MyPureCloud/terraform-provider-genesyscloud

genesyscloud_user_roles - impossible to add multiple role to a user

Closed this issue · 3 comments

The current code implementation does not support assigning multiple roles to a user. When attempting to do so, an error immediately flags the block “roles.”

It appears the code expects a specific structure for defining roles, as follows:
roles {
role_id =
division_ids =
}

Below is the code I used, which is part of a global module for user management. The error is triggered when trying to define multiple roles in the roles block:

resource "genesyscloud_user_roles" "user_roles" {
depends_on = [genesyscloud_user.users, genesyscloud_user.update_managers]

for_each = {
for user in local.users_config : user.email => user
if user.roles != null
}

user_id = genesyscloud_user.users[each.key].id

roles = [
for role in each.value.roles : {
role_id = data.genesyscloud_auth_role.roles[role.role_name].id
division_ids = role.division_name == "" ? [""] : [
for division in (role.division_name == null ? [] : [role.division_name]) :
var.input_divisions[division].id
]
}
]
}

The error suggests that the roles block does not support defining multiple entries in this way. Assistance is needed to understand whether this is a bug or a limitation, and if there’s an alternative approach to achieve this functionality.

This version retains all the technical details while clarifying the issue.

bbbco commented

Hi @GuillaumeG69

Here is how I have added multiple auth roles to a single user using Terraform's Dynamic Blocks functionality:

resource "genesyscloud_user_roles" "foo" {
  user_id = data.genesyscloud_user.foo_user.id
  dynamic "roles" {
    for_each = [
      data.genesyscloud_auth_role.employee.id,
      data.genesyscloud_auth_role.admin.id,
      data.genesyscloud_auth_role.communicate_admin.id,
      data.genesyscloud_auth_role.outbound_admin.id,
      data.genesyscloud_auth_role.quality_administrator.id,
      data.genesyscloud_auth_role.supervisor.id,
    ]
    content {
      role_id = roles.value
    }
  }
}

I think (I haven't tested it), but you should be able to iterate the user ids as well using either for_each or dynamic blocks.

However, I would also remind you that Terraform is an explicitly declarative language. It appears that you might be trying to construct a local variable config of user mapping to roles and such. Instead of constructing a mapping object, you should consider explicitly defining each user and auth resources:

resource "genesyscloud_user" "bob" {
  name = "Bob"
  email = "bob@foo.com"
  ...
}
resource "genesyscloud_user_roles" "bob" {
  user_id = genesyscloud_user.bob.id
  dynamic "roles" {
    for_each = [
      data.genesyscloud_auth_role.employee.id,
      data.genesyscloud_auth_role.admin.id,
      data.genesyscloud_auth_role.communicate_admin.id,
      data.genesyscloud_auth_role.outbound_admin.id,
    ]
    content {
      role_id = roles.value
    }
  }
}


resource "genesyscloud_user" "susan" {
  name = "Susan"
  email = "susan@foo.com"
  ...
}
resource "genesyscloud_user_roles" "susan" {
  user_id = genesyscloud_user.susan.id
  dynamic "roles" {
    for_each = [
      data.genesyscloud_auth_role.employee.id,
      data.genesyscloud_auth_role.admin.id,
      data.genesyscloud_auth_role.quality_administrator.id,
      data.genesyscloud_auth_role.supervisor.id,
    ]
    content {
      role_id = roles.value
    }
  }
}

Thanks a lot with dynamic roles, it is working now.
You're right for the moment my aim is to inject the datas from an excel collect file transformed into json files.
Therefore my Terraform Code is "dynamic" and not "static" as I am supposed to do.

we can close this issue