Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Imported datadog_service_account resources are missing their roles #2736

Open
lbassin opened this issue Dec 20, 2024 · 0 comments · May be fixed by #2761
Open

Imported datadog_service_account resources are missing their roles #2736

lbassin opened this issue Dec 20, 2024 · 0 comments · May be fixed by #2761
Labels
bug

Comments

@lbassin
Copy link

lbassin commented Dec 20, 2024

Datadog Terraform Provider Version

v3.5

Terraform Version

1.10.2

What resources or data sources are affected?

datadog_service_account

Terraform Configuration Files

resource "datadog_service_account" "foo" {
  email = "[email protected]"
  name  = "foo"

  roles = [
    "5e1c835b-f483-4af0-8b94-b38434898169"
  ]
}

import {
  id = "016083b9-bcab-4ceb-a936-d94e9b1b24fa"
  to = datadog_service_account.foo
}

Relevant debug or panic output

https://github.com/DataDog/terraform-provider-datadog/blob/master/datadog/fwprovider/resource_datadog_service_account.go#L268.
This function used to read a service account doesn't seem to take into account the roles provided in the api response if none were known in the state before

Expected Behavior

The generated plan should only contains 1 resource to import without any other changes as the service account being imported is already linked to the right role

Terraform will perform the following actions:

  # datadog_service_account.laurent_test_tf will be imported
    resource "datadog_service_account" "foo" {
        disabled = false
        email    = "[email protected]"
        id       = "016083b9-bcab-4ceb-a936-d94e9b1b24fa"
        name     = "foo"
        roles    = [
            "5e1c835b-f483-4af0-8b94-b38434898169",
        ]
    }

Plan: 1 to import, 0 to add, 0 to change, 0 to destroy.

Actual Behavior

The generated plan contains 1 import and 1 change as terraform is not aware of the roles for this imported service account.

Terraform will perform the following actions:

  # datadog_service_account.foo will be updated in-place
  # (imported from "016083b9-bcab-4ceb-a936-d94e9b1b24fa")
  ~ resource "datadog_service_account" "laurent_test_tf" {
        disabled = false
        email    = "[email protected]"
        id       = "016083b9-bcab-4ceb-a936-d94e9b1b24fa"
        name     = "TEST TF"
      + roles    = [
          + "5e1c835b-f483-4af0-8b94-b38434898169",
        ]
    }

Plan: 1 to import, 0 to add, 1 to change, 0 to destroy.

Steps to Reproduce

  1. Create a datadog_service_account resource with a role
  2. Remove this instance from the TF state (terraform state rm datadog_service_account.foo)
  3. Add the import block to import the resource created in the first step
  4. Run terraform plan

Important Factoids

No response

References

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
1 participant
@lbassin