terraform-provider-grafana
terraform-provider-grafana copied to clipboard
grafana
[Bug]: grafana_organization requires two applies when only 1 organization exist in Grafana
Terraform Version
v1.9.3
Terraform Grafana Provider Version
3.7.0
Grafana Version
11.1.3
Affected Resource(s)
grafana_organization, grafana_user
Terraform Configuration Files
resource "grafana_user" "staff" {
email = "[email protected]"
name = "Staff Name"
login = "staff"
password = "my-password"
is_admin = false
}
resource "grafana_user" "staff1" {
email = "[email protected]"
name = "Staff1 Name"
login = "staff1"
password = "my-password"
is_admin = false
}
resource "grafana_user" "admin" {
email = "[email protected]"
name = "[email protected]"
login = "[email protected]"
password = "my-password"
is_admin = true
}
resource "grafana_organization" "org" {
name = "Hostinger"
create_users = false
admin_user = "admin"
admins = [
"[email protected]"
]
editors = [
"[email protected]",
"[email protected]",
]
viewers = [
]
depends_on = [grafana_user.staff,
grafana_user.staff1
]
}
resource "grafana_organization" "org1" {
name = "Hostinger1"
create_users = false
admin_user = "admin"
admins = [
"[email protected]"
]
editors = [
"[email protected]",
"[email protected]",
]
viewers = [
]
depends_on = [grafana_user.staff,
grafana_user.staff1
]
}
Expected Behavior
When creating a new user in Grafana using the terraform grafana_user resource, and then editing their role in the organization using the grafana_organization resource, the changes should be applied successfully in a single terraform apply command.
Actual Behavior
If you have only 1 organization and would like to manage users within that organization using Terraform, you need to run Terraform apply twice for each user to get the desired role. The user created with the grafana_user resource gets the role that is set in auto_assign_org_id and terraform does not update it in the first apply.
Steps to Reproduce
Trying to add a user to Grafana and then adding it to an organization:
Terraform will perform the following actions:
# grafana_organization.org will be updated in-place
~ resource "grafana_organization" "org" {
~ editors = [
+ "[email protected]",
# (1 unchanged element hidden)
]
id = "1"
name = "Hostinger"
# (6 unchanged attributes hidden)
}
# grafana_organization.org1 will be updated in-place
~ resource "grafana_organization" "org1" {
~ editors = [
+ "[email protected]",
# (1 unchanged element hidden)
]
id = "2"
name = "Hostinger1"
# (6 unchanged attributes hidden)
}
# grafana_user.staff1 will be created
+ resource "grafana_user" "staff1" {
+ email = "[email protected]"
+ id = (known after apply)
+ is_admin = false
+ login = "staff1"
+ name = "Staff1 Name"
+ password = (sensitive value)
+ user_id = (known after apply)
}
Plan: 1 to add, 2 to change, 0 to destroy.
But the user is only added to the org with the ID 2 as an editor:
Terraform will perform the following actions:
# grafana_organization.org will be updated in-place
~ resource "grafana_organization" "org" {
~ editors = [
+ "[email protected]",
# (1 unchanged element hidden)
]
id = "1"
name = "Hostinger"
~ viewers = [
- "[email protected]",
]
# (5 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Important Factoids
There is only one organization in Grafana with the ID 1. The default value for auto_assign_org_id in Grafana is also set to 1. When creating a user with the grafana_user resource, the user is automatically assigned to the organization with ID 1. To edit the user's role in this organization using the grafana_organization resource, a second terraform apply is required because the initial assignment does not reflect the desired changes immediately.
References
No response
