terraform-provider-okta icon indicating copy to clipboard operation
terraform-provider-okta copied to clipboard

Published 20 hours ago verified publisher icon okta

okta_app_group_assignment causes Internal Server Error due to incorrect input

Open fatbasstard opened this issue 1 year ago • 9 comments

Hi,

we've configuring multiple groups and apps using a terraform module (so identical code) and in 3 out of 40 workspaces a group assignment (consistently the same) keeps throwing an error:

Error: failed to create application group assignment: Put "https://xxx/api/v1/apps/XXX/groups/xxx": the API returned an error: Internal Server Error, x-okta-request-id=xxx, giving up after 6 attempt(s)

Created an Okta issue for that (since it's "internal server error" and it is not a structural error in all workspaces).

Support came with a finding that the resource is actually passing an incorrect amount of groups:

From our logs, I can tell that the error you are facing is due to the wrong number of groups passed in the call. 

This is the error which can be found in our logs "errorMessage=Incorrect result size: expected 1, actual 2" 

To get a better understanding on what's causing the issue, could you provide the code that you are using in terraform to perform this group push?

We need to check if terraform is processing the call the right way, as in our logs it looks like it is sending more than expected.

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform: 1.3.4 Okta provider: 3.38.0

Affected Resource(s)

  • okta_app_group_assignment

Terraform Configuration Files

locals {
  employee_site_rw_assignments = [
    data.okta_app.myapp.id,
  ]
}

resource "okta_group" "employee_site_usecase_rw" {
  name        = "employee-${var.opco}-${var.site_code}-usecase-rw"
  skip_users  = true
}

resource "okta_app_group_assignment" "employee_site_usecase_rw" {
  for_each = toset(local.employee_site_rw_assignments)

  app_id   = each.key
  group_id = okta_group.employee_site_usecase_rw.id
  priority = 1

  lifecycle {
    ignore_changes = [priority]
  }
}```

### Debug Output

<!---
Please provide a link to a GitHub Gist containing the complete debug output. Please do NOT paste the debug output in the issue; just paste a link to the Gist.

To obtain the debug output, see the [Terraform documentation on debugging](https://www.terraform.io/docs/internals/debugging.html).
--->

fatbasstard avatar Nov 17 '22 09:11 fatbasstard