This repository was archived by the owner on Mar 8, 2022. It is now read-only.
This repository was archived by the owner on Mar 8, 2022. It is now read-only.
Changes to the auth0_client_grant produce inconsistent results after apply #239
Description
Description
When I make changes to the auth0_client and auth0_resource_server (in this example a simple name change) while keeping the same auth0_client_grant binding, I get the following error:
Error: Provider produced inconsistent result after apply
When applying changes to auth0_client_grant.foo_dev, provider "auth0"
produced an unexpected new value for was present, but now absent.
This is a bug in the provider, which should be reported in the provider's own
issue tracker.The plan is:
Terraform Version
Terraform v0.12.6
+ provider.auth0 v0.10.2
Affected Resource(s)
- auth0_client_grant
Terraform Configuration Files
resource "auth0_resource_server" "dev" {
name = "foo-dev-old"
identifier = "foo-dev-old"
signing_alg = "redacted"
allow_offline_access = redacted
token_lifetime = redacted
skip_consent_for_verifiable_first_party_clients = redacted
}
resource "auth0_client" "foo_dev" {
name = "foo-dev-old"
description = "foo dev client"
app_type = "non_interactive"
is_first_party = redacted
oidc_conformant = redacted
grant_types = ["client_credentials"]
token_endpoint_auth_method = "client_secret_post"
jwt_configuration {
lifetime_in_seconds = redacted
secret_encoded = redacted
alg = "redacted"
}
}
resource "auth0_client_grant" "foo_dev" {
client_id = auth0_client.foo_dev.id
audience = auth0_resource_server.dev.identifier
scope = []
}Expected Behavior
I would have expected it to have executed like in the plan, where after the names were changed on the client and resource server, the client_grant would bind them accordingly.
Resource actions are indicated with the following symbols:
~ update in-place
-/+ destroy and then create replacement
Terraform will perform the following actions:
# auth0_client.foo_dev will be updated in-place
~ resource "auth0_client" "foo_dev" {
allowed_logout_urls = redacted
allowed_origins = redacted
2020/05/27 16:23:59 [DEBUG] command: asking for input: "Do you want to perform these actions?"
app_type = "non_interactive"
callbacks = redacted
client_id = "redacted"
client_metadata = redacted
client_secret = (sensitive value)
cross_origin_auth = redacted
custom_login_page_on = redacted
description = "foo dev client"
encryption_key = redacted
grant_types = [
"client_credentials",
]
id = "redacted"
is_first_party = redacted
is_token_endpoint_ip_header_trusted = redacted
~ name = "foo-dev" -> "foo-dev-old"
oidc_conformant = redacted
sso = redacted
sso_disabled = redacted
token_endpoint_auth_method = "client_secret_post"
web_origins = []
jwt_configuration {
alg = "redacted"
lifetime_in_seconds = redacted
scopes = redacted
secret_encoded = redacted
}
}
# auth0_client_grant.foo_dev will be updated in-place
~ resource "auth0_client_grant" "foo_dev" {
~ audience = "foo-dev" -> "foo-dev-old"
client_id = "redacted"
id = "redacted"
scope = []
}
# auth0_resource_server.dev must be replaced
-/+ resource "auth0_resource_server" "dev" {
allow_offline_access = redacted
- enforce_policies = false -> null
~ id = "redacted" -> (known after apply)
~ identifier = "foo-dev" -> "foo-dev-old" # forces replacement
~ name = "foo-dev" -> "foo-dev-old"
- options = {} -> null
signing_alg = "redacted"
+ signing_secret = (known after apply)
skip_consent_for_verifiable_first_party_clients = redacted
token_lifetime = redacted
~ token_lifetime_for_web = redacted -> (known after apply)
}
Actual Behavior
After the client and the resource server is updated, an inconsistent state error occurs when terraform tries to update auth0_client_grant tries to update the resource.
Steps to Reproduce
- Create an
auth0_resource_server,auth0_client, and bind them using anauth0_client_grant - Change the name on the
auth0_resource_serverandauth0_client terraform apply
Debug Output
2020/05/27 16:24:02 [TRACE] <root>: eval: *terraform.EvalMaybeTainted
2020/05/27 16:24:02 [TRACE] <root>: eval: *terraform.EvalWriteState
2020/05/27 16:24:02 [TRACE] EvalWriteState: writing current state object for auth0_resource_server.dev
auth0_resource_server.dev: Creation complete after 0s [id=redacted]
auth0_client_grant.foo_dev: Modifying... [id=redacted]
2020/05/27 16:24:02 [DEBUG] auth0_client_grant.foo_dev: applying the planned Update change
2020/05/27 16:24:02 [TRACE] GRPCProvider: ApplyResourceChange
2020/05/27 16:24:02 [DEBUG] auth0_client_grant.foo_dev: apply errored, but we're indicating that via the Error pointer rather than returning it: Provider produced inconsistent result after apply: When applying changes to auth0_client_grant.foo_dev, provider "auth0" produced an unexpected new value for was present, but now absent.This is a summary, full gist is: https://gist.github.com/MyMirelHub/2d38dbd024b22a1cbb6a705b5f434729#file-issue-txt
References
Possibly related to
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment