Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ibm_iam_access_group_members incorrect state when members list >50 users #3189

Closed
bhepburn opened this issue Oct 8, 2021 · 0 comments · Fixed by #3234
Closed

ibm_iam_access_group_members incorrect state when members list >50 users #3189

bhepburn opened this issue Oct 8, 2021 · 0 comments · Fixed by #3234
Labels
service/IAM Issues related to IAM

Comments

@bhepburn
Copy link

bhepburn commented Oct 8, 2021

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform IBM Provider Version

Terraform required version is : 0.13.7
provider.ibm version = 1.33.1

Affected Resource(s)

  • ibm_iam_access_group_members

Terraform Configuration Files

locals {
  users = distinct(concat(
    var.account_team,
    var.commerce_team,
    var.consumption_management_team,
    var.disc_console_team,
    var.documentation_team,
    var.it_dashbboard_team,
    var.multicloud_provisioning_team,
    var.onboarding_provisioning_team,
    var.platform_operations_team,
    var.support_team,
    var.management_dashboard_team
  ))
}

#----------------------------------------------------
# Access groups
#----------------------------------------------------

# All users

resource "ibm_iam_access_group" "full_team" {
  name        = "All ${var.base_name} team members"
  description = "Entire team"
}

resource "ibm_iam_access_group_members" "full_team_members" {
  access_group_id = ibm_iam_access_group.full_team.id
  ibm_ids         = local.users
}

Expected Behavior

Terraform plan should not show planned changes for members list >50 users if there are no changes changes required.

Actual Behavior

When a member list is >50 users, the TF plan shows pending changes to add more users even though the members list in IBM Cloud is already in sync with the terraform file. It appears the members list download to the state file is truncated to the first 50 users, so when the ibm_ids list goes beyond 50 members it thinks it needs to add those users again.

Steps to Reproduce

  1. User IBM Provider to create an ibm_iam_access_group with a ibm_iam_access_group_members resource with more than 50 users.
  2. Run the terraform apply to create the resource
  3. Run another tf plan, it shows X number of users still need to be added even though they are already created in IBM Cloud.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
service/IAM Issues related to IAM
Projects
None yet
Milestone
No milestone
2 participants
@bhepburn @kavya498