From 66ad3f42c009c5fe455ca30021aafb0987b9e48a Mon Sep 17 00:00:00 2001 From: = Date: Thu, 31 Oct 2024 01:03:47 +0530 Subject: [PATCH 1/2] feat: fixed permission upgrade breaking change in tf --- .../resource/project_role_resource.go | 47 +++++++++++++++---- 1 file changed, 38 insertions(+), 9 deletions(-) diff --git a/internal/provider/resource/project_role_resource.go b/internal/provider/resource/project_role_resource.go index 1bc8abb..9a4f747 100644 --- a/internal/provider/resource/project_role_resource.go +++ b/internal/provider/resource/project_role_resource.go @@ -253,7 +253,26 @@ func (r *projectRoleResource) Read(ctx context.Context, req resource.ReadRequest for _, el := range projectRole.Role.Permissions { action, isValid := el["action"].(string) if el["action"] != nil && !isValid { - action, isValid = el["action"].([]any)[0].(string) + actions, isValid := el["action"].([]any) + if !isValid { + resp.Diagnostics.AddError( + "Error reading project role", + "Couldn't read project role from Infiscial, invalid action field in permission", + ) + return + } + + if len(actions) > 1 { + resp.Diagnostics.AddWarning( + "Drift detected", + "Multiple actions are not supported on 'infisical_project_role', use 'infisical_project_role_v2'.", + ) + state.Permissions = nil + resp.State.Set(ctx, state) + return + } + + action, isValid = actions[0].(string) if !isValid { resp.Diagnostics.AddError( "Error reading project role", @@ -274,6 +293,7 @@ func (r *projectRoleResource) Read(ctx context.Context, req resource.ReadRequest return } } + var secretPath, environment string if el["conditions"] != nil { conditions, isValid := el["conditions"].(map[string]any) @@ -287,21 +307,30 @@ func (r *projectRoleResource) Read(ctx context.Context, req resource.ReadRequest environment, isValid = conditions["environment"].(string) if !isValid { - resp.Diagnostics.AddError( - "Error reading project role", - "Couldn't read project role from Infiscial, invalid environment field in permission", - ) - return + if permissionV2Environment, isValid := conditions["environment"].(map[string]any); isValid { + environment, isValid = permissionV2Environment["$eq"].(string) + if !isValid { + resp.Diagnostics.AddWarning( + "Drift detected", + "Enviroment condition provided are not compatible on 'infisical_project_role', use 'infisical_project_role_v2'.", + ) + state.Permissions = nil + resp.State.Set(ctx, state) + return + } + } } // secret path parsing. if val, isValid := conditions["secretPath"].(map[string]any); isValid { secretPath, isValid = val["$glob"].(string) if !isValid { - resp.Diagnostics.AddError( - "Error reading project role", - "Couldn't read project role from Infiscial, invalid secret path field in permission", + resp.Diagnostics.AddWarning( + "Drift detected", + "Secret path condition provided are not compatible on 'infisical_project_role', use 'infisical_project_role_v2'.", ) + state.Permissions = nil + resp.State.Set(ctx, state) return } } From 3b2323076e5b7b50022c377b922a7cb37e0680c5 Mon Sep 17 00:00:00 2001 From: = Date: Thu, 31 Oct 2024 01:23:10 +0530 Subject: [PATCH 2/2] fix: resolved spelling error --- internal/provider/resource/project_role_resource.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/provider/resource/project_role_resource.go b/internal/provider/resource/project_role_resource.go index 9a4f747..3f72a0d 100644 --- a/internal/provider/resource/project_role_resource.go +++ b/internal/provider/resource/project_role_resource.go @@ -312,7 +312,7 @@ func (r *projectRoleResource) Read(ctx context.Context, req resource.ReadRequest if !isValid { resp.Diagnostics.AddWarning( "Drift detected", - "Enviroment condition provided are not compatible on 'infisical_project_role', use 'infisical_project_role_v2'.", + "Environment condition provided are not compatible on 'infisical_project_role', use 'infisical_project_role_v2'.", ) state.Permissions = nil resp.State.Set(ctx, state)