Default behavior that removes the readers group results in user creation error if autojoin disabled
Closed this issue · 1 comments
fabiankle commented
Hi,
we have found an issue concerning the creation of users when the readers group has autojoin disabled, see below.
Thank you for your support!
Describe the bug
When the autojoin option is disabled for the "reader" group, we are unable to create new users.
Example
// This resource must be imported first; alternatively use the gui to disable autojoin
resource "artifactory_group" "readers" {
name = "readers"
description = "A group for read-only users"
admin_privileges = false
auto_join = false
}
resource "artifactory_user" "my_user" {
name = "Max Power"
email = "max.power@offline.invalid"
admin = false
profile_updatable = true
disable_ui_access = false
internal_password_disabled = false
groups = []
}
Result:
╷
│ Error: Unable to Create Resource
│
│ with artifactory_user.my_user,
│ on example.tf line 12, in resource "artifactory_user" "my_user":
│ 12 resource "artifactory_user" "my_user" {
│
│ An unexpected error occurred while creating the resource update request. Please report this issue to the provider developers.
│
│ Error: BAD_REQUEST - Cant remove group that are not associated with the user
╵
Version
jfrog/artifactory 10.3.3
OpenTofu 1.6.2
Expected behavior
User should be created without error (internally: provider should not attempt to remove "readers" group if it was not auto-assigned to the user by Artifactory)
Additional context
Version 10.3.2 introduced a fix that per default removes the "readers" group from any user.
However, this request fails when the readers group had not been assigned to the user by Artifactory in the first place.