Config-drift-handling during group import #89
Description
Hello all!
first, thank you for providing this amazing terraform provider - we use it to transform our entire group management into IaC.
Now, during import generation, we stubled. upon an issue where the terraform providers proposes a change, even though the remote state is in-sync with the configuration.
Example:
terraform {
required_providers {
msgraph = {
source = "microsoft/msgraph"
}
}
}
provider "msgraph" {
}
resource "msgraph_resource" "group" {
url = "groups"
body = {
displayName = "My Group"
mailEnabled = false
mailNickname = "mygroup"
securityEnabled = true
}
}
import {
to = msgraph_resource.group
id = "/groups/<GUID>"
}Then plan will look like this:
Terraform will perform the following actions:
# msgraph_resource.group will be updated in-place
# (imported from "/groups/<GUID>")
~ resource "msgraph_resource" "group" {
api_version = "v1.0"
+ body = {
+ displayName = "My Group"
+ mailEnabled = false
+ mailNickname = "mygroup"
+ securityEnabled = true
}
id = "<GUID>"
ignore_missing_property = true
~ output = {} -> (known after apply)
resource_url = "groups/<GUID>"
url = "groups"
}
Plan: 1 to import, 0 to add, 1 to change, 0 to destroy.
I did at least a patch where it does at least not perform a actual API call if it detects no difference between the remote state and the user configuration. It does, however, add the remote state as private state data.
I think the proper way to solve it would be to add the managed body keys as part of the ID string, then let ImportStete add this to the state file, and then the Read can filter the remote state based on these pre-populated keys. Something like that:
import {
to = msgraph_resource.group
id = "/groups/<GUID>?importProperties=displayName,mailEnabled,mailNickname,securityEnabled"
}What do you think