Hi there,

Please provide the following details with your issue report.

Terraform Version

Run terraform -v to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.

Affected Resource(s)

Please list the resources as a list, for example:

• astra_database
• astra_keyspace

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

Debug Output

Please provider a link to a GitHub Gist containing the complete debug output: https://www.terraform.io/docs/internals/debugging.html. Please do NOT paste the debug output in the issue; just paste a link to the Gist.

While creating a DB in Datastax Astra(Azure) using Terraform an error is dsiplayed. Error: cloud provider and region combination not available:

Note: I'm using the Astra from Microsoft azure subscription as SaaS.
I created from the DataStax Astra DB for Apache Cassandra - Astra Service Plan - Monthly (The Logo in Orange colour)

Expected Behavior

What should have happened?
An DB instance should be created in the Astra portal.

Actual Behavior

What actually happened?
An error is returned for terraform apply command saying "cloud provider and region combination not available:"

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply

Console Output:
Error: cloud provider and region combination not available: AZURE/westus2

References

Related issue:

• #19

Terraform version: 0.14.10
Astra provider version: 0.0.4-pre

┆Issue is synchronized with this Jira Task by Unito
┆Resolution: Done

Hi there,

Please provide the following details with your issue report.

Affected Resource(s)

Please list the resources as a list, for example:

• astra_access_list

Expected Behavior

I do not believe that access_list needs a keyspace and if it does, I'm not sure which one it would be.

Actual Behavior

The import syntax might be wrong or is just unclear.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

Import is supported using the following syntax:

# the import id includes the database_id and the keyspace name.
terraform import astra_access_list.example 48bfc13b-c1a5-48db-b70f-b6ef9709872b/keyspace/example

https://registry.terraform.io/providers/datastax/astra/latest/docs/resources/access_list#import

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-70
┆priority: Major

Hi there,

Please provide the following details with your issue report.

Terraform Version

Latest
Plugin 1.0.13

Affected Resource(s)

Please list the resources as a list, for example:

• astra_database

Actual Behavior

During a terraform plan of an environment that previously had a database created, we now encounter the following error:

12:19:26  ╷
12:19:26  │ Error: error fetching database: {"errors":[{"ID":340012,"message":"invalid token format"}]}
12:19:26  │ 
12:19:26  │ 
12:19:26  ╵
12:19:26  ╷
12:19:26  │ Error: unexpected response fetching database (*****REDACTED*****): {"errors":[{"ID":340012,"message":"invalid token format"}]}
12:19:26  │ 
12:19:26  │   with module.astra.astra_database.database,
12:19:26  │   on .terraform/modules/astra/terraform/main.tf line 5, in resource "astra_database" "database":
12:19:26  │    5: resource "astra_database" "database" {
12:19:26  │ 
12:19:26  ╵

Any idea what might be going wrong? I will try debug logging asap.

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-47
┆priority: Major

The terraform documentation currently notes that

Currently GCP databases are not supported for private link.

This is no longer true and should be updated to reflect the current availability of private link.

┆Issue is synchronized with this Jira Task by Unito

Please add support to enumerate current users in an organization using something like astra_users, which would also have the side effect of alloing the detection of the organization ID without having to rely on an existing database resource. Similar info (organization_id could be obtained from astra_roles (#143) but there is no guarantee that there is a role created while there is a guarantee that a user exists (I assume ?).

Important Factoids

Currently there is support to list all users in the organization in the DevOps API

References

https://docs.datastax.com/en/astra/docs/_attachments/devopsv2.html#tag/Users/operation/getOrganizationUsers

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-69
┆priority: Major

Terraform Version

Terraform core: 1.0.11
Astra provider: 1.0.12

Affected Resource(s)

Please list the resources as a list, for example:

• astra_access_list

Terraform Configuration Files

module "astra" {
  ...
  private_link_access_cidr = [
    "10.0.0.1/32",
    "10.0.0.2/32",
    "10.0.0.3/32",
  ]
}

# actual module
variable "private_link_access_cidr" {
  type        = list(string)
  description = "List of CIDR's with access to the private link"
  default     = []
}

resource "astra_database" "database" {
  ...
}

resource "astra_access_list" "access_list" {
  database_id = astra_database.database.id

  addresses {
    dynamic "request" {
      for_each = var.private_link_access_cidr
      content {
        address = request.value
        enabled = true
      }
    }
  }
}

Expected Behavior

The database should have an access list with 3 records.

Actual Behavior

The terraform plan shows the resource as it is intended:

# module.astra.astra_access_list.access_list will be created
  + resource "astra_access_list" "access_list" {
      + database_id = (known after apply)
      + id          = (known after apply)

      + addresses {
          + request {
              + address = "10.0.0.1/32"
              + enabled = true
            }
          + request {
              + address = "10.0.0.2/32"
              + enabled = true
            }
          + request {
              + address = "10.0.0.3/32"
              + enabled = true
            }
        }
    }

Only the first address is created. See screenshot below.

The tfstate contains the 3 records:

    {
      "module": "module.astra",
      "mode": "managed",
      "type": "astra_access_list",
      "name": "access_list",
      "provider": "provider[\"registry.terraform.io/datastax/astra\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "addresses": [
              {
                "request": [
                  {
                    "address": "10.0.0.1/32",
                    "description": "",
                    "enabled": true
                  },
                  {
                    "address": "10.0.0.2/32",
                    "description": "",
                    "enabled": true
                  },
                  {
                    "address": "10.0.0.3/32",
                    "description": "",
                    "enabled": true
                  }
                ]
              }
            ],
            "database_id": "*****************",
            "id": "*******************"
          },
          "sensitive_attributes": [],
          "private": "bnVsbA==",
          "dependencies": [
            "module.astra.astra_database.database"
          ]
        }
      ]
    },

Steps to Reproduce

Just apply the code on a new database.

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-45
┆priority: Major

When connecting to the database using the document API, you need to provide an application token. Since application tokens can be managed using the DevOps API it should be possible to manage them as a Terraform resource as well.

The advantage is that they can be created automatically and passed to the application or a secrets store, which are also managed as Terraform resources.

┆Issue is synchronized with this Jira Task by Unito
┆Resolution: Done

Hi there,

Please provide the following details with your issue report.

### Terraform Version
Terraform v1.0.8
on linux_amd64

• provider registry.terraform.io/datastax/astra v1.0.10

Affected Resource(s)

Please list the resources as a list, for example:

• astra_keyspace

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

### Terraform Configuration Files

//Create the database and initial keyspace
resource "astra_database" "dev" {
  name           = testDB
  keyspace       = initial_keyspace
  cloud_provider = AWS
  region         = us-east-1
}

//Create required keyspaces

resource "astra_keyspace" "dev1" {
  name        = "digital_ks1"
  database_id = astra_database.dev.id
}

resource "astra_keyspace" "dev2" {
  name        = "digital_ks2"
  database_id = astra_database.dev.id
}

resource "astra_keyspace" "nprod" {
  name        = "digital_nprd_ks"
  database_id = astra_database.dev.id
}

resource "astra_keyspace" "dev5" {
  name        = "digital_ks3"
  database_id = astra_database.dev.id
}

resource "astra_keyspace" "dev4" {
  name        = "digital_ks4"
  database_id = astra_database.dev.id
}

Debug Output (Console Output)

Apply complete! Resources: 6 added, 0 changed, 0 destroyed.
�[0m
[Pipeline] End of Pipeline
Finished: SUCCESS

Panic Output

NA

Expected Behavior

As per the console output 6 resources (keyspaces) should be created as the Job succeeded without any exception or errors.

Actual Behavior

But in Astra UI only 3 keyspaces got created - initial_keyspace, digital_ks1 and digital_ks4

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply

Important Factoids

Jenkins is used to apply Terraform templates.

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

• Unexpected results when adding and removing keyspaces - #4

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-46
┆priority: Major

Terraform Version

Terraform v1.1.5
on linux_amd64

Affected Resource(s)

• astra_role

The official Terraform doc: https://registry.terraform.io/providers/datastax/astra/latest/docs/resources/role gives a succint example of two attributes

resources   = ["drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73"]
  policy    = ["db-all-keyspace-create"]

The documentation needs more details on:

• Describe the format of a DRN resource string. Give a couple of example of the possible variations of resource string
• What are the valid values for policy ?

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-54
┆priority: Major

Hi there,

When I create a custom role and a token for that role, I get an error message via Swagger then I try to connect:

{
  "description": "Role unauthorized for operation: Not authorized to access insurance.institution_by_id for SELECT (from source api: rest)",
  "code": 401
}

Terraform Version

jeffdavies@jdavies-rmbp16 ~ % terraform -v

Terraform v1.0.11
on darwin_amd64

Affected Resource(s)

I am creating an Astra DB named "insurance" with a keyspace named "insurance"

Terraform Configuration Files

This is my main.tf file. I do not believe the issue is in this file.

terraform {
  # This module is now only being tested with Terraform 0.13.x. However, to make upgrading easier, we are setting
  # 0.12.26 as the minimum version, as that version added support for required_providers with source URLs, making it
  # forwards compatible with 0.13.x code.
  required_version = ">= 1.0.0"
  required_providers {
    astra = {
      source = "datastax/astra"
      version = "1.0.10"
    }
  }
}

# website::tag::1:: The simplest possible Terraform module: it just outputs "Hello, World!"
output "database_id" {
  value = astra_database.insurance_db.id
  description = "Test Description"
}

output "token" {
  value = astra_token.api_token.token
  description = "Token information - DO NOT LOSE"
}

output "client_secret" {
  value = astra_token.api_token.secret
  description = "Token information - DO NOT LOSE"
}

output "client_id" {
  value = astra_token.api_token.client_id
  description = "Token information - DO NOT LOSE"
}

This is my resource.tf file which will show the problem when run:

# Create the database
resource "astra_database" "insurance_db" {
  name           = "insurance"
  keyspace       = "insurance"
  cloud_provider = "gcp"
  region         = "us-west1"
}

resource "astra_role" "insurance_admin" {
  role_name   = "ins_admin"
  description = "Database administrator for the Insurance database"
  effect      = "allow"
  # Select the resources for which we will create policies
  resources   = ["drn:astra:org:d909ab0b-84e7-40b4-acdc-47c6f92db299", 
    "drn:astra:org:d909ab0b-84e7-40b4-acdc-47c6f92db299:db:${astra_database.insurance_db.id}",
    "drn:astra:org:d909ab0b-84e7-40b4-acdc-47c6f92db299:db:${astra_database.insurance_db.id}:keyspace:insurance"]
  policy      = [
    # Keyspace
    "db-keyspace-alter", "db-keyspace-authorize", "db-keyspace-create", 
    "db-keyspace-describe", "db-keyspace-drop", "db-keyspace-grant", "db-keyspace-modify", 
    # API Access
    "db-cql", "db-graphql", "db-rest", 
    # Table Access
    "db-table-create", "db-table-drop", "db-table-describe", "db-table-alter", 
    "db-table-select", "db-table-grant", "db-table-modify", "db-table-authorize",
    # All remaining rights for Admin users
    "db-all-keyspace-create", "db-all-keyspace-describe", "db-manage-privateendpoint",
    "db-manage-region", "org-billing-read", "org-billing-write", "org-db-addpeering",
    "org-db-create", "org-db-expand", "org-db-managemigratorproxy", 
    "org-db-passwordreset", "org-db-suspend", "org-db-terminate","org-db-view", 
    "org-read", "org-user-read", "org-user-write"
    ]
}

# Generate a token for our custom role
resource "astra_token" "api_token" {
  roles = [astra_role.insurance_admin.role_id]
}

I do also have a provider.tf file but I do not believe this is a factor in the bug:

variable "token" {}

provider "astra" {
  // This can also be set via ASTRA_DB_TOKEN environment variable.
  token = var.token
}

My ASTRA_API_TOKEN is defined in an environment variable. I run my scripts with the following commands:

source setenv.sh
terraform init
terraform plan -var="token=$ASTRA_API_TOKEN" -out example
terraform apply example

Panic Output

No panic output is produced.

Expected Behavior

I should be able to use the generated ASTRA API TOKEN to run a simple SELECT statement via the REST API in Swagger.

Actual Behavior

I get a 401 error, as documented at the top of this issue

Steps to Reproduce

my setenv,sh file contains the export statement for my main ASTRA token that has organization admin rights.

source setenv.sh
terraform init
terraform plan -var="token=$ASTRA_API_TOKEN" -out example
terraform apply example

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-40
┆priority: Major

Add the ability to configure CDC and Streaming for AstraDB.

Implementation of this feature is dependent upon the capability being present in the DevOps API. If not currently exposed through the API, it will have to be added there first, and then added to the Go Client.

Hi There,

Please provide the following details with your issue report.

Terraform Version

Terraform v1.0.7
on linux_amd64

• provider registry.terraform.io/datastax/astra v1.0.9

Affected Resource(s)

Please list the resources as a list, for example:

• NA
• Resource doesn't exists.

If this issue appears to affect multiple resources, it may be an issue with Terraforms core, so please mention this.

Resource doesn't exists.

### Debug Output
NA

### Expected Behavior
Need functionality to deploy User. 

### Actual Behavior
Create_user resource doesn't exists.



┆Issue is synchronized with this [Jira Task](https://datastax-oss.atlassian.net/browse/TERRA-35) by [Unito](https://www.unito.io)

astra_databases data source fails for 2.1.0-rc8/rc7, worked with rc6

Terraform Version

1.2.3

Affected Resource(s)

• data.astra_databases

Terraform Configuration Files

data "astra_databases" "list" {
}

variable "astra_token" {}

provider "astra" {
  token = var.astra_token
}

terraform {
  required_providers {
    astra = {
      source  = "datastax/astra"
      version = "2.1.0-rc8"
    }
  }
}

Debug Output

$ terraform apply
data.astra_databases.list: Reading...
╷
│ Error: Invalid address to set: []string{"results", "0", "datacenters"}
│ 
│   with data.astra_databases.list,
│   on main.tf line 1, in data "astra_databases" "list":
│    1: data "astra_databases" "list" {
│ 
╵

Expected Behavior

data.astra_databases to be populated, like in 2.1.0-rc6:

$ terraform apply
data.astra_databases.list: Reading...
data.astra_databases.list: Read complete after 1s [id=terraform-20220622115233662400000001]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
$ terraform state show data.astra_databases.list
# data.astra_databases.list:
data "astra_databases" "list" {
    id      = "terraform-20220622115233662400000001"
    results = [
        {
            additional_keyspaces = []
            cloud_provider       = "GCP"
            cqlsh_url            = "https://1111111111111111111111111111111-us-east4.apps.astra.datastax.com/cqlsh"
            data_endpoint_url    = "https://1111111111111111111111111111111-us-east4.apps.astra.datastax.com/api/rest"
            grafana_url          = "https://1111111111111111111111111111111-us-east4.dashboard.astra.datastax.com/d/cloud/dse-cluster-condensed?refresh=30s&orgId=1&kiosk=tv"
            graphql_url          = "https://1111111111111111111111111111111-us-east4.apps.astra.datastax.com/api/graphql"
            id                   = "11111111111111111111111111111111"
            keyspace             = "keyspace"
            name                 = "bfc-poc-cassandra-01"
            node_count           = 3
            organization_id      = "22222222222222222222222222222222"
            owner_id             = "AAAAAAAAAAAAAAAAAAAAAAAAA"
            regions              = [
                "us-east4",
            ]
            replication_factor   = 1
            status               = "ACTIVE"
            total_storage        = 5
        },
    ]
}

Actual Behavior

data source fails

Steps to Reproduce

1. create main.tf
2. terraform init
3. terraform apply

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-66
┆priority: Major

Hi there,

Please provide the following details with your issue report.

Terraform Version

Terraform v1.2.3
on linux_amd64
+ provider registry.terraform.io/datastax/astra v2.1.3
+ provider registry.terraform.io/hashicorp/google v4.27.0

Affected Resource(s)

Importing astra_private_link_endpoint

• astra_private_link_endpoint

Terraform Configuration Files

Using the example from the documents: https://github.com/datastax/terraform-provider-astra/blob/main/examples/resources/astra_private_link_endpoint/resource.tf

Expected Behavior

Private link endpoint should have been correctly imported

Actual Behavior

received the following:

Error: privateLinks was nil.

### Steps to Reproduce
Please list the steps required to reproduce the issue, for example:


1. `terraform apply`

### Important Factoids
Are there anything atypical about your accounts that we should know? For example: Running in EC2 Classic? Custom version of OpenStack? Tight ACLs?

### References
Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:


* GH-1234



┆Issue is synchronized with this [Jira Task](https://datastax-oss.atlassian.net/browse/TERRA-73) by [Unito](https://www.unito.io)
┆friendlyId: TERRA-73
┆priority: Major

We should either hide the replication_factor or always show 3
definitely hide total_storage since there's no actual limit here
hide node_count as well for serverless

# astra_database.example:
resource "astra_database" "example" {
    additional_keyspaces = []
    cloud_provider       = "GCP"
    cqlsh_url            = "https://c9d76fff-3794-4639-8469-8dc1c36403cd-us-east1.apps.astra.datastax.com/cqlsh"
    data_endpoint_url    = "https://c9d76fff-3794-4639-8469-8dc1c36403cd-us-east1.apps.astra.datastax.com/api/rest"
    grafana_url          = "https://c9d76fff-3794-4639-8469-8dc1c36403cd-us-east1.dashboard.astra.datastax.com/d/cloud/dse-cluster-condensed?refresh=30s&orgId=1&kiosk=tv"
    graphql_url          = "https://c9d76fff-3794-4639-8469-8dc1c36403cd-us-east1.apps.astra.datastax.com/api/graphql"
    id                   = "c9d76fff-3794-4639-8469-8dc1c36403cd"
    keyspace             = "puppies"
    name                 = "puppies"
    node_count           = 3
    organization_id      = "f9f4b1e0-4c05-451e-9bba-d631295a7f73"
    owner_id             = "rnmbrhOFOmZyHPayKPPMSGKj"
    region               = "us-east1"
    replication_factor   = 1
    status               = "ACTIVE"
    total_storage        = 5
}```



┆Issue is synchronized with this [Jira Task](https://datastax-oss.atlassian.net/browse/TERRA-28) by [Unito](https://www.unito.io)
┆Resolution: Done

Hi there,

Please provide the following details with your issue report.

Terraform Version

1.1.4

Affected Resource(s)

• astra_role

Terraform Configuration Files

resource "astra_role" "rw-svc-account" {
  role_name   = "rw-svc-account"
  description = "R/W Service Account"
  effect      = "allow"
  resources   = ["${var.organization_id}"]
  policy      = ["accesslist-read", "db-all-keyspace-describe", "db-graphql", "db-cql", "db-keyspace-describe", "db-rest", "db-table-describe", "db-table-modify", "db-table-select"]
}

Debug Output

│ Error: json: cannot unmarshal string into Go value of type astra.Errors
│ 
│   with module.iam.astra_role.rw-svc-account,
│   on modules/iam/main.tf line 14, in resource "astra_role" "rw-svc-account":
│   14: resource "astra_role" "rw-svc-account" {
│ 

Expected Behavior

I should have received an error saying that the resources value is incorrect (missing drn:astra:org:).

Actual Behavior

I received a non descriptive error putting me on the wrong track because of astra.Errors.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-50
┆priority: Major

Hi,
I tried to use default roles with token generated by Terraform. As I see in terraform documentation, I may do that. ("Custom roles can be assigned to an Astra user is to grant them granular permissions when the default roles in the UI are not specific enough.").
https://registry.terraform.io/providers/datastax/astra/latest/docs/resources/role
But nothing happens when I applied it. In UI I see "N/A" role. I also tried to use custom role, which I define by using UI.

Terraform v0.15.4
on darwin_amd64

• provider registry.terraform.io/datastax/astra v1.0.9

Affected Resource(s)

• astra_token

Terraform Configuration Files

terraform {
  required_providers {
    astra = {
      source = "datastax/astra"
      version = ">= 1.0.7"
    }
  }
}

provider "astra" {}

resource "astra_token" "cassandra_admin" {
  roles = ["Administrator User"]
}

Expected Behavior

Default role such as "Administrator User", "Admin User", "Organization Administrator" should attach to token.

Actual Behavior

Role doesn’t attach to token, in UI I see "N/A"

Steps to Reproduce

1. Copy Terraform code
2. terraform apply
3. Go to UI and check role that attached to token

┆Issue is synchronized with this Jira Task by Unito

Hi there,

Please provide the following details with your issue report.

Terraform Version

Run terraform -v to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.

terraform -v
Terraform v1.0.11
on darwin_amd64
+ provider registry.terraform.io/datastax/astra v1.0.11
+ provider registry.terraform.io/hashicorp/azurerm v2.86.0
+ provider registry.terraform.io/mongey/confluentcloud v0.0.12
+ provider registry.terraform.io/mongey/kafka v0.3.3

Affected Resource(s)

Please list the resources as a list, for example:

• astra_role

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.
resource "astra_role" "ar" {
  role_name   = "the_name"
  description = "some desc"
  effect      = "allow"
  resources = flatten(concat(["drn:astra:org:${var.datastax_org_id}"], [
    for database in var.datastax_database_ids : concat([
      "drn:astra:org:${var.datastax_org_id}:db:${database}",
      "drn:astra:org:${var.datastax_org_id}:db:${database}:keyspace:system_schema:table:*",
      "drn:astra:org:${var.datastax_org_id}:db:${database}:keyspace:system:table:*",
      "drn:astra:org:${var.datastax_org_id}:db:${database}:keyspace:system_virtual_schema:table:*",
      "drn:astra:org:${var.datastax_org_id}:db:${database}:keyspace:default",
      "drn:astra:org:${var.datastax_org_id}:db:${database}:keyspace:default:table:*",
      ], [
      for keyspace in var.datastax_database_keyspaces : [
        "drn:astra:org:${var.datastax_org_id}:db:${database}:keyspace:${keyspace}",
        "drn:astra:org:${var.datastax_org_id}:db:${database}:keyspace:${keyspace}:table:*"
      ]
    ])
  ]))
  policy = local.default_astra_acls.readwrite
}

Debug Output

Please provider a link to a GitHub Gist containing the complete debug output: https://www.terraform.io/docs/internals/debugging.html. Please do NOT paste the debug output in the issue; just paste a link to the Gist.

module.stg-datastax-service-accounts.astra_role.ar must be replaced
-/+ resource "astra_role" "ar" {
      + description = "Some Desc" # forces replacement
      + effect      = "allow" # forces replacement
      ~ id          = "UUID_MASKED" -> (known after apply)
      + policy      = [
          + "accesslist-read",
          + "db-all-keyspace-describe",
          + "db-keyspace-describe",
          + "db-table-select",
          + "db-table-modify",
          + "db-table-describe",
          + "db-graphql",
          + "db-rest",
          + "db-cql",
        ] # forces replacement
      + resources   = [
          + "drn:astra:org:UUID_MASKED",
          + "drn:astra:org:UUID_MASKED:db:UUID_MASKED",
          + "drn:astra:org:UUID_MASKED:db:UUID_MASKED:keyspace:system_schema:table:*",
          + "drn:astra:org:UUID_MASKED:db:UUID_MASKED:keyspace:system:table:*",
          + "drn:astra:org:UUID_MASKED:db:UUID_MASKED:keyspace:system_virtual_schema:table:*",
          + "drn:astra:org:UUID_MASKED:db:UUID_MASKED:keyspace:default",
          + "drn:astra:org:UUID_MASKED:db:UUID_MASKED:keyspace:default:table:*",
          + "drn:astra:org:UUID_MASKED:db:UUID_MASKED:keyspace:some_user_table",
          + "drn:astra:org:UUID_MASKED:db:UUID_MASKED:keyspace:some_user_table:table:*",
        ] # forces replacement
      ~ role_id     = "UUID_MASKED" -> (known after apply)
      + role_name   = "stg_ar" # forces replacement
    }

Expected Behavior

What should have happened?

It should have updated in place without replacing the entire role. When roles are replaced, the associated tokens will be automatically replaced as well which will increase the number of unnecessary API calls + token rotations.

Actual Behavior

What actually happened?

It replaces role + tokens associated with role.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. Create role via terraform
2. Update any resources linked to role or permissions or description or effect
3. terraform plan and see that it will recreate the entire role

Important Factoids

Are there anything atypical about your accounts that we should know? For example: Running in EC2 Classic? Custom version of OpenStack? Tight ACLs?

N/A

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here?

N/A

Hi there,

Please provide the following details with your issue report.

Terraform Version

Terraform v1.1.2
on linux_amd64

Affected Resource(s)

astra_keyspace

Terraform Configuration Files

terraform {
  required_providers {
    astra = {
      source  = "datastax/astra"
      version = "2.0.1"
    }
  }
}

resource "astra_database" "db" {
  name           = "Database1"
  keyspace       = "Keyspace1"
  cloud_provider = "aws"
  regions        = ["eu-central-1"]
}

resource "astra_keyspace" "ks2" {
  name        = "Keyspace2"
  database_id = resource.astra_database.db.id
}

output "dbid" { value = astra_database.db.id }

Debug Output

N/A

Panic Output

N/A

Expected Behavior

After a terraform plan and terraform apply the Database and second Keyspace should be created. If a terraform plan is executed again, the only change should be that the second keyspace needs to be added to the database resource's additional keyspace array, and it should indicate that only a terraform apply -refresh-only needs to be executed.

Actual Behavior

In the second terraform plan, terraform indicates that the second keyspace (Keyspace2 in this example) needs to be added to the database resources' additional keyspaces, and also that the second keyspace needs to be deleted and re-added.

Steps to Reproduce

1. terraform plan
2. terraform apply
3. terraform plan

Important Factoids

N/A

References

N/A

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-48
┆priority: Major

Hi all,
I'm getting an error when I try to destroy a DB with an access list defined. I can verify that the access list IS created properly, but when I perform a terraform destroy operation I get the following error message:

jeffdavies@jdavies-rmbp16 20211115_Astra_Terraform % terraform destroy -var="token=$ASTRA_API_TOKEN"
astra_database.insurance_db: Refreshing state... [id=1133a0d4-8fe2-4d7d-b05f-9f797c04a759]
astra_access_list.website: Refreshing state... [id=1133a0d4-8fe2-4d7d-b05f-9f797c04a759]
astra_role.insurance_admin: Refreshing state... [id=d6653468-5373-424f-aa90-f3139608594a]
astra_token.api_token: Refreshing state... [id=OtBMYRqZraYnlKEQlEMuRUHZ]
╷
│ Error: parsing time ""2021-11-18 17:46:21.496 +0000 UTC"" as ""2006-01-02T15:04:05Z07:00"": cannot parse " 17:46:21.496 +0000 UTC"" as "T"
│ 
│   with astra_access_list.website,
│   on resource.tf line 44, in resource "astra_access_list" "website":
│   44: resource "astra_access_list" "website" {

Terraform Version

jeffdavies@jdavies-rmbp16 20211115_Astra_Terraform % terraform -v
Terraform v1.0.11
on darwin_amd64
+ provider registry.terraform.io/datastax/astra v1.0.10

Affected Resource(s)

Please list the resources as a list, for example:

• astra_database
• astra_keyspace

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

Debug Output

╷
│ Error: parsing time ""2021-11-18 17:46:21.496 +0000 UTC"" as ""2006-01-02T15:04:05Z07:00"": cannot parse " 17:46:21.496 +0000 UTC"" as "T"
│ 
│   with astra_access_list.website,
│   on resource.tf line 44, in resource "astra_access_list" "website":
│   44: resource "astra_access_list" "website" {
│ 
╵

Panic Output

No panic file was generated

Expected Behavior

It should delete the access list without error

Actual Behavior

Because of this error, nothing is deleted.

Steps to Reproduce

Here are my source files. All security tokens are defined as environment variables on my machine.

main.tf

terraform {
  # This module is now only being tested with Terraform 0.13.x. However, to make upgrading easier, we are setting
  # 0.12.26 as the minimum version, as that version added support for required_providers with source URLs, making it
  # forwards compatible with 0.13.x code.
  required_version = ">= 1.0.0"
  required_providers {
    astra = {
      source = "datastax/astra"
      version = "1.0.10"
    }
  }
}

# Output the security information
output "database_id" {
  value = astra_database.insurance_db.id
  description = "Test Description"
}

output "token" {
  value = astra_token.api_token.token
  description = "Token information - DO NOT LOSE"
}

output "client_secret" {
  value = astra_token.api_token.secret
  description = "Token information - DO NOT LOSE"
}

output "client_id" {
  value = astra_token.api_token.client_id
  description = "Token information - DO NOT LOSE"
}

resource.tf

# Create the database
resource "astra_database" "insurance_db" {
  name           = "insurance"
  keyspace       = "insurance"
  cloud_provider = "gcp"
  region         = "us-west1"
}

resource "astra_role" "insurance_admin" {
  role_name   = "ins_admin"
  description = "Database administrator for the Insurance database"
  effect      = "allow"
  # Select the resources for which we will create policies
  resources   = [
    # Identify our organization
    "drn:astra:org:d909ab0b-84e7-40b4-acdc-47c6f92db299", 
    # Select the database we want to use
    "drn:astra:org:d909ab0b-84e7-40b4-acdc-47c6f92db299:db:${astra_database.insurance_db.id}",
    # Specify the keyspace to which we need access
    "drn:astra:org:d909ab0b-84e7-40b4-acdc-47c6f92db299:db:${astra_database.insurance_db.id}:keyspace:insurance",
    # Select all of the tables in the database
    "drn:astra:org:d909ab0b-84e7-40b4-acdc-47c6f92db299:db:${astra_database.insurance_db.id}:keyspace:insurance:table:*"
    ]
  policy      = [
    # Keyspace
    "db-keyspace-alter", "db-keyspace-authorize", "db-keyspace-create", 
    "db-keyspace-describe", "db-keyspace-drop", "db-keyspace-grant", "db-keyspace-modify", 
    # API Access
    "db-cql", "db-graphql", "db-rest", 
    # Table Access
    "db-table-create", "db-table-drop", "db-table-describe", "db-table-alter", 
    "db-table-select", "db-table-grant", "db-table-modify", "db-table-authorize",
    # All remaining rights for Admin users
    "db-all-keyspace-create", "db-all-keyspace-describe", "db-manage-privateendpoint",
    "db-manage-region", "org-billing-read", "org-billing-write", "org-db-addpeering",
    "org-db-create", "org-db-expand", "org-db-managemigratorproxy", 
    "org-db-passwordreset", "org-db-suspend", "org-db-terminate","org-db-view", 
    "org-read", "org-user-read", "org-user-write"
    ]
}

# Allow any IP to access the database. In practice, you should lock this down
# so only the Google Functions IP address can hit the database.
resource "astra_access_list" "website" {
  database_id = astra_database.insurance_db.id
  addresses {
    # Allow any IP to connect
    request {
      address = "0.0.0.0/0"
      enabled = true
    }
  }
}

# Generate a token for our custom role
resource "astra_token" "api_token" {
  roles = [astra_role.insurance_admin.role_id]
}

Important Factoids

This is using the standard Astra free database account.

References

None that I'm aware of.

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-41
┆priority: Major

On Terraform docs, resources astra_streaming_stink and astra_streaming_tenant have the same description as astra_cdc

See below for reference:

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-62
┆priority: Major

Hi

This sentence is confusing

Required
roles (List of String) Roles for generated token

In the exampel it looks like it is the name of the role but it is the ID can you add this to the Docu?

and maybe add second exampel

Something like

resource "astra_role" "exampel" {
  role_name   = "exampel"
  description = "exampel"
  effect      = "allow"
  resources = [  ]
  policy = [  ]
}

resource "astra_token" "exampel" {
  roles = [astra_role.exampel.role_id]
}

https://registry.terraform.io/providers/datastax/astra/latest/docs/resources/token

Thank you

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-49
┆priority: Major

Terraform Version

Terraform v1.1.9

Affected Resource(s)

-astra_streaming_sink
-astra_cdc
-astra_streaming_tenant

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

terraform {
  required_providers {
    astra = {
      source = "datastax/astra"
      version = "2.1.0-rc1"
    }
  }
}

variable "token" {
  type = string
  description = "<ASTRA_TOKEN>"
}

provider "astra" {
  token = var.token
}

resource "astra_database" "example" {
  name           = "cdc_test"
  keyspace       = "cdc"
  cloud_provider = "gcp"
  regions        = ["us-east4"]
}

resource "astra_streaming_tenant" "streaming_tenant-1" {
  tenant_name        = "pleasework"
  topic              = "pleasework"
  region             = "useast-4"
  cloud_provider     = "gcp"
  user_email         = "[email protected]"
}

resource "astra_cdc" "cdc-1" {
  depends_on            = [ astra_streaming_tenant.streaming_tenant-1 ]
  database_id           = "<DB_ID>"
  database_name         = "cdc_test"
  table                 = "cdc_test"
  keyspace              = "cdc"
  topic_partitions      = 3
  tenant_name           = astra_streaming_tenant.streaming_tenant-1.tenant_name
}

resource "astra_streaming_sink" "streaming_sink-1" {
  depends_on            = [ astra_streaming_tenant.streaming_tenant-1, astra_cdc.cdc-1 ]
  tenant_name           = astra_streaming_tenant.streaming_tenant-1.tenant_name
  topic                 = astra_cdc.cdc-1.data_topic
  region                = "useast-4"
  cloud_provider        = "gcp"
  sink_name             = "jdbc-clickhouse"
  retain_ordering       = true
  processing_guarantees = "ATLEAST_ONCE"
  parallelism           = 3
  namespace             = "astracdc"
  sink_configs          = jsonencode({
    "userName": "clickhouse",
    "password": "password",
    "jdbcUrl": "jdbc:clickhouse://fake.clickhouse.url:8123/pulsar_clickhouse_jdbc_sink",
    "tableName": "pulsar_clickhouse_jdbc_sink"
  })
  auto_ack              = true
}

Debug Output

Going to paste it because its just a endless cycle of trying to create astra_cdc

astra_cdc.cdc-1: Creating...
astra_cdc.cdc-1: Still creating... [10s elapsed]
astra_cdc.cdc-1: Still creating... [20s elapsed]
astra_cdc.cdc-1: Still creating... [30s elapsed]
astra_cdc.cdc-1: Still creating... [40s elapsed]
astra_cdc.cdc-1: Still creating... [50s elapsed]
astra_cdc.cdc-1: Still creating... [1m0s elapsed]
astra_cdc.cdc-1: Still creating... [1m10s elapsed]
^CStopping operation...

Interrupt received.
Please wait for Terraform to exit or data loss may occur.
Gracefully shutting down...

Expected Behavior

• If Terraform sees that there is no table, it should give a good error message
• There should be a Terraform resource for tables

Actual Behavior

• It tries to create astra_cdc endlessly until it times out.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-61
┆priority: Major

Terraform Version

Terraform v1.1.5
on linux_amd64

Affected Resource(s)

• astra_database

The official TF doc: https://registry.terraform.io/providers/datastax/astra/latest/docs/resources/database needs more guidance on the description and usage of the required attributes. Example:

• cloud_provider: what are the list of valid values?
• keyspace: Why does this DB needs that exact keyspace?
• regions: list of valid values? Would be helpful to give an example of CLI query to get the list of valid values. For example, if the Cloud provider is Azure. Maybe the list of valid regions could be az account list-locations --query "[[email protected]=='Canada'].{ displayName: displayName, name: name}"

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-53
┆priority: Major

Affected Data source

• data.astra_database

Expected Behavior

Allow lookup of database by name. I am currently looking up databases via data.astra_databases but this has the problem that it does not fail if at least one database is present in the organization and leads to code like:

locals {
  database_id_tmp = join("", [for db in data.astra_databases.list.results : db.id if db.name == var.database_name])
  database_id = local.database_id_tmp != "" ? local.database_id_tmp : "00000000-0000-0000-0000-000000000000"
}

which has the issue that:

• when database does not exist, database_id_tmp is empty so all places where you would use it, like other astra resources, they fail at the validation step because they expect the database_id to be in UUID format.
• I "fixed" this by using "00000000-0000-0000-0000-000000000000" which created even more fun failure scenarios on the provider.
  A data structure would fail directly if the DB does not exist and would "propagate" the error to the rest of terraform, without that there's no clear error and in some cases you end up with an API call with the database_id = "00000000-0000-0000-0000-000000000000" which fails with another cryptic error.

Important Factoids

The API only supports lookup using the DB id and database name may not be enforced to be unique so this may not be possible. Implementing this by enumerating all the databases and selecting the one matching the name might be too inefficient.

References

https://docs.datastax.com/en/astra/docs/_attachments/devopsv2.html#tag/Database-Operations/operation/getDatabase

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-68
┆priority: Major

Hi there,

Please provide the following details with your issue report.

Terraform Version

tf -v
Terraform v1.0.1
on darwin_amd64
+ provider registry.terraform.io/datastax/astra v1.0.3

Affected Resource(s)

• astra_role

Terraform Configuration Files

resource "astra_role" "role" {
  role_name   = "name"
  description = "desc"
  effect      = "allow"
  resources = [
    "drn:astra:org:hiddenOrgId",
    "drn:astra:org:hiddenOrgId:db:hiddenDbId",
    "drn:astra:org:hiddenOrgId:db:hiddenDbId:keyspace:system_schema:table:*",
    "drn:astra:org:hiddenOrgId:db:hiddenDbId:keyspace:system:table:*",
    "drn:astra:org:hiddenOrgId:db:hiddenDbId:keyspace:system_virtual_schema:table:*",
    "drn:astra:org:hiddenOrgId:db:hiddenDbId:keyspace:*",
    "drn:astra:org:hiddenOrgId:db:hiddenDbId:keyspace:*:table:*"
  ]
  policy = ["accesslist-read", "db-all-keyspace-describe", "db-keyspace-describe", "db-table-select", "db-table-describe", "db-graphql", "db-rest", "db-cql"]
}

Debug Output

╷
│ Error: json: cannot unmarshal string into Go value of type astra.Errors
│ 
│   with astra_role.role,
│   on main.tf line 32, in resource "astra_role" "role":
│   32: resource "astra_role" "role" {
│ 
╵

Expected Behavior

Role should be created

Actual Behavior

Unknown Error

Important Factoids

POST request based on the following guide works: https://docs.datastax.com/en/astra/docs/db-devops-roles.html#_create_a_new_role

Exact same request made on curl works, but not via tf provider.

┆Issue is synchronized with this Jira Task by Unito
┆Resolution: Done

Feature request

We have a setup on GCP where there is a networking project which hosts the VPC and a compute project which hosts the compute resources and where "virtually" the DataStax resources will be created (basically a pipeline that creates resources in the compute project will also create datastax resources).. Specifically for GCP Private Service Connect there is a dependency that astra_private_link_endpoint depends on astra_private_link which depends on astra_database so a database needs to exist prior to any other resource.
Would it be possible to export the service_name resource from astra_private_link if they are static per GCP region so that we can create before and independent of an astra_database the astra_private_link and private_link_enpoint resources in the networking project and then just reuse them from the astra_database resource?

Terraform Version

N/A

Affected Resource(s)

• astra_private_link

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-64
┆priority: Major

Hi there,

Unable to create datastax/astra database due to 'plugin did not respond'.

Terraform Version: Terraform v1.0.3

Affected Resource(s)

• astra_database
• astra_keyspace
• astra_roles
• astra_tokens

Expected Behavior

datastax/astra provider should be able to connect to my astra db and acquire the state

Actual Behavior

Plugin did not respond

│ Error: Plugin did not respond
│ 
│   with astra_database.myastra-db,
│   on main.tf line 1, in resource "astra_database" "myastra-db":
│    1: resource "astra_database" "myastra-db" {
│ 
│ The plugin encountered an error, and failed to respond to the
│ plugin.(*GRPCProvider).ReadResource call. The plugin logs may contain more
│ details.

Steps to Reproduce

1. terraform plan

┆Issue is synchronized with this Jira Task by Unito
┆Resolution: Done

Feature Request

Add in appropriate VPC peering capabilities that were added to the Astra client as of version 2.2.38

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-63
┆priority: Major

Currently a number of our tests rely on hard-coded resource IDs, either within Astra or another provider. These should be removed in favor of automatically generated resources that are created at startup and cleaned up at test completion. Any unique content, such as user account information for the cloud providers should be extracted to secrets that can be provided via environment variables.

This was mentioned during initial project transition meetings and again in the review of #41 .

┆Issue is synchronized with this Jira Task by Unito

┆Issue is synchronized with this Jira Task by Unito
┆Resolution: Done

Hi there,

After creating astra_private_link_endpoint.astra_vpc_endpoint, I can't run "terraform run" again, or "terraform destroy" too.

Terraform Version

terraform - 1.0.7

Affected Resource(s)

astra_private_link_endpoint.astra_vpc_endpoint

Terraform Configuration Files or go to https://dropmefiles.com.ua/en/a46sQKf

terraform {
required_providers {
astra = {
source = "datastax/astra"
version = ">= 1.0.7"
}
}
}

provider "astra" {}
provider "aws" {
region = "eu-central-1"
}

resource "astra_database" "prof-kobol" {
name = var.cassandradb-name
keyspace = var.default-keyspace
cloud_provider = "AWS"
region = var.cassandradb-region
}

resource "astra_keyspace" "keyspaces" {
for_each = var.cassandradb-keyspaces
name = each.key
database_id = astra_database.prof-kobol.id
}

resource "aws_security_group" "full_access" {
count = var.create_security_group ? 1 : 0

name = var.sg_name
description = "Allow TLS inbound traffic"
vpc_id = var.vpc_id

ingress {
description = "all rules"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = var.sg_cidr_blocks
}

egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = var.sg_tag
}
}

resource "astra_private_link" "astra_link" {
count = var.create_private_link ? 1 : 0

allowed_principals = var.cassandradb_allowed_principals
database_id = astra_database.prof-kobol.id
datacenter_id = "${astra_database.prof-kobol.id}-1"
}

resource "aws_vpc_endpoint" "astra_endpoint" {
count = var.create_private_link ? 1 : 0

vpc_id = var.vpc_id
service_name = astra_private_link.astra_link[count.index].service_name
vpc_endpoint_type = "Interface"
subnet_ids = [var.vpc_subnet_ids[0]]
security_group_ids = [aws_security_group.full_access[count.index].id]
}

resource "astra_private_link_endpoint" "astra_vpc_endpoint" {
count = var.create_private_link ? 1 : 0

database_id = astra_database.prof-kobol.id
datacenter_id = "${astra_database.prof-kobol.id}-1"
endpoint_id = aws_vpc_endpoint.astra_endpoint[count.index].id
}

--- variables.ft
variable "cassandradb-name" {
description = "name of cassandradb"
type = string
default = "prof-kobol-cassandra"
}

variable "default-keyspace" {
description = "default keyspace for creating"
type = string
default = "default_keyspace"
}

variable "cassandradb-region" {
description = "region of cassandradb"
type = string
default = "eu-central-1"
}

variable "cassandradb-keyspaces" {
description = "region of cassandradb"
type = set(string)
default = [
"axisarmstate",
"axisconnectionhandler"
]
}

variable "cassandradb_allowed_principals" {
description = "aws roles arns or account arns for allowed working with private link"
type = list(string)
default = [
"arn:aws:iam::063017313243:root"
]
}

variable "vpc_id" {
description = "vpc for locating private link for cassandradb"
type = string
default = "vpc-02bb9784a4d745039"
}

variable "vpc_subnet_ids" {
description = "vpc subnet_ids for locating cassandradb private link"
type = list(string)
default = [
"subnet-0dbf53b7c16e21494",
"subnet-02137e306146964af",
"subnet-0297927029b6f8c0d"
]
}

variable "create_security_group" {
description = "bool values for SG"
type = bool
default = true
}

variable "create_private_link" {
description = "bool for creating private link"
default = true
type = bool
}

variable "sg_name" {
description = "sg for access to private link"
type = string
default = "cassandradb-private-link-sg"
}

variable "sg_cidr_blocks" {
description = "sg cidr_blocks for ingress rules"
type = list(string)
default = [
"0.0.0.0/0"
]
}

variable "sg_tag" {
description = "sg for access to private link"
type =string
default = "sg-cassandradb"
}

---output.tf
output "cassanda-db-name" {
value = astra_database.prof-kobol.name
}

output "cassanda-db-url" {
value = astra_database.prof-kobol.data_endpoint_url
}

output "cassanda-db-grafana-url" {
value = astra_database.prof-kobol.grafana_url
}

output "cassandra-private-link-url" {
value = var.create_private_link ? aws_vpc_endpoint.astra_endpoint[0].dns_entry[1].dns_name : null
}

Debug Output

2021-09-20T17:30:33.890+0300 [INFO] provider.terraform-provider-aws_v3.57.0_x5: 2021/09/20 17:30:33 [DEBUG] [aws-sdk-go]

f5bdd13b-44b9-428d-9d47-a2730e74cc1e

: timestamp=2021-09-20T17:30:33.889+0300
2021-09-20T17:30:33.894+0300 [INFO] provider.terraform-provider-aws_v3.57.0_x5: 2021/09/20 17:30:33 [WARN] Truncating attribute path of 0 diagnostics for TypeSet: timestamp=2021-09-20T17:30:33.894+0300
2021-09-20T17:30:33.894+0300 [INFO] provider.terraform-provider-aws_v3.57.0_x5: 2021/09/20 17:30:33 [WARN] Truncating attribute path of 0 diagnostics for TypeSet: timestamp=2021-09-20T17:30:33.894+0300
2021-09-20T17:30:33.899+0300 [WARN] Provider "registry.terraform.io/hashicorp/aws" produced an invalid plan for aws_vpc_endpoint.astra_endpoint[0], but we are tolerating it because it is using the legacy plugin SDK.
The following problems may be the cause of any confusing errors from downstream operations:
- .private_dns_enabled: planned value cty.False for a non-computed attribute
- .tags: planned value cty.MapValEmpty(cty.String) for a non-computed attribute
2021-09-20T17:30:33.900+0300 [INFO] ReferenceTransformer: reference not found: "var.create_private_link"
2021-09-20T17:30:33.900+0300 [INFO] ReferenceTransformer: reference not found: "aws_vpc_endpoint.astra_endpoint"
2021-09-20T17:30:33.900+0300 [INFO] ReferenceTransformer: reference not found: "count.index"
2021-09-20T17:30:33.900+0300 [DEBUG] ReferenceTransformer: "astra_private_link_endpoint.astra_vpc_endpoint[0]" references: []
2021-09-20T17:30:33.901+0300 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-09-20T17:30:33.906+0300 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/aws/3.57.0/darwin_arm64/terraform-provider-aws_v3.57.0_x5 pid=47190
2021-09-20T17:30:33.906+0300 [DEBUG] provider: plugin exited
astra_private_link_endpoint.astra_vpc_endpoint[0]: Refreshing state... [id=fa3d69fa-ea9c-413e-99f4-2006a820852d/datacenter/fa3d69fa-ea9c-413e-99f4-2006a820852d-1/endpoint/vpce-0e61f2812c24d478a]
2021-09-20T17:30:33.907+0300 [DEBUG] provider.terraform-provider-astra_v1.0.7: 2021/09/20 17:30:33 [DEBUG] GET https://api.astra.datastax.com/v2/databases/fa3d69fa-ea9c-413e-99f4-2006a820852d
2021-09-20T17:30:34.103+0300 [DEBUG] provider.terraform-provider-astra_v1.0.7: 2021/09/20 17:30:34 [DEBUG] GET https://api.astra.datastax.com/v2/organizations/clusters/fa3d69fa-ea9c-413e-99f4-2006a820852d/datacenters/fa3d69fa-ea9c-413e-99f4-2006a820852d-1/endpoints/vpce-0e61f2812c24d478a
2021-09-20T17:30:34.279+0300 [INFO] provider.terraform-provider-astra_v1.0.7: 2021/09/20 17:30:34 [ERROR] setting state: Invalid address to set: []string{"service_name"}: timestamp=2021-09-20T17:30:34.279+0300
╷
│ Error: Invalid address to set: []string{"service_name"}
│
│ with astra_private_link_endpoint.astra_vpc_endpoint[0],
│ on main.tf line 69, in resource "astra_private_link_endpoint" "astra_vpc_endpoint":
│ 69: resource "astra_private_link_endpoint" "astra_vpc_endpoint" {
│

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply
2. 'terraform apply or terraform destroy'

Important Factoids

after deleting state of astra_private_link_endpoint.astra_vpc_endpoint, it can work but this resource "astra_private_link_endpoint.astra_vpc_endpoint" will be recreated.

┆Issue is synchronized with this Jira Task by Unito

Ideally this should be a part of astra_role to allow lookups using names (which does not seem to be supported by the API) but a new data source that maps to the API also helps.

Expected Behavior

Add support for astra_roles

References

There is support in the DevOps API for this https://docs.datastax.com/en/astra/docs/_attachments/devopsv2.html#tag/Roles/operation/getOrganizationRoles

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-67
┆priority: Major

I have another implementation that maybe works better. With it, you could reference the datacenter id like this:

resource "astra_database" "terra59" {
  name           = "terra59"
  keyspace       = "terra59"
  cloud_provider = "gcp"
  regions        = ["us-east4"]
}

resource "astra_private_link" "example" {
  allowed_principals = ["some-principal"]
  database_id = astra_database.terra59.id
  datacenter_id = astra_database.terra59.datacenters["${astra_database.terra59.cloud_provider}.${astra_database.terra59.regions[0]}"]
}

where you would only have to make sure you use the right regions index.

The state file would look like this instead:

resource "astra_database" "terra59" {
    additional_keyspaces = []
    cloud_provider       = "GCP"

    ...

    datacenters          = {
        "GCP.us-east4" = "26592405-0856-41cd-90ec-c25d039f4c13-1"
    }


    ...

    id                   = "26592405-0856-41cd-90ec-c25d039f4c13"

    ...
    regions              = [
        "us-east4",
    ]

    ...

Originally posted by emerkle826 in #99 (comment)

I tried to implement this for my resources, but I am using AWS. When using a similar set up to what is mentioned here, I get the following error

  on astra.tf line 47, in resource "astra_private_link" "example":
  47:   datacenter_id      = module.astra_db.datacenters["${module.astra_db.cloud_provider}.${module.astra_db.regions[0]}"]
    |----------------
    | module.astra_db.cloud_provider is "AWS"
    | module.astra_db.datacenters is map of string with 1 element
    | module.astra_db.regions[0] is "us-east-1"

This is my definition

resource "astra_private_link" "example" {
  allowed_principals = ["arn:aws:iam::myaccountuser"]
  database_id        = module.astra_db.database_id
  datacenter_id      = module.astra_db.datacenters["${module.astra_db.cloud_provider}.${module.astra_db.regions[0]}"]
}

I tried to replace "${module.astra_db.cloud_provider}" with just "AWS" and it gave me a similar error.

Error: Invalid index

  on astra.tf line 47, in resource "astra_private_link" "example":
  47:   datacenter_id      = module.astra_db.datacenters["AWS.${module.astra_db.regions[0]}"]
    |----------------
    | module.astra_db.datacenters is map of string with 1 element
    | module.astra_db.regions[0] is "us-east-1"

The given key does not identify an element in this collection value.

When I replaced "${module.astra_db.cloud_provider}" with "aws", it successfully grabbed the datacenter_id I was looking for.

It seems like the case of the cloud_provider is the issue.

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-71
┆priority: Major

Hi,

I've tried to manage a role with the astra_role module.
While it managed to create the role it crashes directly afterwards when listing the roles.

Terraform Version

Terraform v1.1.9
on linux_amd64
+ provider registry.terraform.io/carlpett/sops v0.7.0
+ provider registry.terraform.io/datastax/astra v2.1.0-beta2
+ provider registry.terraform.io/hashicorp/azurerm v3.4.0

Affected Resource(s)

• astra_role

Terraform Configuration Files

## main.tf

terraform {
  required_providers {
    astra = {
      source = "datastax/astra"
    }
  }
}

resource "astra_database" "db_instance" {
  name           = var.db_name
  cloud_provider = "azure"
  regions        = ["westeurope"]
  keyspace       = "app"
}

resource "astra_role" "app" {
    role_name = "app"
    description = "application access"
    effect = "allow"
    resources = [
      "drn:astra:org:${astra_database.db_instance.organization_id}:db:${astra_database.db_instance.id}",
      "drn:astra:org:${astra_database.db_instance.organization_id}:db:${astra_database.db_instance.id}:keyspace:app",
      "drn:astra:org:${astra_database.db_instance.organization_id}:db:${astra_database.db_instance.id}:keyspace:app:table:*"
      ]
    policy = [
      "db-cql",
      "db-table-alter",
      "db-table-create",
      "db-table-describe",
      "db-table-modify",
      "db-table-select"
    ]
}

## variables.tf
variable "db_name" {
  type        = string
  description = "Name of the database instance"
}

Panic Output

Panic Output

Expected Behavior

terraform plan and apply should work withouth the module crashing.

Actual Behavior

The module crashes after the role has been created.

Additional Information

The state has been successfully written:

$> terraform state show module.astra-db-instance.astra_role.app

resource "astra_role" "app" {
    description = "application access"
    effect      = "allow"
    id          = "<omitted>"
    policy      = [
        "db-cql",
        "db-table-alter",
        "db-table-create",
        "db-table-describe",
        "db-table-modify",
        "db-table-select",
    ]
    resources   = [
        "drn:astra:org:<omitted>",
        "drn:astra:org:<omitted>:db:<omitted>:keyspace:app",
        "drn:astra:org:<omitted>:db:<omitted>:keyspace:app:table:*",
    ]
    role_id     = "<omitted>"
    role_name   = "app"
}

Steps to Reproduce

1. terraform apply -auto-approve

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-60
┆priority: Major

Terraform Version

Terraform v1.1.2

Affected Resource(s)

• astra_private_link

Terraform Configuration Files

resource "astra_private_link" "gke" {
  allowed_principals = [var.gcp_project_id]
  database_id        = astra_database.database.id
  datacenter_id      = "${astra_database.database.id}-1"
}

Debug Output

https://gist.github.com/hugolhafner/7c3ac94228233dc8206a7cc7f1f1e75c

Expected Behavior

Successfully refreshes resource

Actual Behavior

Fails to refresh the resource with an invalid ID error

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply # Creates successfully. at first
2. terraform apply # Any subsequent refreshes will cause error message

Important Factoids

• GCP Database in region us-east4
• Generated ID is of form DB_UUID/datacenter/DB_UUID-1/serviceNames/projects/astra-serverless-prod-X/regions/us-east4/serviceAttachments/X which splits into more than 5 id parts

  terraform-provider-astra/internal/provider/resource_private_link.go

  Lines 146 to 149 in 9c883d2

  	idParts := strings.Split(strings.ToLower(id), "/")
  	if len(idParts) != 5 {
  	return "", "", "", errors.New("invalid private link id format: expected datacenter/servicenames")
  	}

  and as such throws an error

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-51
┆priority: Major

Hi, we recently signed up for Astra Serverless and are trying to manage as much as possible with Terraform. We are wondering if it's already possible to enable the "Restrict Public Access" setting. Thanks in advance!

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-42
┆priority: Major

Hi there,

here is the error while creating role

astra_role.role: Creating...
╷
│ Error: json: cannot unmarshal string into Go value of type astra.Errors
│
│   with astra_role.role,
│   on astra-db.tf line 49, in resource "astra_role" "role":
│   49: resource "astra_role" "role" {
│

Terraform Version

Terraform v1.1.4
on linux_amd64

• provider registry.terraform.io/datastax/astra v2.0.1

Affected Resource(s)

• astra_role

Terraform Configuration Files

resource "astra_role" "role" {
  role_name   = "name"
  description = "desc"
  effect      = "allow"
  resources = [
    "drn:astra:org:${var.ds_org_id}"
  ]
  policy = ["accesslist-read", "db-all-keyspace-describe", "db-keyspace-describe", "db-table-select", "db-table-describe", "db-graphql", "db-rest", "db-cql"]
}

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply

Terraform Version

v1.0.7

Affected Resource

• astra_token

Terraform Configuration Files

terraform {
  required_providers {
    astra = {
      source  = "datastax/astra"
      version = "1.0.9"
    }
  }
}

resource "astra_database" "this" {
  name           = "database1"
  keyspace       = "keyspace1"
  cloud_provider = "aws"
  region         = "eu-central-1"
}

resource "astra_keyspace" "this" {
  name        = "keyspace1"
  database_id = resource.astra_database.this.id
}

resource "astra_role" "example" {
  role_name   = "keyspace1_example_role"
  description = "example"
  effect      = "allow"
  resources = [
    "drn:astra:org:${resource.astra_database.this.organization_id}:db:${resource.astra_database.this.id}:keyspace:${resource.astra_keyspace.this.name}:table:*"
  ]
  policy = [
    "db-table-create",
    "db-table-modify"
  ]
}

resource "astra_token" "example" {
  roles = [
    "${resource.astra_role.example.role_id}"
  ]
}

Expected Behavior

When removed or changed existing token should be removed

Actual Behavior

Existing token remains visible in Astra web console when removed from code.
When token changed in code new one gets created without deleting the old one, so after change you have two instead of one.

Steps to Reproduce

1. terraform apply
2. remove token in code
3. terraform apply

┆Issue is synchronized with this Jira Task by Unito

Hi,

when provisioning an Astra DB instance the astra_database module won't give access to the datacenter.
The datacenter id is needed for astra_private_link and astra_private_link_endpoint though.
The examples in the astra_private_link documentation are wrong since they miss the suffix of the datacenter - for me -1.

Terraform Version

Terraform v1.1.8
on linux_amd64
+ provider registry.terraform.io/datastax/astra v2.0.4
+ provider registry.terraform.io/hashicorp/azurerm v3.4.0

Affected Resource(s)

Please list the resources as a list, for example:

• astra_database
• astra_private_link
• astra_private_link_endpoint

Expected Behavior

The astra_database module should give access to the datacenters.

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-59
┆priority: Major

Hi all,
When I create a database, I output some of the database attributes at the end. I'm using the attributes listed on the database resource page. Many of the attributes print just fine, but the following output statements produce no output at all avd no error messages:

### These commands are not displayed after the "apply"
output "replication_factor" {
  value = astra_database.hello_astra_db.replication_factor
  description = "Replicaion Factor"
}

output "node_count" {
  value = astra_database.hello_astra_db.node_count
  description = "Node Count"
}

output "total_storage" {
  value = astra_database.hello_astra_db.total_storage
  description = "Total Storage (GB?)"
}

Terraform Version

jeffdavies@jdavies-rmbp16 hello_astra_tf % terraform -v
Terraform v1.0.11
on darwin_amd64

Affected Resource(s)

• astra_database

Terraform Configuration Files

I have attached a ZIP file with my terraform files. But really, just create an Astra database and use my code snippet above and you will see that no output or error message is produced.

Debug Output

None

Panic Output

None

Expected Behavior

I expect to see the values displayed on my console with the other values.

Actual Behavior

no output for the listed values.

Steps to Reproduce

1. terraform apply

Important Factoids

None

References

None

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-44
┆priority: Major

Hi There,

Please provide the following details with your issue report.

Terraform Version

Terraform v1.0.7
on linux_amd64

• provider registry.terraform.io/datastax/astra v1.0.9

Affected Resource(s)

Please list the resources as a list, for example:

• astra_database

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

resource "astra_database" "Test"{
  name           = "terra-test-cluster"
  keyspace       = "terraformTest"
  cloud_provider = "aws"
  region         = ["us-east-1","us-west-2"]
}

Debug Output

terraform plan
╷
│ Error: Incorrect attribute value type
│
│ on casdev.tf line 19, in resource "astra_database" "Test":
│ 19: region = ["us-east-1","us-west-2"]
│
│ Inappropriate value for attribute "region": string required.

Expected Behavior

It should deploy database in multiple region.

Actual Behavior

Deployment in only 1 region supported. Also there are no resource to add new regions.

┆Issue is synchronized with this Jira Task by Unito

Hi there,

Please provide the following details with your issue report.

Terraform Version

v1.1.3

Affected Resource(s)

• all

Debug Output

The original astra api error message is not even printed in the TRACE log:

...
2022-04-21T12:53:39.601+0200 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: removing state object for astra_role.appdb_cgw_user
2022-04-21T12:53:39.601+0200 [ERROR] vertex "astra_role.my_role" error: json: cannot unmarshal string into Go value of type astra.Errors
///

Expected Behavior

Error message from astra api should have been printed in the terraform error log and to the terraform console

Actual Behavior

If an error is received from the datastax api, the following generic error is displayed:

astra_keyspace.my_keyspace: Creation complete after 9s [id=96e30bc5-c1b1-4c38-84eb-7d7d494e624b/keyspace/cgw_accounts]
╷
│ Error: json: cannot unmarshal string into Go value of type astra.Errors
│
│   with astra_role.my_role,
│   on astra-db.tf line 79, in resource "astra_role" "my_role":
│   79: resource "astra_role" "ny_role" {
│
╵
ERRO[0247] 1 error occurred:
	* exit status 1

It looks like the deserializion of error message received from the astra api is not properly implemented in the astra TF provider

Steps to Reproduce

to create an error, do e.g.:

1. manually create a organization role through astra web console
2. try to create the same role with TF

Important Factoids

References

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-57
┆priority: Major

Hi there,

Please provide the following details with your issue report.

Affected Resource(s)

Please list the resources as a list, for example:

• astra_role

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

resource "astra_role" "my_role" {
  role_name   = "role-name-removed-svc-role"
  description = "role-name-removed-svc-role"
  effect      = "allow"
  resources   = [
    "drn:astra:org:${module.astra_db.org_id}",
    "drn:astra:org:${module.astra_db.org_id}:db:${module.astra_db.database_id}",
    "drn:astra:org:${module.astra_db.org_id}:db:${module.astra_db.database_id}:keyspace:system_schema:table:*",
    "drn:astra:org:${module.astra_db.org_id}:db:${module.astra_db.database_id}:keyspace:system:table:*",
    "drn:astra:org:${module.astra_db.org_id}:db:${module.astra_db.database_id}:keyspace:system_virtual_schema:table:*",
    "drn:astra:org:${module.astra_db.org_id}:db:${module.astra_db.database_id}:keyspace:chat_dev1",
    "drn:astra:org:${module.astra_db.org_id}:db:${module.astra_db.database_id}:keyspace:chat_dev1:table:*",
    "drn:astra:org:${module.astra_db.org_id}:db:${module.astra_db.database_id}:keyspace:chat_dev2",
    "drn:astra:org:${module.astra_db.org_id}:db:${module.astra_db.database_id}:keyspace:chat_dev2:table:*"
   ]
  policy      = [
    "db-cql",
    "db-table-create",
    "db-table-modify",
    "db-table-alter",
    "db-table-describe",
    "db-table-select",
    "org-user-write",
    "org-user-read",
    "org-db-view"
    ]
}

Output From Postman

 {
    "id": "112233445566",
    "name": "role-name-removed-svc-role",
    "policy": {
        "description": "role-name-removed-svc-role",
        "resources": [
            "drn:astra:org:org-id-removed",
            "drn:astra:org:org-id-removed:db:db-id-removed",
            "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:system_schema:table:*",
            "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:system:table:*",
            "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:system_virtual_schema:table:*",
            "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev1",
            "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev1:table:*",
            "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev2",
            "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev2:table:*"
        ],
        "actions": [
            "db-cql",
            "db-table-create",
            "db-table-modify",
            "db-table-alter",
            "db-table-describe",
            "db-table-select",
            "org-user-write",
            "org-user-read",
            "org-db-view"
        ],
        "effect": "allow"
    },
    "last_update_date_time": "0001-01-01T00:00:00Z",
    "last_update_user_id": ""
},

Expected Behavior

After getting the structure from Postman, I have recreated the role within terraform. I would expect there to be no changes to the infrastructure. I understand that the role_name changing will force a replacement, however, I have confirmed that the role_name has not changed. The same role_name that is being output by a Postman call is being used within the resource creation.

Actual Behavior

After importing the resource, a subsequent plan is showing that the resource needs to be recreated because the name is changing. The name is not changing, it is a copy and paste from the Postman output.

terraform plan/import/plan

> terraform plan      
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # astra_role.my_role_role will be created
  + resource "astra_role" "my_role" {
      + description = "role-name-removed-svc-role"
      + effect      = "allow"
      + id          = (known after apply)
      + policy      = [
          + "db-cql",
          + "db-table-create",
          + "db-table-modify",
          + "db-table-alter",
          + "db-table-describe",
          + "db-table-select",
          + "org-user-write",
          + "org-user-read",
          + "org-db-view",
        ]
      + resources   = [
          + "drn:astra:org:org-id-removed",
          + "drn:astra:org:org-id-removed:db:db-id-removed",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:system_schema:table:*",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:system:table:*",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:system_virtual_schema:table:*",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev1",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev1:table:*",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev2",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev2:table:*",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev1",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev1:table:*",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev2",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev2:table:*",
        ]
      + role_id     = (known after apply)
      + role_name   = "role-name-removed-svc-role"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

> terraform import 'astra_role.my_role_role' 112233445566
astra_role.my_role_role: Importing from ID "112233445566"...
astra_role.my_role_role: Import prepared!
  Prepared astra_role for import
astra_role.my_role_role: Refreshing state... [id=112233445566]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

> terraform plan
astra_role.my_role_role: Refreshing state... [id=112233445566]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # astra_role.my_role_role must be replaced
-/+ resource "astra_role" "my_role_role" {
      + description = "role-name-removed-svc-role"
      + effect      = "allow"
      ~ id          = "112233445566" -> (known after apply)
      + policy      = [
          + "db-cql",
          + "db-table-create",
          + "db-table-modify",
          + "db-table-alter",
          + "db-table-describe",
          + "db-table-select",
          + "org-user-write",
          + "org-user-read",
          + "org-db-view",
        ]
      + resources   = [
          + "drn:astra:org:org-id-removed",
          + "drn:astra:org:org-id-removed:db:db-id-removed",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:system_schema:table:*",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:system:table:*",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:system_virtual_schema:table:*",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev1",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev1:table:*",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev2",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev2:table:*",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev1",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev1:table:*",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev2",
          + "drn:astra:org:org-id-removed:db:db-id-removed:keyspace:chat_dev2:table:*",
        ]
      ~ role_id     = "112233445566" -> (known after apply)
      + role_name   = "role-name-removed-svc-role" # forces replacement
    }

Plan: 1 to add, 0 to change, 1 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-72
┆priority: Major

/usr/local/go/bin/go test -c -o /tmp/___1TestDatabase_in_github_com_datastax_terraform_provider_astra_v2_internal_provider.test -gcflags all=-N -l github.com/datastax/terraform-provider-astra/v2/internal/provider #gosetup
/usr/local/go/bin/go tool test2json -t /home/tato/.local/share/JetBrains/IntelliJIdea2021.1/go/lib/dlv/linux/dlv --listen=0.0.0.0:40559 --headless=true --api-version=2 --check-go-version=false --only-same-user=false exec /tmp/___1TestDatabase_in_github_com_datastax_terraform_provider_astra_v2_internal_provider.test -- -test.v -test.paniconexit0 -test.run ^\QTestDatabase\E$
API server listening at: [::]:40559
=== RUN TestDatabase
2022/04/05 15:50:13 [DEBUG] GET https://api.astra.datastax.com/v2/regions/serverless
2022/04/05 15:50:14 [DEBUG] POST https://api.astra.datastax.com/v2/databases
2022/04/05 15:50:16 [DEBUG] GET https://api.astra.datastax.com/v2/databases/246e3785-6744-4c9d-bbb8-1ff20e612fcc
2022/04/05 15:50:16 [DEBUG] GET https://api.astra.datastax.com/v2/databases/246e3785-6744-4c9d-bbb8-1ff20e612fcc
2022/04/05 15:50:17 [DEBUG] GET https://api.astra.datastax.com/v2/databases/246e3785-6744-4c9d-bbb8-1ff20e612fcc
2022/04/05 15:50:19 [DEBUG] GET https://api.astra.datastax.com/v2/databases/246e3785-6744-4c9d-bbb8-1ff20e612fcc
2022/04/05 15:50:23 [DEBUG] GET https://api.astra.datastax.com/v2/databases/246e3785-6744-4c9d-bbb8-1ff20e612fcc
2022/04/05 15:50:31 [DEBUG] GET https://api.astra.datastax.com/v2/databases/246e3785-6744-4c9d-bbb8-1ff20e612fcc
2022/04/05 15:50:42 [DEBUG] GET https://api.astra.datastax.com/v2/databases/246e3785-6744-4c9d-bbb8-1ff20e612fcc
2022/04/05 15:50:52 [DEBUG] GET https://api.astra.datastax.com/v2/databases/246e3785-6744-4c9d-bbb8-1ff20e612fcc
2022/04/05 15:51:02 [DEBUG] GET https://api.astra.datastax.com/v2/databases/246e3785-6744-4c9d-bbb8-1ff20e612fcc
2022/04/05 15:51:12 [DEBUG] GET https://api.astra.datastax.com/v2/databases/246e3785-6744-4c9d-bbb8-1ff20e612fcc
2022/04/05 15:51:22 [DEBUG] GET https://api.astra.datastax.com/v2/databases/246e3785-6744-4c9d-bbb8-1ff20e612fcc
2022/04/05 15:51:32 [DEBUG] GET https://api.astra.datastax.com/v2/databases/246e3785-6744-4c9d-bbb8-1ff20e612fcc
2022/04/05 15:51:42 [DEBUG] GET https://api.astra.datastax.com/v2/databases/246e3785-6744-4c9d-bbb8-1ff20e612fcc
2022/04/05 15:51:52 [DEBUG] GET https://api.astra.datastax.com/v2/databases/246e3785-6744-4c9d-bbb8-1ff20e612fcc
panic: reflect: call of reflect.Value.IsNil on array Value

goroutine 325 [running]:
reflect.Value.IsNil(0x662fd80, 0xc00168bae0, 0x91, 0x64dfd00)
/usr/local/go/src/reflect/value.go:1086 +0x1b7
github.com/mitchellh/mapstructure.(*Decoder).decodeSlice(0xc001554ae0, 0x0, 0x0, 0x662fd80, 0xc00168bae0, 0x64dfd40, 0xc00089fc98, 0x197, 0x0, 0x0)
/home/tato/go/pkg/mod/github.com/mitchellh/[email protected]/mapstructure.go:1091 +0x8b2
github.com/mitchellh/mapstructure.(*Decoder).decode(0xc001554ae0, 0x0, 0x0, 0x662fd80, 0xc00168bae0, 0x64dfd40, 0xc00089fc98, 0x197, 0x0, 0x0)
/home/tato/go/pkg/mod/github.com/mitchellh/[email protected]/mapstructure.go:469 +0xe25
github.com/mitchellh/mapstructure.(*Decoder).Decode(0xc001554ae0, 0x662fd80, 0xc00168bae0, 0x0, 0x0)
/home/tato/go/pkg/mod/github.com/mitchellh/[email protected]/mapstructure.go:398 +0x108
github.com/mitchellh/mapstructure.Decode(0x662fd80, 0xc00168bae0, 0x6465740, 0xc00089fc98, 0x0, 0x0)
/home/tato/go/pkg/mod/github.com/mitchellh/[email protected]/mapstructure.go:302 +0x185
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*MapFieldWriter).setList(0xc00089f470, 0xc00168bb90, 0x1, 0x1, 0x662fd80, 0xc00168bae0, 0x0, 0x0)
/home/tato/go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/field_writer_map.go:126 +0x1ba
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*MapFieldWriter).set(0xc00089f470, 0xc00168bb90, 0x1, 0x1, 0x662fd80, 0xc00168bae0, 0x0, 0x0)
/home/tato/go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/field_writer_map.go:103 +0x3bb
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*MapFieldWriter).WriteField(0xc00089f470, 0xc00168bb90, 0x1, 0x1, 0x662fd80, 0xc00168bae0, 0x0, 0x0)
/home/tato/go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/field_writer_map.go:89 +0x80b
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*ResourceData).Set(0xc00206c500, 0x7cf3223, 0x7, 0x662fd80, 0xc00168bae0, 0x0, 0x0)
/home/tato/go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource_data.go:227 +0x20f
github.com/datastax/terraform-provider-astra/v2/internal/provider.setDatabaseResourceData(0xc00206c500, 0xc0021f2b60, 0x0, 0x0)
/home/tato/go/src/github.com/datastax/terraform-provider-astra/internal/provider/resource_database.go:489 +0x1c9
github.com/datastax/terraform-provider-astra/v2/internal/provider.waitForDatabaseAndUpdateResource.func1(0x0)
/home/tato/go/src/github.com/datastax/terraform-provider-astra/internal/provider/resource_database.go:469 +0x9bf
github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource.RetryContext.func1(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/home/tato/go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/resource/wait.go:27 +0x7b
github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource.(*StateChangeConf).WaitForStateContext.func1(0xc0016ac840, 0xc00032e690, 0xc000fdef00, 0xc0006d70c0, 0xc0006d8bc0, 0xc0006d8bb8)
/home/tato/go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/resource/state.go:110 +0x2f6
created by github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource.(*StateChangeConf).WaitForStateContext
/home/tato/go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/resource/state.go:83 +0x2f6

Debugger finished with the exit code 0

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-55
┆priority: Major

Hi there,

Please provide the following details with your issue report.

Terraform Version

1.2.3

Affected Resource(s)

• astra_token

Expected Behavior

token, secret to be marked as sensitive by Terraform and not be exposed with terraform show astra_token.name

Actual Behavior

token, secret are displayed:

terraform state show module.ds-astra-cluster.astra_token.org_admin
# module.ds-astra-cluster.astra_token.org_admin:
resource "astra_token" "org_admin" {
    client_id = "IDIDIDIDIDIDIDIDIDIDIDIDID"
    id        = "IDIDIDIDIDIDIDIDIDIDIDIDID"
    roles     = [
        "732758d5-898f-403c-803e-80b07a7059ee",
    ]
    secret    = "ig9R.......................................................gvZz"
    token     = "AstraCS:IDIDIDIDIDIDIDIDIDIDIDIDID:d7.......................................................0e"
}

Steps to Reproduce

1. create astra_token resource
2. terraform show

Possible fix:

Add Sensitive: true attributes to the token, secret fields:

			"secret": {
				Description:  "Secret, use as password in cql to connect",
				Type:         schema.TypeString,
			        Sensitive:   true,
				Computed: true,
			},
			"token": {
				Description:  "Token, use as auth bearer for API calls or as password in combination with the word `token` in cql",
				Type:         schema.TypeString,
			        Sensitive:   true,
				Computed: true,
			},

### References

• https://github.com/datastax/terraform-provider-astra/blob/main/internal/provider/resource_token.go#L41
• https://github.com/datastax/terraform-provider-astra/blob/main/internal/provider/resource_token.go#L46

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-65
┆priority: Major

Error: Error: cloud provider and region combination not available: GCP/us-east1

If I manually curl https://api.astra.datastax.com/v2/availableRegions with my token, I don't see any serverless tiers listed. But, if I go to the web console, I can create databases in GCP/us-east1.

Terraform Version

Run terraform -v to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.

Affected Resource(s)

astra_database

Terraform Configuration Files

provider "astra" {}

terraform {
    required_providers {
        astra = {
            source = "datastax/astra"
            version = "0.0.3-pre"
        }
    }
}

resource "astra_database" "temporal_db" {
    name           = var.name
    keyspace       = "temporal"
    cloud_provider = "GCP"
    region         = "us-east1"
}

data "astra_secure_connect_bundle_url" "temporal_db" {
    database_id = astra_database.temporal_db.id
}

Debug Output

NA

Panic Output

NA

Expected Behavior

Database created in us-east1

Actual Behavior

Error: cloud provider and region combination not available: GCP/us-east1

Steps to Reproduce

1. Create Database Admin token
2. Set that token to ASTRA_API_TOKEN
3. terraform apply

┆Issue is synchronized with this Jira Task by Unito
┆Resolution: Done

Hi there,

I'm running Terraform 1.1.18 with the 2.1.0-beta version of the Astra plugin. When I create my database (using scripts that are largely the same as they were when using the non-beta version of the plugin) I get a crash error.

You can find all of my scripts on GitHub here: https://github.com/jdavies/cdc_demo

Interestingly, when I check the Astra dashboard, the DB is created and becomes Active as usual. Possibly this crash bug in the clean-up phase of the provider?

Terraform Version

1.1.8

Affected Resource(s)

Please list the resources as a list, for example:

• astra_database

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.

provider "registry.terraform.io/datastax/astra" {
  version     = "2.1.0-beta"
  constraints = "2.1.0-beta"
  hashes = [
    "h1:GaxkLkZmOjnst3BbS6J8xx9R1CwxXjYtSPeLy3yWrPg=",
    "zh:03c407ae9b3d871d0414dd778ff08f2b52224b3d91af058edb651dc9d59f1eae",
    "zh:2f208fa81a4b88600a8c31a6bf0d5efcddacd8dc8756bb65fe00538412b18918",
    "zh:38ea692bd08c7379de15003bc22ebb1f09564d1941cd40972540f7c08f86c890",
    "zh:454350e7cef1cdf3cc1e1092fc56056ac60d9a4b2b227edf99f1be5144cd426c",
    "zh:59848306fcd5cb6b4c1d62303be12f273e93eab88b906bc81e990dbaf7cba808",
    "zh:9b5fec85343bd62fb8c46c02e81d2750a568791a9aef277e061fc62c76d3e78a",
    "zh:9df50eb4649b0f289a67c0721a43e94e7e556e25b01892b022118fe6f25018f9",
    "zh:cd343264e0e90199934e2394ed9082fff4296649cf900f4e28f4d6cd46367376",
    "zh:cea98b96bbc60d65091a44d40250c8a643879a91d779742d030c55441b9cafe6",
    "zh:cfabacd27d7f0e0748d5fe6d5087ff9f26a567a43cf1614c1030233d84faf7c0",
    "zh:e46442dd8c9f979ccabfe391daa230fdec6c974fa673d384c6f27b74e70e7df4",
    "zh:ec0014860a601e7bf87a9a0c1921ef71bb0a3be0e017bf5ab8faa20f5fcedbfb",
    "zh:f5a67368b32555af8bad2433d9e3119c6b41ac2221eddc21aa4af23b9c953d31",
  ]

Debug Output

goroutine 84 [running]:
reflect.Value.IsNil(...)
	reflect/value.go:1086
github.com/mitchellh/mapstructure.(*Decoder).decodeSlice(0xc000630110, 0x0, 0x0, 0x18b3ea0, 0xc00058e2b0, 0x18a08c0, 0xc0007c2168, 0x197, 0x8, 0x8)
	github.com/mitchellh/[email protected]/mapstructure.go:1091 +0x10ad
github.com/mitchellh/mapstructure.(*Decoder).decode(0xc000630110, 0x0, 0x0, 0x18b3ea0, 0xc00058e2b0, 0x18a08c0, 0xc0007c2168, 0x197, 0xc0007c2168, 0x197)
	github.com/mitchellh/[email protected]/mapstructure.go:469 +0x836
github.com/mitchellh/mapstructure.(*Decoder).Decode(0xc000630110, 0x18b3ea0, 0xc00058e2b0, 0x0, 0xc0007c2168)
	github.com/mitchellh/[email protected]/mapstructure.go:398 +0xf0
github.com/mitchellh/mapstructure.Decode(0x18b3ea0, 0xc00058e2b0, 0x1881940, 0xc0007c2168, 0x1, 0x19f3284)
	github.com/mitchellh/[email protected]/mapstructure.go:302 +0xa5
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*MapFieldWriter).setList(0xc0007c26d8, 0xc00058e3c0, 0x1, 0x1, 0x18b3ea0, 0xc00058e2b0, 0x1, 0x19f3284)
	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/field_writer_map.go:126 +0xd2
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*MapFieldWriter).set(0xc0007c26d8, 0xc00058e3c0, 0x1, 0x1, 0x18b3ea0, 0xc00058e2b0, 0x1, 0x1)
	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/field_writer_map.go:103 +0xd9
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*MapFieldWriter).WriteField(0xc0007c26d8, 0xc00058e3c0, 0x1, 0x1, 0x18b3ea0, 0xc00058e2b0, 0x0, 0x0)
	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/field_writer_map.go:89 +0x3f9
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*ResourceData).Set(0xc0006e6e00, 0x19f3284, 0x7, 0x18b3ea0, 0xc00058e2b0, 0x0, 0x0)
	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource_data.go:227 +0x1df
github.com/datastax/terraform-provider-astra/v2/internal/provider.setDatabaseResourceData(0xc0006e6e00, 0xc0002c00e0, 0xc0007c4c00, 0xc00035c0c0)
	github.com/datastax/terraform-provider-astra/v2/internal/provider/resource_database.go:489 +0x114
github.com/datastax/terraform-provider-astra/v2/internal/provider.waitForDatabaseAndUpdateResource.func1(0x2)
	github.com/datastax/terraform-provider-astra/v2/internal/provider/resource_database.go:469 +0x62a
github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource.RetryContext.func1(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/resource/wait.go:27 +0x5b
github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource.(*StateChangeConf).WaitForStateContext.func1(0xc00061e060, 0xc0000dc1c0, 0xc000044240, 0xc0000e60c0, 0xc000432040, 0xc000432038)
	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/resource/state.go:110 +0x2e9
created by github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource.(*StateChangeConf).WaitForStateContext
	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/resource/state.go:83 +0x1c6

Error: The terraform-provider-astra_v2.1.0-beta plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Expected Behavior

Should not report a crash

Actual Behavior

It created the DB successfully, but then the plugin crashes

Steps to Reproduce

See the readme.md on my GitHub project. The crash occurs when you apply the plan

1. terraform apply

Important Factoids

No

References

I'm not aware of any.

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-56
┆priority: Major

Hi there,

Please provide the following details with your issue report.

Terraform Version

latest

Affected Resource(s)

Please list the resources as a list, for example:

• astra_database
• astra_keyspace

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

First I applied this config:

resource "astra_database" "example" {
  name           = "puppies"
  keyspace       = "puppies"
  cloud_provider = "gcp"
  region         = "us-east1"
}

data "astra_secure_connect_bundle_url" "example" {
  database_id = astra_database.example.id
}

resource "astra_keyspace" "keyspace-1" {
  name        = "1"
  database_id = astra_database.example.id

}

resource "astra_keyspace" "keyspace-2" {
  name        = "2"
  database_id = astra_database.example.id

}

Then I added more keyspaces and applied again

resource "astra_database" "example" {
  name           = "puppies"
  keyspace       = "puppies"
  cloud_provider = "gcp"
  region         = "us-east1"
}

data "astra_secure_connect_bundle_url" "example" {
  database_id = astra_database.example.id
}

resource "astra_keyspace" "keyspace-1" {
  name        = "1"
  database_id = astra_database.example.id

}

resource "astra_keyspace" "keyspace-2" {
  name        = "2"
  database_id = astra_database.example.id

}

resource "astra_keyspace" "keyspace-3" {
  name        = "3"
  database_id = astra_database.example.id

}

resource "astra_keyspace" "keyspace-4" {
  name        = "4"
  database_id = astra_database.example.id

}

Expected vs. Actual Behavior

Expected all 4 keyspaces to show up in additional_keyspaces but only 1 and 2 are there.

All 4 keyspaces show as their own resources and I see all 4 in the astra UI:

# astra_database.example:
resource "astra_database" "example" {
    additional_keyspaces = [
        "1",
        "2",
    ]
    cloud_provider       = "GCP"
    cqlsh_url            = "https://c9d76fff-3794-4639-8469-8dc1c36403cd-us-east1.apps.astra.datastax.com/cqlsh"
    data_endpoint_url    = "https://c9d76fff-3794-4639-8469-8dc1c36403cd-us-east1.apps.astra.datastax.com/api/rest"
    grafana_url          = "https://c9d76fff-3794-4639-8469-8dc1c36403cd-us-east1.dashboard.astra.datastax.com/d/cloud/dse-cluster-condensed?refresh=30s&orgId=1&kiosk=tv"
    graphql_url          = "https://c9d76fff-3794-4639-8469-8dc1c36403cd-us-east1.apps.astra.datastax.com/api/graphql"
    id                   = "c9d76fff-3794-4639-8469-8dc1c36403cd"
    keyspace             = "puppies"
    name                 = "puppies"
    node_count           = 3
    organization_id      = "f9f4b1e0-4c05-451e-9bba-d631295a7f73"
    owner_id             = "rnmbrhOFOmZyHPayKPPMSGKj"
    region               = "us-east1"
    replication_factor   = 1
    status               = "ACTIVE"
    total_storage        = 5
}

# astra_keyspace.keyspace-1:
resource "astra_keyspace" "keyspace-1" {
    database_id = "c9d76fff-3794-4639-8469-8dc1c36403cd"
    id          = "c9d76fff-3794-4639-8469-8dc1c36403cd/keyspace/1"
    name        = "1"
}

# astra_keyspace.keyspace-2:
resource "astra_keyspace" "keyspace-2" {
    database_id = "c9d76fff-3794-4639-8469-8dc1c36403cd"
    id          = "c9d76fff-3794-4639-8469-8dc1c36403cd/keyspace/2"
    name        = "2"
}

# astra_keyspace.keyspace-3:
resource "astra_keyspace" "keyspace-3" {
    database_id = "c9d76fff-3794-4639-8469-8dc1c36403cd"
    id          = "c9d76fff-3794-4639-8469-8dc1c36403cd/keyspace/3"
    name        = "3"
}

# astra_keyspace.keyspace-4:
resource "astra_keyspace" "keyspace-4" {
    database_id = "c9d76fff-3794-4639-8469-8dc1c36403cd"
    id          = "c9d76fff-3794-4639-8469-8dc1c36403cd/keyspace/4"
    name        = "4"
}

# data.astra_secure_connect_bundle_url.example:
data "astra_secure_connect_bundle_url" "example" {
    database_id = "c9d76fff-3794-4639-8469-8dc1c36403cd"
    id          = "c9d76fff-3794-4639-8469-8dc1c36403cd/secure-connect-bundle/..."
    url         = "..."
}

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply with only 2 keyspace resources
2. terraform apply with all 4 keyspace resources
3. terraform show

Additionally, it seems like we support destroying keyspaces but that's not really working yet? It does seem to have picked up my other two keyspaces though:

$ ./terraform apply
var.token
  Enter a value: AstraCS:rnmbrhOFOmZyHPayKPPMSGKj:07da62fe57a3c8d27a27ec8d9a18d097e529895c12586120a7158e524acfb338

astra_keyspace.keyspace-1: Refreshing state... [id=c9d76fff-3794-4639-8469-8dc1c36403cd/keyspace/1]
astra_database.example: Refreshing state... [id=c9d76fff-3794-4639-8469-8dc1c36403cd]
astra_keyspace.keyspace-4: Refreshing state... [id=c9d76fff-3794-4639-8469-8dc1c36403cd/keyspace/4]
astra_keyspace.keyspace-2: Refreshing state... [id=c9d76fff-3794-4639-8469-8dc1c36403cd/keyspace/2]
astra_keyspace.keyspace-3: Refreshing state... [id=c9d76fff-3794-4639-8469-8dc1c36403cd/keyspace/3]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # astra_keyspace.keyspace-1 will be destroyed
  - resource "astra_keyspace" "keyspace-1" {
      - database_id = "c9d76fff-3794-4639-8469-8dc1c36403cd" -> null
      - id          = "c9d76fff-3794-4639-8469-8dc1c36403cd/keyspace/1" -> null
      - name        = "1" -> null
    }

Plan: 0 to add, 0 to change, 1 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

astra_keyspace.keyspace-1: Destroying... [id=c9d76fff-3794-4639-8469-8dc1c36403cd/keyspace/1]
astra_keyspace.keyspace-1: Destruction complete after 0s

Apply complete! Resources: 0 added, 0 changed, 1 destroyed.
tato@wezn:~/Desktop/terraform-astra-test$ ./terraform show
# astra_database.example:
resource "astra_database" "example" {
    additional_keyspaces = [
        "1",
        "2",
        "4",
        "3",
    ]
    cloud_provider       = "GCP"
    cqlsh_url            = "https://c9d76fff-3794-4639-8469-8dc1c36403cd-us-east1.apps.astra.datastax.com/cqlsh"
    data_endpoint_url    = "https://c9d76fff-3794-4639-8469-8dc1c36403cd-us-east1.apps.astra.datastax.com/api/rest"
    grafana_url          = "https://c9d76fff-3794-4639-8469-8dc1c36403cd-us-east1.dashboard.astra.datastax.com/d/cloud/dse-cluster-condensed?refresh=30s&orgId=1&kiosk=tv"
    graphql_url          = "https://c9d76fff-3794-4639-8469-8dc1c36403cd-us-east1.apps.astra.datastax.com/api/graphql"
    id                   = "c9d76fff-3794-4639-8469-8dc1c36403cd"
    keyspace             = "puppies"
    name                 = "puppies"
    node_count           = 3
    organization_id      = "f9f4b1e0-4c05-451e-9bba-d631295a7f73"
    owner_id             = "rnmbrhOFOmZyHPayKPPMSGKj"
    region               = "us-east1"
    replication_factor   = 1
    status               = "ACTIVE"
    total_storage        = 5
}

# astra_keyspace.keyspace-2:
resource "astra_keyspace" "keyspace-2" {
    database_id = "c9d76fff-3794-4639-8469-8dc1c36403cd"
    id          = "c9d76fff-3794-4639-8469-8dc1c36403cd/keyspace/2"
    name        = "2"
}

# astra_keyspace.keyspace-3:
resource "astra_keyspace" "keyspace-3" {
    database_id = "c9d76fff-3794-4639-8469-8dc1c36403cd"
    id          = "c9d76fff-3794-4639-8469-8dc1c36403cd/keyspace/3"
    name        = "3"
}

# astra_keyspace.keyspace-4:
resource "astra_keyspace" "keyspace-4" {
    database_id = "c9d76fff-3794-4639-8469-8dc1c36403cd"
    id          = "c9d76fff-3794-4639-8469-8dc1c36403cd/keyspace/4"
    name        = "4"
}

# data.astra_secure_connect_bundle_url.example:
data "astra_secure_connect_bundle_url" "example" {
    database_id = "c9d76fff-3794-4639-8469-8dc1c36403cd"
    id          = "c9d76fff-3794-4639-8469-8dc1c36403cd/secure-connect-bundle/c14b7da05797568f41680d2dcc28bec36575edb2acab2a54c6bd734da8f5c5e7"
    url         = "https://datastax-cluster-config-prod.s3.us-east-2.amazonaws.com/c9d76fff-3794-4639-8469-8dc1c36403cd/secure-connect-puppies.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA2AIQRQ76TUCOHUQ4%2F20210412%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20210412T184456Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=7ed81167107caf7bcdaa9104d1444687a71071ccd517b392a32aaa27ba8ab694"
}

┆Issue is synchronized with this Jira Task by Unito
┆Resolution: Done

Hi,

I've added an azure private link to an Astra DB instance.
While this works in the first run the module will run into an error with every further plan or apply when loading the terraform state:

Terraform Version

Terraform v1.1.8
on linux_amd64
+ provider registry.terraform.io/datastax/astra v2.0.4
+ provider registry.terraform.io/hashicorp/azurerm v3.4.0

Affected Resource(s)

• astra_private_link_endpoint

Terraform Configuration Files

## main.tf

terraform {
  required_providers {
    astra = {
      source = "datastax/astra"
    }
    azurerm = {
      source = "hashicorp/azurerm"
    }
  }
}

locals {
  astra_db_dc = "${astra_database.db_instance.id}-1"
}

data "azurerm_subscription" "current" {
}

data "azurerm_resource_group" "private_endpoint" {
  count = var.az_private_endpoint != null ? 1 : 0
  name  = var.az_private_endpoint.rg_name
}

data "azurerm_subnet" "aks_subnet" {
  count                = var.az_private_endpoint != null ? 1 : 0
  name                 = var.az_private_endpoint.subnet_name
  virtual_network_name = var.az_private_endpoint.vnet_name
  resource_group_name  = var.az_private_endpoint.vnet_rg_name
}

resource "astra_database" "db_instance" {
  name           = var.db_name
  cloud_provider = "azure"
  regions        = ["westeurope"]
  keyspace       = "somekeyspace"
}

resource "astra_private_link" "az_private_link" {
  count              = var.az_private_endpoint != null ? 1 : 0
  allowed_principals = [data.azurerm_subscription.current.subscription_id]
  database_id        = astra_database.db_instance.id
  datacenter_id      = local.astra_db_dc
}

resource "azurerm_private_endpoint" "aks_to_astra_connection" {
  count               = var.az_private_endpoint != null ? 1 : 0
  name                = "${var.az_private_endpoint.name_prefix}-astra-db"
  location            = data.azurerm_resource_group.private_endpoint[0].location
  resource_group_name = data.azurerm_resource_group.private_endpoint[0].name
  subnet_id           = data.azurerm_subnet.aks_subnet[0].id

  private_service_connection {
    name                              = "aks-to-astra-db-${astra_database.db_instance.name}"
    private_connection_resource_alias = astra_private_link.az_private_link[0].service_name
    is_manual_connection              = true
    request_message                   = "Private connection from AKS subnet to Astra DB"
  }

  tags = var.tags
}

resource "astra_private_link_endpoint" "az_private_link_endpoint" {
  count         = var.az_private_endpoint != null ? 1 : 0
  database_id   = astra_database.db_instance.id
  datacenter_id = local.astra_db_dc
  endpoint_id   = azurerm_private_endpoint.aks_to_astra_connection[0].id
}

## variables.tf
variable "db_name" {
  type        = string
  description = "Name of the database instance"
}

variable "az_private_endpoint" {
  type = object({
    name_prefix  = string
    rg_name      = string
    vnet_rg_name = string
    vnet_name    = string
    subnet_name  = string
  })
  description = "Azure resource information about private endpoint setup to AstraDB. If null access to AstraDB will stay public!"
  default     = null
}

variable "tags" {
  type        = map(string)
  description = "Tags to add to azure resources"
}

Expected Behavior

The module should properly load the terraform state it wrote before

Actual Behavior

The module fails to load the state:

╷
│ Error: invalid private link id format: expected datacenter/servicenames
│ 
│   with module.astra-db-instance.astra_private_link_endpoint.az_private_link_endpoint[0],
│   on modules/astra-db-instance/main.tf line 63, in resource "astra_private_link_endpoint" "az_private_link_endpoint":
│   63: resource "astra_private_link_endpoint" "az_private_link_endpoint" {
│ 
╵

The state looks okay:

$> terraform state show  "module.astra-db-instance.astra_private_link_endpoint.az_private_link_endpoint[0]"
# module.astra-db-instance.astra_private_link_endpoint.az_private_link_endpoint[0]:
resource "astra_private_link_endpoint" "az_private_link_endpoint" {
    database_id   = "<hidden>"
    datacenter_id = "<hidden>-1"
    endpoint_id   = "/subscriptions/<hidden>/resourceGroups/<hidden>/providers/Microsoft.Network/privateEndpoints/<hidden>"
    id            = "<hidden>/endpoint//subscriptions/<hidden>/resourceGroups/<hidden>/providers/Microsoft.Network/privateEndpoints/<hidden>"
}

Steps to Reproduce

1. terraform apply -auto-approve
2. terraform plan

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: TERRA-58
┆priority: Major