New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"authenticator_groups_config" is not working as intended #12730
"authenticator_groups_config" is not working as intended #12730
Comments
@rd-nikhil-singh I am not clear how to repro the issue. Can you detail the steps? What do you mean |
Hi @edwardmedia, I have added the config with which you can reproduce it. It is recommended in the comments here that Group name must be in format "gke-security-groups@xxx.com." so this is what I tried first. It did not work then I tried without . in the end "gke-security-groups@xxx.com" and it did not work either. In the cloud console it works with "gke-security-groups@xxx.com" but not with "gke-security-groups@xxx.com.". I am sorry I cannot share the debug log for security reasons as it may reveal some of our internal details. |
@rd-nikhil-singh there is a daily test that works to verify |
Hi @edwardmedia, thanks for your response. Once you apply the changes terraform shows applied successfully but you do not see it in the cloud console. So, it appears working fine but it doesn't work in reality. We have used "gke-security-groups@xxx.com" format with no success. Please try it and then you will see it. |
@rd-nikhil-singh I don't have a valid gke-security-group email available for reproing this. Can you share you debug log? You may redact your secrets in the log. I want to see the API requests and responses in general. Also I am curious what you meant
|
Howdy. I am also having this issue as described, and I think I can clarify some of the details. I have a cluster in GKE. However, I did not enable RBAC sec group on creation. I wanted to rectify this. I added a configured I added:
I re-ran the plan and there were no changes detected. i.e. My "Google Groups for RBAC" flag for this cluster is still "Disabled" in the GKE console. I then enabled RBAC manually via gcloud:
I then set the I then re-add the To sum up:
This is a bug. Workarounds:
Possible Fixes for Provider
|
Ouch! I must add to my last comment... Terraform plan did detect the change when I tried to re-add the security_group. However, terraform apply did not apply the change even though it is explicitly listed in the plan, and is explicitly declared as "Updated" in the apply step. This is the first time I've ever seen a change called out in the plan, and This is probably what @rd-nikhil-singh meant by "So, it appears working fine but it doesn't work in reality" This also means my second workaround probably won't work |
I'm experiencing the same behaviour. although the name of the group is, in fact, updated every time - so if I manually enable the checkbox proper (from TF) group is there waiting for me: To conclude - from the end-user perspective, it seems like the provider is updating the group name every time but somehow forgets to tick the checkbox actually to enable the feature ;-) |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
modular-magician
user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned tohashibot
, a community member has claimed the issue already.Terraform Version
Terraform v1.3.1
on darwin_amd64
Affected Resource(s)
Terraform Configuration Files
Expected Behavior
Google Groups for RBAC should be enabled with the above value
Actual Behavior
Still disabled.
Info
The reverse works fine. For example, if we enable it and add the value via Google Cloud Console then we can see it. If we decide to disable it via terraform then the following works:
Steps to Reproduce
terraform apply
References
The text was updated successfully, but these errors were encountered: