From 546c078d115d885f6ca17bb63b1994bde248c0ad Mon Sep 17 00:00:00 2001 From: Andreas Christou Date: Thu, 30 Jan 2025 10:58:49 +0000 Subject: [PATCH] Update pdc scope --- .../cloud/data_source_private_data_source_connect_network.go | 3 ++- .../cloud/resource_private_data_source_connect_network.go | 5 +++-- ...esource_private_data_source_connect_network_token_test.go | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/internal/resources/cloud/data_source_private_data_source_connect_network.go b/internal/resources/cloud/data_source_private_data_source_connect_network.go index 0e60ae6de..4202f6346 100644 --- a/internal/resources/cloud/data_source_private_data_source_connect_network.go +++ b/internal/resources/cloud/data_source_private_data_source_connect_network.go @@ -118,7 +118,8 @@ func (r *PDCNetworksDataSource) Read(ctx context.Context, req datasource.ReadReq if data.NameFilter.ValueString() != "" && data.NameFilter.ValueString() != policy.Name { continue } - if !slices.Contains(policy.Scopes, "pdc-signing:write") { + // Include pdc-signing:write to account for old PDC access policies + if !slices.Contains(policy.Scopes, "pdc-signing:write") || !slices.Contains(policy.Scopes, "set:pdc-signing") { continue } data.PrivateDataSourceNetworks = append(data.PrivateDataSourceNetworks, PDCNetworksDataSourcePolicyModel{ diff --git a/internal/resources/cloud/resource_private_data_source_connect_network.go b/internal/resources/cloud/resource_private_data_source_connect_network.go index c283cb245..4f4e5a272 100644 --- a/internal/resources/cloud/resource_private_data_source_connect_network.go +++ b/internal/resources/cloud/resource_private_data_source_connect_network.go @@ -124,7 +124,8 @@ func listPDCNetworkIds(ctx context.Context, client *gcom.APIClient, data *Lister } for _, policy := range resp.Items { - if slices.Contains(policy.Scopes, "pdc-signing:write") { + // Include pdc-signing:write to account for old PDC access policies + if slices.Contains(policy.Scopes, "pdc-signing:write") || slices.Contains(policy.Scopes, "set:pdc-signing") { policies = append(policies, resourceAccessPolicyID.Make(regionSlug, policy.Id)) } } @@ -145,7 +146,7 @@ func createPDCNetwork(ctx context.Context, d *schema.ResourceData, client *gcom. PostAccessPoliciesRequest(gcom.PostAccessPoliciesRequest{ Name: d.Get("name").(string), DisplayName: &displayName, - Scopes: []string{"pdc-signing:write"}, + Scopes: []string{"set:pdc-signing"}, Realms: []gcom.PostAccessPoliciesRequestRealmsInner{{Type: "stack", Identifier: d.Get("stack_identifier").(string)}}, }) result, _, err := req.Execute() diff --git a/internal/resources/cloud/resource_private_data_source_connect_network_token_test.go b/internal/resources/cloud/resource_private_data_source_connect_network_token_test.go index 2c74c65f4..7766c3e70 100644 --- a/internal/resources/cloud/resource_private_data_source_connect_network_token_test.go +++ b/internal/resources/cloud/resource_private_data_source_connect_network_token_test.go @@ -40,7 +40,7 @@ func TestResourcePrivateDataSourceConnectNetworkToken_Basic(t *testing.T) { resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "name", initialName), resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "display_name", initialName), resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.#", "1"), - resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.0", "pdc-signing:write"), + resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.0", "set:pdc-signing"), resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "realm.#", "1"), resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "realm.0.type", "stack"),