Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding Space Managers with Multiple Origins #535

Open
brahammittal opened this issue Oct 26, 2023 · 15 comments
Open

Adding Space Managers with Multiple Origins #535

brahammittal opened this issue Oct 26, 2023 · 15 comments

Comments

@brahammittal
Copy link

We are using Cloud foundry provider with SAP BTP provider
I am trying to add a space manager which is allowed to login with multiple origins. I get the below error
"The user exists in multiple origins"

There is no option to pass the origin of the user.

@pirnz
Copy link

pirnz commented Oct 30, 2023

+1

cloudfoundry_org_users and cloudfoundry_space_users resources don't support multiple origins.

Example error:

│ Error: The user exists in multiple origins. Specify an origin for the requested user from: 'origin1-name', 'origin2-name'
│ 
│   with cloudfoundry_org_users.org-managers[11],
│   on main.tf line 177, in resource "cloudfoundry_org_users" "org-managers":
│  177: resource "cloudfoundry_org_users" "org-managers" {
│ 

@tcasteli
Copy link

tcasteli commented Dec 6, 2023

+1

We have the exact same issue in SAP BTP

@saard
Copy link

saard commented Jan 18, 2024

+1

@ejakins
Copy link

ejakins commented Feb 12, 2024

+1

The ability to specify the origin should be added.

Required for many enterprise applications. Where there can be multiple IdPs for a given user.

The "origin" variable was added for the cloudfoundry provider recently. Can this be included for org managers/users as well please? 🙏🏾

@lemaiwo
Copy link

lemaiwo commented Feb 27, 2024

+1 same here for BTP

@linda-sap
Copy link

+1
also for BTP

@vobu
Copy link

vobu commented Mar 14, 2024

+1

1 similar comment
@gregorwolf
Copy link

+1

@Kartheeko07
Copy link

+1
needed for SAP BTP

@yanniks
Copy link

yanniks commented Apr 22, 2024

Is there any workaround for this issue?

@Mohit-21
Copy link

Mohit-21 commented May 7, 2024

+1
Facing the same issue.
Not able to specify the origin.

Example error:
cloudfoundry_org_users.ou1: Creating...

│ Error: The user exists in multiple origins. Specify an origin for the requested user from: 'sap.ids', 'sap.default'

│ with cloudfoundry_org_users.ou1,
│ on main.tf line 1, in resource "cloudfoundry_org_users" "ou1":
│ 1: resource "cloudfoundry_org_users" "ou1" {

@ignipae
Copy link

ignipae commented Jun 28, 2024

+1

1 similar comment
@mpechkurov
Copy link

+1

@mpechkurov
Copy link

@loafoe could you help with this changes?
Thanks

@Surrogard
Copy link

Surrogard commented Nov 19, 2024

+1

We found a workaround: You can use the cf command line tool to add these users. What we did was create a resource with the "local-exec" provisioner. You need to do a login first and can then use "set-space-role" to set SpaceManager, SpaceDeveloper or SpaceAuditor and "set-org-role" for OrgManager, BillingManager or OrgAuditor roles.

// Local variables
locals {
     org_managers = ["[email protected]", "[email protected]", "[email protected]"]
}

// Log in CF
resource "null_resource" "cf_login" {
    depends_on = [btp_subaccount_environment_instance.cloudfoundry]
    provisioner "local-exec" {
        command = <<-EOT
            cf login -a ${var.cf_api_url} -u ${var.username} -p ${var.password} -o ${var.cf_org_name}
        EOT
    }
}

// Add org managers
resource "null_resource" "org_managers" {
    depends_on = [null_resource.cf_login]
    for_each = org_managers
    provisioner "local-exec" {
        command = <<-EOT
            cf set-org-role ${each.key} ${var.cf_org_name} OrgManager --origin sap.ids
        EOT
    }
}

Please be aware this is only a workaround and should not be used as permanent solution as it has drawbacks:

  • if you use terraform destroy this will NOT remove the roles from the user. If you want to achieve that you need to use a second local-exec with the argument when = destroy and a cf command using unset-space-role or unset-org-role
  • Terraform cannot check the state of this and will run this command every time an apply is run. I can currently not test if that creates errors, so please test.
  • This will most definitely interfere with already existing setups, so use with care (and a plan beforehand) !!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests