Terraform plan forces replacement of imported harbor_robot_account resource

Question

Terraform plan forces replacement of imported harbor_robot_account resource

Closed this issue 3 months ago · 6 comments

Describe the bug

When I run terraform plan after importing a robot account resource, the plan shows it will force replace the resource.

Snippet from the terraform plan output:

  # harbor_robot_account.robot["robot$cyborg-18"] must be replaced
-/+ resource "harbor_robot_account" "robot" {
      ~ full_name   = "robot$cyborg-18" -> (known after apply)
      ~ id          = "/robots/9" -> (known after apply)
      + name        = "robot$cyborg-18" # forces replacement
      ~ robot_id    = "9" -> (known after apply)
      + secret      = (sensitive value)
        # (4 unchanged attributes hidden)
...

To Reproduce

import robot account resource
run terraform plan

Expected behavior
No force replacement on the imported robot account resource.

Additional context
I am not sure but I think the cause is that the name argument is missing in the function resourceRobotAccountRead

Provider Version v3.10.11
Terraform Version v1.6.4
Harbor Version v2.10.0-6abb4eab

Answer 1 · 2024-06-21T08:15:10.000Z

hello,
thank you for the bug report
i did a fix, it will be in the next release of the provider

Answer 2 · 2024-06-21T08:34:40.000Z

it will be in the v3.10.12 (build in progress)

Answer 3 · 2024-06-21T17:18:54.000Z

Hi @flbla - thanks for the quick fix!

I tried using the latest provider version v3.10.12 but the terraform plan still shows force replacement of the resource.

In case this helps you investigating, I am trying to import a system level robot account.

Answer 4 · 2024-06-24T07:25:03.000Z

Hi @nafaa-tayachi ,
I did the same test with the latest build (v3.10.12) :

terraform init :

- Installing goharbor/harbor v3.10.12...
- Installed goharbor/harbor v3.10.12 (unauthenticated)

I created a system robot account through the GUI :

Then I created this tf code :

resource "harbor_robot_account" "name" {
  name = "test"
  description = "test"
  level = "system"

  permissions {
    access {
      action = "pull"
      resource = "repository"
    }
    access {
      action = "push"
      resource = "repository"
    }
    kind = "project"
    namespace = "library"
  }
  
}

I imported it :

terraform import harbor_robot_account.name /robots/5
harbor_robot_account.name: Importing from ID "/robots/5"...
harbor_robot_account.name: Import prepared!
  Prepared harbor_robot_account for import
harbor_robot_account.name: Refreshing state... [id=/robots/5]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

and when I try to apply it, it do not replace it, just update it :

  # harbor_robot_account.name will be updated in-place
  ~ resource "harbor_robot_account" "name" {
      + description = "test"
      ~ duration    = 30 -> -1
        id          = "/robots/5"
        name        = "test"
        # (4 unchanged attributes hidden)

      - permissions {
          - kind      = "system" -> null
          - namespace = "/" -> null

          - access {
              - action   = "list" -> null
              - resource = "audit-log" -> null
                # (1 unchanged attribute hidden)
            }
        }
      + permissions {
          + kind      = "project"
          + namespace = "library"

          + access {
              + action   = "pull"
              + effect   = "allow"
              + resource = "repository"
            }
          + access {
              + action   = "push"
              + effect   = "allow"
              + resource = "repository"
            }
        }
    }

Answer 5 · 2024-06-24T07:26:47.000Z

after the upgrade to v3.10.12, did you try remove it from the state and re-import it ?
@nafaa-tayachi

Answer 6 · 2024-06-26T13:30:22.000Z

my bad .. it is working now
thanks again @flbla !