Skip to content
This repository was archived by the owner on Jun 27, 2021. It is now read-only.
This repository was archived by the owner on Jun 27, 2021. It is now read-only.

gsuite_user_attributes always produces diff #181

Open
Open
gsuite_user_attributes always produces diff#181
Labels
bugSomething isn't working
@basilnsage

Description

@basilnsage
basilnsage
opened on May 19, 2021

Hello,

I'm running into an issue where the gsuite_user_attribute resource will always produce a diff. Specifically, I create a user with the gsuite_user resource and then manage the user's attributes with a gsuite_user_attributes resource. With this configuration, terraform always produces a diff of the gsuite_user_attributes resource.

Example code

locals {
  aws_gsuite_saml_provider_arn_dummy = "saml:arn:goes:here"
  aws_developer_json_dummy = jsonencode({
    # SessionDuration = tostring(saml_max_duration)
    Role = [{
      type = "work"
      value = format("%s,%s", "role:arn:goes:here", local.aws_gsuite_saml_provider_arn_dummy)
    }]
  })
}

resource "gsuite_user" "test" {
  depends_on = [
    gsuite_user_schema.amazon,
  ]
  name = {
    family_name = "Test"
    given_name  = "Test"
  }
  primary_email = "test.test@qcware.com"
  # custom_schema {
    # name  = gsuite_user_schema.amazon.schema_name
    # value = local.aws_developer_json
  # }
}

resource "gsuite_user_attributes" "test" {
  primary_email = gsuite_user.test.primary_email
  custom_schema {
    name  = gsuite_user_schema.amazon.schema_name
    value = local.aws_developer_json_dummy
  }
}

The repeated diff is

Terraform will perform the following actions:

  # gsuite_user_attributes.test will be updated in-place
  ~ resource "gsuite_user_attributes" "test" {
        id            = "102705681870126421958"
        # (1 unchanged attribute hidden)

      + custom_schema {
          + name  = "Amazon"
          + value = jsonencode(
                {
                  + Role = [
                      + {
                          + type  = "work"
                          + value = "role:arn:goes:here,saml:arn:goes:here"
                        },
                    ]
                }
            )
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

The custom schema changes do show up in the Google Workspace UI, so the user attributes are ultimately applied (yay).

Regardless, this seems like unintended behavior. I would expect a gsuite_user_attribute to only produce a diff when it's new or an actual change has been made.

Please let me know if there are more details I can provide.

Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions