the following code, which hopefully reflects your real code, but i'm not able to reproduce the behaviour.

provider "nexus" {
  url      = "http://127.0.0.1:8081"
  username = "admin"
  password = "admin123"
}

resource "nexus_role" "npm_group_read" {
  name       = "npm-group-read"
  privileges = ["nx-repository-view-npm-*-read"]
  roleid     = "npm-group-read"
}

resource "nexus_role" "docker_group_read" {
  name       = "docker-group-read"
  privileges = ["nx-repository-view-docker-*-read"]
  roleid     = "docker-group-read"
}

resource "nexus_role" "maven_group_read" {
  name       = "maven-group-read"
  privileges = ["nx-repository-view-maven2-*-read"]
  roleid     = "maven-group-read"
}

resource "nexus_role" "some_users" {
  name = "some-users"
  roles = [
    nexus_role.npm_group_read.name,
    nexus_role.docker_group_read.name,
    nexus_role.maven_group_read.name,
  ]
  roleid = "some-users"
}

If this does not reflect your code, could you please modify it so i've something which brings up the change ?

Hi @Nosmoht , please try to change this block:

resource "nexus_role" "some_users" {
  name = "some-users"
  roles = [
    nexus_role.npm_group_read.name,
    nexus_role.docker_group_read.name,
    nexus_role.maven_group_read.name,
  ]
  roleid = "some-users"
}

To this one:

resource "nexus_role" "SOME_USERS" {
  roleid = "SOME_USERS"
  name = "some-users"
  description = "SOME_USERS role"
  privileges = []

  roles = [
    nexus_role.npm_group_read.name,
    nexus_role.docker_group_read.name,
    nexus_role.maven_group_read.name,
  ]
}

from terraform-provider-nexus.

Hi @fog1985 ,

i did, but the result is as expected:

No changes. Infrastructure is up-to-date.

But i realized that nexus_role.<role>.name is wrong and must be nexus_role.<role>.roleid instead in a role's roles. Unfortunately Nexus API docu only says The list of roles assigned to this role. to attribute roles. So the right code would be:

provider "nexus" {
  url      = "http://127.0.0.1:8081"
  username = "admin"
  password = "admin123"
}

resource "nexus_role" "npm_group_read" {
  name       = "npm-group-read-name"
  privileges = ["nx-repository-view-npm-*-read"]
  roleid     = "npm-group-read-id"
}

resource "nexus_role" "docker_group_read" {
  name       = "docker-group-read-name"
  privileges = ["nx-repository-view-docker-*-read"]
  roleid     = "docker-group-read-id"
}

resource "nexus_role" "maven_group_read" {
  name       = "maven-group-read-name"
  privileges = ["nx-repository-view-maven2-*-read"]
  roleid     = "maven-group-read-id"
}

resource "nexus_role" "role" {
  name        = "role-name"
  roleid      = "role-id"
  description = "role-description"
}

resource "nexus_role" "SOME_USERS" {
  roleid = "SOME_USERS"
  name = "some-users"
  description = "SOME_USERS role"
  privileges = []

  roles = [
    nexus_role.npm_group_read.roleid,
    nexus_role.docker_group_read.roleid,
    nexus_role.maven_group_read.roleid,
  ]
}

from terraform-provider-nexus.

Hi @fog1985 ,

i did, but the result is as expected:

No changes. Infrastructure is up-to-date.

But i realized that nexus_role.<role>.name is wrong and must be nexus_role.<role>.roleid instead in a role's roles. Unfortunately Nexus API docu only says The list of roles assigned to this role. to attribute roles. So the right code would be:

provider "nexus" {
  url      = "http://127.0.0.1:8081"
  username = "admin"
  password = "admin123"
}

resource "nexus_role" "npm_group_read" {
  name       = "npm-group-read-name"
  privileges = ["nx-repository-view-npm-*-read"]
  roleid     = "npm-group-read-id"
}

resource "nexus_role" "docker_group_read" {
  name       = "docker-group-read-name"
  privileges = ["nx-repository-view-docker-*-read"]
  roleid     = "docker-group-read-id"
}

resource "nexus_role" "maven_group_read" {
  name       = "maven-group-read-name"
  privileges = ["nx-repository-view-maven2-*-read"]
  roleid     = "maven-group-read-id"
}

resource "nexus_role" "role" {
  name        = "role-name"
  roleid      = "role-id"
  description = "role-description"
}

resource "nexus_role" "SOME_USERS" {
  roleid = "SOME_USERS"
  name = "some-users"
  description = "SOME_USERS role"
  privileges = []

  roles = [
    nexus_role.npm_group_read.roleid,
    nexus_role.docker_group_read.roleid,
    nexus_role.maven_group_read.roleid,
  ]
}

Ah. And one more I provide roles as a list of Ids as follow:

  roles = [
    "npm-group-read-id",
    "docker-group-read-id",
    "maven-group-read-id",
  ]

So not referring role's names based on their resources. But based on their IDs just as strings.
In TF's declaration roleid equals to name.

from terraform-provider-nexus.

And you still get changes all the time?

from terraform-provider-nexus.

I close this stale issue. Please reopen if this error still exists

from terraform-provider-nexus.