terraform-provider-okta icon indicating copy to clipboard operation
terraform-provider-okta copied to clipboard

Published 20 hours ago verified publisher icon okta

Changing auth_server_id on okta_auth_server_policy throws 400 bad request

Open kensykora opened this issue 2 years ago • 7 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v1.1.7
on linux_amd64
+ provider registry.terraform.io/okta/okta v3.21.0

Affected Resource(s)

  • okta_auth_server_policy
  • okta_auth_server_policy_rule

Terraform Configuration Files

resource "okta_auth_server_policy" "customer" {
  name             = "customer"
  auth_server_id   = okta_auth_server.customer.id
  description      = "Customer"
  client_whitelist = [okta_app_oauth.customer.id]
}

Debug Output

Panic Output

Expected Behavior

Because the API doesn't support changing the auth server attribute for auth server policies, the resource should instead be marked for replacement (Delete then Recreate)

Actual Behavior

Resource tries to update the auth server ID and throws a 400 error:

Error: failed to update auth server policy: the API returned an error: Bad request.

Similar errors also occur for policy rules when their parent policy IDs change

Steps to Reproduce

  1. terraform apply
  2. Refactor your terraform such that the auth_server_id for the policy changes (or the policy_id for a okta_auth_server_policy_rule changes)

Workaround

Rename the resource or terraform taint to force delete/recreate. In one case I had to actually purge the resource from the state file completely because the resource was no longer valid for querying against okta API, and terraform plan failed

Error: failed to get auth server policy rule: the API returned an error: The request was not valid: Rule does not belong to specified policy., Status: 400 Bad Request

kensykora avatar Mar 07 '22 16:03 kensykora

hi @kensykora , I'll look into this for you, thanks for the suggested correction

monde avatar Mar 07 '22 17:03 monde

@kensykora would you be interested in submitting a PR, re: "resource should instead be marked for replacement"?

monde avatar Mar 07 '22 17:03 monde

I'll try to take a look at some point -- I still haven't learned go yet. This might be a good place to start.

kensykora avatar Mar 07 '22 17:03 kensykora

@kensykora I'll mark it as a bug now. Thanks

monde avatar Mar 07 '22 18:03 monde

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

github-actions[bot] avatar May 07 '22 00:05 github-actions[bot]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

github-actions[bot] avatar Jul 09 '22 00:07 github-actions[bot]

"bug(s) with resources having a priority setting" #1198

monde avatar Jul 09 '22 17:07 monde

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

github-actions[bot] avatar Jan 22 '23 00:01 github-actions[bot]