terraform-provider-mongodbatlas
terraform-provider-mongodbatlas copied to clipboard
mongodb
401 Unauthorised when importing Organization, but other resources import successfully
Terraform CLI and Terraform MongoDB Atlas Provider Version
Terraform v1.6.2
on linux_amd64
+ provider registry.terraform.io/mongodb/mongodbatlas v1.12.3
Terraform Configuration File
# main.tf
terraform {
required_providers {
mongodbatlas = {
source = "mongodb/mongodbatlas"
}
}
}
provider "mongodbatlas" {
public_key = "<public-api-key>"
private_key = "<private-api-key>"
}
Steps to Reproduce
We're attempting to import an existing Organization into the state. This fails on a 401. However, other state imports (e.g. of projects) work fine. The API key being used has all permissions, we've tried with multiple different keys and it's the same behaviour each time.
For this example, we can just use following configuration:
resource "mongodbatlas_organization" "seddys_org" {
}
resource "mongodbatlas_project" "seddys_project" {
}
The API key we're using has all permissions at the Organization level and all permissions at the Project level. The behaviour is the same if it just has the Owner permission on both.
I've used the same API key to get the organization details using the API and it returns successfully, so I'm reasonably certain this is not a configuration issue with permissions on the API key.
Expected Behavior
Running both of these two commands should succeed:
terraform import mongodbatlas_organization.seddys_org <org-id>
terraform import mongodbatlas_project.seddys_project <project-id>
Both should succeed with:
Import successful!
The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.
Actual Behavior
The Project import works fine, the Organization import fails with:
│ Error: error reading organization information: GET https://cloud.mongodb.com/api/atlas/v1.0/orgs/<org-id>: 401 (request "") You are not authorized for this resource.
References
This is very similar to the issue outlined in #385, however that was two years ago and resolved outside of github. There were no potential fixes in there, so I'm re-raising it as a separate issue.
Thanks for opening this issue! Please make sure you've followed our guidelines when opening the issue. In short, to help us reproduce the issue we need:
- Terraform configuration file used to reproduce the issue
- Terraform log files from the run where the issue occurred
- Terraform Atlas provider version used to reproduce the issue
- Terraform version used to reproduce the issue
- Confirmation if Terraform OSS, Terraform Cloud, or Terraform Enterprise deployment
The ticket INTMDB-1288 was created for internal tracking.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hello @seddy, thank you for the details provided.
I was able to reproduce the error, and identified an issue with how we are handling the import logic in this resource. We will keep you updated with any progress made in INTMDB-1288.
Hello @seddy, I wanted to follow up on this issue to gain more understanding on your use case for importing this resource. I am asking this because there are existing terraform resources we might be able to leverage depending on the attributes you are looking to obtain or modify.
Nothing too crazy @AgustinBettati as there's not tons to manage on this resource. What I'm interested in is:
- I'd rather not use magic var strings for critical things like organisation ID. I'd rather have that maintained inside the terraform state if I can and refer to it with
mongodbatlas_organization.org.id - I may want to change things like the description, and more importantly the
ownerof the organization which is a critical change that I'd like to be able to track in terraform - The documentation says I should be able to do this, and importing terraform state is a fairly core to terraform, so if it's not possible for some reason that should be clearly explained in the docs.
With regards to being able to reference mongodbatlas_organization.org.id, I can suggest making use of the data source to have a single place were the id is defined while also ensuring the id is valid.
We have recently updated our documentation in https://github.com/mongodb/terraform-provider-mongodbatlas/pull/1806 to clarify the limitation, this will be present the coming release. Being able to support the import feature for organization resource will require a change from the API side which is currently planned in the long term. Will leave this github issue open in the interim, internal tracking ticket CLOUDP-215155.