Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add iamMember to access for BigQuery dataset #16288

Closed
syou6162 opened this issue Oct 17, 2023 · 1 comment
Closed

Add iamMember to access for BigQuery dataset #16288

syou6162 opened this issue Oct 17, 2023 · 1 comment
Labels
bug forward/linked service/bigquery

Comments

@syou6162
Copy link

syou6162 commented Oct 17, 2023
edited by modular-magician
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

  • Terraform Version: 1.5.5
  • provider version:
    • hashicorp/google: v5.2.0
    • hashicorp/google-beta: v5.2.0

Affected Resource(s)

  • google_bigquery_dataset

Terraform Configuration Files

This is the setting before modification.

resource "google_bigquery_dataset" "dataset" {
  dataset_id                  = "example_dataset"
  friendly_name               = "test"
  description                 = "This is a test description"
  location                    = "EU"
  default_table_expiration_ms = 3600000

  labels = {
    env = "default"
  }

  access {
    role          = "READER"
    group_by_email = "my-group@my_company.com"
  }
}

Here is the modified configuration, only the description has been changed.

resource "google_bigquery_dataset" "dataset" {
  dataset_id                  = "example_dataset"
  friendly_name               = "test"
  description                 = "This is a test description modified for testing"
  location                    = "EU"
  default_table_expiration_ms = 3600000

  labels = {
    env = "default"
  }

  access {
    role          = "READER"
    group_by_email = "my-group@my_company.com"
  }
}

Expected Behavior

I am hoping that terraform apply will work correctly and the BigQuery dataset description will change.

Actual Behavior

You are about to run terraform apply to change the description of a dataset. Suppose that the Google Group listed in the access field has been deleted before terraform apply is executed. When you run terraform apply, it will fail with the following error

│ Error: Error updating Dataset "projects/my-project/datasets/example_dataset": googleapi: Error 400: An access entry must have exactly one of userByEmail, groupByEmail, domain, specialGroup defined, view, routine, or dataset., invalid
│ 
│   with google_bigquery_dataset.example_dataset,
│   on google_bigquery_dataset.tf line 256, in resource "google_bigquery_dataset" "example_dataset":
│  256: resource "google_bigquery_dataset" "example_dataset" {

When I went to look at the status of the dataset with the bq command, I found the following.

% bq show --format=prettyjson my-project:example_dataset | jq .access 
[
  {
    "iamMember": "deleted:group:my-group@my_company.com?uid=123456789",
    "role": "READER"
  }
]

This is what it looked like before I deleted the relevant group.

% bq show --format=prettyjson my-project:example_dataset | jq .access 
[
  {
    "groupByEmail": "my-group@my_company.com",
    "role": "READER"
  }
]

Reading the source code, I think the resource_bigquery_dataset is missing iamMember, which is causing the above error. The google_bigquery_dataset_iam_member also covers iamMember, so terrafrom apply will not fail if the google group is deleted as well.

Steps to Reproduce

  1. Create BigQuery dataset by google_bigquery_dataset with a google group by terraform apply
  2. Delete the google group
  3. Update the description of BigQuery dataset for google_bigquery_dataset by terraform apply

References

b/306360469
@syou6162 syou6162 added the bug label Oct 17, 2023
@github-actions github-actions bot added forward/review In review; remove label to forward service/bigquery labels Oct 17, 2023
@syou6162 syou6162 mentioned this issue Oct 17, 2023
Merged
@edwardmedia edwardmedia removed the forward/review In review; remove label to forward label Oct 17, 2023
This was referenced Oct 20, 2023
Merged
Merged
Merged
@github-actions GitHub Actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug forward/linked service/bigquery
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@syou6162 @modular-magician @edwardmedia