[BUG] Assignment of roles on space level fail

[lechnerc77]

Is there an existing issue for this?

• I have searched the existing issues

What version of the Terraform provider are you using?

main-branch

What version of the Terraform CLI are you using?

1.7.3

What CF API version are you using?

3.153

What type of issue are you facing

bug report

Describe the bug

When assigning a role on space level, I get the following error:

Error: Invalid Role Type
│ 
│   with module.cloudfoundry_space.cloudfoundry_role.ro_space_managers,
│   on ../../modules/environment/cloudfoundry/space_cf/space_cf.tf line 29, in resource "cloudfoundry_role" "ro_space_managers":
│   29:   type     = "space_manager"
│ 
│ Could not register Space Role space_manager for the given org. Please assign an organization role instead.
╵
╷
│ Error: Invalid Role Type
│ 
│   with module.cloudfoundry_space.cloudfoundry_role.ro_space_auditors,
│   on ../../modules/environment/cloudfoundry/space_cf/space_cf.tf line 39, in resource "cloudfoundry_role" "ro_space_auditors":
│   39:   type     = "space_auditor"
│ 
│ Could not register Space Role space_auditor for the given org. Please assign an organization role instead.
╵
╷
│ Error: Invalid Role Type
│ 
│   with module.cloudfoundry_space.cloudfoundry_role.ro_space_developers,
│   on ../../modules/environment/cloudfoundry/space_cf/space_cf.tf line 47, in resource "cloudfoundry_role" "ro_space_developers":
│   47:   type     = "space_developer"
│ 
│ Could not register Space Role space_developer for the given org. Please assign an organization role instead.

However according to the documentation the used types are available.

Expected Behavior

The roles can be assigned on space level

Steps To Reproduce

Usual flow

1. Create a CF environment without a space
2. Configure a TF script to add a space and users to space roles
3. Execute the script via terraform apply

Your Terraform Configuration

variables.tf


variable "cf_org_id" {
  type        = string
  description = "The ID of the Cloud Foundry org."
}

variable "name" {
  type        = string
  description = "The name of the Cloud Foundry space."
  default     = "dev"
}

variable "cf_space_managers" {
  type        = list(string)
  description = "The list of Cloud Foundry space managers."
  default     = ["put some name here"]
}

variable "cf_space_developers" {
  type        = list(string)
  description = "The list of Cloud Foundry space developers."
  default     = ["put some name here"]
}

variable "cf_space_auditors" {
  type        = list(string)
  description = "The list of Cloud Foundry space auditors."
  default     = ["put some name here"]
}


main.tf

```terraform
resource "cloudfoundry_space" "space" {
  name = var.name
  org  = var.cf_org_id
}

# ------------------------------------------------------------------------------------------------------
# Create the CF users
# ------------------------------------------------------------------------------------------------------

resource "cloudfoundry_role" "ro_space_managers" {
  for_each = toset(var.cf_space_managers)
  username = each.value
  type     = "space_manager"
  space    = cloudfoundry_space.space.id
  org      = var.cf_org_id
}

resource "cloudfoundry_role" "ro_space_auditors" {
  for_each = toset(var.cf_space_auditors)
  username = each.value
  space    = cloudfoundry_space.space.id
  type     = "space_auditor"
  org      = var.cf_org_id
}


resource "cloudfoundry_role" "ro_space_developers" {
  for_each = toset(var.cf_space_developers)
  username = each.value
  type     = "space_developer"
  space    = cloudfoundry_space.space.id
  org      = var.cf_org_id
}

Roles

• Org Manager

I also tried it with manually assigning me the Space Manager role, but that did not change the error

Add screenshots to help explain your problem

n/a

Additional context

n/a

[vipinvkmenon]

Should be fixed with #64

[lechnerc77]

Should be fixed with #64

Don't think so as it seems that the roles are not recognized.

[Dray56]

Actually, one has to either fill in a space or an org guid, and accordingly pick an org or space role to assign for that particular user. Since validation for role types is in a custom validateConfig and for the space/org conflict is present in the attributes, both are getting triggered simultaneously which is a bug. You should be able to notice something similar to this too at the end for the above input

╷
│ Error: Invalid Attribute Combination
│ 
│   with cloudfoundry_role.my_role,
│   on resource.tf line 13, in resource "cloudfoundry_role" "my_role":
│   13:   org      = "784b4cd0-4771-4e4d-9052-a07e178bae56"
│ 
│ 2 attributes specified when one (and only one) of [space,org] is required
╵

Since we plan on splitting this role resource to space_role and org_role according to #64, this issue should be tackled.