Data source auth0_resource_server should return error on invalid input

[jeffreymlewis]

Checklist

• I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

Data source auth0_resource_server returns a map of 'null' values when the requested resource server does not exist. I would prefer an error be raised, so that we'll know immediately that invalid input was given.

Here is the current state.

data "auth0_resource_server" "default" {
  resource_server_id = "abcdefghkijklmnopqrstuvwxyz0123456789"
}

output "default_auth0_resource_server" {
  value = data.auth0_resource_server.default
}

The resource_server_id shown above doesn't exist, but the data provider returns the following rather then an error. The same happens with the identifier input variable.

default_auth0_resource_server = {
  "allow_offline_access" = tobool(null)
  "enforce_policies" = tobool(null)
  "id" = tostring(null)
  "identifier" = tostring(null)
  "name" = tostring(null)
  "resource_server_id" = tostring(null)
  "scopes" = toset(null) /* of object */
  "signing_alg" = tostring(null)
  "signing_secret" = tostring(null)
  "skip_consent_for_verifiable_first_party_clients" = tobool(null)
  "token_dialect" = tostring(null)
  "token_lifetime" = tonumber(null)
  "token_lifetime_for_web" = tonumber(null)
  "verification_location" = tostring(null)
}

Describe the ideal solution

I would prefer data source auth0_resource_server return an error, rather then a map of 'null' values, in the case of invalid input.

Alternatives and current workarounds

It should be possible (not tested) to check .id using a custom precondition, ternary operator, or the terraform try function. May not be possible in all cases.

Ex.

another_input_variable = data.auth0_resource_server.default.id != null ? data.auth0_resource_server.default.whatever : "some_kind_of_default"

Additional context

No response

[jeffreymlewis]

Here's a better work-around.

data "auth0_resource_server" "default" {
  identifier = data.auth0_tenant.main.management_api_identifier
  lifecycle {
    # This `postcondition` is necessary because the auth0 provider returns null, rather then an error, when
    # looking up resource servers which do not exist.
    postcondition {
      condition = self.identifier != null
      error_message = "Could not find default Resource Server for tenant ${data.auth0_tenant.main.domain}"
    }
  }
}

data "auth0_tenant" "main" {}

[willvedd]

@jeffreymlewis Thanks for providing this feedback, your suggestion is certainly reasonable. And in fact it is an opportunity to review all of our data sources to ensure that they handle 404s appropriately.

We've earmarked this as a must-have for our upcoming major release. This work has been completed in #698 but not available until that release goes out; will keep this ticket open in the meantime.

[sergiught]

Hey @jeffreymlewis 👋🏻

This should be fixed now as part of the v1.0.0-beta.0 release! 🙌🏻 Please give it a try and let us know if you encounter any issues.

terraform {
  required_providers {
    auth0 = {
      source  = "auth0/auth0"
      version = "1.0.0-beta.0"
    }
  }
}

📚 Resources

Quickstart | Documentation | Migration Guide | Changelog