Add workload Id and job ACLs #314
Conversation
Adds support for passing ACLs for workloads when defining a policy.
|
|
There was a problem hiding this comment.
Thanks for the PR @IamTheFij, and apologies for the delay in review it.
I left a few comments but it would also be nice to have some tests and documentation updates about this. What problems were you facing in running the tests locally?
I'm not sure if you've seen it, but we have some instructions in our README:
https://github.com/hashicorp/terraform-provider-nomad#developing-the-provider
For this work I think we can update testResourceACLPolicy_initialConfig to include some JobACL config:
terraform-provider-nomad/nomad/resource_acl_policy_test.go
Lines 114 to 127 in 77c12b0
And then update testResourceACLPolicy_initialCheck to verify the job identity was set.
A more complete test would be to test the validation I mentioned. For this you can add a ExpectError to your TestStep to verify that the resource is invalid.
For the docs, we would need to update https://github.com/hashicorp/terraform-provider-nomad/blob/main/website/docs/r/acl_policy.html.markdown to include the new field. If you run make website you can preview your changes.
Let us know if you need help with any of this 🙂
This fails due to an error in the import validation
|
I managed to get acceptance testing running with some tweaks to the shell scripts used. I can cut another PR for those later, if interested. Right now I'm getting a test failure and I haven't quite been able to figure out what's wrong. I'm seeing I'm not sure where the expected and actual values come from. Given that the I've pushed the latest. Any ideas on what I'm missing? |
|
Any advice on getting this test working so it can get across the finish line? |
There was a problem hiding this comment.
Looking good! Sorry for the delay in getting back to you here.
After the read method is fixed I think the only bits missing are updating the documentation and adding a CHANGELOG entry. Something like:
## 1.4.21 (Unreleased)
+ IMPROVEMENTS:
+ * resource/nomad_acl_policy: add support for `job_acl` ([#314](https://github.com/hashicorp/terraform-provider-nomad/pull/314))
## 1.4.20 (April 20, 2023)Reword the description. Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
|
I haven't tested the website because the make target is broken. It executes It looks like the target was added back in 2018 with this PR, but as of 2022 it was reportedly absent: hashicorp/terraform-provider-tfe#503. It looks like this is because the whole system was rewritten and the Makefile removed with this PR: hashicorp/terraform-website#2010 and then added back without this ability in this PR: hashicorp/terraform-website#2013 |
There was a problem hiding this comment.
Hum...yeah, that is weird. I'm not sure what happened with the website preview but I ran the changes through https://registry.terraform.io/tools/doc-preview and they look good. I pushed a commit with minor touch-ups.
I also realized that we may need to update the nomad_acl_policy data source, but I have bother you enough in this PR 😄
Thank you for the contribution!
Adds support for passing ACLs for workloads when defining a policy.
I'm not sure how to write unit tests for this as the test section seemed like it was for acceptance testing. I wasn't able to get acceptance testing to run locally on my machine yet.
Fixes #306