Merge remote-tracking branch 'origin/master' into docs-acl-token

hashicorp · Oct 23, 2023 · 05bf832 · 05bf832
2 parents 9291d46 + 1207b10
commit 05bf832
Show file tree

Hide file tree

Showing 28 changed files with 1,057 additions and 478 deletions.
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -10,22 +10,22 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        go-version: [1.20.x, 1.21.x]
+        consul-version: [1.16.2, 1.17.0-rc1]
         os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:
     - name: Install Go
       uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
       with:
-        go-version: ${{ matrix.go-version }}
+        go-version: 1.21.x
     - name: Checkout code
       uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
     - name: Run go tests
       run: make test
     - name: Run OSS acceptance tests
       run: |
-        curl -LO https://releases.hashicorp.com/consul/1.16.2/consul_1.16.2_linux_amd64.zip
-        sudo unzip consul_1.16.2_linux_amd64.zip consul -d /usr/local/bin
+        curl -LO https://releases.hashicorp.com/consul/${{ matrix.consul-version }}/consul_${{ matrix.consul-version }}_linux_amd64.zip
+        sudo unzip consul_${{ matrix.consul-version }}_linux_amd64.zip consul -d /usr/local/bin
         SKIP_REMOTE_DATACENTER_TESTS=1 make testacc TESTARGS="-count=1"
     - name: Run go vet
       run: make vet
@@ -36,7 +36,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
       with:
-        go-version: 1.20.x
+        go-version: 1.21.x
     - name: Checkout code
       uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
     - name: Install tfplugindocs

diff --git a/consul/data_source_consul_acl_role.go b/consul/data_source_consul_acl_role.go
@@ -13,72 +13,123 @@ func dataSourceConsulACLRole() *schema.Resource {
 	return &schema.Resource{
 		Read: datasourceConsulACLRoleRead,
 
+		Description: "The `consul_acl_role` data source returns the information related to a [Consul ACL Role](https://www.consul.io/api/acl/roles.html).",
+
 		Schema: map[string]*schema.Schema{
 			// Filters
 			"name": {
-				Type:     schema.TypeString,
-				Required: true,
+				Type:        schema.TypeString,
+				Description: "The name of the ACL Role.",
+				Required:    true,
 			},
 			"namespace": {
-				Type:     schema.TypeString,
-				Optional: true,
+				Type:        schema.TypeString,
+				Description: "The namespace to lookup the role.",
+				Optional:    true,
 			},
 			"partition": {
-				Type:     schema.TypeString,
-				Optional: true,
+				Type:        schema.TypeString,
+				Description: "The partition to lookup the role.",
+				Optional:    true,
 			},
 
 			// Out parameters
 			"description": {
-				Type:     schema.TypeString,
-				Computed: true,
+				Type:        schema.TypeString,
+				Description: "The description of the ACL Role.",
+				Computed:    true,
 			},
 			"policies": {
-				Type:     schema.TypeList,
-				Computed: true,
+				Type:        schema.TypeList,
+				Description: "The list of policies associated with the ACL Role.",
+				Computed:    true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"name": {
-							Computed: true,
-							Type:     schema.TypeString,
+							Computed:    true,
+							Type:        schema.TypeString,
+							Description: "The name of the policy.",
 						},
 						"id": {
-							Computed: true,
-							Type:     schema.TypeString,
+							Computed:    true,
+							Type:        schema.TypeString,
+							Description: "The ID of the policy.",
 						},
 					},
 				},
 			},
 			"service_identities": {
-				Type:     schema.TypeList,
-				Computed: true,
+				Type:        schema.TypeList,
+				Description: "The list of service identities associated with the ACL Role.",
+				Computed:    true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"service_name": {
-							Type:     schema.TypeString,
-							Optional: true,
+							Type:        schema.TypeString,
+							Description: "The name of the service.",
+							Optional:    true,
 						},
 
 						"datacenters": {
-							Type:     schema.TypeSet,
-							Optional: true,
-							Elem:     &schema.Schema{Type: schema.TypeString},
+							Type:        schema.TypeSet,
+							Description: "Specifies the datacenters the effective policy is valid within.",
+							Optional:    true,
+							Elem:        &schema.Schema{Type: schema.TypeString},
 						},
 					},
 				},
 			},
 			"node_identities": {
-				Type:     schema.TypeList,
-				Computed: true,
+				Type:        schema.TypeList,
+				Description: "The list of node identities associated with the ACL Role.",
+				Computed:    true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"node_name": {
-							Type:     schema.TypeString,
-							Computed: true,
+							Type:        schema.TypeString,
+							Description: "The name of the node.",
+							Computed:    true,
 						},
 						"datacenter": {
-							Type:     schema.TypeString,
-							Computed: true,
+							Type:        schema.TypeString,
+							Description: "Specifies the nodes datacenter. This will result in effective policy only being valid in that datacenter.",
+							Computed:    true,
+						},
+					},
+				},
+			},
+			"templated_policies": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "The list of templated policies that should be applied to the token.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"template_name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The name of the templated policies.",
+						},
+						"template_variables": {
+							Type:        schema.TypeList,
+							Description: "The templated policy variables.",
+							Computed:    true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"name": {
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "The name of node, workload identity or service.",
+									},
+								},
+							},
+						},
+						"datacenters": {
+							Type:        schema.TypeList,
+							Computed:    true,
+							Description: "Specifies the datacenters the effective policy is valid within.",
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
 						},
 					},
 				},
@@ -123,13 +174,23 @@ func datasourceConsulACLRoleRead(d *schema.ResourceData, meta interface{}) error
 		}
 	}
 
+	templatedPolicies := make([]map[string]interface{}, len(role.TemplatedPolicies))
+	for i, tp := range role.TemplatedPolicies {
+		templatedPolicies[i] = map[string]interface{}{
+			"template_name":      tp.TemplateName,
+			"datacenters":        tp.Datacenters,
+			"template_variables": getTemplateVariables(tp),
+		}
+	}
+
 	d.SetId(role.ID)
 
 	sw := newStateWriter(d)
 	sw.set("description", role.Description)
 	sw.set("policies", policies)
 	sw.set("service_identities", identities)
 	sw.set("node_identities", nodeIdentities)
+	sw.set("templated_policies", templatedPolicies)
 
 	return sw.error()
 }
diff --git a/consul/data_source_consul_acl_role_test.go b/consul/data_source_consul_acl_role_test.go
@@ -11,7 +11,7 @@ import (
 )
 
 func TestAccDataACLRole_basic(t *testing.T) {
-	providers, _ := startTestServer(t)
+	providers, client := startTestServer(t)
 
 	resource.Test(t, resource.TestCase{
 		Providers: providers,
@@ -37,6 +37,20 @@ func TestAccDataACLRole_basic(t *testing.T) {
 					resource.TestCheckResourceAttr("data.consul_acl_role.test", "service_identities.0.service_name", "foo"),
 				),
 			},
+			{
+				Config:   testAccDataSourceACLRoleConfigBasicTemplatedPolicies,
+				SkipFunc: skipIfConsulVersionLT(client, "1.17.0"),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "templated_policies.#", "2"),
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "templated_policies.0.datacenters.#", "1"),
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "templated_policies.0.datacenters.0", "world"),
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "templated_policies.0.template_variables.#", "1"),
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "templated_policies.0.template_variables.0.name", "web"),
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "templated_policies.0.template_name", "builtin/service"),
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "templated_policies.1.template_variables.#", "0"),
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "templated_policies.1.template_name", "builtin/dns"),
+				),
+			},
 		},
 	})
 }
@@ -70,13 +84,14 @@ func TestAccDataACLRole_namespaceEE(t *testing.T) {
 	})
 }
 
-const testAccDataSourceACLRoleConfigNotFound = `
+const (
+	testAccDataSourceACLRoleConfigNotFound = `
 data "consul_acl_role" "test" {
 	name = "not-found"
 }
 `
 
-const testAccDataSourceACLRoleConfigBasic = `
+	testAccDataSourceACLRoleConfigBasic = `
 resource "consul_acl_policy" "test-read" {
 	name = "test-role"
 	rules = "node \"\" { policy = \"read\" }"
@@ -105,14 +120,57 @@ data "consul_acl_role" "test" {
 	name = consul_acl_role.test.name
 }
 `
-const testAccDataSourceACLRoleConfigNamespaceCE = `
+
+	testAccDataSourceACLRoleConfigBasicTemplatedPolicies = `
+resource "consul_acl_policy" "test-read" {
+	name = "test-role"
+	rules = "node \"\" { policy = \"read\" }"
+	datacenters = [ "dc1" ]
+}
+
+resource "consul_acl_role" "test" {
+	name      = "foo"
+	description = "bar"
+
+	policies = [
+		consul_acl_policy.test-read.id
+	]
+
+	service_identities {
+		service_name = "foo"
+	}
+
+	node_identities {
+		node_name = "hello"
+		datacenter = "world"
+	}
+
+	templated_policies {
+		template_name = "builtin/service"
+		datacenters = ["world"]
+		template_variables {
+			name = "web"
+		}
+	}
+
+	templated_policies {
+		template_name = "builtin/dns"
+		datacenters = ["world"]
+	}
+}
+
+data "consul_acl_role" "test" {
+	name = consul_acl_role.test.name
+}
+`
+	testAccDataSourceACLRoleConfigNamespaceCE = `
 data "consul_acl_role" "test" {
   name      = "test"
   namespace = "test-data-role"
 }
 `
 
-const testAccDataSourceACLRoleConfigNamespaceEE = `
+	testAccDataSourceACLRoleConfigNamespaceEE = `
 resource "consul_namespace" "test" {
   name = "test-data-role"
 }
@@ -142,3 +200,4 @@ data "consul_acl_role" "test" {
   namespace = consul_namespace.test.name
 }
 `
+)