Merge pull request #47 from infra-monkey/fix/host-resource

fix: manage manual changes to infrastructure

docs/resources/sudo_cmdgroup_membership.md

@@ -27,13 +27,13 @@ resource "freeipa_sudo_cmdgroup" "terminals" {
 }
 
 resource "freeipa_sudo_cmdgroup_membership" "terminal_bash" {
-  name    = freeipa_sudocmdgroup.terminals.id
-  sudocmd = freeipa_sudocmd.bash.id
+  name    = freeipa_sudo_cmdgroup.terminals.id
+  sudocmd = freeipa_sudo_cmd.bash.id
 }
 
 resource "freeipa_sudo_cmdgroup_membership" "terminal_fish" {
-  name    = freeipa_sudocmdgroup.terminals.id
-  sudocmd = freeipa_sudocmd.fish.id
+  name    = freeipa_sudo_cmdgroup.terminals.id
+  sudocmd = freeipa_sudo_cmd.fish.id
 }
 ```
 

examples/resources/freeipa_sudo_cmdgroup_membership/resource.tf

@@ -14,11 +14,11 @@ resource "freeipa_sudo_cmdgroup" "terminals" {
 }
 
 resource "freeipa_sudo_cmdgroup_membership" "terminal_bash" {
-  name    = freeipa_sudocmdgroup.terminals.id
-  sudocmd = freeipa_sudocmd.bash.id
+  name    = freeipa_sudo_cmdgroup.terminals.id
+  sudocmd = freeipa_sudo_cmd.bash.id
 }
 
 resource "freeipa_sudo_cmdgroup_membership" "terminal_fish" {
-  name    = freeipa_sudocmdgroup.terminals.id
-  sudocmd = freeipa_sudocmd.fish.id
+  name    = freeipa_sudo_cmdgroup.terminals.id
+  sudocmd = freeipa_sudo_cmd.fish.id
 }

freeipa/dns_record_resource.go

@@ -236,6 +236,7 @@ func (r *DNSRecordResource) Read(ctx context.Context, req resource.ReadRequest,
 	if err != nil {
 		if strings.Contains(err.Error(), "NotFound") {
 			tflog.Debug(ctx, "[DEBUG] DNS record not found")
+			resp.State.RemoveResource(ctx)
 			return
 		} else {
 			resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Error reading freeipa DNS record: %s", err))

freeipa/dns_zone_data_source.go

@@ -205,6 +205,7 @@ func (r *dnsZoneDataSource) Read(ctx context.Context, req datasource.ReadRequest
 	if err != nil {
 		if strings.Contains(err.Error(), "NotFound") {
 			resp.Diagnostics.AddError("Client Error", fmt.Sprintf("DNS zone %s not found", data.ZoneName.ValueString()))
+			resp.State.RemoveResource(ctx)
 			return
 		} else {
 			resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Error reading freeipa DNS zone: %s", err))

freeipa/dns_zone_resource.go

@@ -345,6 +345,7 @@ func (r *dnsZone) Read(ctx context.Context, req resource.ReadRequest, resp *reso
 	if err != nil {
 		if strings.Contains(err.Error(), "NotFound") {
 			resp.Diagnostics.AddError("Client Error", fmt.Sprintf("DNS zone %s not found", data.ZoneName.ValueString()))
+			resp.State.RemoveResource(ctx)
 			return
 		} else {
 			resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Error reading freeipa DNS zone: %s", err))

freeipa/group_resource.go

@@ -246,6 +246,7 @@ func (r *UserGroupResource) Read(ctx context.Context, req resource.ReadRequest,
 	if err != nil {
 		if strings.Contains(err.Error(), "NotFound") {
 			tflog.Debug(ctx, fmt.Sprintf("[DEBUG] Group %s not found", data.Id.ValueString()))
+			resp.State.RemoveResource(ctx)
 			return
 		} else {
 			resp.Diagnostics.AddError("Client Error", fmt.Sprintf("[DEBUG] Group %s not found: %s", data.Id.ValueString(), err))

freeipa/hbac_policy_host_membership_resource.go

@@ -250,7 +250,8 @@ func (r *HbacPolicyHostMembershipResource) Read(ctx context.Context, req resourc
 	res, err := r.client.HbacruleShow(&args, &optArgs)
 	if err != nil {
 		if strings.Contains(err.Error(), "NotFound") {
-			resp.Diagnostics.AddError("Client Error", "Hbac policy not found")
+			tflog.Debug(ctx, "[DEBUG] Hbac policy not found")
+			resp.State.RemoveResource(ctx)
 			return
 		} else {
 			resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Error reading freeipa hbac policy: %s", err))
@@ -261,23 +262,25 @@ func (r *HbacPolicyHostMembershipResource) Read(ctx context.Context, req resourc
 	switch typeId {
 	case "h":
 		if res.Result.MemberhostHost == nil || !slices.Contains(*res.Result.MemberhostHost, policyId) {
-			resp.Diagnostics.AddError("Client Error", "HBAC policy host membership does not exist")
+			tflog.Debug(ctx, "[DEBUG] HBAC policy host membership does not exist")
+			resp.State.RemoveResource(ctx)
 			return
 		}
 	case "hg":
 		if res.Result.MemberhostHostgroup == nil || !slices.Contains(*res.Result.MemberhostHostgroup, policyId) {
-			resp.Diagnostics.AddError("Client Error", "HBAC policy host group membership does not exist")
+			tflog.Debug(ctx, "[DEBUG] HBAC policy host group membership does not exist")
+			resp.State.RemoveResource(ctx)
 			return
 		}
 	case "mh":
-		if !data.Hosts.IsNull() && res.Result.MemberhostHost == nil {
+		if !data.Hosts.IsNull() {
 			var changedVals []string
 			for _, value := range data.Hosts.Elements() {
 				val, err := strconv.Unquote(value.String())
 				if err != nil {
 					tflog.Debug(ctx, fmt.Sprintf("[DEBUG] Read freeipa hbac policy host member failed with error %s", err))
 				}
-				if slices.Contains(*res.Result.MemberhostHost, val) {
+				if res.Result.MemberhostHost != nil && slices.Contains(*res.Result.MemberhostHost, val) {
 					tflog.Debug(ctx, fmt.Sprintf("[DEBUG] Read freeipa hbac policy host member %s is present in results", val))
 					changedVals = append(changedVals, val)
 				}
@@ -288,14 +291,14 @@ func (r *HbacPolicyHostMembershipResource) Read(ctx context.Context, req resourc
 				resp.Diagnostics.AddError("Client Error", fmt.Sprintf("diag: %v\n", diag))
 			}
 		}
-		if !data.HostGroups.IsNull() && res.Result.MemberhostHostgroup == nil {
+		if !data.HostGroups.IsNull() {
 			var changedVals []string
 			for _, value := range data.HostGroups.Elements() {
 				val, err := strconv.Unquote(value.String())
 				if err != nil {
 					tflog.Debug(ctx, fmt.Sprintf("[DEBUG] Read freeipa hbac policy member commands failed with error %s", err))
 				}
-				if slices.Contains(*res.Result.MemberhostHostgroup, val) {
+				if res.Result.MemberhostHostgroup != nil && slices.Contains(*res.Result.MemberhostHostgroup, val) {
 					tflog.Debug(ctx, fmt.Sprintf("[DEBUG] Read freeipa hbac policy member commands %s is present in results", val))
 					changedVals = append(changedVals, val)
 				}

freeipa/hbac_policy_resource.go

@@ -14,6 +14,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
 	ipa "github.com/infra-monkey/go-freeipa/freeipa"
 )
 
@@ -182,7 +183,8 @@ func (r *HbacPolicyResource) Read(ctx context.Context, req resource.ReadRequest,
 	res, err := r.client.HbacruleShow(&args, &optArgs)
 	if err != nil {
 		if strings.Contains(err.Error(), "NotFound") {
-			resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Error reading freeipa hbac policy: %s", err))
+			tflog.Debug(ctx, "[DEBUG] Hbac policy not found")
+			resp.State.RemoveResource(ctx)
 			return
 		} else {
 			resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Error reading freeipa hbac policy: %s", err))

freeipa/hbac_policy_service_membership_resource .go

@@ -250,7 +250,8 @@ func (r *HbacPolicyServiceMembershipResource) Read(ctx context.Context, req reso
 	res, err := r.client.HbacruleShow(&args, &optArgs)
 	if err != nil {
 		if strings.Contains(err.Error(), "NotFound") {
-			resp.Diagnostics.AddError("Client Error", "Hbac policy not found")
+			tflog.Debug(ctx, "[DEBUG] Hbac policy not found")
+			resp.State.RemoveResource(ctx)
 			return
 		} else {
 			resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Error reading freeipa hbac policy: %s", err))
@@ -261,23 +262,25 @@ func (r *HbacPolicyServiceMembershipResource) Read(ctx context.Context, req reso
 	switch typeId {
 	case "s":
 		if res.Result.MemberserviceHbacsvc == nil || !slices.Contains(*res.Result.MemberserviceHbacsvc, policyId) {
-			resp.Diagnostics.AddError("Client Error", "HBAC policy service membership does not exist")
+			tflog.Debug(ctx, "[DEBUG] HBAC policy service membership does not exist")
+			resp.State.RemoveResource(ctx)
 			return
 		}
 	case "sg":
 		if res.Result.MemberserviceHbacsvcgroup == nil || !slices.Contains(*res.Result.MemberserviceHbacsvcgroup, policyId) {
-			resp.Diagnostics.AddError("Client Error", "HBAC policy service group membership does not exist")
+			tflog.Debug(ctx, "[DEBUG] HBAC policy service group membership does not exist")
+			resp.State.RemoveResource(ctx)
 			return
 		}
 	case "ms":
-		if !data.Services.IsNull() && res.Result.MemberserviceHbacsvc == nil {
+		if !data.Services.IsNull() {
 			var changedVals []string
 			for _, value := range data.Services.Elements() {
 				val, err := strconv.Unquote(value.String())
 				if err != nil {
 					tflog.Debug(ctx, fmt.Sprintf("[DEBUG] Read freeipa hbac policy service member failed with error %s", err))
 				}
-				if slices.Contains(*res.Result.MemberserviceHbacsvc, val) {
+				if res.Result.MemberserviceHbacsvc != nil && slices.Contains(*res.Result.MemberserviceHbacsvc, val) {
 					tflog.Debug(ctx, fmt.Sprintf("[DEBUG] Read freeipa hbac policy service member %s is present in results", val))
 					changedVals = append(changedVals, val)
 				}
@@ -288,14 +291,14 @@ func (r *HbacPolicyServiceMembershipResource) Read(ctx context.Context, req reso
 				resp.Diagnostics.AddError("Client Error", fmt.Sprintf("diag: %v\n", diag))
 			}
 		}
-		if !data.ServiceGroups.IsNull() && res.Result.MemberserviceHbacsvcgroup == nil {
+		if !data.ServiceGroups.IsNull() {
 			var changedVals []string
 			for _, value := range data.ServiceGroups.Elements() {
 				val, err := strconv.Unquote(value.String())
 				if err != nil {
 					tflog.Debug(ctx, fmt.Sprintf("[DEBUG] Read freeipa hbac policy service member failed with error %s", err))
 				}
-				if slices.Contains(*res.Result.MemberserviceHbacsvcgroup, val) {
+				if res.Result.MemberserviceHbacsvcgroup != nil && slices.Contains(*res.Result.MemberserviceHbacsvcgroup, val) {
 					tflog.Debug(ctx, fmt.Sprintf("[DEBUG] Read freeipa hbac policy service member %s is present in results", val))
 					changedVals = append(changedVals, val)
 				}

freeipa/hbac_policy_user_membership_resource.go

@@ -250,7 +250,8 @@ func (r *HbacPolicyUserMembershipResource) Read(ctx context.Context, req resourc
 	res, err := r.client.HbacruleShow(&args, &optArgs)
 	if err != nil {
 		if strings.Contains(err.Error(), "NotFound") {
-			resp.Diagnostics.AddError("Client Error", "Hbac policy not found")
+			tflog.Debug(ctx, "[DEBUG] Hbac policy not found")
+			resp.State.RemoveResource(ctx)
 			return
 		} else {
 			resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Error reading freeipa hbac policy: %s", err))
@@ -261,23 +262,25 @@ func (r *HbacPolicyUserMembershipResource) Read(ctx context.Context, req resourc
 	switch typeId {
 	case "u":
 		if res.Result.MemberuserUser == nil || !slices.Contains(*res.Result.MemberuserUser, policyId) {
-			resp.Diagnostics.AddError("Client Error", "HBAC policy user membership does not exist")
+			tflog.Debug(ctx, "[DEBUG] HBAC policy user membership does not exist")
+			resp.State.RemoveResource(ctx)
 			return
 		}
 	case "g":
 		if res.Result.MemberuserGroup == nil || !slices.Contains(*res.Result.MemberuserGroup, policyId) {
-			resp.Diagnostics.AddError("Client Error", "HBAC policy user group membership does not exist")
+			tflog.Debug(ctx, "[DEBUG] HBAC policy user group membership does not exist")
+			resp.State.RemoveResource(ctx)
 			return
 		}
 	case "mu":
-		if !data.Users.IsNull() && res.Result.MemberuserUser == nil {
+		if !data.Users.IsNull() {
 			var changedVals []string
 			for _, value := range data.Users.Elements() {
 				val, err := strconv.Unquote(value.String())
 				if err != nil {
 					tflog.Debug(ctx, fmt.Sprintf("[DEBUG] Read freeipa hbac policy user member failed with error %s", err))
 				}
-				if slices.Contains(*res.Result.MemberuserUser, val) {
+				if res.Result.MemberuserUser != nil && slices.Contains(*res.Result.MemberuserUser, val) {
 					tflog.Debug(ctx, fmt.Sprintf("[DEBUG] Read freeipa hbac policy user member %s is present in results", val))
 					changedVals = append(changedVals, val)
 				}
@@ -288,14 +291,14 @@ func (r *HbacPolicyUserMembershipResource) Read(ctx context.Context, req resourc
 				resp.Diagnostics.AddError("Client Error", fmt.Sprintf("diag: %v\n", diag))
 			}
 		}
-		if !data.Groups.IsNull() && res.Result.MemberuserGroup == nil {
+		if !data.Groups.IsNull() {
 			var changedVals []string
 			for _, value := range data.Groups.Elements() {
 				val, err := strconv.Unquote(value.String())
 				if err != nil {
 					tflog.Debug(ctx, fmt.Sprintf("[DEBUG] Read freeipa hbac policy member commands failed with error %s", err))
 				}
-				if slices.Contains(*res.Result.MemberuserGroup, val) {
+				if res.Result.MemberuserGroup != nil && slices.Contains(*res.Result.MemberuserGroup, val) {
 					tflog.Debug(ctx, fmt.Sprintf("[DEBUG] Read freeipa hbac policy member commands %s is present in results", val))
 					changedVals = append(changedVals, val)
 				}

freeipa/host_hostgroup_membership_resource.go

@@ -252,28 +252,42 @@ func (r *HostGroupMembership) Read(ctx context.Context, req resource.ReadRequest
 	tflog.Debug(ctx, fmt.Sprintf("[DEBUG] Read hostgroup membership %s optArgs %v", data.Id.ValueString(), optArgs))
 	res, err := r.client.HostgroupShow(&reqArgs, &optArgs)
 	if err != nil {
+		if strings.Contains(err.Error(), "NotFound (4001)") {
+			resp.State.RemoveResource(ctx)
+			return
+		}
 		resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Error reading information on freeipa hostgroup %s: %s", name, err))
 		return
 	}
 
 	switch typeId {
 	case "hg":
 		v := []string{userId}
-		hostgroups := *res.Result.MemberHostgroup
-		if slices.Contains(hostgroups, v[0]) {
-			data.HostGroup = types.StringValue(v[0])
+		if res.Result.MemberHostgroup != nil {
+			hostgroups := *res.Result.MemberHostgroup
+			if slices.Contains(hostgroups, v[0]) {
+				data.HostGroup = types.StringValue(v[0])
+			} else {
+				data.HostGroup = types.StringValue("")
+				data.Id = types.StringValue("")
+			}
 		} else {
-			data.HostGroup = types.StringValue("")
-			data.Id = types.StringValue("")
+			resp.State.RemoveResource(ctx)
+			return
 		}
 	case "h":
 		v := []string{userId}
-		hosts := *res.Result.MemberHost
-		if slices.Contains(hosts, v[0]) {
-			data.Host = types.StringValue(v[0])
+		if res.Result.MemberHost != nil {
+			hosts := *res.Result.MemberHost
+			if slices.Contains(hosts, v[0]) {
+				data.Host = types.StringValue(v[0])
+			} else {
+				data.Host = types.StringValue("")
+				data.Id = types.StringValue("")
+			}
 		} else {
-			data.Host = types.StringValue("")
-			data.Id = types.StringValue("")
+			resp.State.RemoveResource(ctx)
+			return
 		}
 	case "m":
 		if !data.Hosts.IsNull() && res.Result.MemberHost != nil {
@@ -314,6 +328,10 @@ func (r *HostGroupMembership) Read(ctx context.Context, req resource.ReadRequest
 				resp.Diagnostics.AddError("Client Error", fmt.Sprintf("diag: %v\n", diag))
 			}
 		}
+		if res.Result.MemberHostgroup == nil && res.Result.MemberHost == nil {
+			resp.State.RemoveResource(ctx)
+			return
+		}
 	}
 
 	// Save updated data into Terraform state

freeipa/host_resource.go

@@ -296,6 +296,7 @@ func (r *HostResource) Create(ctx context.Context, req resource.CreateRequest, r
 	res, err := r.client.HostAdd(&args, &optArgs)
 	if err != nil {
 		resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Error creating freeipa host: %s", err))
+		return
 	}
 
 	if !data.RandomPassword.IsNull() && data.RandomPassword.ValueBool() {
@@ -335,7 +336,8 @@ func (r *HostResource) Read(ctx context.Context, req resource.ReadRequest, resp
 	res, err := r.client.HostShow(&args, &optArgs)
 	if err != nil {
 		if strings.Contains(err.Error(), "NotFound") {
-			resp.Diagnostics.AddError("Client Error", "[DEBUG] Host not found")
+			tflog.Debug(ctx, "[DEBUG] Host not found")
+			resp.State.RemoveResource(ctx)
 			return
 		} else {
 			resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Error reading freeipa host: %s", err))
@@ -623,7 +625,7 @@ func (r *HostResource) Update(ctx context.Context, req resource.UpdateRequest, r
 	}
 
 	_, err := r.client.HostMod(&args, &optArgs)
-	if err != nil {
+	if err != nil && !strings.Contains(err.Error(), "EmptyModlist (4202)") {
 		resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Error updating freeipa host: %s", err))
 	}
 

freeipa/hostgroup_resource .go

@@ -153,6 +153,7 @@ func (r *HostGroupResource) Read(ctx context.Context, req resource.ReadRequest,
 	if err != nil {
 		if strings.Contains(err.Error(), "NotFound") {
 			tflog.Debug(ctx, fmt.Sprintf("[DEBUG] Hostgroup %s not found", data.Id.ValueString()))
+			resp.State.RemoveResource(ctx)
 			return
 		} else {
 			resp.Diagnostics.AddError("Client Error", fmt.Sprintf("[DEBUG] Hostgroup %s not found: %s", data.Id.ValueString(), err))

freeipa/sudo_cmd_resource.go

@@ -148,7 +148,8 @@ func (r *SudoCmdResource) Read(ctx context.Context, req resource.ReadRequest, re
 	res, err := r.client.SudocmdShow(&args, &optArgs)
 	if err != nil {
 		if strings.Contains(err.Error(), "NotFound") {
-			resp.Diagnostics.AddError("Client Error", "[DEBUG] Sudo command not found")
+			tflog.Debug(ctx, "[DEBUG] Sudo command not found")
+			resp.State.RemoveResource(ctx)
 			return
 		} else {
 			resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Error reading freeipa sudo command: %s", err))