terraform-provider-vcd: BUG: Update of imported `vcd_org` overwrites LDAP configuration
Hi there,
After importing an existing vcd_org into terraform the “apply” fails.
Terraform Version
Terraform v0.15.4 on linux_amd64
- provider registry.terraform.io/vmware/vcd v3.2.0
Affected Resource(s)
- vcd_org
Terraform Configuration Files
I have created custom Terraform modules.
module "***-vcd-org" {
source = "***"
## vcd org ##
org_name = var.org_name
org_description = "description"
org_full_name = "full_name"
}
Debug Output
go-vcloud-director.log: https://gist.github.com/bogi0704/155cafb68e6bcbfc609aeab49b73b638.js
Terraform (Shell) Output:
module.***-vcd-org.vcd_org.org: Modifying... [id=urn:vcloud:org:11327aa4-5cc5-476b-80f4-cb7ed9f75e88]
╷
│ Error: error updating Org error updating Org: API Error: 400: [ f289b47a-3d19-4069-9e4d-9979a0b348ed ] HTTP 400 Bad Request
│ - cvc-complex-type.2.4.a: Invalid content was found starting with element 'BackLinkIdentifier'. One of '{"http://www.vmware.com/vcloud/v1.5":MembershipIdentifier}' is expected.
│
│ with module.***-vcd-org.vcd_org.org,
│ on .terraform/modules/***-vcd-org/modules/***-vcd-org/main.tf line 1, in resource "vcd_org" "org":
│ 1: resource "vcd_org" "org" {
│
╵
Expected Behavior
The planned changes (change the description of the Organization) should have been applied.
Actual Behavior
Terraform errored out.
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
- import an existing vcd_org into your terraform state. -> successful
- ‘terraform plan’ -> successful
terraform apply
-> fails
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 28 (5 by maintainers)
Commits related to this issue
- Fix Issue #672 - update Org with invalid LDAP An Org that has its LDAP settings changed outside Terraform (possibly without error checking and thus incomplete) would fail to update. This check will p... — committed to dataclouder/terraform-provider-vcd by dataclouder 2 years ago
- Fix Issue #672 - update Org with invalid LDAP (#952) * Fix Issue #672 - update Org with invalid LDAP An Org that has its LDAP settings changed outside Terraform (possibly without error checking an... — committed to vmware/terraform-provider-vcd by dataclouder 2 years ago
I have added a fix to the Org update: if an invalid LDAP is detected, it gets ignored. The right way of updating a LDAP settings id through
vcd_org_ldap
. If you need to import an org with LDAP settings, you should import both resources. Only with this double resource can Terraform keep track of the Org LDAP configuration.https://github.com/vmware/terraform-provider-vcd/releases/tag/v3.8.1
It will be soon
Thanks for testing it!
Using the newly implemented
vcd_org_ldap
resource, this problem should go away.For example:
I created this Org, with attached LDAP configuration. Then I removed the Org from terraform state (
terraform state rm vcd_org.dummy
), I imported it, and tried adding a description and changing the lease. Everything works as expected, using VCD 10.4.0.