Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error with team_member resource: expected role to be one of [reader writer admin], got owner #84

Closed
kiddom-kq opened this issue Jan 28, 2022 · 2 comments
Closed

Error with team_member resource: expected role to be one of [reader writer admin], got owner #84

kiddom-kq opened this issue Jan 28, 2022 · 2 comments

Comments

@kiddom-kq
Copy link

I am trying get all our users managed via TF as SSO is $$$. See LD on the wall of shame, here: https://sso.tax/.

I have the account owner declared as a resource:

# pointyhair boss <[email protected]>
resource "launchdarkly_team_member" "pointyhair_boss" {
  email      = "[email protected]"
  first_name = "pointyhair"
  last_name  = "boss"
  # This generates an error
  role = "owner"

  # This does not... but it also incorrect. API docs not super clear on what (attempting) to demote would do.
  #role = "admin"
  # Note: this does not work as the error is happening in the validation phase... well before TF does a refresh
  lifecycle {
    ignore_changes = [
      role
    ]
  }
}

When running tf plan I get this:

│ Error: expected role to be one of [reader writer admin], got owner

I believe the issue is here:

https://github.com/launchdarkly/terraform-provider-launchdarkly/blob/master/launchdarkly/resource_launchdarkly_team_member.go#L49
kiddom-kq added a commit to kiddom-kq/terraform-provider-launchdarkly that referenced this issue Jan 28, 2022
@kiddom-kq
[WIP] - support team_member role of type 'owner'
9f5eeca 
See launchdarkly#84 
fix validation to support 'admin`
@kiddom-kq kiddom-kq mentioned this issue Jan 28, 2022
Closed
@kiddom-kq
Copy link
Author

And just for giggles, I ran the tf apply anyways to see what would happen. Got this back:

│ Error: failed to update team member with id "6....6": 400 Bad Request: {"message":"You cannot change the account owner's role"}

@ldhenry
Copy link
Collaborator

ldhenry commented Jan 31, 2022

Hey @kiddom-kq,

Sorry to hear this is causing issues for you. Unfortunately there are currently several protections in place that prevent us from adding the owner role to the Terraform provider directly, such as:

  • There can only be one owner at a time
  • You cannot change the owner via API (only via session auth)
  • You cannot change your own role

I'll escalate

Have you tried your workaround withadmin, and ignore_changes?:

# pointyhair boss <[email protected]>
resource "launchdarkly_team_member" "pointyhair_boss" {
  email      = "[email protected]"
  first_name = "pointyhair"
  last_name  = "boss"
  # This generates an error
  role = "admin"
  lifecycle {
    ignore_changes = [
      role
    ]
  }
}

Thanks,
Henry

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sloloris @ldhenry @kiddom-kq