terraform-provider-pagerduty
terraform-provider-pagerduty copied to clipboard
PagerDuty
pagerduty_escalation_policy should fail on plan if anyone on the policy is not a team member
It would be great to add some validation to the escalation policy resource. Currently the team members are not checked agains the target members and when these do not overlap, the escalation policy is invalid, yet the plan succeeds.
Terraform Version
2.1.1
Affected Resource(s)
pagerduty_schedule
Terraform Configuration Files
This already fails on the example form the official documentation if we remove the deprecated teams field. Side node, the doc
resource "pagerduty_team" "example" {
name = "Engineering"
description = "All engineering"
}
resource "pagerduty_user" "example" {
name = "Earline Greenholt"
email = "[email protected]"
}
resource "pagerduty_escalation_policy" "example" {
name = "Engineering Escalation Policy"
num_loops = 2
teams = [pagerduty_team.example.id]
rule {
escalation_delay_in_minutes = 10
target {
type = "user"
id = pagerduty_user.example.id
}
}
}
Expected Behavior
The plan should fail early as the team membership is already known.
Actual Behavior
The plan succeeds. Then fails on the apply as the user is not a team member.
Steps to Reproduce
-
terraform plan
@stmcallister I did not clarify an important point which I did not realize was a prerequisite. The user had to have been a team member before to make this reproduce. So you should add the team membership code below:
resource "pagerduty_team_membership" "example" {
team_id = pagerduty_team.example.id
user_id = pagerduty_user.example.id
}
and then delete it again.
So apply this first:
resource "pagerduty_team" "example" {
name = "Engineering"
description = "All engineering"
}
resource "pagerduty_user" "example" {
name = "Earline Greenholt"
email = "[email protected]"
}
resource "pagerduty_team_membership" "example" {
team_id = pagerduty_team.example.id
user_id = pagerduty_user.example.id
}
resource "pagerduty_escalation_policy" "example" {
name = "Engineering Escalation Policy"
num_loops = 2
teams = [pagerduty_team.example.id]
rule {
escalation_delay_in_minutes = 10
target {
type = "user_reference"
id = pagerduty_user.example.id
}
}
}
and then this:
resource "pagerduty_team" "example" {
name = "Engineering"
description = "All engineering"
}
resource "pagerduty_user" "example" {
name = "Earline Greenholt"
email = "[email protected]"
}
resource "pagerduty_escalation_policy" "example" {
name = "Engineering Escalation Policy"
num_loops = 2
teams = [pagerduty_team.example.id]
rule {
escalation_delay_in_minutes = 10
target {
type = "user"
id = pagerduty_user.example.id
}
}
}
You should see:
╷
│ Error: DELETE API call to https://api.pagerduty.com/teams/PEYO30I/users/PH5F8MH failed 400 Bad Request. Code: 2001, Errors: [User cannot be removed as they belong to an escalation policy on this team], Message: Invalid Input Provided
After you pointed it out I realized this might be a problematic inconsistent behavior API from info as code perspective because some users are allowed to not be on an escalation path while not being team members and some are not depending on their history.
Hi @drastawi the change aiming to solve this issue was merged in #558 and is available from the version v2.6.0 of the Terraform Provider. Please if you find any further issues related reopen this Issue. Thank you so much for your detailed explanation of the issue and how to replicate it, honestly it was very helpful. 💪🏽
