Update pdc scope (#2012)

aangelisc · web-flow · commit 70e344b4f20c · 2025-01-30T15:54:42.000Z
diff --git a/internal/resources/cloud/data_source_private_data_source_connect_network.go b/internal/resources/cloud/data_source_private_data_source_connect_network.go
@@ -118,7 +118,8 @@ func (r *PDCNetworksDataSource) Read(ctx context.Context, req datasource.ReadReq
 			if data.NameFilter.ValueString() != "" && data.NameFilter.ValueString() != policy.Name {
 				continue
 			}
-			if !slices.Contains(policy.Scopes, "pdc-signing:write") {
+			// Include pdc-signing:write to account for old PDC access policies
+			if !slices.Contains(policy.Scopes, "pdc-signing:write") || !slices.Contains(policy.Scopes, "set:pdc-signing") {
 				continue
 			}
 			data.PrivateDataSourceNetworks = append(data.PrivateDataSourceNetworks, PDCNetworksDataSourcePolicyModel{
diff --git a/internal/resources/cloud/resource_private_data_source_connect_network.go b/internal/resources/cloud/resource_private_data_source_connect_network.go
@@ -124,7 +124,8 @@ func listPDCNetworkIds(ctx context.Context, client *gcom.APIClient, data *Lister
 		}
 
 		for _, policy := range resp.Items {
-			if slices.Contains(policy.Scopes, "pdc-signing:write") {
+			// Include pdc-signing:write to account for old PDC access policies
+			if slices.Contains(policy.Scopes, "pdc-signing:write") || slices.Contains(policy.Scopes, "set:pdc-signing") {
 				policies = append(policies, resourceAccessPolicyID.Make(regionSlug, policy.Id))
 			}
 		}
@@ -145,7 +146,7 @@ func createPDCNetwork(ctx context.Context, d *schema.ResourceData, client *gcom.
 		PostAccessPoliciesRequest(gcom.PostAccessPoliciesRequest{
 			Name:        d.Get("name").(string),
 			DisplayName: &displayName,
-			Scopes:      []string{"pdc-signing:write"},
+			Scopes:      []string{"set:pdc-signing"},
 			Realms:      []gcom.PostAccessPoliciesRequestRealmsInner{{Type: "stack", Identifier: d.Get("stack_identifier").(string)}},
 		})
 	result, _, err := req.Execute()
diff --git a/internal/resources/cloud/resource_private_data_source_connect_network_token_test.go b/internal/resources/cloud/resource_private_data_source_connect_network_token_test.go
@@ -40,7 +40,7 @@ func TestResourcePrivateDataSourceConnectNetworkToken_Basic(t *testing.T) {
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "name", initialName),
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "display_name", initialName),
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.#", "1"),
-					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.0", "pdc-signing:write"),
+					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.0", "set:pdc-signing"),
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "realm.#", "1"),
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "realm.0.type", "stack"),
 

Original file line number	Diff line number	Diff line change
`@@ -118,7 +118,8 @@ func (r *PDCNetworksDataSource) Read(ctx context.Context, req datasource.ReadReq`
`118`	`118`	`if data.NameFilter.ValueString() != "" && data.NameFilter.ValueString() != policy.Name {`
`119`	`119`	`continue`
`120`	`120`	`}`
`121`		`- if !slices.Contains(policy.Scopes, "pdc-signing:write") {`
	`121`	`+ // Include pdc-signing:write to account for old PDC access policies`
	`122`	`+ if !slices.Contains(policy.Scopes, "pdc-signing:write") \|\| !slices.Contains(policy.Scopes, "set:pdc-signing") {`
`122`	`123`	`continue`
`123`	`124`	`}`
`124`	`125`	`data.PrivateDataSourceNetworks = append(data.PrivateDataSourceNetworks, PDCNetworksDataSourcePolicyModel{`
Original file line number	Diff line number	Diff line change
`@@ -124,7 +124,8 @@ func listPDCNetworkIds(ctx context.Context, client gcom.APIClient, data Lister`
`124`	`124`	`}`
`125`	`125`
`126`	`126`	`for _, policy := range resp.Items {`
`127`		`- if slices.Contains(policy.Scopes, "pdc-signing:write") {`
	`127`	`+ // Include pdc-signing:write to account for old PDC access policies`
	`128`	`+ if slices.Contains(policy.Scopes, "pdc-signing:write") \|\| slices.Contains(policy.Scopes, "set:pdc-signing") {`
`128`	`129`	`policies = append(policies, resourceAccessPolicyID.Make(regionSlug, policy.Id))`
`129`	`130`	`}`
`130`	`131`	`}`
`@@ -145,7 +146,7 @@ func createPDCNetwork(ctx context.Context, d schema.ResourceData, client gcom.`
`145`	`146`	`PostAccessPoliciesRequest(gcom.PostAccessPoliciesRequest{`
`146`	`147`	`Name: d.Get("name").(string),`
`147`	`148`	`DisplayName: &displayName,`
`148`		`- Scopes: []string{"pdc-signing:write"},`
	`149`	`+ Scopes: []string{"set:pdc-signing"},`
`149`	`150`	`Realms: []gcom.PostAccessPoliciesRequestRealmsInner{{Type: "stack", Identifier: d.Get("stack_identifier").(string)}},`
`150`	`151`	`})`
`151`	`152`	`result, _, err := req.Execute()`