Fix group member resource to survive refresh when group is missing #1198
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
manicminer
approved these changes
Oct 13, 2023
There was a problem hiding this comment.
Hi @LoicBer, thanks for submitting this fix and taking the time to demo the use case that triggers this bug. We should definitely be gracefully removing the member resource from state in this case.
LGTM 👍
manicminer
added a commit
that referenced
this pull request
Oct 13, 2023
dduportal
referenced
this pull request
in jenkins-infra/azure
Oct 25, 2023
<Actions>
<action
id="c2aadc6326b4b0bc58df11ee286b0f67ccdb5888bd77f391e6473570113337ec">
<h3>Bump Terraform `azuread` provider version</h3>
<details
id="1d9343c012f5434ac9fe8a98135bae3667b399259be16d9b14302ea3bd424a24">
<summary>Update Terraform lock file</summary>
<p>"hashicorp/azuread" updated from "2.43.0" to
"2.44.0" in file ".terraform.lock.hcl"</p>
<details>
<summary>2.44.0</summary>
<pre>Changelog retrieved
from:
	https://github.com/hashicorp/terraform-provider-azuread/releases/tag/v2.44.0
*
Developer Note: the Typed Resource SDK, as also used in the AzureRM
provider, is now the preferred way of introducing new resources
([#1188](https://github.com/hashicorp/terraform-provider-azuread/issues/1188))

FEATURES:

*
**New Resource:** `azuread_application_api_access`
([#1214](hashicorp/terraform-provider-azuread#1214
**New Resource:** `azuread_application_app_role`
([#1214](hashicorp/terraform-provider-azuread#1214
**New Resource:** `azuread_application_fallback_public_client`
([#1214](hashicorp/terraform-provider-azuread#1214
**New Resource:** `azuread_application_from_template`
([#1214](hashicorp/terraform-provider-azuread#1214
**New Resource:** `azuread_application_identifier_uri`
([#1214](hashicorp/terraform-provider-azuread#1214
**New Resource:** `azuread_application_known_clients`
([#1214](hashicorp/terraform-provider-azuread#1214
**New Resource:** `azuread_application_owner`
([#1214](hashicorp/terraform-provider-azuread#1214
**New Resource:** `azuread_application_permission_scope
([#1214](https://github.com/hashicorp/terraform-provider-azuread/issues/1214))`
*
**New Resource:** `azuread_application_redirect_uris`
([#1214](hashicorp/terraform-provider-azuread#1214
**New Resource:** `azuread_application_registration`
([#1214](hashicorp/terraform-provider-azuread#1214
**New Resource:** `azuread_authentication_strength_policy`
([#1171](https://github.com/hashicorp/terraform-provider-azuread/issues/1171))

ENHANCEMENTS:

*
`data.azuread_application` - export the `client_id` attribute, deprecate
the `application_id` attribute
([#1214](hashicorp/terraform-provider-azuread#1214
`data.azuread_service_principal` - support for the `client_id` property,
deprecate the `application_id` property
([#1214](hashicorp/terraform-provider-azuread#1214
`data.azuread_service_principals` - support for the `client_ids`
property, deprecate the `application_ids` property
([#1214](hashicorp/terraform-provider-azuread#1214
`data.azuread_service_principals` - export the `client_id` attribute in
the `service_principals` block, deprecate the `application_id` attribute
([#1214](hashicorp/terraform-provider-azuread#1214
`azuread_application` - export the `client_id` attribute, deprecate the
`application_id` attribute
([#1214](hashicorp/terraform-provider-azuread#1214
`azuread_application_federated_identity_credential` - support for the
`application_id` property, deprecate the `application_object_id`
property
([#1214](hashicorp/terraform-provider-azuread#1214
`azuread_application_certificate` - support for the `application_id`
property, deprecate the `application_object_id` property
([#1214](hashicorp/terraform-provider-azuread#1214
`azuread_application_password` - support for the `application_id`
property, deprecate the `application_object_id` property
([#1214](hashicorp/terraform-provider-azuread#1214
`azuread_application_pre_authorized` - support for the `application_id`
property, deprecate the `application_object_id` property
([#1214](hashicorp/terraform-provider-azuread#1214
`azuread_service_principal` - support for the `client_id` property,
deprecate the `application_id` property
([#1214](hashicorp/terraform-provider-azuread#1214
`azuread_conditional_access_policy` - support for the
`authentication_strength_policy_id` property in the `grant_controls`
block [GH_1171]

BUG FIXES:

* `azuread_group_member` -
resolve a bug when refreshing state if the group is missing
([#1198](https://github.com/hashicorp/terraform-provider-azuread/issues/1198))


</pre>
</details>
<details>
<summary>2.44.1</summary>
<pre>Changelog retrieved
from:
	https://github.com/hashicorp/terraform-provider-azuread/releases/tag/v2.44.1
BUG
FIXES:

* `azuread_application_certificate` - work around an
unexpected diff with the `application_object_id` property
([#1221](hashicorp/terraform-provider-azuread#1221
`azuread_application_federated_identity_credential` - work around an
unexpected diff with the `application_object_id` property
([#1221](hashicorp/terraform-provider-azuread#1221
`azuread_application_password` - work around an unexpected diff with the
`application_object_id` property
([#1221](hashicorp/terraform-provider-azuread#1221
`azuread_application_pre_authorized` - work around an unexpected diff
with the `application_object_id` property
([#1221](https://github.com/hashicorp/terraform-provider-azuread/issues/1221))


</pre>
</details>
</details>
</action>
</Actions>
---
<table>
<tr>
<td width="77">
<img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli
logo" width="50" height="50">
</td>
<td>
<p>
Created automatically by <a
href="https://www.updatecli.io/">Updatecli</a>
</p>
<details><summary>Options:</summary>
<br />
<p>Most of Updatecli configuration is done via <a
href="https://www.updatecli.io/docs/prologue/quick-start/">its
manifest(s)</a>.</p>
<ul>
<li>If you close this pull request, Updatecli will automatically reopen
it, the next time it runs.</li>
<li>If you close this pull request and delete the base branch, Updatecli
will automatically recreate it, erasing all previous commits made.</li>
</ul>
<p>
Feel free to report any issues at <a
href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br
/>
If you find this tool useful, do not hesitate to star <a
href="https://github.com/updatecli/updatecli/stargazers">our GitHub
repository</a> as a sign of appreciation, and/or to tell us directly on
our <a
href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>!
</p>
</details>
</td>
</tr>
</table>
---------
Co-authored-by: Jenkins Infra Bot (updatecli) <60776566+jenkins-infra-bot@users.noreply.github.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR proposes a fix for issue #1172 regarding
azuread_group_memberresource failing to refresh when the referenced group is missing.It handles the case where
client.ListMembers()returns a 404 error (missing group) by removing the group member from the state.I could validate with this simple bug reproducer that this change solves the issue.
Here the output I get when running
terraform planwhen the group ID referenced by the group member has changed:https://gist.github.com/LoicBer/53a8b974067d0ca0cfacb50f9a9ee911
Terraform wants to remove the member from the state and recreate the member with the new group ID, which is the expected behavior.