[Bug]: INVALID_DATABASE_NAME - creating custom_db_role

[Kikivsantos]

Is there an existing issue for this?

• I have searched the existing issues

Provider Version

latest

Terraform Version

latest

Terraform Edition

Terraform Open Source (OSS)

Current Behavior

Error when running the apply (The plan goes ok)

mongodbatlas_custom_db_role.default: Creating...

Error: error creating custom db role: https://cloud.mongodb.com/api/atlas/v2/groups/5f6f9959a[55](https://github.com/tag-trade-repository/mongodb-atlas-org/actions/runs/9229813698/job/25396776713#step:11:56)ed91e80e4f7d1/customDBRoles/roles POST: HTTP 400 Bad Request (Error code: "INVALID_DATABASE_NAME") Detail: Invalid database name specified: ,,,,,. Reason: Bad Request. Params: [,,,,,]

  with mongodbatlas_custom_db_role.default,
  on main.tf line 5, in resource "mongodbatlas_custom_db_role" "default":
   5: resource "mongodbatlas_custom_db_role" "default" ***

time=2024-05-24T20:[56](https://github.com/tag-trade-repository/mongodb-atlas-org/actions/runs/9229813698/job/25396776713#step:11:57):12Z level=error msg=Terraform invocation failed in /home/gitrunner/actions-runner/_work/mongodb-atlas-org/mongodb-atlas-org/terraform/resources/projects/develop/custom-roles/writedml/.terragrunt-cache/T9e7NUAPeSVEtRyMVp-H2ciJjD0/pzZ6kKKOog-nM-3feLfydekfdws/modules/custom-roles prefix=[terraform/resources/projects/develop/custom-roles/writedml] 
time=2024-05-24T20:56:12Z level=error msg=1 error occurred:
	* exit status 1

Terraform configuration to reproduce the issue

1- main.tf:

# ------------------------------------------------------------------------------
# MONGODB CLUSTER
# ------------------------------------------------------------------------------
resource "mongodbatlas_custom_db_role" "default" {
    project_id = var.project_id #var.project_id[var.environment]
    role_name                       = var.role_name #"write-dml"

    dynamic "actions" {
        for_each                    = var.action    
        content {
            action                  = actions.value.action
            resources {
                collection_name     = try(actions.value.collection_name, null)
                database_name       = try(actions.value.database_name, null)
                cluster             = try(actions.value.cluster, null)
            }
        }
    } 

    dynamic "inherited_roles" {
        for_each              = var.inherited_role == null ? toset([]) : toset(var.inherited_role)

        content {
            role_name           = try(inherited_roles.role_name, null)
            database_name       = try(inherited_roles.database_name, null)
        }
    }


}

2 - variable.tf

variable "project_id" {
    description = <<HEREDOC
    (Required) The ID of the project where the alert configuration will create.
    HEREDOC
}

variable "role_name" {
    description = <<HEREDOC
    (Required) Name of the custom role.
    HEREDOC
    type        = string
}

variable "action" {
    description = <<HEREDOC
    (Required) Each object in the actions array represents an individual privilege action granted by the role.
    HEREDOC
    type        = any
}

variable "inherited_role" {
    description = <<HEREDOC
    (Optional) Each object in the inheritedRoles array represents a key-value pair indicating the inherited role and the database on which the role is granted.
    HEREDOC
    type        = any
    default = null
}

3 - terragunt.hcl (that calls the terraform module):

locals {
  component_name = "modules/custom-roles"
  component_version = "feature/CustomRole"
}

include "root" {
  path = "${get_repo_root()}/terragrunt.hcl"
}

dependency "project" {
  config_path = "../.."
}

inputs = {
  project_id   = dependency.project.outputs.project_id
  role_name    = "writedml" 

  action = [
    {
        action = "FIND"
        resources = {
          collection_name = ""
          database_name   = "anyDatabase"
        }
    },
    {
        action = "INSERT"
        resources = {
          collection_name = ""
          database_name   = "anyDatabase"
        }
    },
    {
        action = "UPDATE"
        resources = {
          collection_name = ""
          database_name   = "anyDatabase"
        }
    },
    {
        action = "REMOVE"
        resources = {
          collection_name = ""
          database_name   = "anyDatabase"
        }
    },
    {
        action = "BYPASS_DOCUMENT_VALIDATION"
        resources = {
          collection_name = ""
          database_name   = "anyDatabase"
        }
    },
    {
        action = "USE_UUID"
        resources = {
          collection_name = ""
          database_name   = "anyDatabase"
        }
    },
  ]
    
} 

Steps To Reproduce

1 - terragrunt plan (works fine)

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # mongodbatlas_custom_db_role.default will be created
  + resource "mongodbatlas_custom_db_role" "default" {
      + id         = (known after apply)
      + project_id = "5f6f9959a55ed91e80e4f7d1"
      + role_name  = "writedml"

      + actions {
          + action = "FIND"

          + resources {
                # (2 unchanged attributes hidden)
            }
        }
      + actions {
          + action = "INSERT"

          + resources {
                # (2 unchanged attributes hidden)
            }
        }
      + actions {
          + action = "UPDATE"

          + resources {
                # (2 unchanged attributes hidden)
            }
        }
      + actions {
          + action = "REMOVE"

          + resources {
                # (2 unchanged attributes hidden)
            }
        }
      + actions {
          + action = "BYPASS_DOCUMENT_VALIDATION"

          + resources {
                # (2 unchanged attributes hidden)
            }
        }
      + actions {
          + action = "USE_UUID"

          + resources {
                # (2 unchanged attributes hidden)
            }
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

2 - terragrun apply (error)

Terraform will perform the following actions:

  # mongodbatlas_custom_db_role.default will be created
  + resource "mongodbatlas_custom_db_role" "default" ***
      + id         = (known after apply)
      + project_id = "XXXXXX"
      + role_name  = "writedml"

      + actions ***
          + action = "FIND"

          + resources ***
                # (2 unchanged attributes hidden)
            ***
        ***
      + actions ***
          + action = "INSERT"

          + resources ***
                # (2 unchanged attributes hidden)
            ***
        ***
      + actions ***
          + action = "UPDATE"

          + resources ***
                # (2 unchanged attributes hidden)
            ***
        ***
      + actions ***
          + action = "REMOVE"

          + resources ***
                # (2 unchanged attributes hidden)
            ***
        ***
      + actions ***
          + action = "BYPASS_DOCUMENT_VALIDATION"

          + resources ***
                # (2 unchanged attributes hidden)
            ***
        ***
      + actions ***
          + action = "USE_UUID"

          + resources ***
                # (2 unchanged attributes hidden)
            ***
        ***
    ***

Plan: 1 to add, 0 to change, 0 to destroy.
mongodbatlas_custom_db_role.default: Creating...

Error: error creating custom db role: https://cloud.mongodb.com/api/atlas/v2/groups/5f6f9959a[55](https://github.com/tag-trade-repository/mongodb-atlas-org/actions/runs/9229813698/job/25396776713#step:11:56)ed91e80e4f7d1/customDBRoles/roles POST: HTTP 400 Bad Request (Error code: "INVALID_DATABASE_NAME") Detail: Invalid database name specified: ,,,,,. Reason: Bad Request. Params: [,,,,,]

  with mongodbatlas_custom_db_role.default,
  on main.tf line 5, in resource "mongodbatlas_custom_db_role" "default":
   5: resource "mongodbatlas_custom_db_role" "default" ***

time=2024-05-24T20:[56](https://github.com/tag-trade-repository/mongodb-atlas-org/actions/runs/9229813698/job/25396776713#step:11:57):12Z level=error msg=Terraform invocation failed in /home/gitrunner/actions-runner/_work/mongodb-atlas-org/mongodb-atlas-org/terraform/resources/projects/develop/custom-roles/writedml/.terragrunt-cache/T9e7NUAPeSVEtRyMVp-H2ciJjD0/pzZ6kKKOog-nM-3feLfydekfdws/modules/custom-roles prefix=[terraform/resources/projects/develop/custom-roles/writedml] 
time=2024-05-24T20:56:12Z level=error msg=1 error occurred:
	* exit status 1

Logs

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

[github-actions]

Thanks for opening this issue! Please make sure you've followed our guidelines when opening the issue. In short, to help us reproduce the issue we need:

• Terraform configuration file used to reproduce the issue
• Terraform log files from the run where the issue occurred
• Terraform Atlas provider version used to reproduce the issue
• Terraform version used to reproduce the issue
• Confirmation if Terraform OSS, Terraform Cloud, or Terraform Enterprise deployment

The ticket CLOUDP-250697 was created for internal tracking.

[Kikivsantos]

I'm sorry, guys.

The problem was in my code. I'm adding the one that works here to anyone who maybe want this as an example

main.tf

# ------------------------------------------------------------------------------
# MONGODB CLUSTER
# ------------------------------------------------------------------------------
resource "mongodbatlas_custom_db_role" "default" {
    project_id = var.project_id #var.project_id[var.environment]
    role_name                       = var.role_name #"write-dml"


    dynamic "actions" {
        for_each                    = var.actionss    
        content {
            action                  = actions.value["action"]

            resources {
                collection_name     = try(actions.value.resource.collection_name, null)
                database_name       = try(actions.value.resource.database_name, null)
                cluster             = try(actions.value.resource.cluster, null)
            }
        }
    } 

    dynamic "inherited_roles" {
        for_each              = var.inherited_role == null ? toset([]) : toset(var.inherited_role)

        content {
            role_name           = try(inherited_roles.role_name, null)
            database_name       = try(inherited_roles.database_name, null)
        }
    }

}

variable.tf

variable "project_id" {
    description = <<HEREDOC
    (Required) The ID of the project where the alert configuration will create.
    HEREDOC
}

variable "role_name" {
    description = <<HEREDOC
    (Required) Name of the custom role.
    HEREDOC
    type        = string
}

variable "actionss" {
    description = <<HEREDOC
    (Required) Each object in the actions array represents an individual privilege action granted by the role.
    HEREDOC
    type        = any
}


variable "inherited_role" {
    description = <<HEREDOC
    (Optional) Each object in the inheritedRoles array represents a key-value pair indicating the inherited role and the database on which the role is granted.
    HEREDOC
    type        = any
    default = null
}

my terragrunt.hcl (who calls the terraform module ):

locals {
  component_name = "modules/custom-roles"
  component_version = "feature/CustomRole"
}

include "root" {
  path = "${get_repo_root()}/terragrunt.hcl"
}

dependency "project" {
  config_path = "../.."
}

inputs = {
  project_id   = dependency.project.outputs.project_id
  role_name    = "writedml" 

  actionss =[ 
    {
      action = "REMOVE"
      resource = {
        collection_name = ""
        database_name   = "anyDatabase"
      } 
    }
  ]
} 

I'm closing this ISSUE, as there were NO ISSUE on terraform side