-
Notifications
You must be signed in to change notification settings - Fork 388
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[datadog_service_account] Role-assignment improvements for service accounts #2434
Conversation
Am having a hard time figuring out what I broke in the tests... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
✅ I tested locally the scenarios that I cared about:
Assigning and unassigning a role to a service account with datadog_user_role
:
resource "datadog_user_role" "dur1" {
role_id = data.datadog_role.admin.id
user_id = data.datadog_user.svc_acct_2.id
}
Updating the roles on a service account with datadog_service_account
:
resource datadog_service_account svc_acct_2 {
email = "[email protected]"
name = "Stephen TF test 2"
roles = [data.datadog_role.admin.id] # or [data.datadog_role.admin2.id]
}
... and ensuring that additions happen before removals, and the roles can be omitted and set via datadog_user_role instead.
One suggestion: can you update the docs that talk about "Conflicts may occur if used together with" to refer to both datadog_user
and datadog_service_account
? It looks like the source for that is
Description: "Provides a Datadog UserRole resource. This can be used to create and manage Datadog User Roles. Conflicts may occur if used together with the `datadog_user` resource's `roles` attribute. This resource is in beta and is subject to change.", |
(I'm also not sure about the test failures at a glance, looks like you'll have to read them in more detail) |
* add exact match * make docs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
code looks good to me, and basic functionality works too (assigning roles to service accounts without overwriting, creating new service accounts with/without roles)
i wasn't able to get the exact_match
attribute working on my machine for reasons unknown, so i would appreciate if someone else could test for me 😄 maybe some unit tests for this attribute could be helpful
✅ Re-tested locally today with the latest code and it worked well for me. Good to ship as far as I'm concerned. |
…counts (DataDog#2434) * init * fix test * make docs * hmm * more * make docs again * try fix * try unknown? * oops * [datadog_service_account] Implement exact match filtering (DataDog#2447) * add exact match * make docs
https://datadoghq.atlassian.net/browse/ACCESS-2568
datadog_user_role
already allows for roles to be assigned to service accounts, luckily.