Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

fix: support unmanaged roles on user resource#250

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
ethanndickson merged 5 commits intomainfromethan/user-unmanaged-roles
Aug 19, 2025

Conversation

ethanndickson
Copy link
Member

@ethanndicksonethanndickson commentedAug 18, 2025
edited
Loading

A customer ran into an issue when creating an OIDC user while role sync was enabled on the deployment:

Error: 'User Role Field' is set in the OIDC configuration. All role changes must come from the oidc identity provider.

This is because we always callUpdateUserRoles onCreate andUpdate.

OIDC User roles cannot be managed via the API if role sync is used, as the API always returns an error on any role update request.

With this PR,roles can now be set tonull in the config, whereby the Terraform provider will not attempt to read or update the user's roles under any circumstances. This prevents config drift when roles are set via Role Sync.

@ethanndicksonGraphite App
Copy link
MemberAuthor

This stack of pull requests is managed byGraphite. Learn more aboutstacking.

ImportStateId:"example",
// We can't pull the password from the API.
ImportStateVerifyIgnore: []string{"password"},
ImportStateVerifyIgnore: []string{"password","roles"},
Copy link
MemberAuthor

@ethanndicksonethanndicksonAug 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Because we're usingnull to signify thatroles shouldn't be managed by Terraform, we have the same problem we have with thegroup resource: we don't know whether or not thenull value was set in the config, or is null because it's an import. Frustratingly, the provider framework doesn't provide a way to differentiate the two.

@ethanndicksonethanndickson marked this pull request as ready for reviewAugust 18, 2025 07:47
@ethanndicksonGraphite App
Copy link
MemberAuthor

ethanndickson commentedAug 19, 2025
edited
Loading

Merge activity

  • Aug 19, 12:31 AM UTC: A user started a stack merge that includes this pull request viaGraphite.
  • Aug 19, 12:31 AM UTC:@ethanndickson merged this pull request withGraphite.

@ethanndicksonethanndickson merged commit99877ea intomainAug 19, 2025
14 checks passed
@ethanndicksonethanndickson deleted the ethan/user-unmanaged-roles branchAugust 19, 2025 00:31
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers

@deansheatherdeansheatherdeansheather approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

2 participants
@ethanndickson@deansheather
[8]ページ先頭
©2009-2025 Movatter.jp