Error: failed to change group rule status: the API returned an unknown error

Hey all,

Currently doing a piece of work with importing our group rules into terraform (yay such fun!) just wanted to spot check a couple of rules to see if they would update accordingly. When running the apply I’m getting the following error:

Error: failed to change group rule status: the API returned an unknown error

│ with okta_group_rule.rules[“Okta - Rule1”],
│ on group_rules.tf line 1, in resource “okta_group_rule” “rules”:
│ 1: resource “okta_group_rule” “rules” {

When doing a plan I’m not getting any errors or seeing any issues that could be causing this, I have tried the following.

  • Switched the rule to deactivate via the UI
  • Removed the resource from state and than re-imported with the status of “Inactive”
  • Issue still prevailed
  • Added the super admin role to the app to see if that was an issue, this didn’t fix the issue

Anyone got any ideas/tips ?

I’m not able to reproduce the unknown error behavior. Can you successfully create a new group rule with Terraform and the problem is only changing status, or does rule creation fail as well?

What scopes have you set in the okta API scopes tab of your terraform application, and have you made sure they match the list of scopes specified in your provider config?

Have you tried using the group rule data source (Terraform Registry) to examine one of your existing group rules from terraform?

Did you hand-write the group rule configs that you’re changing, or use terraform import?

Sorry to not have an easy fix here!

1 Like