Skip to content

resource "fusionauth_tenant" / unexpected status code: 400(Bad Request) / on modify #2340

New issue
New issue
Open
Open
resource "fusionauth_tenant" / unexpected status code: 400(Bad Request) / on modify#2340
Labels
bugSomething isn't workingterraform
@MarekUniq

Description

@MarekUniq
MarekUniq
opened on Jun 22, 2023

resource "fusionauth_tenant" / unexpected status code: 400(Bad Request) / on modify

Description

terraform apply reports the following error on modify to resource "fusionauth_tenant". The following error is reported:

Error: unexpected status code: 400(Bad Request) Errors: sourceTenantId: The [sourceTenantId] property should not be specified on a PATCH or PUT request. This property may only be used on a POST request.

Reference: The issue has been identified while testing the fix to the following problem: #2250
Reference: Could be related to: #2004

Affects versions

There issue appeared in image fusionauth/fusionauth-app:1.46.0
(issue is not there in image fusionauth/fusionauth-app:1.45.2)

Steps to reproduce

  1. run terraform apply to create resource "fusionauth_tenant"
  2. run terraform apply again to update resource "fusionauth_tenant"

On the 1st run of terraform apply the resource fusionauth_tenant.company_iam_tenant is created successfully:

...
fusionauth_tenant.company_iam_tenant: Creation complete after 0s [id=9328e0bd-62f8-4058-a771-b8dd2eb8c7cd]
...

On the 2nd run of terraform apply identifies the difference and modify fails:

Terraform will perform the following actions:

  # fusionauth_tenant.company_iam_tenant will be updated in-place
  ~ resource "fusionauth_tenant" "company_iam_tenant" {
        id                                 = "9328e0bd-62f8-4058-a771-b8dd2eb8c7cd"
      ~ issuer                             = "acme.com" -> "localhost"
        name                               = "Company IAM"
      ~ theme_id                           = "75a068fd-e94b-451a-9aeb-3ddb9a3b5987" -> "7f6fa212-162e-411a-87cf-fc79004e54c9"
        # (6 unchanged attributes hidden)

      ~ email_configuration {
          + security                            = "NONE"
          + verification_strategy               = "ClickableLink"
            # (9 unchanged attributes hidden)
        }

      ~ jwt_configuration {
          ~ access_token_key_id                                = "baa148d4-7acf-b551-5dcc-3d595d85465f" -> "ccacade2-1b46-4499-9363-dc869075d9b6"
          ~ id_token_key_id                                    = "092dbedc-30af-4149-9c61-b578f2c72f59" -> "75c04feb-6dc9-4b7c-b1d1-4c23f887889c"
          ~ refresh_token_expiration_policy                    = "Fixed" -> "SlidingWindow"
          ~ refresh_token_time_to_live_in_minutes              = 43200 -> 10
          ~ refresh_token_usage_policy                         = "Reusable" -> "OneTimeUse"
          ~ time_to_live_in_seconds                            = 3600 -> 600
            # (2 unchanged attributes hidden)
        }

        # (11 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

fusionauth_tenant.company_iam_tenant: Modifying... [id=9328e0bd-62f8-4058-a771-b8dd2eb8c7cd]
╷
│ Error: unexpected status code: 400(Bad Request) Errors: sourceTenantId: The [sourceTenantId] property should not be specified on a PATCH or PUT request. This property may only be used on a POST request.
│ 
│   with fusionauth_tenant.company_iam_tenant,
│   on main.tf line 37, in resource "fusionauth_tenant" "company_iam_tenant":
│   37: resource "fusionauth_tenant" "company_iam_tenant" {
│

Expected behavior

There are 2 issues:

  1. HIGH priority issue
    2nd run of terraform apply should update resource "fusionauth_tenant" successfully without error

  2. MEDIUM priority issue
    1st run of terraform apply did not create the resource properly
    If the resource had been created correctly in the first run of terraform apply, the second run of terraform apply would not have found any difference

Platform

FusionAuth image fusionauth/fusionauth-app:1.46.0 on mac/arm64
Terraform v1.5.1 on darwin_arm64
terraform / required_providers / gpsinsight/fusionauth / 0.1.90

Additional context

content of main.tf file:

terraform {
  required_providers {
    fusionauth = {
      source  = "gpsinsight/fusionauth"
      version = "0.1.90"
    }
  }
}

provider "fusionauth" {
  api_key = var.api_key_fusionauth_master
  host    = var.company_fusionauth_url
}

data "fusionauth_tenant" "default" {
  name = "Default"
}

resource "fusionauth_theme" "company_theme" {
  name            = "Company Theme"
  source_theme_id = "75a068fd-e94b-451a-9aeb-3ddb9a3b5987"
}

resource "fusionauth_key" "company_access_token_key" {
  name      = "Access key for Company IAM"
  algorithm = "RS256"
  length    = 2048
}

resource "fusionauth_key" "company_id_token_key" {
  name      = "Id key for Company IAM"
  algorithm = "RS256"
  length    = 2048
}

resource "fusionauth_tenant" "company_iam_tenant" {
  name             = "Company IAM"
  tenant_id        = var.company_tenant_id
  source_tenant_id = data.fusionauth_tenant.default.id
  theme_id         = fusionauth_theme.company_theme.id
  issuer           = var.company_tenant_issuer
  jwt_configuration {
    access_token_key_id                                = fusionauth_key.company_access_token_key.id
    id_token_key_id                                    = fusionauth_key.company_id_token_key.id
    refresh_token_time_to_live_in_minutes              = 10
    time_to_live_in_seconds                            = 600
    refresh_token_expiration_policy                    = "SlidingWindow"
    refresh_token_usage_policy                         = "OneTimeUse"
    refresh_token_revocation_policy_on_login_prevented = true
    refresh_token_revocation_policy_on_password_change = true
  }
  email_configuration {
    default_from_name                   = "FusionAuth"
    implicit_email_verification_allowed = true
    host                                = "localhost"
    port                                = 25
  }
  external_identifier_configuration {
    authorization_grant_id_time_to_live_in_seconds = 30
    change_password_id_generator {
      length = 32
      type   = "randomBytes"
    }
    change_password_id_time_to_live_in_seconds = 600
    device_code_time_to_live_in_seconds        = 300
    device_user_code_id_generator {
      length = 6
      type   = "randomAlphaNumeric"
    }
    email_verification_id_generator {
      length = 32
      type   = "randomBytes"
    }
    email_verification_id_time_to_live_in_seconds = 86400
    email_verification_one_time_code_generator {
      length = 6
      type   = "randomAlphaNumeric"
    }
    external_authentication_id_time_to_live_in_seconds = 300
    one_time_password_time_to_live_in_seconds          = 60
    passwordless_login_generator {
      length = 32
      type   = "randomBytes"
    }
    passwordless_login_time_to_live_in_seconds = 180
    registration_verification_id_generator {
      length = 32
      type   = "randomBytes"
    }
    registration_verification_id_time_to_live_in_seconds = 86400
    registration_verification_one_time_code_generator {
      length = 6
      type   = "randomAlphaNumeric"
    }
    #    saml_v2_authn_request_id_ttl_seconds = 300
    setup_password_id_generator {
      length = 32
      type   = "randomBytes"
    }
    setup_password_id_time_to_live_in_seconds = 86400
    two_factor_id_time_to_live_in_seconds     = 300
    two_factor_one_time_code_id_generator {
      length = 6
      type   = "randomDigits"
    }
    two_factor_trust_id_time_to_live_in_seconds = 2592000
  }
  login_configuration {
    require_authentication = true
  }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingterraform

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions