Bug? Sub-projects inside Projects

[frankfulness]

For whatever reason, as I attempt to use the tableau tf provider, I don't get tf errors when applying or planning, but it doesn't work.

Just working on a POC, here is my main.tf:

# Provider configuration
terraform {
  required_providers {
    tableau = {
      source  = "GtheSheep/tableau"
      version = "0.0.23"
    }
  }
}

provider "tableau" {
  server_url     = var.server_url
  server_version = "3.19"
  username       = var.username
  password       = var.password
  site          = var.site_name
}

# Main project (keeping existing configuration)
resource "tableau_project" "test_project" {
  name                = "Terraform Test Project"
  description         = "Testing Terraform connectivity"
  content_permissions = "ManagedByOwner"
}

# Create test user
resource "tableau_user" "test_user" {
  name         = var.test_user_email
  site_role    = "Explorer"
  auth_setting = "SAML"
  email        = var.test_user_email
  full_name    = "Test User"  # Set the correct name directly
}

# Create group
resource "tableau_group" "test_group" {
  name              = "Test Analysis Group"
  minimum_site_role = "Viewer"
}

# Add user to group
resource "tableau_group_user" "test_group_membership" {
  group_id = tableau_group.test_group.id
  user_id  = tableau_user.test_user.id
}

# Set main project permissions for group
resource "tableau_project_permission" "test_group_permissions" {
  project_id      = tableau_project.test_project.id
  group_id        = tableau_group.test_group.id
  capability_name = "Write"
  capability_mode = "Allow"
}

# Public access project with default visibility
resource "tableau_project" "public_project" {  # Renamed to avoid state conflicts
  name                = "TF Test Project - Public Access"
  description         = "Project accessible to all users"
  content_permissions = "LockedToProject"  # Set during creation
}

# Restricted access project
resource "tableau_project" "restricted_project" {  # Renamed to avoid state conflicts
  name                = "TF Test Project - Restricted Access"
  description         = "Project accessible only to test group members"
  content_permissions = "ManagedByOwner"
}

# Set permissions for restricted project
resource "tableau_project_permission" "group_restricted_project_access" {
  project_id      = tableau_project.restricted_project.id
  capability_name = "Read"
  capability_mode = "Allow"
  group_id        = tableau_group.test_group.id
}

Obviously all my env variables are there and no errors occur, but when I go look in Tableau cloud, instead of it creating the one Project and then the public and not public sub directories, it just creates them all at the highest level. I'm confused why it's ignoring what is there? Or what I'm missing. Because I even attempted to use parent_project_id attribute etc and it just doesn't work for me?

I can use your provider to create a project, provision a user, create a user group and assign the user to it, and then handle permissions, but it's the project nested aspect that doesn't work. Is it not possible to do with your provider?

I did look at Ai after attempting to write this: and it just says on repeat: it seems that even though the Tableau REST API supports nested projects, the current version of the GtheSheep/tableau provider (v0.0.23) may not fully implement this functionality. Even though it accepts the parent_project_id parameter, it's not actually creating the nested structure as expected.

Is there a bug with the provider ignoring? I saw one other issue, but they seemed to be able to create the sub directory in it no problem (though they did not seem to share their code.

Anyways, I think it's a bug or I'm lacking in understanding, but the repo as well as the awesome Medium article didn't really help me see how to resolve it.

Thanks for everything, including making this and sharing it open source!

[GtheSheep]

Hey, thanks for all the detail on this issue, this is super helpful!
I know there was the other mention of it, but tbh never got round to checking it out myself, but can use what you've provided to take a look, so will do! Tis probably a bug as it's not something I've tried to do/ am testing right now

[frankfulness]

That's amazing @GtheSheep ! If you want to pair or need help, I'm fascinated by what your provided with Go and understanding of working between Terraform / IaC and Tableau itself. I couldn't find any means to get ahold of you and connect too. Seems super useful.

I'd love to be of any help that I can to learn from your experience creating this TF provider and working with it.

[GtheSheep]

Anytime! 🙂 always happy to pair or accept contributions on these things, I start more things than I can maintain sometimes 😅 My LinkedIn if you'd like to connect

I'm trying out the code provided above, but with the parent_project_id set as so below, and it seems to be giving me the expected result? The only difference I can think of is I'm logging in with Tokens rather than username/ pwd which may be playing strangely with the default permissions of the parent project but... seems unlikely? Tbh I try these API calls out in Python/ a Jupyter notebook first, so if you could try the code below and just lmk what you see that would be helpful, and with token auth if possible?

terraform {
  required_providers {
    tableau = {
      source  = "GtheSheep/tableau"
      version = "0.0.23"
    }
  }
}

provider "tableau" {
  server_url = var.site_url
  server_version = "3.19"
  personal_access_token_name = var.pat_name
  personal_access_token_secret = var.pat_secret
  site = var.site_name
}

# Main project (keeping existing configuration)
resource "tableau_project" "test_project" {
  name                = "Terraform Test Project"
  description         = "Testing Terraform connectivity"
  content_permissions = "ManagedByOwner"
}

# Create test user
resource "tableau_user" "test_user" {
  name         = var.test_user_email
  site_role    = "Explorer"
  auth_setting = "SAML"
  email        = var.test_user_email
  full_name    = "Test User"  # Set the correct name directly
}

# Create group
resource "tableau_group" "test_group" {
  name              = "Test Analysis Group"
  minimum_site_role = "Viewer"
}

# Add user to group
resource "tableau_group_user" "test_group_membership" {
  group_id = tableau_group.test_group.id
  user_id  = tableau_user.test_user.id
}

# Set main project permissions for group
resource "tableau_project_permission" "test_group_permissions" {
  project_id      = tableau_project.test_project.id
  group_id        = tableau_group.test_group.id
  capability_name = "Write"
  capability_mode = "Allow"
}

# Public access project with default visibility
resource "tableau_project" "public_project" {  # Renamed to avoid state conflicts
  name                = "TF Test Project - Public Access"
  description         = "Project accessible to all users"
  content_permissions = "LockedToProject"  # Set during creation
  parent_project_id = tableau_project.test_project.id <-------------------- Added
}

# Restricted access project
resource "tableau_project" "restricted_project" {  # Renamed to avoid state conflicts
  name                = "TF Test Project - Restricted Access"
  description         = "Project accessible only to test group members"
  content_permissions = "ManagedByOwner"
  parent_project_id = tableau_project.test_project.id <-------------------- Added
}

# Set permissions for restricted project
resource "tableau_project_permission" "group_restricted_project_access" {
  project_id      = tableau_project.restricted_project.id
  capability_name = "Read"
  capability_mode = "Allow"
  group_id        = tableau_group.test_group.id
}