Coder Social home page Coder Social logo

Comments (5)

alexkappa avatar alexkappa commented on May 26, 2024

Hi @janfietz, could you provide some more elaborate reproduction steps? The example provided doesn't seem to have any relation to users.

Perhaps the Auth0 dashboard does some kind of housekeeping and deletes a role if its unassociated from all users? Of course this is just a guess, any help to validate this would be helpful.

from terraform-provider-auth0.

janfietz avatar janfietz commented on May 26, 2024

Hi

a minimal sample would be:

resource "auth0_client" "app_client" {
  name                = "test_app"
  app_type            = "regular_web"
  callbacks           = ["https://testapp/callback"]
  allowed_logout_urls = ["https://testapp/logout"]
  web_origins         = ["https://testapp"]
  grant_types         = ["implicit", "authorization_code", "refresh_token", "client_credentials"]

  jwt_configuration {
    alg = "RS256"
  }
}

resource "auth0_resource_server" "app_api" {
  name                                            = "test_app"
  identifier                                      = "https://testapp"
  skip_consent_for_verifiable_first_party_clients = true

  enforce_policies = true

  scopes {
    value       = "read:everything"
    description = "Read all everything"
  }
}

resource "auth0_role" "user_role" {
  name        = "testapp:user"
  description = "User of testapp"

  permissions {
    resource_server_identifier = auth0_resource_server.app_api.identifier
    name                       = "read:everything"
  }
}

After apply it I used the auth0 dashboard to assign the role to my user.

I tried to apply it again with following output:

auth0_resource_server.app_api: Refreshing state... [id=5df2aa6f52b4b507e541767b]
auth0_client.app_client: Refreshing state... [id=tpkuLOl62xB5v084PUxWml2HkQurAO2R]
auth0_role.user_role: Refreshing state... [id=rol_oJSPxNImOLnLezCK]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # auth0_role.user_role must be replaced
-/+ resource "auth0_role" "user_role" {
        description = "User of testapp"
      ~ id          = "rol_oJSPxNImOLnLezCK" -> (known after apply)
        name        = "testapp:user"
      ~ role_id     = "rol_oJSPxNImOLnLezCK" -> (known after apply)
      - user_ids    = [
          - "auth0|5a7c59ec9bf9bc6ee253d87e",
        ] -> null # forces replacement

        permissions {
            name                       = "read:everything"
            resource_server_identifier = "https://testapp"
        }
    }

Plan: 1 to add, 0 to change, 1 to destroy.

Hope that helps.
Thanx

from terraform-provider-auth0.

alexkappa avatar alexkappa commented on May 26, 2024

Hmm I think I understand whats going on. The user_ids are now changed since you’ve assigned a new user to that role.

Perhaps user_ids are defined with forceNew, which will drop and recreate the resource.

I am starting to believe that the best approach here is to split user assignment into its own resource (e.g. auth0_user_role) instead of letting the role own the relationship.

I’ll try and give it a go tomorrow.

Thanks @janfietz !

from terraform-provider-auth0.

alexkappa avatar alexkappa commented on May 26, 2024

@janfietz auth0_role.user_ids is now removed in favor of auth0_user.roles. This should make the owning entity of the relationship the user instead of the role.

I felt it easier to keep track of changes this way, as the role doesn't change, but who assumes the role does.

resource "auth0_user" "user" {
  ...
  roles = [ "${auth0_role.admin.id}" ]
}

resource auth0_role admin {
	name = "admin"
	description = "Administrator"
}

Also fixed some issues that user roles or role permissions wouldn't update correctly.

Feel free to give it a try using v0.4.0.

from terraform-provider-auth0.

janfietz avatar janfietz commented on May 26, 2024

@alexkappa i tested version v0.4.0 and it worked as expected.

Good job.
Thank you

from terraform-provider-auth0.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.