terraform-provider-splunk icon indicating copy to clipboard operation
terraform-provider-splunk copied to clipboard

Published 20 hours ago verified publisher icon splunk

Errors Creating Roles

Open jordanfelle opened this issue 3 years ago • 1 comments

When I try to create a new role I get the error

Error: Unable to find resource: ctr_test

  on roles.tf line 115, in resource "splunk_authorization_roles" "ctr_test":
 115: resource "splunk_authorization_roles" "ctr_test" {

Looking in the trace

splunk_authorization_roles.ctr_test: Creating...
2021/03/11 07:13:56 [DEBUG] EvalApply: ProviderMeta config value set
2021/03/11 07:13:56 [DEBUG] splunk_authorization_roles.ctr_test: applying the planned Create change
2021/03/11 07:13:56 [TRACE] GRPCProvider: ApplyResourceChange
2021/03/11 07:13:56 [DEBUG] splunk_authorization_roles.ctr_test: apply errored, but we're indicating that via the Error pointer rather than returning it: Unable to find resource: ctr_test
2021/03/11 07:13:56 [TRACE] eval: *terraform.EvalMaybeTainted
2021/03/11 07:13:56 [TRACE] EvalMaybeTainted: splunk_authorization_roles.ctr_test encountered an error during creation, so it is now marked as tainted
2021/03/11 07:13:56 [TRACE] eval: *terraform.EvalWriteState
2021/03/11 07:13:56 [TRACE] EvalWriteState: recording 0 dependencies for splunk_authorization_roles.ctr_test
2021/03/11 07:13:56 [TRACE] EvalWriteState: writing current state object for splunk_authorization_roles.ctr_test
2021/03/11 07:13:56 [TRACE] eval: *terraform.EvalApplyProvisioners
2021/03/11 07:13:56 [TRACE] EvalApplyProvisioners: splunk_authorization_roles.ctr_test is tainted, so skipping provisioning
2021/03/11 07:13:56 [TRACE] eval: *terraform.EvalMaybeTainted
2021/03/11 07:13:56 [TRACE] EvalMaybeTainted: splunk_authorization_roles.ctr_test was already tainted, so nothing to do
2021/03/11 07:13:56 [TRACE] eval: *terraform.EvalWriteState
2021/03/11 07:13:56 [TRACE] EvalWriteState: recording 0 dependencies for splunk_authorization_roles.ctr_test
2021/03/11 07:13:56 [TRACE] EvalWriteState: writing current state object for splunk_authorization_roles.ctr_test
2021/03/11 07:13:56 [TRACE] eval: *terraform.EvalIf
2021/03/11 07:13:56 [TRACE] eval: *terraform.EvalIf
2021/03/11 07:13:56 [TRACE] eval: *terraform.EvalWriteDiff
2021/03/11 07:13:56 [TRACE] eval: *terraform.EvalApplyPost
2021/03/11 07:13:56 [ERROR] eval: *terraform.EvalApplyPost, err: Unable to find resource: ctr_test
2021/03/11 07:13:56 [ERROR] eval: *terraform.EvalSequence, err: Unable to find resource: ctr_test
2021/03/11 07:13:56 [TRACE] [walkApply] Exiting eval tree: splunk_authorization_roles.ctr_test
2021/03/11 07:13:56 [TRACE] vertex "splunk_authorization_roles.ctr_test": visit complete
2021/03/11 07:13:56 [TRACE] dag/walk: upstream of "meta.count-boundary (EachMode fixup)" errored, so skipping
2021/03/11 07:13:56 [TRACE] dag/walk: upstream of "provider[\"registry.terraform.io/splunk/splunk\"] (close)" errored, so skipping
2021/03/11 07:13:56 [TRACE] dag/walk: upstream of "root" errored, so skipping

If you run apply again you get get a 409 and the role was actually created

Error: Http Error: [409] 409 Conflict {"messages":[{"type":"ERROR","text":"Role 'ctr_test' already exists. Keeping original role"}]}

  on roles.tf line 115, in resource "splunk_authorization_roles" "ctr_test":
 115: resource "splunk_authorization_roles" "ctr_test" {

Trace

splunk_authorization_roles.ctr_test: Creating...
2021/03/11 08:08:19 [DEBUG] EvalApply: ProviderMeta config value set
2021/03/11 08:08:19 [DEBUG] splunk_authorization_roles.ctr_test: applying the planned Create change
2021/03/11 08:08:19 [TRACE] GRPCProvider: ApplyResourceChange
2021/03/11 08:08:19 [DEBUG] splunk_authorization_roles.ctr_test: apply errored, but we're indicating that via the Error pointer rather than returning it: Http Error: [409] 409 Conflict {"messages":[{"type":"ERROR","text":"Role 'ctr_test' already exists. Keeping original role"}]}
2021/03/11 08:08:19 [TRACE] eval: *terraform.EvalMaybeTainted
2021/03/11 08:08:19 [TRACE] EvalMaybeTainted: splunk_authorization_roles.ctr_test encountered an error during creation, so it is now marked as tainted
2021/03/11 08:08:19 [TRACE] eval: *terraform.EvalWriteState
2021/03/11 08:08:19 [TRACE] EvalWriteState: removing state object for splunk_authorization_roles.ctr_test
2021/03/11 08:08:19 [TRACE] eval: *terraform.EvalApplyProvisioners
2021/03/11 08:08:19 [TRACE] EvalApplyProvisioners: splunk_authorization_roles.ctr_test has no state, so skipping provisioners
2021/03/11 08:08:19 [TRACE] eval: *terraform.EvalMaybeTainted
2021/03/11 08:08:19 [TRACE] EvalMaybeTainted: splunk_authorization_roles.ctr_test encountered an error during creation, so it is now marked as tainted
2021/03/11 08:08:19 [TRACE] eval: *terraform.EvalWriteState
2021/03/11 08:08:19 [TRACE] EvalWriteState: removing state object for splunk_authorization_roles.ctr_test
2021/03/11 08:08:19 [TRACE] eval: *terraform.EvalIf
2021/03/11 08:08:19 [TRACE] eval: *terraform.EvalIf
2021/03/11 08:08:19 [TRACE] eval: *terraform.EvalWriteDiff
2021/03/11 08:08:19 [TRACE] eval: *terraform.EvalApplyPost
2021/03/11 08:08:19 [ERROR] eval: *terraform.EvalApplyPost, err: Http Error: [409] 409 Conflict {"messages":[{"type":"ERROR","text":"Role 'ctr_test' already exists. Keeping original role"}]}
2021/03/11 08:08:19 [ERROR] eval: *terraform.EvalSequence, err: Http Error: [409] 409 Conflict {"messages":[{"type":"ERROR","text":"Role 'ctr_test' already exists. Keeping original role"}]}
2021/03/11 08:08:19 [TRACE] [walkApply] Exiting eval tree: splunk_authorization_roles.ctr_test
2021/03/11 08:08:19 [TRACE] vertex "splunk_authorization_roles.ctr_test": visit complete
2021/03/11 08:08:19 [TRACE] dag/walk: upstream of "provider[\"registry.terraform.io/splunk/splunk\"] (close)" errored, so skipping
2021/03/11 08:08:19 [TRACE] dag/walk: upstream of "meta.count-boundary (EachMode fixup)" errored, so skipping
2021/03/11 08:08:19 [TRACE] dag/walk: upstream of "root" errored, so skipping

jordanfelle avatar Mar 11 '21 13:03 jordanfelle

I think this may be the same error I just encountered, which seems to be caused by uppercase letters in role names.

It appears that either Terraform or Splunk does case-sensitive matching when looking up existing role names - however, Splunk lower-cases role names on creation.

So if you define a role called "MyRole" in Terraform, then what Splunk actually creates is called "myrole" - and then the provider tries to look up "MyRole", which it can't find due to case sensitivity... but of course, if you try to re-create it, then Splunk will attempt to re-create "myrole" which already exists.

The good news is, you can work around this by simply ensuring you don't have any uppercase letters in your role names.

jfcantu avatar Jun 01 '21 17:06 jfcantu