Data source gsuite_user_attributes produces extraneous diffs on update
izeau opened this issue · comments
Hi! Thanks for your provider, it’s a piece of art!
I’ve tried playing with custom attributes but had to walk away from the gsuite_user_attributes
data source because the generated JSON was causing diffs even though the schema didn’t change. I think that’s because the Directory API supports different input formats but has only one output.
In order to use multiValued attributes (such as the multiValued strings below) I had to set children as objects with type
and value
attributes instead of just a simple value. This is explained in the docs. Otherwise it works on creation but tries to remove the type on update. It would be nice if we could specify the type.
Note that I also had to force SessionDuration
– an INT64 attribute – to a string.
# Works only on creation, causes a diff everytime afterwards
data "gsuite_user_attributes" "aws_administrator" {
integer {
name = "SessionDuration"
value = aws_iam_role.administrator.max_session_duration
}
strings {
name = "Role"
value = ["${aws_iam_role.administrator.arn},${var.saml_provider_arn}"]
}
}
# Works everytime
locals {
aws_administrator = jsonencode({
SessionDuration = tostring(aws_iam_role.administrator.max_session_duration)
Role = [{
type = "other"
value = "${aws_iam_role.administrator.arn},${var.saml_provider_arn}"
}]
})
}