Update consul_acl_role and consul_acl_token for Consul 1.8 (#287)

Closes #284
hashicorp · Sep 30, 2021 · da7baef · da7baef
1 parent 88c6a5c
commit da7baef
Show file tree

Hide file tree

Showing 12 changed files with 458 additions and 161 deletions.
diff --git a/consul/data_source_consul_acl_role.go b/consul/data_source_consul_acl_role.go
@@ -16,16 +16,19 @@ func dataSourceConsulACLRole() *schema.Resource {
 				Type:     schema.TypeString,
 				Required: true,
 			},
+			"namespace": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 
 			// Out parameters
 			"description": {
 				Type:     schema.TypeString,
-				Optional: true,
+				Computed: true,
 			},
-
 			"policies": {
 				Type:     schema.TypeList,
-				Optional: true,
+				Computed: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"name": {
@@ -39,10 +42,9 @@ func dataSourceConsulACLRole() *schema.Resource {
 					},
 				},
 			},
-
 			"service_identities": {
 				Type:     schema.TypeList,
-				Optional: true,
+				Computed: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"service_name": {
@@ -58,10 +60,21 @@ func dataSourceConsulACLRole() *schema.Resource {
 					},
 				},
 			},
-
-			"namespace": {
-				Type:     schema.TypeString,
-				Optional: true,
+			"node_identities": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"node_name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"datacenter": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
 			},
 		},
 	}
@@ -79,21 +92,13 @@ func datasourceConsulACLRoleRead(d *schema.ResourceData, meta interface{}) error
 		return fmt.Errorf("Could not find role '%s'", name)
 	}
 
-	d.SetId(role.ID)
-	if err = d.Set("description", role.Description); err != nil {
-		return fmt.Errorf("Failed to set 'description': %v", err)
-	}
-
 	policies := make([]map[string]interface{}, len(role.Policies))
 	for i, p := range role.Policies {
 		policies[i] = map[string]interface{}{
 			"name": p.Name,
 			"id":   p.ID,
 		}
 	}
-	if err = d.Set("policies", policies); err != nil {
-		return fmt.Errorf("Failed to set 'policies': %v", err)
-	}
 
 	identities := make([]map[string]interface{}, len(role.ServiceIdentities))
 	for i, si := range role.ServiceIdentities {
@@ -102,9 +107,22 @@ func datasourceConsulACLRoleRead(d *schema.ResourceData, meta interface{}) error
 			"datacenters":  si.Datacenters,
 		}
 	}
-	if err = d.Set("service_identities", identities); err != nil {
-		return fmt.Errorf("Failed to set 'service_identities': %v", err)
+
+	nodeIdentities := make([]interface{}, len(role.NodeIdentities))
+	for i, ni := range role.NodeIdentities {
+		nodeIdentities[i] = map[string]interface{}{
+			"node_name":  ni.NodeName,
+			"datacenter": ni.Datacenter,
+		}
 	}
 
-	return nil
+	d.SetId(role.ID)
+
+	sw := newStateWriter(d)
+	sw.set("description", role.Description)
+	sw.set("policies", policies)
+	sw.set("service_identities", identities)
+	sw.set("node_identities", nodeIdentities)
+
+	return sw.error()
 }
diff --git a/consul/data_source_consul_acl_role_test.go b/consul/data_source_consul_acl_role_test.go
@@ -18,15 +18,19 @@ func TestAccDataACLRole_basic(t *testing.T) {
 			},
 			{
 				Config: testAccDataSourceACLRoleConfigBasic,
-				Check: resource.ComposeTestCheckFunc(
-					testAccCheckDataSourceValue("data.consul_acl_role.test", "name", "foo"),
-					testAccCheckDataSourceValue("data.consul_acl_role.test", "description", "bar"),
-					testAccCheckDataSourceValue("data.consul_acl_role.test", "policies.#", "1"),
-					testAccCheckDataSourceValue("data.consul_acl_role.test", "policies.0.id", "<any>"),
-					testAccCheckDataSourceValue("data.consul_acl_role.test", "policies.0.name", "test"),
-					testAccCheckDataSourceValue("data.consul_acl_role.test", "service_identities.#", "1"),
-					testAccCheckDataSourceValue("data.consul_acl_role.test", "service_identities.0.service_name", "foo"),
-					testAccCheckDataSourceValue("data.consul_acl_role.test", "service_identities.0.datacenters.#", "0"),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "description", "bar"),
+					resource.TestCheckResourceAttrSet("data.consul_acl_role.test", "id"),
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "name", "foo"),
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "node_identities.#", "1"),
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "node_identities.0.datacenter", "world"),
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "node_identities.0.node_name", "hello"),
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "policies.#", "1"),
+					resource.TestCheckResourceAttrSet("data.consul_acl_role.test", "policies.0.id"),
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "policies.0.name", "test"),
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "service_identities.#", "1"),
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "service_identities.0.datacenters.#", "0"),
+					resource.TestCheckResourceAttr("data.consul_acl_role.test", "service_identities.0.service_name", "foo"),
 				),
 			},
 		},
@@ -82,6 +86,11 @@ resource "consul_acl_role" "test" {
 	service_identities {
 		service_name = "foo"
 	}
+
+	node_identities {
+		node_name = "hello"
+		datacenter = "world"
+	}
 }
 
 data "consul_acl_role" "test" {

diff --git a/consul/data_source_consul_acl_token.go b/consul/data_source_consul_acl_token.go
@@ -1,7 +1,7 @@
 package consul
 
 import (
-	"fmt"
+	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 )
@@ -17,16 +17,19 @@ func dataSourceConsulACLToken() *schema.Resource {
 				Required: true,
 				Type:     schema.TypeString,
 			},
+			"namespace": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 
 			// Out parameters
 			"description": {
 				Type:     schema.TypeString,
-				Optional: true,
+				Computed: true,
 			},
-
 			"policies": {
 				Type:     schema.TypeList,
-				Optional: true,
+				Computed: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"name": {
@@ -40,15 +43,72 @@ func dataSourceConsulACLToken() *schema.Resource {
 					},
 				},
 			},
-
+			"roles": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+				Description: "List of roles.",
+			},
+			"service_identities": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "The list of service identities that should be applied to the token.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"service_name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The name of the service.",
+						},
+						"datacenters": {
+							Type:        schema.TypeList,
+							Computed:    true,
+							Description: "Specifies the datacenters the effective policy is valid within.",
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+					},
+				},
+			},
+			"node_identities": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "The list of node identities that should be applied to the token.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"node_name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The list of node identities that should be applied to the token.",
+						},
+						"datacenter": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Specifies the node's datacenter.",
+						},
+					},
+				},
+			},
 			"local": {
 				Type:     schema.TypeBool,
-				Optional: true,
+				Computed: true,
 			},
-
-			"namespace": {
-				Type:     schema.TypeString,
-				Optional: true,
+			"expiration_time": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "If set this represents the point after which a token should be considered revoked and is eligible for destruction.",
 			},
 		},
 	}
@@ -71,16 +131,45 @@ func dataSourceConsulACLTokenRead(d *schema.ResourceData, meta interface{}) erro
 		}
 	}
 
-	d.SetId(accessorID)
-	if err = d.Set("description", aclToken.Description); err != nil {
-		return fmt.Errorf("Error while setting 'description': %s", err)
+	roles := make([]interface{}, len(aclToken.Roles))
+	for i, r := range aclToken.Roles {
+		roles[i] = map[string]interface{}{
+			"id":   r.ID,
+			"name": r.Name,
+		}
 	}
-	if err = d.Set("local", aclToken.Local); err != nil {
-		return fmt.Errorf("Error while setting 'local': %s", err)
+
+	serviceIdentities := make([]map[string]interface{}, len(aclToken.ServiceIdentities))
+	for i, si := range aclToken.ServiceIdentities {
+		serviceIdentities[i] = map[string]interface{}{
+			"service_name": si.ServiceName,
+			"datacenters":  si.Datacenters,
+		}
 	}
-	if err = d.Set("policies", policies); err != nil {
-		return fmt.Errorf("Error while setting 'policies': %s", err)
+
+	nodeIdentities := make([]map[string]interface{}, len(aclToken.NodeIdentities))
+	for i, ni := range aclToken.NodeIdentities {
+		nodeIdentities[i] = map[string]interface{}{
+			"node_name":  ni.NodeName,
+			"datacenter": ni.Datacenter,
+		}
+	}
+
+	var expirationTime string
+	if aclToken.ExpirationTime != nil {
+		expirationTime = aclToken.ExpirationTime.Format(time.RFC3339)
 	}
 
-	return nil
+	d.SetId(accessorID)
+
+	sw := newStateWriter(d)
+	sw.set("description", aclToken.Description)
+	sw.set("local", aclToken.Local)
+	sw.set("policies", policies)
+	sw.set("roles", roles)
+	sw.set("service_identities", serviceIdentities)
+	sw.set("node_identities", nodeIdentities)
+	sw.set("expiration_time", expirationTime)
+
+	return sw.error()
 }
diff --git a/consul/data_source_consul_acl_token_test.go b/consul/data_source_consul_acl_token_test.go
@@ -13,12 +13,23 @@ func TestAccDataACLToken_basic(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config: testAccDataACLTokenConfig,
-				Check: resource.ComposeTestCheckFunc(
-					testAccCheckDataSourceValue("data.consul_acl_token.read", "description", "test"),
-					testAccCheckDataSourceValue("data.consul_acl_token.read", "policies.#", "1"),
-					testAccCheckDataSourceValue("data.consul_acl_token.read", "policies.0.name", "test"),
-					testAccCheckDataSourceValue("data.consul_acl_token.read", "policies.0.id", "<any>"),
-					testAccCheckDataSourceValue("data.consul_acl_token.read", "local", "true"),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.consul_acl_token.read", "accessor_id"),
+					resource.TestCheckResourceAttr("data.consul_acl_token.read", "description", "test"),
+					resource.TestCheckResourceAttr("data.consul_acl_token.read", "expiration_time", ""),
+					resource.TestCheckResourceAttrSet("data.consul_acl_token.read", "id"),
+					resource.TestCheckResourceAttr("data.consul_acl_token.read", "local", "false"),
+					resource.TestCheckResourceAttr("data.consul_acl_token.read", "node_identities.#", "1"),
+					resource.TestCheckResourceAttr("data.consul_acl_token.read", "node_identities.0.datacenter", "bar"),
+					resource.TestCheckResourceAttr("data.consul_acl_token.read", "node_identities.0.node_name", "foo"),
+					resource.TestCheckResourceAttr("data.consul_acl_token.read", "policies.#", "1"),
+					resource.TestCheckResourceAttrSet("data.consul_acl_token.read", "policies.0.id"),
+					resource.TestCheckResourceAttr("data.consul_acl_token.read", "policies.0.name", "test"),
+					resource.TestCheckResourceAttr("data.consul_acl_token.read", "roles.#", "0"),
+					resource.TestCheckResourceAttr("data.consul_acl_token.read", "service_identities.#", "1"),
+					resource.TestCheckResourceAttr("data.consul_acl_token.read", "service_identities.0.datacenters.#", "1"),
+					resource.TestCheckResourceAttr("data.consul_acl_token.read", "service_identities.0.datacenters.0", "world"),
+					resource.TestCheckResourceAttr("data.consul_acl_token.read", "service_identities.0.service_name", "hello"),
 				),
 			},
 		},
@@ -60,7 +71,17 @@ resource "consul_acl_policy" "test" {
 resource "consul_acl_token" "test" {
 	description = "test"
 	policies = ["${consul_acl_policy.test.name}"]
-	local = true
+	local = false
+
+	service_identities {
+		service_name = "hello"
+		datacenters = ["world"]
+	}
+
+	node_identities {
+		node_name = "foo"
+		datacenter = "bar"
+	}
 }
 
 data "consul_acl_token" "read" {