Comments (5)
remilapeyre
commented on August 17, 2024
2
Hi @the-nando, thanks for reporting this issue. Indeed it was expected to use policies IDs in this parameter. I don't think we can accept both name and IDs in this parameter in a backward compatible manner so I will add a validation and better documentation so that an detailled error can be returned early to the user, and work to support both names and IDs in a later major version of the provider.
from terraform-provider-consul.
remilapeyre
commented on August 17, 2024
1
Hello @the-nando, @jorgemarey, I have started to look into this issue in more depth in order to support both using an ID or a name.
The solution proposed by @jorgemarey should work and I think it may be a good short-term solution.
I have also started working a release for the provider that should address this and other long-standing issues: https://registry.terraform.io/providers/remilapeyre/consul-next/latest/docs/resources/acl_token.
I am still working on it but you should be able to use either an ID or the name with it:
resource "consul_acl_policy" "test" {
name = "test"
rules = <<-RULE
node_prefix "" {
policy = "read"
}
RULE
}
resource "consul_acl_policy" "test2" {
name = "test2"
rules = <<-RULE
node_prefix "" {
policy = "read"
}
RULE
}
resource "consul_acl_token" "test" {
policies = [
{
id = consul_acl_policy.test.id
},
{
name = consul_acl_policy.test2.name
}
]
}EDIT: if you test here I am very interested by your feedback either here or on the other repo.
from terraform-provider-consul.
const-tmp
commented on August 17, 2024
In Consul API policies by name are documented.
Provider documentation says nothing about policy IDs.
It looks very confusing.
from terraform-provider-consul.
jorgemarey
commented on August 17, 2024
Hi @remilapeyre, on the ID vs name case, I guess, at the same time you added that the policy should be a valid UUID, maybe we can change that and provide the value as an ID if it's a valid UUID or as a name otherwise. I guess this won't break for anyone, as it would be backwards compatible. Everyone right now should be providing valid UUIDs. So this would only open the scope to set the value as name if it's not a valid UUID. What do you think?
I'm open to making a PR for this if you think it's valid.
from terraform-provider-consul.
the-nando
commented on August 17, 2024
@remilapeyre would it be an option to automatically derive whether the passed value in the policies list is a UUID or a name by parsing it? Something along the lines of:
import "github.com/google/uuid"
func IsValidUUID(u string) bool {
_, err := uuid.Parse(u)
return err == nil
}
What do you think? It doesn't account for the case of someone naming his policies with UUIDs, which is a corner case I'd say.
from terraform-provider-consul.
Related Issues (20)
- [Feature Request] Native support for TFE/TFC workload identity HOT 1
- New release? HOT 4
- Access logs not able to be configured by consul_config_entry HOT 1
- resource.consul_service "async" changes after creation HOT 1
- consul_service check_id isn't optional as documented in registry HOT 1
- resource consul_prepared_query doesn't support RemoveEmptyTags in template HOT 1
- New `consul_acl_role_policy_attachment` resource
- `config_entry` should ignore `Status` key when determining diffs HOT 1
- consul_acl_role_policy_attachment causes unresponsive plugin in v2.19.0 HOT 7
- consul_config_entry_service_defaults panics when actually specifying defaults
- consul_config_entry_service_resolver: Error: time: invalid duration "" HOT 1
- Consul Provider Unable to Read Role that exists
- Missing "tls_server_name" parameter in consul_service resource HOT 1
- Tagged addresses not available when creating terraform consul_service resource
- Support CRUD operations on templated-policy HOT 2
- feature request: `data "consul_agent_config_file"`
- consul_config_entry fails with http-route kind
- failed to delete 'service' config entry: discovery chain "service" uses inconsistent protocols HOT 1
- consul_acl_role_policy_attachment does not reliably get saved in state
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-consul.