[resource_monitor_json] Avoid restricted role diffs with restriction_policy #2638
+34
−11
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
phillip-dd
force-pushed
the
pb/monitor-json-restricted-roles
branch
from
03f896e
to
25774b7
Compare
…olicy This hacks around this (already hacky) resource having conflicts with the restricted_roles attribute when the restriction_policy resource is used to manage permissions on monitors. The general strategy is to ignore roles sent back from the API if roles are not explicitly defined in the monitor. Note: This resource should be convered to a framework provider resource, that should provide much easier access to what the user configured and make this handling consistent and esaier to reason about. Scenarios tested: * create monitor and restriction_policy (with and without roles), there should be no diff when running subsequent plans * modify the monitor and restricton policy, e.g. add/remove a role, there should be no diffs when running subsequent plans Open questions: * what does this do to existing monitor_json resources when a user updates?
phillip-dd
force-pushed
the
pb/monitor-json-restricted-roles
branch
from
25774b7
to
86fac30
Compare
phillip-dd
changed the title
jack-edmonds-dd
approved these changes
Nov 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This hacks around this (already hacky) resource having conflicts with the restricted_roles attribute when the restriction_policy resource is used to manage permissions on monitors. The general strategy is to ignore roles sent back from the API if roles are not explicitly defined in the monitor. Note: This resource should be converted to a framework provider resource, that should provide much easier access to what the user configured and make this handling consistent and esaier to reason about.
Scenarios tested:
Open questions: