Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

4.12.0 AppUserBaseSchemaProperty adds new attributes permissions, union and userType #772

Open
notdodo opened this issue Dec 3, 2024 · 6 comments
Open

4.12.0 AppUserBaseSchemaProperty adds new attributes permissions, union and userType #772

notdodo opened this issue Dec 3, 2024 · 6 comments
Labels
area/import An issue related to `pulumi import` or the import resource option. awaiting/core Blocked on a missing bug or feature in pulumi/pulumi (except codegen) awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). kind/bug Some behavior is incorrect or out of spec

Comments

@notdodo
Copy link

notdodo commented Dec 3, 2024
edited
Loading

Describe what happened

Hi,

the update from 4.11.0 to 4.12.0 shows changes to add new attributes on AppUserBaseSchemaProperty resource.
Image

but import those resources will fail since the resource doesn't match.
I've already created an issue on Okta TF provider: okta/terraform-provider-okta#2102

Sample program

#772 (comment)

Log output

No response

Affected Resource(s)

No response

Output of pulumi about

CLI
Version      3.142.0
Go Version   go1.23.3
Go Compiler  gc

Plugins
KIND      NAME    VERSION
resource  okta    4.12.0
language  python  3.142.0

Host
OS       darwin
Version  15.1.1
Arch     arm64

This project is written in python: executable='/Users/notdodo/Desktop/okta_poc/pulumi/.venv/bin/python' version='3.13.0'

Current Stack: organization/poc/dev

Found no resources associated with dev

Found no pending operations associated with dev

Backend
Name           notdodo
URL            file://.
User           notdodo
Organizations
Token type     personal

Dependencies:
NAME         VERSION
pip          24.2
pulumi_okta  4.12.0

Pulumi locates its logs in /var/folders/jm/htlczymd62x5_cqcq4vb3sy00000gn/T/ by default

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@notdodo notdodo added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels Dec 3, 2024
@VenelinMartinov
Copy link
Contributor

Hey @notdodo, thanks for reporting the issue and sorry you've hit this.

I can see the upstream issue is closed as "working as intended", which is unfortunate.

Can you please add a bit more detail about:

  1. What exactly fails here?
  2. How does this work in TF?

@VenelinMartinov VenelinMartinov added awaiting-feedback Blocked on input from the author and removed needs-triage Needs attention from the triage team labels Dec 3, 2024
@notdodo
Copy link
Author

notdodo commented Dec 3, 2024
edited
Loading

Hei @VenelinMartinov

yeah sure; I was in a rush hoping that someone already looked at it.
I'll try to create a small POC

@pulumi-bot pulumi-bot added needs-triage Needs attention from the triage team and removed awaiting-feedback Blocked on input from the author labels Dec 3, 2024
@notdodo
Copy link
Author

notdodo commented Dec 3, 2024
edited
Loading

Here it is.
It's the same behavior shown on the TF provider issue.

First test:

import pulumi_okta as okta

import pulumi

okta.AppUserSchemaProperty(
    "example",
    app_id="<id>",
    index="EmployeeInfoSubcompany",
    title="EmployeeInfoSubcompany",
    external_name="EmployeeInfoSubcompany",
    type="string",
    description="string",
    master="PROFILE_MASTER",
    scope="NONE",
    opts=pulumi.ResourceOptions(import_="<id>/EmployeeInfoSubcompany"),
)

during pulumi up I get:

Previewing update (dev):
     Type                                 Name     Plan       Info
 +   pulumi:pulumi:Stack                  poc-dev  create
 =   └─ okta:index:AppUserSchemaProperty  example  import     [diff: +permissions,union,userType]; 1 warning

Diagnostics:
  okta:index:AppUserSchemaProperty (example):
    warning: inputs to import do not match the existing resource: [permissions union userType]; importing this resource will fail

Resources:
    + 1 to create
    = 1 to import
    2 changes

Do you want to perform this update? details
+ pulumi:pulumi:Stack: (create)
    [urn=urn:pulumi:dev::poc::pulumi:pulumi:Stack::poc-dev]
    = okta:index/appUserSchemaProperty:AppUserSchemaProperty: (import)
        [id=<id>/EmployeeInfoSubcompany]
        [urn=urn:pulumi:dev::poc::okta:index/appUserSchemaProperty:AppUserSchemaProperty::example]
        [provider=urn:pulumi:dev::poc::pulumi:providers:okta::default_4_12_0::04da6b54-80e4-46f7-96ec-b56ff0331ba9]
      + permissions: "READ_ONLY"
      + union      : false
      + userType   : "default"

the import will fail due to permissions, union and userType.

Second try adding those attributes to the code:

import pulumi_okta as okta

import pulumi

okta.AppUserSchemaProperty(
    "example",
    app_id="<id>",
    index="EmployeeInfoSubcompany",
    title="EmployeeInfoSubcompany",
    external_name="EmployeeInfoSubcompany",
    type="string",
    description="string",
    master="PROFILE_MASTER",
    scope="NONE",
    permissions="READ_ONLY",
    union=False,
    user_type="default",
    opts=pulumi.ResourceOptions(import_="<id>/EmployeeInfoSubcompany"),
)

Same outcome:

Previewing update (dev):
     Type                                 Name     Plan       Info
 +   pulumi:pulumi:Stack                  poc-dev  create
 =   └─ okta:index:AppUserSchemaProperty  example  import     [diff: +permissions,union,userType]; 1 warning

Diagnostics:
  okta:index:AppUserSchemaProperty (example):
    warning: inputs to import do not match the existing resource: [permissions union userType]; importing this resource will fail

Resources:
    + 1 to create
    = 1 to import
    2 changes

Do you want to perform this update? details
+ pulumi:pulumi:Stack: (create)
    [urn=urn:pulumi:dev::poc::pulumi:pulumi:Stack::poc-dev]
    = okta:index/appUserSchemaProperty:AppUserSchemaProperty: (import)
        [id=<id>/EmployeeInfoSubcompany]
        [urn=urn:pulumi:dev::poc::okta:index/appUserSchemaProperty:AppUserSchemaProperty::example]
        [provider=urn:pulumi:dev::poc::pulumi:providers:okta::default_4_12_0::04da6b54-80e4-46f7-96ec-b56ff0331ba9]
      + permissions: "READ_ONLY"
      + union      : false
      + userType   : "default"

even if the attributes are defined on the code the import see drifts.

@VenelinMartinov
Copy link
Contributor

@notdodo I see that you are using the import resource option. Is there a reason not to use pulumi import for this? Does that help unblock you here?

@VenelinMartinov VenelinMartinov added awaiting-feedback Blocked on input from the author and removed needs-triage Needs attention from the triage team labels Dec 4, 2024
@notdodo
Copy link
Author

notdodo commented Dec 4, 2024

@notdodo I see that you are using the import resource option. Is there a reason not to use pulumi import for this? Does that help unblock you here?

unfortunately it doesn't (it works tho) since we'd like to only use pipelines for IaC and not manual interaction with the state which is a bad practice.

@pulumi-bot pulumi-bot added needs-triage Needs attention from the triage team and removed awaiting-feedback Blocked on input from the author labels Dec 4, 2024
@VenelinMartinov
Copy link
Contributor

I see, good to hear that pulumi import works. You have correctly identified that the terraform provider is not quite doing the right thing here.

Unfortunately, we do currently give users the tools to work around the issue on our side either. I think the best you can do is manually import the resource to work around the limitation.

Some of the issues connected to this. Feel free to upvote:

pulumi/pulumi-terraform-bridge#2272 - this is about giving bridged providers the ability to work around this problem.
pulumi/pulumi#16397 - adding some ability in the pulumi engine to ignore these warnings

@VenelinMartinov VenelinMartinov added awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). awaiting/core Blocked on a missing bug or feature in pulumi/pulumi (except codegen) area/import An issue related to `pulumi import` or the import resource option. and removed needs-triage Needs attention from the triage team labels Dec 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/import An issue related to `pulumi import` or the import resource option. awaiting/core Blocked on a missing bug or feature in pulumi/pulumi (except codegen) awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). kind/bug Some behavior is incorrect or out of spec
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@notdodo @VenelinMartinov @pulumi-bot