platform_permission destination property not working

[MrLuje]

Describe the bug
Deleting a platform_permission destination (https://registry.terraform.io/providers/jfrog/platform/latest/docs/resources/permission#destination) property is not working

Requirements for and issue

• Your version of artifactory (you can curl it at $host/artifactory/api/system/version (self-hosted v7.84.12)
• Your version of terraform (1.9.7)
• Your version of terraform provider (1.14)

Expected behavior
Ability to manage platform_permission destinations

terraform {
  required_providers {
    artifactory = {
      source  = "jfrog/artifactory"
      version = "12.2.0"
    }
    platform = {
      source  = "jfrog/platform"
      version = "1.14.0"
    }
  }
}

provider "platform" {
  url               = "xxx"
  access_token      = "xxx"
  myjfrog_api_token = "xxx"
}

provider "artifactory" {
  url          = "xxx"
  access_token = "xxx"
}

resource "artifactory_group" "test_mrluje" {
  name      = "test_mrluje"
  auto_join = false
}

resource "platform_permission" "test-reader" {
  name = "test-mrluje"

  artifact = {
    actions = {
      groups = [{
        name        = artifactory_group.test_mrluje.name
        permissions = ["READ"]
      }]
    }

    targets = [{
      name             = artifactory_local_helm_repository.test-mrluje.key
      include_patterns = ["**/test/**"]
    }]
  }

  destination = {
    actions = {
      groups = [{
        name        = artifactory_group.test_mrluje.name
        permissions = ["READ"]
      }]
    }

    targets = [{
      name             = artifactory_local_helm_repository.test-mrluje.key
      include_patterns = ["**/test/**"]
    }]
  }
}

resource "artifactory_local_helm_repository" "test-mrluje" {
  key             = "test-mrluje"
  repo_layout_ref = "simple-default"
}

• Next comment the destination block and apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # platform_permission.test-reader will be updated in-place
  ~ resource "platform_permission" "test-reader" {
      - destination = {
          - actions = {
              - groups = [
                  - {
                      - name        = "test_mrluje" -> null
                      - permissions = [
                          - "READ",
                        ] -> null
                    },
                ] -> null
            } -> null
          - targets = [
              - {
                  - include_patterns = [
                      - "**/test/**",
                    ] -> null
                  - name             = "test-mrluje" -> null
                },
            ] -> null
        } -> null
        name        = "test-mrluje"
        # (1 unchanged attribute hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.
╷
│ Warning: Attribute Deprecated
│ 
│   with provider["registry.terraform.io/jfrog/platform"],
│   on artifactory_test.tf line 17, in provider "platform":
│   17:   myjfrog_api_token = "xxx"
│ 
│ MyJFrog API token is deprecated. Use provider 'jfrog/myjfrog' https://registry.terraform.io/providers/jfrog/myjfrog instead.
│ 
│ (and one more similar warning elsewhere)
╵

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

platform_permission.test-reader: Modifying... [name=test-mrluje]
platform_permission.test-reader: Modifications complete after 0s [name=test-mrluje]

• Plan again

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # platform_permission.test-reader will be updated in-place
  ~ resource "platform_permission" "test-reader" {
      - destination = {
          - actions = {
              - groups = [
                  - {
                      - name        = "test_mrluje" -> null
                      - permissions = [
                          - "READ",
                        ] -> null
                    },
                ] -> null
            } -> null
          - targets = [
              - {
                  - include_patterns = [
                      - "**/test/**",
                    ] -> null
                  - name             = "test-mrluje" -> null
                },
            ] -> null
        } -> null
        name        = "test-mrluje"
        # (1 unchanged attribute hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

[alexhung]

@MrLuje Thanks for the report. I've added this to our plan to investigate.

[alexhung]

@MrLuje Just want to point out that destination does not accept repository key as name. It should be name of the edge node. See https://jfrog.com/help/r/jfrog-platform-administration-documentation/add-destinations

[alexhung]

@MrLuje I am unable to reproduce your issue. Using your TF configuration (with modification to run on my local Artifactory instance), there is no plan change after apply even using repo key in the destination.targets.name.

[MrLuje]

@alexhung Thanks for checking.
Maybe related to our artifactory version (v7.84.12), I'll try with an updated instance in the coming weeks.