terraform-provider-sensu icon indicating copy to clipboard operation
terraform-provider-sensu copied to clipboard

Published 20 hours ago verified publisher icon jtopjian

ClusterRole only supports a single rule block - Sensu Go allows multiple rules for a ClusterRole

Open paulchoi opened this issue 4 years ago • 1 comments

According to https://registry.terraform.io/providers/jtopjian/sensu/latest/docs/resources/cluster_role, only one rule block is allowed.

resource "sensu_cluster_role" "cluster_role_1" {
  name = "my_role"
  rule {
    verbs = ["get", "list"]
    resource = ["checks"]
  }
}

In Sensu Go 6's ClusterRole spec, multiple rules are possible. https://docs.sensu.io/sensu-go/latest/operations/control-access/rbac/#role-example

---
type: Role
api_version: core/v2
metadata:
  name: namespaced-resources-all-verbs
  namespace: default
spec:
  rules:
  - resource_names: []
    resources:
    - assets
    - checks
    - entities
    - events
    - filters
    - handlers
    - hooks
    - mutators
    - rolebindings
    - roles
    - silenced
    verbs:
    - get
    - list
    - create
    - update
    - delete

Possible that the spec has changed for Sensu Go 6

paulchoi avatar Jul 16 '21 20:07 paulchoi

@paulchoi It's already supported, just add another rule block like

resource "sensu_cluster_role" "cluster_role_1" {
  name = "my_role"
  rule {
    verbs = ["get", "list"]
    resource = ["checks"]
  }
  rule {
    verbs = ["get", "list"]
    resources = ["entities"]
  }
}

fgouteroux avatar Aug 23 '21 08:08 fgouteroux