Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[datadog_service_account] Role-assignment improvements for service accounts #2434

Merged
merged 10 commits into from
Jul 5, 2024
Merged

[datadog_service_account] Role-assignment improvements for service accounts #2434

merged 10 commits into from
Jul 5, 2024

Conversation

retsguj
Copy link
Contributor

@retsguj retsguj commented Jun 11, 2024
edited
Loading

https://datadoghq.atlassian.net/browse/ACCESS-2568

datadog_user_role already allows for roles to be assigned to service accounts, luckily.

@retsguj retsguj marked this pull request as ready for review June 12, 2024 00:12
@retsguj retsguj requested review from a team as code owners June 12, 2024 00:12
@retsguj
Copy link
Contributor Author

retsguj commented Jun 12, 2024

Am having a hard time figuring out what I broke in the tests...

srosenthal-dd
srosenthal-dd previously approved these changes Jun 12, 2024
View reviewed changes
Copy link
Member

@srosenthal-dd srosenthal-dd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ I tested locally the scenarios that I cared about:

Assigning and unassigning a role to a service account with datadog_user_role:

resource "datadog_user_role" "dur1" {
  role_id = data.datadog_role.admin.id
  user_id = data.datadog_user.svc_acct_2.id
}

Updating the roles on a service account with datadog_service_account:

resource datadog_service_account svc_acct_2 {
  email = "[email protected]"
  name  = "Stephen TF test 2"
  roles = [data.datadog_role.admin.id] # or [data.datadog_role.admin2.id]
}

... and ensuring that additions happen before removals, and the roles can be omitted and set via datadog_user_role instead.

One suggestion: can you update the docs that talk about "Conflicts may occur if used together with" to refer to both datadog_user and datadog_service_account? It looks like the source for that is

terraform-provider-datadog/datadog/fwprovider/resource_datadog_user_role.go

Line 51 in 835587c

Description: "Provides a Datadog UserRole resource. This can be used to create and manage Datadog User Roles. Conflicts may occur if used together with the `datadog_user` resource's `roles` attribute. This resource is in beta and is subject to change.",
but it's also in a (generated?) Markdown file

@srosenthal-dd
Copy link
Member

(I'm also not sure about the test failures at a glance, looks like you'll have to read them in more detail)

@retsguj retsguj requested a review from a team as a code owner June 14, 2024 17:47
@retsguj retsguj changed the title [ACCESS-2568] Role-assignment improvements for service accounts [datadog_service_account] Role-assignment improvements for service accounts Jun 14, 2024
brett0000FF
brett0000FF previously approved these changes Jun 14, 2024
View reviewed changes
brett0000FF
brett0000FF previously approved these changes Jun 18, 2024
View reviewed changes
wangwillson1
wangwillson1 approved these changes Jul 3, 2024
View reviewed changes
Copy link
Contributor

@wangwillson1 wangwillson1 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code looks good to me, and basic functionality works too (assigning roles to service accounts without overwriting, creating new service accounts with/without roles)

i wasn't able to get the exact_match attribute working on my machine for reasons unknown, so i would appreciate if someone else could test for me 😄 maybe some unit tests for this attribute could be helpful

@srosenthal-dd
Copy link
Member

✅ Re-tested locally today with the latest code and it worked well for me. Good to ship as far as I'm concerned.

@nkzou nkzou merged commit 19c9189 into master Jul 5, 2024
10 checks passed
@nkzou nkzou deleted the julia.gu/service-account-roles branch July 5, 2024 20:20
bharling pushed a commit to bharling/terraform-provider-datadog that referenced this pull request Jul 8, 2024
@retsguj @bharling
[datadog_service_account] Role-assignment improvements for service ac…
f7df376 
…counts (DataDog#2434)

* init

* fix test

* make docs

* hmm

* more

* make docs again

* try fix

* try unknown?

* oops

* [datadog_service_account] Implement exact match filtering (DataDog#2447)

* add exact match

* make docs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelcretzman michaelcretzman michaelcretzman approved these changes

@wangwillson1 wangwillson1 wangwillson1 approved these changes

@nkzou nkzou nkzou approved these changes

@brett0000FF brett0000FF brett0000FF left review comments

@srosenthal-dd srosenthal-dd Awaiting requested review from srosenthal-dd

Assignees
No one assigned
Labels
changelog/bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@retsguj @srosenthal-dd @nkzou @wangwillson1 @michaelcretzman @brett0000FF