Change engineer to any other role

[pavelpulec]

Terraform Version

Terraform v1.7.4
on linux_amd64

Affected Fastly Terraform Resource(s)

Please list the affected resources, for example:

• fastly_user

Terraform Configuration Files

terraform {
  required_providers {
    fastly = {
      source  = "fastly/fastly"
      version = "5.6.0"
    }
  }
}

variable "role" {
  default = "engineer"
}

resource "fastly_user" "this" {
  login = "[email protected]"
  name  = "Mr. Example"
  role  = var.role
}

resource "fastly_service_authorization" "this" {
  count      = var.role == "engineer" ? 1 : 0
  service_id = "<service_id>"
  user_id    = fastly_user.this.id
  permission = "full"
}

Expected Behavior

Terraform fails to change a role for existing users from engineer to anything else (e.g. user). The Terraform run fails with:

│ Error: 400 - Bad Request:
│ 
│     Title:  Record invalid
│     Detail: Role 'user' is not allowed to be service limited
│     RateLimitRemaining: 988
│     RateLimitReset:     1709467200
│ 
│   with fastly_user.this,
│   on example.tf line 14, in resource "fastly_user" "this":
│   14: resource "fastly_user" "this" {

I would expect that when all service authorizations are removed, then I will be able to change the role by Terraform without any manual intervention.

Actual Behavior

Terraform fails that the role user is not allowed to be service limited.

There is a manual workaround to go to Fastly UI, find user, check his access control and choose Access all services as it can be seen in the picture below.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply
2. Change a role in the variable role to user
3. terraform apply