Skip to content
This repository has been archived by the owner on Jun 27, 2021. It is now read-only.

gsuite_user_attributes always produces diff #181

Open
basilnsage opened this issue May 19, 2021 · 0 comments
Open

gsuite_user_attributes always produces diff #181

basilnsage opened this issue May 19, 2021 · 0 comments
Labels
bug Something isn't working

Comments

@basilnsage
Copy link

Hello,

I'm running into an issue where the gsuite_user_attribute resource will always produce a diff. Specifically, I create a user with the gsuite_user resource and then manage the user's attributes with a gsuite_user_attributes resource. With this configuration, terraform always produces a diff of the gsuite_user_attributes resource.

Example code

locals {
  aws_gsuite_saml_provider_arn_dummy = "saml:arn:goes:here"
  aws_developer_json_dummy = jsonencode({
    # SessionDuration = tostring(saml_max_duration)
    Role = [{
      type = "work"
      value = format("%s,%s", "role:arn:goes:here", local.aws_gsuite_saml_provider_arn_dummy)
    }]
  })
}

resource "gsuite_user" "test" {
  depends_on = [
    gsuite_user_schema.amazon,
  ]
  name = {
    family_name = "Test"
    given_name  = "Test"
  }
  primary_email = "[email protected]"
  # custom_schema {
    # name  = gsuite_user_schema.amazon.schema_name
    # value = local.aws_developer_json
  # }
}

resource "gsuite_user_attributes" "test" {
  primary_email = gsuite_user.test.primary_email
  custom_schema {
    name  = gsuite_user_schema.amazon.schema_name
    value = local.aws_developer_json_dummy
  }
}

The repeated diff is

Terraform will perform the following actions:

  # gsuite_user_attributes.test will be updated in-place
  ~ resource "gsuite_user_attributes" "test" {
        id            = "102705681870126421958"
        # (1 unchanged attribute hidden)

      + custom_schema {
          + name  = "Amazon"
          + value = jsonencode(
                {
                  + Role = [
                      + {
                          + type  = "work"
                          + value = "role:arn:goes:here,saml:arn:goes:here"
                        },
                    ]
                }
            )
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

The custom schema changes do show up in the Google Workspace UI, so the user attributes are ultimately applied (yay).

Regardless, this seems like unintended behavior. I would expect a gsuite_user_attribute to only produce a diff when it's new or an actual change has been made.

Please let me know if there are more details I can provide.

Thanks!
@DeviaVir DeviaVir added the bug Something isn't working label May 19, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DeviaVir @basilnsage