Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong definition of email_domain_id in brand resource #1855

Open
MichaelOtte-lhsystems opened this issue Dec 18, 2023 · 7 comments
Open

Wrong definition of email_domain_id in brand resource #1855

MichaelOtte-lhsystems opened this issue Dec 18, 2023 · 7 comments
Labels
documentation-bug Documentation for Okta TF provider or Okta API is missing or incorrect triaged Triaged into internal Jira

Comments

@MichaelOtte-lhsystems
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.6.6

Affected Resource(s)

  • okta_brand

Terraform Configuration Files

resource "okta_brand" "brand" {
  name                           = "Custom"
  custom_privacy_policy_url      = var.okta_brand.custom_privacy_policy_url 
  remove_powered_by_okta         = var.okta_brand.remove_powered_by_okta 
  email_domain_id                = var.email_domain_id
}

Debug Output

  terrafrom validate 

Error: Invalid Configuration for Read-Only Attribute
│ 
│   with okta_brand.brand,
│   on brands.tf line 36, in resource "okta_brand" "brand":
│   36:   email_domain_id                = var. email_domain_id
│ 
│ Cannot set value for this attribute as the provider has marked it as read-only. Remove the configuration line setting the value.
│ 
│ Refer to the provider documentation or contact the provider developers for additional information about configurable and
│ read-only attributes that are supported.

Panic Output

Expected Behavior

terraform apply will change the "email_domain_id" for brand so it should not be defined as Read-Only

Can this be done in the Admin UI?

Can this be done in the actual API call?

Actual Behavior

Steps to Reproduce

  1. terraform validate

Important Factoids

References

  • #0000
@mvitt
Copy link

mvitt commented Dec 19, 2023

Hey @MichaelOtte-lhsystems,

This was changed from argument to attribute for the okta_brand resource because it you have the email_domain_id argument set and have brand_id argument set on the okta_email_domain resource you will get a Terraform cyclical error.

The way this should be done is:

  1. Set the brand without email_domain_id.
  2. Grab the brand id from the output of of step 1.
  3. On the okta_email_domain set the brand_id with the id you retrieve from step 2.

@MichaelOtte-lhsystems
Copy link
Author

I recognised that there was a change #1824 but how could the email_domain_id attached to brand if you have multiple brands as okta_email_domain only support one brand_id?

`
resource "okta_brand" "example1" {
name = "example1
}
resource "okta_brand" "example1" {
name = "example1
}

resource "okta_email_domain" "example" {
brand_id = "example1"
domain = "example.com"
display_name = "test"
user_name = "paul_atreides"
}`

@MichaelOtte-lhsystems
Copy link
Author

Hey @MichaelOtte-lhsystems,

This was changed from argument to attribute for the okta_brand resource because it you have the email_domain_id argument set and have brand_id argument set on the okta_email_domain resource you will get a Terraform cyclical error.

The way this should be done is:

  1. Set the brand without email_domain_id.
  2. Grab the brand id from the output of of step 1.
  3. On the okta_email_domain set the brand_id with the id you retrieve from step 2.

@mvitt Thanks for clarification.

How I can assign multiple brand_id's to the same okta_email_domain?

@duytiennguyen-okta
Copy link
Contributor

There is only one brand id per email_domain https://developer.okta.com/docs/api/openapi/okta-management/management/tag/EmailDomain/#tag/EmailDomain/operation/createEmailDomain

@MichaelOtte-lhsystems
Copy link
Author

@duytiennguyen-okta thanks for pointing me to API with only one brand_id

If you request the email domains one "emailDomainId" could be assigned to multiple brands.
/api/v1/email-domains?expand=brands

Ho to assign one email domain to multiple brands now? Until 4.6.1 https://registry.terraform.io/providers/okta/okta/4.6.1/docs/resources/brand this was possible by setting

resource "okta_brand" "example1" {
name = "example1
email_domain_id = "12345"
}

resource "okta_brand" "example2" {
name = "example2
email_domain_id = "12345"
}

@duytiennguyen-okta duytiennguyen-okta added documentation-bug Documentation for Okta TF provider or Okta API is missing or incorrect triaged Triaged into internal Jira labels Jan 30, 2024
@duytiennguyen-okta
Copy link
Contributor

OKTA internal reference https://oktainc.atlassian.net/browse/OKTA-690454

@ReeceWilliams7 ReeceWilliams7 mentioned this issue Feb 16, 2024
Closed
@MichaelOtte-lhsystems
Copy link
Author

Are there any change planned? We still stuck on Okta TF plugin 4.4.3 until this issue is fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation-bug Documentation for Okta TF provider or Okta API is missing or incorrect triaged Triaged into internal Jira
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mvitt @MichaelOtte-lhsystems @duytiennguyen-okta