Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

grafana_folder_permission do not respect state #142

Closed
freeseacher opened this issue Nov 14, 2020 · 2 comments · Fixed by #1179
Closed

grafana_folder_permission do not respect state #142

freeseacher opened this issue Nov 14, 2020 · 2 comments · Fixed by #1179
Labels
bug good-first-issue oss

Comments

@freeseacher
Copy link

freeseacher commented Nov 14, 2020
edited
Loading

Terraform Version

Terraform v0.13.5
+ provider registry.terraform.io/grafana/grafana v1.7.0

Affected Resource(s)

  • grafana_folder_permission

Terraform Configuration Files

variable "teams" {
  type = map(object({
    name : string
    email : string
    is_staff : bool
    members : list(string)
  }))
  default = {
    "sre" = {
      name : "sre",
      email : "sre-team@localhost"
      is_staff : true,
      members : [
        "admin@localhost",
      ]
    },
    "admin" = {
      name : "admin",
      email : "admins-team@localhost"
      is_staff : false,
      members : [
        "admin@localhost",
      ]
    }
    "green" = {
      name : "green",
      email : "green-team@localhost"
      is_staff : false,
      members : [
        "admin@localhost",
      ]
    }
    "white" = {
      name : "white",
      email : "white-team@localhost"
      is_staff : false,
      members : [
        "admin@localhost",
      ]
    }
  }
}

variable "products" {
  type = map(object({
    name : string
    owner_team : list(string)
  }))
  default = {
    "test" = {
      name: "test"
      owner_team: ["sre"]
    }
  }
}

resource "grafana_team" "team" {
  for_each = var.teams
  name     = each.value.name
  email    = each.value.email
  members  = each.value.members
}

resource "grafana_folder" "folders" {
  for_each = var.products
  title    = each.value.name
}

resource "grafana_folder_permission" "folder-permissions" {
  for_each = grafana_folder.folders
  folder_uid = each.value.uid

  dynamic "permissions" {
    for_each = { for team in var.teams : team.name => grafana_team.team[team.name] if team.is_staff==true }
    content {
      team_id    = permissions.value.id
      permission = "Admin"
    }
  }
}

Expected Behavior

  1. After apply remove one of two teams in web iface from folder test. rerun apply. terraform
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

But we have two teams in tf state and only one team in web iface.

  1. delete second permission and rerun apply
    terraform will fail with
    Error: insufficient items for attribute "permissions"; must have at least 1
@pascal-hofmann
Copy link
Contributor

  1. Error: insufficient items for attribute "permissions"; must have at least 1

Removing the folder_permission from terraform state fixes this error for me.

Of course this should be fixed in the provider instead.

@baoj-dfo
Copy link

baoj-dfo commented Sep 7, 2023

any update on missing terraform import on grafana_folder_permission ?

julienduchesne added a commit that referenced this issue Nov 22, 2023
@julienduchesne
Permission Resources: Allow empty permissions
998a6d5 
Closes #142

When programatically managing permissions, it can be useful to keep the permissions resource but remove all permissions
Also, without this change, resources with no permissions cannot be imported because the permissions resources are invalid with an empty set of permissions

Also updated the docs to make it clear that it manages the whole set of permissions.
@julienduchesne julienduchesne mentioned this issue Nov 22, 2023
Merged
julienduchesne added a commit that referenced this issue Nov 23, 2023
@julienduchesne
Permission Resources: Allow empty permissions (#1179)
cf6cde7 
Closes #142

When programatically managing permissions, it can be useful to keep the permissions resource but remove all permissions
Also, without this change, resources with no permissions cannot be imported because the permissions resources are invalid with an empty set of permissions

Also updated the docs to make it clear that it manages the whole set of permissions.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug good-first-issue oss
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Permission Resources: Allow empty permissions grafana/terraform-provider-grafana
4 participants
@freeseacher @pascal-hofmann @julienduchesne @baoj-dfo