LDAP settings v2 resource does not support search filter as variables
lsc opened this issue · 1 comments
lsc commented
Describe the bug
If you use a variable as input for the search_filter argument in the artifactory_ldap_settings_v2 resource, it will fail even if the supplied string is a correct ldap search filter.
Versions
Terraform v1.3.9
on darwin_amd64
+ provider registry.terraform.io/jfrog/artifactory v10.1.0
❯ jf rt curl api/system/version
{
"version" : "7.77.1",
"revision" : "77701900",
[...]
}
Failing code sample
terraform {
required_providers {
artifactory = {
source = "jfrog/artifactory"
version = "~>10.0"
}
}
}
provider "artifactory" {
url = "https://company.jfrog.io"
check_license = false
access_token = "xxx"
}
variable "search_filter" {
type = string
default = "(&(objectClass=inetOrgPerson)(uid={0}))"
}
resource "artifactory_ldap_setting_v2" "this" {
key = "my_ldap"
ldap_url = "ldaps://my.ldap.example.com"
search_base = "ou=my,dc=company,dc=com"
search_filter = var.search_filter
manager_password = "password"
manager_dn = "dn=user.name"
search_sub_tree = true
}
❯ tf plan
╷
│ Error: Incorrect Attribute Configuration
│
│ with artifactory_ldap_setting_v2.this,
│ on repro.tf line 25, in resource "artifactory_ldap_setting_v2" "this":
│ 25: search_filter = var.search_filter
│
│ Expected search_filter to be a valid LDAP search filter, LDAP Result Code 201 "Filter Compile Error": ldap: filter does not start with an '('
╵
Working code sample
terraform {
required_providers {
artifactory = {
source = "jfrog/artifactory"
version = "~>10.0"
}
}
}
provider "artifactory" {
url = "https://company.jfrog.io"
check_license = false
access_token = "xxx"
}
resource "artifactory_ldap_setting_v2" "this" {
key = "my_ldap"
ldap_url = "ldaps://my.ldap.example.com"
search_base = "ou=my,dc=company,dc=com"
search_filter = "(&(objectClass=inetOrgPerson)(uid={0}))"
manager_password = "password"
manager_dn = "dn=user.name"
search_sub_tree = true
}
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# artifactory_ldap_setting_v2.this will be created
+ resource "artifactory_ldap_setting_v2" "this" {
+ allow_user_to_access_profile = false
+ auto_create_user = true
+ email_attribute = "mail"
+ enabled = true
+ id = (known after apply)
+ key = "my_ldap"
+ ldap_poisoning_protection = true
+ ldap_url = "ldaps://my.ldap.example.com"
+ manager_dn = "dn=user.name"
+ manager_password = (sensitive value)
+ paging_support_enabled = true
+ search_base = "ou=my,dc=company,dc=com"
+ search_filter = "(&(objectClass=inetOrgPerson)(uid={0}))"
+ search_sub_tree = true
}
Plan: 1 to add, 0 to change, 0 to destroy.
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
Expected behavior
The ability to use a variable as input for the search_filter argument to the artifactory_ldap_settings_v2 resource.