Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: set implicit condition_version on azurerm_role_assignment #27189

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

feat: set implicit condition_version on azurerm_role_assignment #27189

wants to merge 9 commits into from

Conversation

logan-bobo
Copy link
Contributor

@logan-bobo logan-bobo commented Aug 24, 2024
edited
Loading

Community Note

  • Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for PR followers and do not help prioritize for review

Description

I noticed when using condition that condition_version is required for resource creation. However when checking out the Microsoft documentation I noticed the following.

conditionVersion: A condition version number. Defaults to 2.0 and is the only publicly supported version.

This change it to propose that on resource creation of azurerm_role_assignment, if condition is set we implicitly set condition_version to be "2.0" as this is the default and only supported version.

This is also a revival of - #24630 however this time I have
finished all testing and this enhancement is working as I expect.

PR Checklist

  • I have followed the guidelines in our Contributing Documentation.
  • I have checked to ensure there aren't other open Pull Requests for the same update/change.
  • I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
  • I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
  • I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.
    For example: “resource_name_here - description of change e.g. adding property new_property_name_here

Changes to existing Resource / Data Source

  • I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
  • I have written new tests for my resource or datasource changes & updated any relevent documentation.
  • I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.
  • (For changes that include a state migration only). I have manually tested the migration path between relevant versions of the provider.

Testing

  • My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)

I have added a new acceptence test for my changes to validate further.

 make acctests SERVICE='authorization' TESTARGS='-run=TestAccRoleAssignment_implicitCondition' TESTTIMEOUT='60m'
==> Checking that code complies with gofmt requirements...
==> Checking that Custom Timeouts are used...
==> Checking that acceptance test packages are used...
TF_ACC=1 go test -v ./internal/services/authorization -run=TestAccRoleAssignment_implicitCondition -timeout 60m -ldflags="-X=github.com/hashicorp/terraform-provider-azurerm/version.ProviderVersion=acc"
=== RUN   TestAccRoleAssignment_implicitCondition
=== PAUSE TestAccRoleAssignment_implicitCondition
=== CONT  TestAccRoleAssignment_implicitCondition
--- PASS: TestAccRoleAssignment_implicitCondition (43.11s)
PASS
ok      github.com/hashicorp/terraform-provider-azurerm/internal/services/authorization (cached)

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

  • azurerm_role_assignment - condition version is now optional with an implicit value of "2.0"

This is a (please select all that apply):

  • Bug Fix
  • New Feature (ie adding a service, resource, or data source)
  • Enhancement
  • Breaking Change

logan-bobo
logan-bobo commented Aug 24, 2024
View reviewed changes
internal/services/authorization/role_assignment_resource_test.go
@@ -576,8 +594,32 @@ resource "azurerm_role_assignment" "test" {
role_definition_name = "Monitoring Reader"
principal_id = data.azurerm_client_config.test.object_id
description = "Monitoring Reader except "
condition = "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ContainerName needs to change to name or acceptence tests will fail. It looks like the attribute has changed in Azure - https://learn.microsoft.com/en-us/azure/storage/blobs/storage-auth-abac-attributes#container-name

@logan-bobo logan-bobo changed the title feat: set implicit condition version on azurerm_role_assignment feat: set implicit condition_version on azurerm_role_assignment Aug 27, 2024
@logan-bobo logan-bobo requested review from katbyte and a team as code owners November 12, 2024 14:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@katbyte katbyte Awaiting requested review from katbyte katbyte is a code owner

Assignees
No one assigned
Labels
enhancement service/authorization size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@logan-bobo @rcskosir