search

jtopjian / terraform-provider-sensu

A Terraform provider for Sensu Go
21 stars 11 forks source link

ClusterRole only supports a single rule block - Sensu Go allows multiple rules for a ClusterRole #50

Open paulchoi opened 3 years ago

paulchoi commented 3 years ago

According to https://registry.terraform.io/providers/jtopjian/sensu/latest/docs/resources/cluster_role, only one rule block is allowed.

resource "sensu_cluster_role" "cluster_role_1" {
  name = "my_role"
  rule {
    verbs = ["get", "list"]
    resource = ["checks"]
  }
}

In Sensu Go 6's ClusterRole spec, multiple rules are possible. https://docs.sensu.io/sensu-go/latest/operations/control-access/rbac/#role-example

---
type: Role
api_version: core/v2
metadata:
  name: namespaced-resources-all-verbs
  namespace: default
spec:
  rules:
  - resource_names: []
    resources:
    - assets
    - checks
    - entities
    - events
    - filters
    - handlers
    - hooks
    - mutators
    - rolebindings
    - roles
    - silenced
    verbs:
    - get
    - list
    - create
    - update
    - delete

Possible that the spec has changed for Sensu Go 6

fgouteroux commented 3 years ago

@paulchoi It's already supported, just add another rule block like 

resource "sensu_cluster_role" "cluster_role_1" {
  name = "my_role"
  rule {
    verbs = ["get", "list"]
    resource = ["checks"]
  }
  rule {
    verbs = ["get", "list"]
    resources = ["entities"]
  }
}