Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to import existing User resource #237

Closed
asvinours opened this issue May 14, 2023 · 5 comments · Fixed by #456
Closed

Unable to import existing User resource #237

asvinours opened this issue May 14, 2023 · 5 comments · Fixed by #456
Assignees
@asvinours
Labels
kind/bug Some behavior is incorrect or out of spec resolution/fixed This issue was fixed

Comments

@asvinours
Copy link
Contributor

What happened?

When trying to import an existing auth0 user into a pulumi stack, the connection name attribute is causing a resource diff which makes the import process fail.

pulumi up --diff     
Previewing update (dynamic-imports):
~ pulumi:pulumi:Stack: (refresh)
    [urn=urn:pulumi:dynamic-imports::fbaumann-auth0-playground::pulumi:pulumi:Stack::fbaumann-auth0-playground-dynamic-imports]
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:dynamic-imports::fbaumann-auth0-playground::pulumi:pulumi:Stack::fbaumann-auth0-playground-dynamic-imports]
warning: inputs to import do not match the existing resource; importing this resource will fail
    = auth0:index/user:User: (import)
        [id=auth0|111111111111111111111111]
        [urn=urn:pulumi:dynamic-imports::fbaumann-auth0-playground::auth0:index/user:User::this]
        [provider=urn:pulumi:dynamic-imports::fbaumann-auth0-playground::pulumi:providers:auth0::this::b2d1a574-2k0d-29dh-20sk-cdd06a420f01]
      + connectionName: "playground-connection-name"
Resources:
    = 1 to import
    2 unchanged
Do you want to perform this update? yes
Updating (dynamic-imports):
~ pulumi:pulumi:Stack: (refresh)
    [urn=urn:pulumi:dynamic-imports::fbaumann-auth0-playground::pulumi:pulumi:Stack::fbaumann-auth0-playground-dynamic-imports]
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:dynamic-imports::fbaumann-auth0-playground::pulumi:pulumi:Stack::fbaumann-auth0-playground-dynamic-imports]
error: inputs to import do not match the existing resource
error: update failed

If the connection_name attribute is added to the list of ignore_changes, then pulumi fails to run:

pulumi up --diff
Previewing update (dynamic-imports):
~ pulumi:pulumi:Stack: (refresh)
    [urn=urn:pulumi:dynamic-imports::fbaumann-auth0-playground::pulumi:pulumi:Stack::fbaumann-auth0-playground-dynamic-imports]
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:dynamic-imports::fbaumann-auth0-playground::pulumi:pulumi:Stack::fbaumann-auth0-playground-dynamic-imports]
error: auth0:index/user:User resource 'this' has a problem: Missing required argument: The argument "connection_name" is required, but no definition was found.. Examine values at 'User.ConnectionName'.
error: Preview failed: one or more inputs failed to validate
error: preview failed
Resources:
    2 unchanged

Expected Behavior

The import step should succeed and the user resource should be imported into the pulumi stack

Steps to reproduce

import json
import os

from dotenv import load_dotenv
from pulumi import ResourceOptions
import pulumi_auth0 as auth0
import requests


load_dotenv()

IMPORTS_ENABLED = True

DOMAIN = os.environ["AUTH0_DOMAIN"]
ENDPOINT_URL = f"https://{DOMAIN}/api/v2/"
CLIENT_ID = os.environ["AUTH0_CLIENT_ID"]
CLIENT_SECRET = os.environ["AUTH0_CLIENT_SECRET"]

AUTH0_DATABASE_CONNECTION_NAME = "<REPLACE WITH AUTH0 DATABASE CONNECTION NAME>"
USER_EMAIL = "<REPLACE WITH EMAIL OF EXISTING USER>"

already_imported = False
user_data = None
if IMPORTS_ENABLED:
    auth_token_payload = {
        "grant_type": "client_credentials",
        "client_id": CLIENT_ID,
        "client_secret": CLIENT_SECRET,
        "audience": ENDPOINT_URL,
    }
    response = requests.post(
        url=f"https://{DOMAIN}/oauth/token",
        headers={'content-type': "application/x-www-form-urlencoded"},
        data=auth_token_payload,
    )
    response.raise_for_status()
    auth0_credentials = response.json()

    auth0_request_headers = {
        'Content-Type': 'application/json',
        'Authorization': f"Bearer {auth0_credentials['access_token']}"
    }

    response = requests.get(ENDPOINT_URL + 'users-by-email', headers=auth0_request_headers, params={"email": USER_EMAIL})
    json_data = response.json()
    user_data = next(iter([u for u in json_data if u.get("identities", [])[0]["connection"] == AUTH0_DATABASE_CONNECTION_NAME]), None)
    if user_data is not None:
        already_imported = user_data.get("user_metadata", {}).get("managed-by") == "iac"


provider = auth0.Provider("this",
    domain=DOMAIN,
    audience=ENDPOINT_URL,
    client_id=CLIENT_ID,
    client_secret=CLIENT_SECRET,
)

opts = ResourceOptions(provider=provider)
if IMPORTS_ENABLED and not already_imported and user_data is not None:
    opts = ResourceOptions(
        provider=provider,
        ignore_changes=["user_metadata", "email_verified"],
        import_=user_data["user_id"],
    )

user = auth0.User("this",
    connection_name=AUTH0_DATABASE_CONNECTION_NAME,
    name=USER_EMAIL,
    email=USER_EMAIL.lower(),
    user_metadata=json.dumps({
        "managed-by": "iac",
        "created-by": "pulumi",
    }),
    opts=opts,
)

Output of pulumi about

pulumi about
CLI          
Version      3.66.0
Go Version   go1.20.3
Go Compiler  gc

Plugins
NAME    VERSION
auth0   2.19.0
python  unknown

Host     
OS       darwin
Version  11.6.8
Arch     x86_64

This project is written in python: executable='/usr/local/bin/python3' version='3.11.3
'

Current Stack: dynamic-imports

TYPE                    URN
pulumi:pulumi:Stack     urn:pulumi:dynamic-imports::fbaumann-auth0-playground::pulumi:pulumi:Stack::fbaumann-auth0-playground-dynamic-imports
pulumi:providers:auth0  urn:pulumi:dynamic-imports::fbaumann-auth0-playground::pulumi:providers:auth0::this


Found no pending operations associated with dynamic-imports

Backend        
Name           FBAUMANN1.local
URL            file://~
User           fbaumann
Organizations  

Dependencies:
NAME           VERSION
auth0-python   4.2.0
cryptography   40.0.2
pip            23.1.2
pulumi-auth0   2.19.0
python-dotenv  1.0.0
setuptools     67.6.1
wheel          0.40.0
yamllint       1.31.0

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@asvinours asvinours added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels May 14, 2023
@t0yv0 t0yv0 removed the needs-triage Needs attention from the triage team label May 15, 2023
@t0yv0
Copy link
Member

t0yv0 commented May 15, 2023

Thank you for reporting this issue with a great repro @asvinours ! My team will be having a look.

@asvinours
Copy link
Contributor Author

@t0yv0 any news for this issue? Being able to import an existing user would be an amazing feature for us but this bug prevents us from moving forward

@asvinours
Copy link
Contributor Author

@t0yv0 Looks like this issue is still present in the latest version of the provider, any update on a fix?

asvinours pushed a commit to asvinours/pulumi-auth0 that referenced this issue Mar 7, 2024
@bclayer4
pulumi#237 - Inject user connection name to allow resource import
b01182a
asvinours pushed a commit to asvinours/pulumi-auth0 that referenced this issue Mar 7, 2024
@bclayer4
pulumi#237 - fix: Inject user connection name attribute to allow reso…
1e9b6b0 
…urce import
asvinours added a commit to asvinours/pulumi-auth0 that referenced this issue Mar 7, 2024
@asvinours
pulumi#237 - fix: Inject user connection name attribute to allow reso…
8c9c913 
…urce import
asvinours added a commit to asvinours/pulumi-auth0 that referenced this issue Mar 7, 2024
@asvinours
pulumi#237 - fix: Inject user connection name attribute to allow reso…
42edef9 
…urce import
@iwahbe iwahbe mentioned this issue Mar 12, 2024
Merged
iwahbe pushed a commit that referenced this issue Mar 14, 2024
@asvinours
#237 - fix: Inject user connection name attribute to allow resource i…
c553b16 
…mport (#456)

Fixes #237

I'm unsure why the path commits were modified to
`0000000000000000000000000000000000000000`, I guess I must have made a
mistake somewhere.

here are the steps I followed:

```
- make upstream
- make upstream.rebase
- I made the changes to upstream/internal/auth0/user/flatten.go and upstream/internal/auth0/user/resource.go then created a new git commit
- make upstream.finalize
```

I generated a build of the plugin and the python SDK and tested this
change locally and I can confirm that the connectionName is properly
imported and does not generate a change anymore

before the patch:

```text
warning: inputs to import do not match the existing resource; importing this resource will fail
    = auth0:index/user:User: (import)
        [id=auth0|65b3cf64d3feda60bbc6bd01]
        [urn=urn:pulumi:dev::test-pulumi-auth0::auth0:index/user:User::this]
        [provider=urn:pulumi:dev::test-pulumi-auth0::pulumi:providers:auth0::this::04da6b54-80e4-46f7-96ec-b56ff0331ba9]
      + connectionName: "c63b249c-47ce-4c26-a2c6-20dd9101af86-LocalUserDatabase"
```

with the patch

```text
    = auth0:index/user:User: (import)
        [id=auth0|65b3cf64d3feda60bbc6bd01]
        [urn=urn:pulumi:dev::test-pulumi-auth0::auth0:index/user:User::this]
        [provider=urn:pulumi:dev::test-pulumi-auth0::pulumi:providers:auth0::this::04da6b54-80e4-46f7-96ec-b56ff0331ba9]
        connectionName: "c63b249c-47ce-4c26-a2c6-20dd9101af86-LocalUserDatabase"
        email         : "me@example.com"
        name          : "Administrator"
        nickname      : "administrator"
        picture       : "https://s.gravatar.com/avatar/b3a263843d9b28612b381b3a01e4543c?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fla.png"
        userId        : "auth0|65b3cf64d3feda60bbc6bd01"

```
@pulumi-bot pulumi-bot added the resolution/fixed This issue was fixed label Mar 14, 2024
@iwahbe
Copy link
Member

iwahbe commented Mar 14, 2024

Your patch was released as part of v3.3.1.

@asvinours
Copy link
Contributor Author

thank you very much @iwahbe This is going to unblock a few projects for us

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@asvinours asvinours

Labels
kind/bug Some behavior is incorrect or out of spec resolution/fixed This issue was fixed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#237 - fix: Inject user connection name attribute to allow resource import asvinours/pulumi-auth0
4 participants
@t0yv0 @asvinours @iwahbe @pulumi-bot