Skip to content

No implicit dependency from exception -> space when applying exception using for_each #373

Description

@M-gre

Describe the bug
When deleting an existing space any exceptions applied to that space doesn't get deleted first. This leads to the exceptions being orphaned and blocking any changes before they are manually removed from the state.

To Reproduce
Steps to reproduce the behavior:

  1. Create spaces and exceptions for spaces using this config (will have to apply the config twice somehow, before the exceptions are created):
terraform {
  required_providers {
    mondoo = {
      source  = "mondoohq/mondoo"
      version = ">= 0.21"
    }
  }
}

variable "org_id" {
  description = "The ID of the organization in which to create the spaces"
  type        = string
}

provider "mondoo" {
  region = "eu"
}

data "mondoo_organization" "org" {
  id = var.org_id
}

resource "mondoo_space" "space_1" {
  name   = "space_1"
  org_id = data.mondoo_organization.org.id
}
resource "mondoo_space" "space_2" {
  name   = "space_2"
  org_id = data.mondoo_organization.org.id
}
 resource "mondoo_space" "space_3" {
   name   = "space_3"
   org_id = data.mondoo_organization.org.id
}

resource "mondoo_exception" "exception1" {
  for_each = toset(data.mondoo_organization.org.spaces)
  scope_mrn     = each.value
  justification = "Test"
  action        = "RISK_ACCEPTED"
  check_mrns = [
    "//policy.api.mondoo.app/queries/mondoo-linux-security-journald-is-configured-to-compress-large-log-files",
  ]
  valid_until = "2027-01-01"
}
  1. Delete space_3 from config and apply
  2. Make any additional changes to terraform config (creating a second exception for example)
  3. Note the error

Expected behavior
The exception should get deleted first before the space gets deleted

Screenshots or CLI Output

│ Error: Failed to delete exception
│
│ rpc error: code = PermissionDenied desc = no valid permissions to access the resource

Desktop (please complete the following information):

  • provider registry.terraform.io/mondoohq/mondoo v0.35.3

Additional context
Add any other context about the problem here.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    Fields

    No fields configured for Bug.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions