search

rancher / terraform-provider-rancher2

Terraform Rancher2 provider
https://www.terraform.io/docs/providers/rancher2/
Mozilla Public License 2.0
253 stars 218 forks source link

Add inherited_cluster_roles attribute to global_role #1242

Closed pmatseykanets closed 9 months ago

pmatseykanets commented 9 months ago

Issue:

https://github.com/rancher/rancher/issues/42967

Problem

inheritedClusterRoles is a new field in global roles. We should be able to set it using rancher terraform provider when creating/updating a global role resource.

Solution

A new attribute inherited_cluster_roles was added to the global role.

Testing

Check that inherited_cluster_roles attribute is correctly populated when a global role is created/updated.

Engineering Testing

Manual Testing

Used a local build of the rancher terraform provider against a local k8s cluster v1.27.4+k3s1 running rancher v2.8 HEAD (c7af81ec9c55b) to create and update a global role with inherited cluster roles.

resource "rancher2_global_role" "test-global-role" {
    name = "test-global-role"
    description = "test-global-role"
    new_user_default = false
    rules {
      api_groups = ["*"]
      resources = ["secrets"]
      verbs = ["create"]
    }
    inherited_cluster_roles = ["cluster-owner"]
}
terraform plan -var-file rancher.tfvars -auto-approve
...
Terraform will perform the following actions:

  # rancher2_global_role.test-global-role will be created
  + resource "rancher2_global_role" "test-global-role" {
      + annotations             = (known after apply)
      + builtin                 = (known after apply)
      + description             = "test-global-role"
      + id                      = (known after apply)
      + inherited_cluster_roles = [
          + "cluster-owner",
        ]
      + labels                  = (known after apply)
      + name                    = "test-global-role"
      + new_user_default        = false

      + rules {
          + api_groups = [
              + "*",
            ]
          + resources  = [
              + "secrets",
            ]
          + verbs      = [
              + "create",
            ]
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.
rancher2_global_role.test-global-role: Creating...
rancher2_global_role.test-global-role: Creation complete after 4s [id=gr-xt2jb]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
k get globalrole gr-xt2jb -o yaml
apiVersion: management.cattle.io/v3
description: test-global-role
displayName: test-global-role
inheritedClusterRoles:
- cluster-owner
kind: GlobalRole
...

Automated Testing

Unit tests updated to cover the new attribute.

QA Testing Considerations

Regressions Considerations