Changes to mongodbatlas_database_user.role.collection_name are ignored

[dijitali]

Setup

I created a database user like this (provider version 0.5.1):

provider "mongodbatlas" {
  version     = "~> 0.5"
  public_key  = var.mongodbatlas_public_key
  private_key = var.mongodbatlas_private_key
}

resource "mongodbatlas_database_user" "my-service" {
  username           = "terraformed-test-user"
  password           = random_password.store-service-password.result
  project_id         = var.project_id
  auth_database_name = "admin"

  roles {
    role_name       = "read"
    database_name   = "trinity"
    collection_name = "stir"

  }

  roles {
    role_name       = "read"
    database_name   = "trinity"
    collection_name = "unpledged"
  }
}

Which created me a user just fine (screenshot from Mongo Atlas portal):

> db.getUser("terraformed-test-user")
{
        "_id" : "admin.terraformed-test-user",
        "user" : "terraformed-test-user",
        "db" : "admin",
        "roles" : [
                {
                        "role" : "xgen-readAttrinity.stir",
                        "db" : "admin"
                },
                {
                        "role" : "xgen-readAttrinity.unpledged",
                        "db" : "admin"
                }
        ]
}

The problem

I then removed one of the roles and removed the optional collection_name attribute:

resource "mongodbatlas_database_user" "my-service" {
  username           = "terraformed-test-user"
  password           = random_password.store-service-password.result
  project_id         = var.project_id
  auth_database_name = "admin"

  roles {
    role_name     = "read"
    database_name = "trinity"
  }
}

I see that the second role has been removed correctly, but the change to remove the collection_name from the first role hasn't been detected.

Terraform will perform the following actions:

  # mongodbatlas_database_user.my-service will be updated in-place
  ~ resource "mongodbatlas_database_user" "my-service" {
        auth_database_name = "admin"
        id                 = "cHJvamVjdF9pZA==:NWExNmNmYjIwYmQ2NmIxZGQzMmViYThh-dXNlcm5hbWU=:dGVycmFmb3JtZWQtdGVzdC11c2Vy-YXV0aF9kYXRhYmFzZV9uYW1l:YWRtaW4="
        password           = (sensitive value)
        project_id         = "<REMOVED>"
        username           = "terraformed-test-user"
        x509_type          = "NONE"

        roles {
            collection_name = "stir"
            database_name   = "trinity"
            role_name       = "read"
        }
      - roles {
          - collection_name = "unpledged" -> null
          - database_name   = "trinity" -> null
          - role_name       = "read" -> null
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

And if I check in the DB:

> db.getUser("terraformed-test-user")
{
        "_id" : "admin.terraformed-test-user",
        "user" : "terraformed-test-user",
        "db" : "admin",
        "roles" : [
                {
                        "role" : "xgen-readAttrinity.stir",
                        "db" : "admin"
                }
        ]
}

[themantissa]

@dijitali thank you for the excellent write up. I'll ask our developers to take a look at this potential bug.

[PacoDw]

Hello @dijitali thank you so much for your review, it helped a lot, it already fixed if you want more details or test the fix you can check the pr #231.

Let me know if you have another comment or concern, thanks

[dijitali]

@PacoDw thanks for the prompt turnaround here!

Unfortunately I'm not in a position to easily test #231 with our pipeline until it's released, do you know when the next provider version is likely to land that'll include this fix?

[themantissa]

@dijitali we expect to have a release with this coming very soon. If you are okay with waiting for that just keep an eye out for the update here. TY!