terraform-provider-rancher2 icon indicating copy to clipboard operation
terraform-provider-rancher2 copied to clipboard

Published 20 hours ago verified publisher icon rancher

[BUG] rancher2_principal data source returns wrong result

Open manhtukhang opened this issue 4 months ago • 1 comments

Rancher Server Setup

  • Rancher version: 2.7.9 + master
  • Installation option (Docker install/Helm Chart):
    • If Helm Chart, Kubernetes Cluster and version (RKE1, RKE2, k3s, EKS, etc): Helm, RKE2 1.26
  • Proxy/Cert Details:

Information about the Cluster

  • Kubernetes version: RKE2 1.26
  • Cluster Type (Local/Downstream):
    • If downstream, what type of cluster? (Custom/Imported or specify provider for Hosted/Infrastructure Provider): Imported

User Information

  • What is the role of the user logged in? Admin

Provider Information

  • What is the version of the Rancher v2 Terraform Provider in use? master
  • What is the version of Terraform in use? 1.7.5

Describe the bug

When using the data source rancher2_principal to search for an LDAP user, sometimes it returns the wrong result if the inputted name has multiple matched results

To Reproduce

  • Add LDAP auth method, add 3 users with one's name is a subset string of the others, for example: nguyenp, nguyenpg , nguyenptt2
  • Terraform code: 
    //
data "rancher2_principal" "test" {
  provider = rancher2.ldap
  type     = "user"
  name     = "nguyenp"
}
//
output "test_result" {
  value = data.rancher2_principal.test
}

Actual Result

Principal of user nguyenpg

Expected Result

Principal of user nguyenp

Screenshots

screenshot-2024-03-28-110640

Additional context

Actually, the provider did nothing except pick the first element in the list that returned from Rancher API, but that list is unsorted or just in random order. Therefore, picking the first element is not the best way.

I also tested my guess by using Rancher API page at <server_address>/v3/principals, and the result is:

#cURL command line:
curl -u "${CATTLE_ACCESS_KEY}:${CATTLE_SECRET_KEY}" \
-X POST \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
'https://rancher-dev.example.com/v3/principals?action=search'

#HTTP Request:
HTTP/1.1 POST /v3/principals?action=search
Host: rancher-dev.example.com
Accept: application/json
Content-Type: application/json
Content-Length: 41

{

    "name": "nguyenp",
    "principalType": "user"

}

#HTTP Response:
HTTP/1.1 200
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json
date: Thu, 28 Mar 2024 04:21:15 GMT
expires: Wed 24 Feb 1982 18:42:00 GMT
server: nginx, 2298
strict-transport-security: max-age=15724800; includeSubDomains
x-api-cattle-auth: true
x-api-schemas: https://rancher-dev.example.com/v3/schemas
x-content-type-options: nosniff
x-firefox-spdy: h2

{
    "filters": {
        "created": null,
        "creatorId": null,
        "id": null,
        "loginName": null,
        "me": null,
        "memberOf": null,
        "name": null,
        "principalType": null,
        "profilePicture": null,
        "profileURL": null,
        "provider": null,
        "removed": null,
        "uuid": null
    },
    "resourceType": ["principal"],
    "data": [ 3 items
        {
            "baseType": "principal",
            "created": null,
            "creatorId": null,
            "id": ["openldap_user://cn=nguyenpg,ou=ou1,dc=example,dc=com"],
            "links": {
                "self": ["…/v3/principals/openldap_user:%2F%2Fcn=nguyenpg%2Cou=ou1%2Cdc=example%2Cdc=com"],
            },
            "loginName": "nguyenpg",
            "me": true,
            "memberOf": false,
            "name": "nguyenpg",
            "principalType": "user",
            "provider": "openldap",
            "type": ["principal"]
        },
        {
            "baseType": "principal",
            "created": null,
            "creatorId": null,
            "id": ["openldap_user://cn=nguyenptt2,ou=ou1,dc=example,dc=com"],
            "links": {
                "self": ["…/v3/principals/openldap_user:%2F%2Fcn=nguyenptt2%2Cou=ou1%2Cdc=example%2Cdc=com"],
            "loginName": "nguyenptt2",
            "me": true,
            "memberOf": false,
            "name": "nguyenptt2",
            "principalType": "user",
            "provider": "openldap",
            "type": ["principal"],
        },
        {
            "baseType": "principal",
            "created": null,
            "creatorId": null,
            "id": ["openldap_user://cn=nguyenp,ou=ou1,dc=example,dc=com"],
            "links": {
                "self": ["…/v3/principals/openldap_user:%2F%2Fcn=nguyenp%2Cou=ou1%2Cdc=example%2Cdc=com"],
            },
            "loginName": "nguyenp",
            "me": true,
            "memberOf": false,
            "name": "nguyenp",
            "principalType": "user",
            "provider": "openldap",
            "type": ["principal"],
        }
    ]

}

manhtukhang avatar Mar 28 '24 04:03 manhtukhang