Comments (5)
Hi @janfietz, could you provide some more elaborate reproduction steps? The example provided doesn't seem to have any relation to users.
Perhaps the Auth0 dashboard does some kind of housekeeping and deletes a role if its unassociated from all users? Of course this is just a guess, any help to validate this would be helpful.
from terraform-provider-auth0.
Hi
a minimal sample would be:
resource "auth0_client" "app_client" {
name = "test_app"
app_type = "regular_web"
callbacks = ["https://testapp/callback"]
allowed_logout_urls = ["https://testapp/logout"]
web_origins = ["https://testapp"]
grant_types = ["implicit", "authorization_code", "refresh_token", "client_credentials"]
jwt_configuration {
alg = "RS256"
}
}
resource "auth0_resource_server" "app_api" {
name = "test_app"
identifier = "https://testapp"
skip_consent_for_verifiable_first_party_clients = true
enforce_policies = true
scopes {
value = "read:everything"
description = "Read all everything"
}
}
resource "auth0_role" "user_role" {
name = "testapp:user"
description = "User of testapp"
permissions {
resource_server_identifier = auth0_resource_server.app_api.identifier
name = "read:everything"
}
}
After apply it I used the auth0 dashboard to assign the role to my user.
I tried to apply it again with following output:
auth0_resource_server.app_api: Refreshing state... [id=5df2aa6f52b4b507e541767b]
auth0_client.app_client: Refreshing state... [id=tpkuLOl62xB5v084PUxWml2HkQurAO2R]
auth0_role.user_role: Refreshing state... [id=rol_oJSPxNImOLnLezCK]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
# auth0_role.user_role must be replaced
-/+ resource "auth0_role" "user_role" {
description = "User of testapp"
~ id = "rol_oJSPxNImOLnLezCK" -> (known after apply)
name = "testapp:user"
~ role_id = "rol_oJSPxNImOLnLezCK" -> (known after apply)
- user_ids = [
- "auth0|5a7c59ec9bf9bc6ee253d87e",
] -> null # forces replacement
permissions {
name = "read:everything"
resource_server_identifier = "https://testapp"
}
}
Plan: 1 to add, 0 to change, 1 to destroy.
Hope that helps.
Thanx
from terraform-provider-auth0.
Hmm I think I understand whats going on. The user_ids are now changed since you’ve assigned a new user to that role.
Perhaps user_ids are defined with forceNew, which will drop and recreate the resource.
I am starting to believe that the best approach here is to split user assignment into its own resource (e.g. auth0_user_role) instead of letting the role own the relationship.
I’ll try and give it a go tomorrow.
Thanks @janfietz !
from terraform-provider-auth0.
@janfietz auth0_role.user_ids
is now removed in favor of auth0_user.roles
. This should make the owning entity of the relationship the user instead of the role.
I felt it easier to keep track of changes this way, as the role doesn't change, but who assumes the role does.
resource "auth0_user" "user" {
...
roles = [ "${auth0_role.admin.id}" ]
}
resource auth0_role admin {
name = "admin"
description = "Administrator"
}
Also fixed some issues that user roles or role permissions wouldn't update correctly.
Feel free to give it a try using v0.4.0
.
from terraform-provider-auth0.
@alexkappa i tested version v0.4.0 and it worked as expected.
Good job.
Thank you
from terraform-provider-auth0.
Related Issues (20)
- Add native_social_login option to auth0_client HOT 1
- auth0_tenant flags not working as expected HOT 1
- Support for `session_cookie` argument in `auth0_tenant` resource HOT 1
- `auth0_connection`: add `show_as_button` option HOT 5
- Allow enabling "Connection button" for Azure Active Directory enterprise connection (waad) HOT 1
- auth0_resource_server `scopes` are not configured properly via terraform HOT 1
- `auth0_action` for `post-user-registration` trigger is created as Post Login in Auth0 HOT 1
- User data source HOT 2
- User roles resource HOT 1
- Error when creation Auth) connection with strategy = "auth0-adldap". HOT 2
- Multiple tenants HOT 4
- Only send tenant configuration if changed HOT 1
- Where can I find the ID of a tenant? HOT 2
- Dependency didn't resolved between trigger binding and action when we want to delete an action. HOT 1
- How do I find the ID of various resources in the portal? HOT 3
- Allow to update Node Runtime Extensibility on Tenant settings HOT 2
- Which Terraform resource covers "Machine to Machine Applications" under the applications page? HOT 1
- Organization connection does not get updated HOT 1
- THIS REPOSITORY HAS MOVED
- Thank you!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-auth0.