[BUG] rancher2_principal data source returns wrong result #1330
Description
Rancher Server Setup
- Rancher version:
2.7.9+master - Installation option (Docker install/Helm Chart):
- If Helm Chart, Kubernetes Cluster and version (RKE1, RKE2, k3s, EKS, etc):
Helm,RKE2 1.26
- If Helm Chart, Kubernetes Cluster and version (RKE1, RKE2, k3s, EKS, etc):
- Proxy/Cert Details:
Information about the Cluster
- Kubernetes version:
RKE2 1.26 - Cluster Type (Local/Downstream):
- If downstream, what type of cluster? (Custom/Imported or specify provider for Hosted/Infrastructure Provider):
Imported
- If downstream, what type of cluster? (Custom/Imported or specify provider for Hosted/Infrastructure Provider):
User Information
- What is the role of the user logged in?
Admin
Provider Information
- What is the version of the Rancher v2 Terraform Provider in use?
master - What is the version of Terraform in use?
1.7.5
Describe the bug
When using the data source rancher2_principal to search for an LDAP user, sometimes it returns the wrong result if the inputted name has multiple matched results
To Reproduce
- Add LDAP auth method, add 3 users with one's name is a subset string of the others, for example:
nguyenp,nguyenpg,nguyenptt2 - Terraform code:
// data "rancher2_principal" "test" { provider = rancher2.ldap type = "user" name = "nguyenp" } // output "test_result" { value = data.rancher2_principal.test }
Actual Result
Principal of user nguyenpg
Expected Result
Principal of user nguyenp
Screenshots
Additional context
Actually, the provider did nothing except pick the first element in the list that returned from Rancher API, but that list
is unsorted or just in random order. Therefore, picking the first element is not the best way.
I also tested my guess by using Rancher API page at <server_address>/v3/principals, and the result is:
#cURL command line:
curl -u "${CATTLE_ACCESS_KEY}:${CATTLE_SECRET_KEY}" \
-X POST \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
'https://rancher-dev.example.com/v3/principals?action=search'
#HTTP Request:
HTTP/1.1 POST /v3/principals?action=search
Host: rancher-dev.example.com
Accept: application/json
Content-Type: application/json
Content-Length: 41
{
"name": "nguyenp",
"principalType": "user"
}
#HTTP Response:
HTTP/1.1 200
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json
date: Thu, 28 Mar 2024 04:21:15 GMT
expires: Wed 24 Feb 1982 18:42:00 GMT
server: nginx, 2298
strict-transport-security: max-age=15724800; includeSubDomains
x-api-cattle-auth: true
x-api-schemas: https://rancher-dev.example.com/v3/schemas
x-content-type-options: nosniff
x-firefox-spdy: h2
{
"filters": {
"created": null,
"creatorId": null,
"id": null,
"loginName": null,
"me": null,
"memberOf": null,
"name": null,
"principalType": null,
"profilePicture": null,
"profileURL": null,
"provider": null,
"removed": null,
"uuid": null
},
"resourceType": ["principal"],
"data": [ 3 items
{
"baseType": "principal",
"created": null,
"creatorId": null,
"id": ["openldap_user://cn=nguyenpg,ou=ou1,dc=example,dc=com"],
"links": {
"self": ["…/v3/principals/openldap_user:%2F%2Fcn=nguyenpg%2Cou=ou1%2Cdc=example%2Cdc=com"],
},
"loginName": "nguyenpg",
"me": true,
"memberOf": false,
"name": "nguyenpg",
"principalType": "user",
"provider": "openldap",
"type": ["principal"]
},
{
"baseType": "principal",
"created": null,
"creatorId": null,
"id": ["openldap_user://cn=nguyenptt2,ou=ou1,dc=example,dc=com"],
"links": {
"self": ["…/v3/principals/openldap_user:%2F%2Fcn=nguyenptt2%2Cou=ou1%2Cdc=example%2Cdc=com"],
"loginName": "nguyenptt2",
"me": true,
"memberOf": false,
"name": "nguyenptt2",
"principalType": "user",
"provider": "openldap",
"type": ["principal"],
},
{
"baseType": "principal",
"created": null,
"creatorId": null,
"id": ["openldap_user://cn=nguyenp,ou=ou1,dc=example,dc=com"],
"links": {
"self": ["…/v3/principals/openldap_user:%2F%2Fcn=nguyenp%2Cou=ou1%2Cdc=example%2Cdc=com"],
},
"loginName": "nguyenp",
"me": true,
"memberOf": false,
"name": "nguyenp",
"principalType": "user",
"provider": "openldap",
"type": ["principal"],
}
]
}