Error when upgrading to v0.37.0

[maroux]

Checklist

• I have looked into the README and have not found a suitable solution or answer.
• I have looked into the documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have upgraded to the latest version of this provider and the issue still persists.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

│ Error: Failed to decode resource from state
│ 
│ Error decoding "module.tenant_dev.auth0_connection.global_db" from previous state: unsupported attribute "app_domain"

Expectation

No failure.

Reproduction

1. Create a db connection using terraform

     resource "auth0_connection" "global_db" {
        name     = local.global_db_connection_name
        strategy = "auth0"
   
        is_domain_connection = false
        ...
    }
   ``` created using v0.30.1
   

2. Upgrade provider to v0.37.0
3. Apply changes
4. Fails.

Auth0 Terraform Provider version

v0.37.0

Terraform version

v1.1.3

[maroux]

I found in release notes that there's a breaking change in this resource and that the expectation is that I should remove from terraform state and re-import the resource.

Two comments:

1. Making breaking changes using minor version shouldn't be acceptable. Deleting and re-importing resources to get around something that the provider can reasonably manage itself seems just outsourcing this pain users of this provider instead of doing the hard work to not make it a breaking change
2. When I followed the steps, I end up with this failure:

   │ Error: Unmanaged Configuration Secret
   │ 
   │ Detected a configuration secret not managed though terraform: "DB_HOSTNAME". If you proceed, this configuration secret will get deleted. It is required to add this configuration secret to your custom database
   │ settings to prevent unintentionally destructive results.
   

   Since I manage a custom database connection using Terraform. This means now I'm left with trying to restore state file by hand and mucking around with specific attributes in there. This is pretty terrible user experience.

[maroux]

#324 takes care of the point#2 above fyi.

[sergiught]

Hey @maroux 👋🏻

I'm sorry about the issue you've experienced while upgrading. 😞 I can understand how frustrating and negative the experience can be.

While we try to keep the breaking changes to a minimum, unfortunately we're still on v0 and from time to time we're forced to introduce them in order to fix faulty behavior and ultimately give a better experience for everyone using the provider.

From https://semver.org/:

Major version zero (0.y.z) is for initial development. Anything may change at any time. The public API should not be considered stable.

So even minor version updates could introduce breaking changes.

We'll keep posting what manual steps need to be taken in the CHANGELOG.md when breaking changes are introduced.

What I can share right now is that our team is currently focusing on the reported bugs, specifically #14. Once these are completed our focus will shift towards adding more data sources as requested in #22 and then cut a v1.0.0 release, after which we'll be able to 100% guarantee no more breaking changes are introduced without a major version bump.

We really appreciate everyone's patience until then 🙏🏻

---

Now to address your second point, the error message was introduced in order for us to provide a better experience while managing the db configuration secrets such that accidental updates do not wipe out any secrets that were created outside of managing them through terraform. If we change the error level from error to warning we stop preventing this and secrets will get wiped out. To fix this you do not need to do any manual changes by hand on the state file at all. The steps you need to take are:

1. You run a terraform apply and you get that error Error: Unmanaged Configuration Secret.
2. You go to the Auth0 Tenant dashboard in your db connection settings and copy all the db configuration secrets
3. You add the copied db configuration secrets to your terraform configuration so you manage them purely with terraform
4. You remove the db configuration secrets from the Auth0 Tenant Dashboard
5. You run a terraform apply to be able to have them only managed through terraform and re-apply them to your db connection.

What we could do however to improve the experience is perhaps move the check for unmanaged config secrets from the read func (same one that the import uses) to the update func (the one that the apply uses) and make the apply fail instead of the import (we need to keep the level of the diagnostic to error to prevent wiping the secrets). Would this be something you'd prefer?

[sergiught]

We really appreciate your feedback and we'll aim at being clearer and minimizing any possible breaking changes in the future. As the issue has been cleared by following the release notes steps we'll be closing this down.