elastic
[Bug] elasticstack_elasticsearch_security_role_mapping: jsonencode convert list to string if only one item will be passed in the list
Describe the bug When I create a elasticstack_elasticsearch_security_role_mapping resource and pass the field "groups" as a list, the terraform plan and apply will be executed correctly, but it will be stored as string in the .tfstate file instead of a list. The Terraform tries to change this again with every new Plan/Apply
To Reproduce Steps to reproduce the behavior:
resource "elasticstack_elasticsearch_security_role_mapping" "role_mapping" {
enabled = true
name = each.value.project_name
roles = ["kibana_admin"]
rules = jsonencode({
all: [
{
field: {
"realm.name": "abc"
}
},
{
field: {
groups : ["project1"]
}
}
]
})
}
Expected behavior The group "project1" will be saved as list in the .tfstate file
Versions (please complete the following information):
- Terraform Version: v1.5.7
- Provider version: 0.9.0
- Elasticsearch Version: 8.10.4
Additional context I thought first that this a global terraform problem, but they directed me back to you (https://github.com/hashicorp/terraform/issues/34107)
Correct, this is not expected. We have several role mappings (around 36) and each time we want to make a small update (to any other terraform resource), terraform shows there are 36 "changes" to make to the role mappings. Some of our role mappings are linked to 1 group only, and some others to 2+ groups. Running "terraform apply" shows "changes" only for the role mappings with 1 group linked, not the others.
Looks like terraform takes the role mappings that only have 1 group as strings. so whenever we apply a different change, it detects we're trying to change that string to a list, which is not correct, because during the first run, we applied a list, but for some reason in terraform it is saved as a string.
Attaching some screenshots
