Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data source service_account: fails on exact_match filter #2571

Open
pablito-perez opened this issue Sep 10, 2024 · 1 comment
Open

Data source service_account: fails on exact_match filter #2571

pablito-perez opened this issue Sep 10, 2024 · 1 comment
Assignees
@pablito-perez
Labels
bug

Comments

@pablito-perez
Copy link

pablito-perez commented Sep 10, 2024
edited
Loading

Datadog Terraform Provider Version

v3.41.0

Terraform Version

v1.8.3

What resources or data sources are affected?

  • data_source_datadog_service_account

Terraform Configuration Files

data "datadog_service_account" "foo" {
  filter               = "Foo"
  exact_match = true
}

Relevant debug or panic output

No response

Expected Behavior

Assuming the response body on /api/v2/users?filter=Foo is something like:

{
  "data": [
    {
      "id": 1234,
      "attributes: {
        "name": "Foo",
      }
    },
    {
      "id": 5678,
      "attributes: {
        "name": "Foo - Plus",
      }
    },
  ]
}

We've got two service accounts that match the filter, but only one that matches exactly.

So my expectation is that service account 1234 will get picked.

Actual Behavior

The provider doesn't complain about finding more than one match, but it will pick the last match in the list returned by the API. This is caused by this code: https://github.com/DataDog/terraform-provider-datadog/blob/master/datadog/fwprovider/data_source_datadog_service_account.go#L169-L192

The problem in that loop is that userData gets assigned a pointer to serviceAccount. Exact match will only happen once, but the loop will go on and the underlying value of serviceAccount keeps getting reassigned as you iterate.

userData will end up pointing to the last item in serviceAccounts no matter what.

Steps to Reproduce

Assuming these service account resources have been created previously:
(and assuming they'll be returned in this order by the users list API, unsure what determines that)

resource "datadog_service_account" "foo" {
  email = "[email protected]"
  name  = "Foo"
}

resource "datadog_service_account" "foo_plus" {
  email = "[email protected]"
  name  = "Foo - Plus"
}

Sourcing the first SA by name:

data "datadog_service_account" "foo" {
  filter = "Foo"
  exact_match = true
}

resource "datadog_role" "team_foo" {}

resource "datadog_user_role" "foo_team_foo" {
  role_id = datadog_role.team_foo.id
  user_id = data.datadog_service_account.foo.id
}

This will attach the Role to the second Service Account ("Foo - Plus"), regardless of exact_match.

Important Factoids

No response

References

No response
@pablito-perez pablito-perez self-assigned this Sep 10, 2024
This was referenced Sep 10, 2024
Closed
Open
@pablito-perez
Copy link
Author

Update: this was observed unter provider version 3.41.0, which is based on go 1.20

The latest version of the provider is built on golang 1.23, which includes this change in behaviour for loop variables: https://go.dev/blog/loopvar-preview

This fixes the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pablito-perez pablito-perez

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[data_source_datadog_service_account] fix exact_match pointer bug DataDog/terraform-provider-datadog
1 participant
@pablito-perez