ilijamt/terraform-provider-awx

Optional fields are considered manadatory

Closed this issue · 12 comments

reshifirdous commented

it appears the optional fields are mandatory there is no flexibility to control the behaviour. i have requirement on few items like to have execution environment golobally available along with that few creentials but while testing it appears for creating credential organization has been made mandatory but as per documentation it says optional. Similar problems observed with settings all are listed as optional but have to fill everthing there is no flexibility on these items.

https://registry.terraform.io/providers/ilijamt/awx/latest/docs/resources/credential
https://registry.terraform.io/providers/ilijamt/awx/latest/docs/resources/settings_auth_saml

image
reshifirdous commented

Error:

│ Error: Unable to create resource for Credential on /api/v2/credentials/

│ with awx_credential.credentials["CONTAINER REGISTRY CREDENTIALS"],
│ on credentials.tf line 1, in resource "awx_credential" "credentials":
│ 1: resource "awx_credential" "credentials" {

│ invalid status code: 400, on /api/v2/credentials/ with {"detail":["Missing
│ 'user', 'team', or 'organization'."]}

ERRO[0005] terraform invocation failed in /ansible-awx-terraform-dev/NewFormat/dev/.terragrunt-cach
e/5zNg_T0822Q-K3ro8mGOQU_7QqA/XjsNBCAXFo1RIqhnaDcs2IGepw4 prefix=[/ansible-awx-terraform-dev/NewFormat/dev]
ERRO[0005] 1 error occurred:
* [/ansible-awx
-terraform-dev/NewFormat/dev/.terragrunt-cache/5zNg_T0822Q-K3ro8mGOQU_7QqA/XjsNBCAXFo1RIqhnaDcs2IGepw4] exit status 1

ilijamt commented

Yeah, according to their API they are optional, but one of them is required.

But let me check, the write only fields from the API are missing in the provider, which shouldn't be happening. There are special write_only fields which can only be provided during initial creation of the credential, after that it's not possible to change and/or update them. Looks like I disabled them when I moved to the terraform framework plugin from the legacy sdk. And if you create from the UI without an organization it assigns the credential to the user it created it.

The definition below is provided by the API of AWX.

terraform-provider-awx/resources/api/23.8.1/payload/resource_credential.json

Lines 102 to 161 in ba48f28

"POST": {
"credential_type": {
"filterable": true,
"help_text": "Specify the type of credential you want to create. Refer to the documentation for details on each type.",
"label": "Credential Type",
"required": true,
"type": "id"
},
"description": {
"default": "",
"filterable": true,
"help_text": "Optional description of this credential.",
"label": "Description",
"required": false,
"type": "string"
},
"inputs": {
"default": {},
"filterable": true,
"help_text": "Enter inputs using either JSON or YAML syntax. Refer to the documentation for example syntax.",
"label": "Inputs",
"required": false,
"type": "json"
},
"name": {
"filterable": true,
"help_text": "Name of this credential.",
"label": "Name",
"max_length": 512,
"required": true,
"type": "string"
},
"organization": {
"default": null,
"filterable": true,
"help_text": "Inherit permissions from organization roles. If provided on creation, do not give either user or team.",
"label": "Organization",
"required": false,
"type": "id"
},
"team": {
"default": null,
"filterable": false,
"help_text": "Write-only field used to add team to owner role. If provided, do not give either user or organization. Only valid for creation.",
"label": "Team",
"required": false,
"type": "id",
"write_only": true
},
"user": {
"default": null,
"filterable": false,
"help_text": "Write-only field used to add user to owner role. If provided, do not give either team or organization. Only valid for creation.",
"label": "User",
"required": false,
"type": "id",
"write_only": true
}
}
},

reshifirdous commented

any plans for getting "write_only": true back.

ilijamt commented
  • ❤️1
ilijamt commented

Yes that's normal. Because when you do it from the UI, writes back everything. When you do it from terraform you only send partially what you have defined. So when you update you have to send all of them.

reshifirdous commented

thanks for making me understand i was thinking api wont be any different the user does operations normally.

ilijamt commented

There is a new version, it's building now v23.8.1-1 can you try it out it has the fields back and let me know.

reshifirdous commented

yes thanks it works :)

reshifirdous commented

i hit one more error/bug with schedules. I follow this example
https://github.com/ilijamt/terraform-provider-awx/blob/main/examples/preload_data/main.tf#L152-L157

│ Error: Unable to create resource for Schedule on /api/v2/schedules/

│ with awx_schedule.schedules["abc Nautobot Inventory"],
│ on schedules.tf line 29, in resource "awx_schedule" "schedules":
│ 29: resource "awx_schedule" "schedules" {

│ invalid status code: 400, on /api/v2/schedules/ with {"diff_mode":["Field
│ is not allowed on launch."]}

resource "awx_schedule" "schedules" {
  for_each             = {for schedule in data.awx_inventory_source.source_inventories : schedule.name => schedule}
  name                 = each.value.name
  enabled = true
  # everday time 2359 time zone ist from 2024 to 2050
  rrule                = "DTSTART;TZID=Europe/Amsterdam:20221111T103000 RRULE:INTERVAL=1;FREQ=MONTHLY;BYMONTHDAY=1"
  unified_job_template = each.value.id
}
ilijamt commented

The API is complaining about diff mode set. Try removing prompt for diff mode from the template.

ilijamt commented

terraform-provider-awx/examples/preload_data/main.tf

Lines 152 to 156 in d6d362b

resource "awx_schedule" "demo_job" {
enabled = true
name = "Run Demo Job every month"
rrule = "DTSTART;TZID=Europe/Amsterdam:20221111T103000 RRULE:INTERVAL=1;FREQ=MONTHLY;BYMONTHDAY=1"
unified_job_template = awx_job_template.demo_job_template.id

I just ran the whole preload folder on 24.1.0 and there is no issue with the schedule, you need to see the choices you have on are conflicting with the schedule creation