search

hashicorp / terraform-provider-consul

Terraform Consul provider
https://www.terraform.io/docs/providers/consul/
Mozilla Public License 2.0
124 stars 113 forks source link

Support both UUIDs and names in consul_acl_role.policies #363

Closed remilapeyre closed 10 months ago

remilapeyre commented 11 months ago

The consul_acl_role attribute policies only support UUIDs like:

resource "consul_acl_policy" "read-policy" {
  name        = "read-policy"
  rules       = "node \"\" { policy = \"read\" }"
}

resource "consul_acl_role" "read" {
  name        = "foo"

  policies = [
    consul_acl_policy.read-policy.id
  ]
}

This differs from the Consul API payload where the Policies attribute is actually a list of objects, not a list of strings:

{
  "Name": "example-role",
  "Policies": [
    {
      "ID": "783beef3-783f-f41f-7422-7087dc272765"
    }
  ]
}

This makes it possible to set the policies using either the ID, or the name:

{
  "Name": "example-role",
  "Policies": [
    {
      "ID": "783beef3-783f-f41f-7422-7087dc272765"
    },
    {
      "Name: "Test"
    }
  ]
}

This is not supported by the consul_acl_role resource.

Not being able to add a policy using its name makes things harder for users and hanging its schema to make policies a list of objects would be best, but it would also break the backward compatibility of the provider which I always try not to.

This patch makes it possible possible to use either and tries first to fetch the corresponding policy using the ID, then using the name.

resourceConsulACLRoleRead() is also updated to set the correct value in Terraform so that we don't have a perpetual diff.

Closes https://github.com/hashicorp/terraform-provider-consul/issues/344.