azurerm_storage_data_lake_gen2_path/azurerm_storage_data_lake_gen2_filesystem - ACLs generated by default are no longer stored in state to prevent perpetual state diffs
#18494
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hi @dkuzmenok ! Just taking a quick look, I was under the impression that this might change the behaviour of this resource. I'm just not sure whether this is considered breaking :) If this changes behaviour in a breaking way, functionality should be hidden behind a flag.., WDYT? |
|
@aristosvo It would not change planned changes, instead, it would properly report planned changes when you don't want to modify default ACLs, which you cannot deny or prevent. If you don't override defaults, they will always be there and your plan would always complain that you have ACLs returned from API, that you don't expect. |
|
I feel that description is not clear enough. For every filesystem items API adds "default" ACLs: If you don't set ACLs for those |
|
If this PR brings doubts, then maybe we can enable this functionality by a new |
|
Any thoughts about this PR? |
mbfrahry
reviewed
Jan 10, 2023
There was a problem hiding this comment.
Hey @dkuzmenok, thanks for opening this PR. This will help so much for sure but the only negative I see is that we won't be storing default acls into state that haven't been specified in the config file.
Do you have an idea of if it would be helpful to still have that default acl information stored in the state file for someone to view? If so, we could add another attribute called default_acl or something like that that will be computed and store that information. But if you don't think that information would be helpful then this PR looks good!
|
@mbfrahry As far as I understand, we cannot modify anything, that goes in state, on the initial apply (without refresh). Is there any example of modifying state (or what comes to state) to take a look? |
|
You can use a debugger if you're coding with an IDE or just return an error just before this line to see what is being returned and saved into state Though, I don't think you need to modify state for what I'm asking. To frame it a different way, right now default acls are being saved into state which is causing issues with people that haven't specified those default acls in their config file. Your PR stops those default acls from being saved in state unless they've been specified in the config. That could be considered a breaking change as the attribute was storing information people could be using. Thought I can't imagine people were referencing default ACLs for anything? That's what I'm not sure about. I think we'll just merge this in and if people do want to see default acls, we can add a new property later. Thanks for this @dkuzmenok! |
mbfrahry
changed the title
azurerm_storage_data_lake_gen2_path/azurerm_storage_data_lake_gen2_filesystem - ACLs generated by default are no longer stored in state to prevent perpetual state diffs
mbfrahry
added a commit
that referenced
this pull request
Jan 11, 2023
That was exactly my thought. If people don't want to change default values - they should not come up as a "difference" with an Azure state response. But if you want to override something - you should save that in the state and properly compare with Azure state. |
ricleal-fugue
added a commit
to LuminalHQ/terraform-provider-azurerm
that referenced
this pull request
Jan 13, 2023
* CHANGELOG hashicorp#19722 * CHANGELOG hashicorp#19669 * Docs: Fix possible values mismatch between document and schema validator (hashicorp#19690) * New Resource : `azurerm_cognitive_deployment` (hashicorp#19526) * CHANGELOG hashicorp#19526 * New Resource: `azurerm_resource_deployment_script` (hashicorp#19436) Fix hashicorp#13581 * CHANGELOG hashicorp#19436 * Docs: more documents fix for syntax, optional/required and possible values (hashicorp#19733) * `azurerm_stream_analytics_output_blob` - fix type conversion for `batch_min_rows` (hashicorp#19732) fixes hashicorp#19725 * `azurerm_monitor_diagnostic_setting` - fix tests caused by service API behavior change (hashicorp#19762) * Docs: Fix missed/odd default values in document (hashicorp#19760) * Docs: fix outdated timeout values, or add missed timeouts lines of all resources (hashicorp#19756) * `azurerm_postgresql_flexible_server` - add nil check for `authentication` (hashicorp#19755) fixes hashicorp#19752 * `azurerm_key_vault` - fix mismatch document of `access_policy` (hashicorp#19753) * New resource `azurerm_key_vault_certificate_contacts` (hashicorp#19743) Close hashicorp#10256 Close hashicorp#16642 * CHANGELOG hashicorp#19743 * new resource: `azurerm_spring_cloud_customized_accelerator` (hashicorp#19736) * CHANGELOG hashicorp#19736 * new resource: `azurerm_billing_account_cost_management_export` (hashicorp#19723) Fixes hashicorp#14726 * CHANGELOG hashicorp#19723 * v3.37.0 * `azurerm_synapse_linked_service` - update document example (hashicorp#19768) * `azurerm_web_pubsub` - moving docs sub-category to messaging (hashicorp#19775) * Update settings.kt * Batch Fix LRO call bugs * update code * update code * update code * update code * update code * update code * `azurerm_postgresql_flexible_server` - Fix test case failure with "HA is disabled for region westus2" issue (hashicorp#19791) * Docs : Fix wrong description of `data.azurerm_key_vault_secret` in tf doc (hashicorp#19787) Fix hashicorp#19785 * Replace "primary_key" with "primary_connection_string" (hashicorp#19786) * update code * Updating based on c2554b6e * Fix missing/redundent props in doc (hashicorp#19821) * `azurerm_resource_deployment_script` - fix document error of `identity` (hashicorp#19820) * `azurerm_hdinsight_spark_cluster`, `azurerm_hdinsight_kafka_cluster`, `azurerm_hdinsight_interactive_query_cluster`, `azurerm_hdinsight_hbase_cluster`, `azurerm_hdinsight_hadoop_cluster`: Update documentations to match variable names in resources (hashicorp#19811) * `azurerm_app_service_connection`, `azurerm_spring_cloud_connection`, `azurerm_dev_test_global_vm_shutdown_schedule`, `azurerm_dev_test_policy`, `azurerm_dev_test_schedule`, `azurerm_stream_analytics_job`: Update documentations (hashicorp#19812) * `azurerm_site_recovery_replicated_vm`, `azurerm_sentinel_alert_rule_scheduled` and `azurerm_data_share_dataset_kusto_cluster` - fix document (hashicorp#19804) * `azurerm_kubernetes_cluster` - Fix incorrect allowed values and default value in document. (hashicorp#19773) Co-authored-by: zjhe <hezijie@microsoft.com> * `azurerm_datadog_monitor_sso_configuration` - fix default value for `name` to be a literal string (hashicorp#19771) * updating to include hashicorp#19792 * fixing inconsistency in document and code (hashicorp#19824) * Fixing doc of iothub (hashicorp#19829) * hardcode go version for link-milestone * fix (hashicorp#19838) * updating to include hashicorp#19698 * dependencies: updating to version `v0.20230103.1090844` of `github.com/hashicorp/go-azure-sdk` * doc fix: `azurerm_data_protection_backup_policy_disk` removes `resource_group_name` in doc (hashicorp#19839) * `document` remove unsetable `resource_group_name` in `azurerm_iot_time_series_insights_access_policy` (hashicorp#19835) * `document` - fix mismatch `zone` in `azurerm_dedicated_host_group` (hashicorp#19833) * `document` - Fix property name `protocol` in `azurerm_windows_virtual_machine` (hashicorp#19832) * Fix doc mismatch in `azurerm_orchestrated_virtual_machine_scale_set` (hashicorp#19831) * Update settings.kt * `document` - remove `tenant_id`in `azurerm_virutal_machine` which is not exported (hashicorp#19830) * `azurerm_monitor_activity_log_alert` - fix block conflicts (hashicorp#19827) resolves hashicorp#19797 * doc fix: add `azurerm_monitor_scheduled_query_rules_log` and `azurerm_monitor_scheduled_query_rules_alert` missed properties (hashicorp#19837) Co-authored-by: jackofallops <11830746+jackofallops@users.noreply.github.com> * Adding multiple data sources (hashicorp#19628) * CHANGELOG hashicorp#19628 * `azurerm_virtual_desktop_application_group` - Fix `azurerm_virtual_desktop_application_group` force new on `host_pool_id` change (hashicorp#19689) Fix hashicorp#19687 * CHANGELOG hashicorp#19689 * azurerm_linux/windows_web_app - add application_stack node 18-lts (hashicorp#19763) fixes hashicorp#19289 * `azurerm_route_server` - update resource creation future. (hashicorp#19772) * `azurerm_automation_software_update_configuration` - fix `expiry_time` is optional/computed (hashicorp#19774) Fixes hashicorp#19738 * CHANGELOG hashicorp#19774 * `azurerm_batch_pool` - Fix terraform fails to execute(re-run) if `azure_batch_pool` is deleted outside of terraform (hashicorp#19780) Fix hashicorp#19770 * CHANGELOG hashicorp#19780 * [WIP] `azurerm_mssql_database` : Fix test cases failing with "Provisioning is restricted in this region" issue (hashicorp#19794) * azurerm_storage_account_customer_managed_key - support ManagedHSM Key Vaults (hashicorp#19801) * fix documents (hashicorp#19826) Co-authored-by: kt <kt@katbyte.me> * `azurerm_postgresql_flexible_server` - fix acctest for `authentication` (hashicorp#19800) * CHANGELOG hashicorp#19800 * `azurerm_proximity_placement_group` - support `allowed_vm_sizes` and `zone` (hashicorp#19675) Close hashicorp#19379 * CHANGELOG hashicorp#19675 * `hdinsight_kafka_cluster_resource`: deprecate `kafka_management_node` in 4.0 (hashicorp#19423) * CHANGELOG hashicorp#19423 * `document` - fix vmss `ultra_ssd_disk_iops_read_write` and `ultra_ssd_disk_mbps_read_write` * `azurerm_kubernetes_cluster` - `scale_down_mode` can be updated (hashicorp#19823) * Update for hashicorp#19823 * updating to include hashicorp#19840 * updating to include hashicorp#19719 * New Resource: `azurerm_network_manager_network_group` (hashicorp#19593) * CHANGELOG hashicorp#19593 * `azurerm_stream_analytics_reference_input_blob`: Make `storage_account_key` optional when MSI auth is used (hashicorp#19676) Co-authored-by: Alexander Guth <alexander.guth@pwc.com> * CHANGELOG hashicorp#19676 * `azurerm_eventhub` - fix capture feature not being set issue (hashicorp#19836) fix hashicorp#19782 * Fix several wrong logic with 404 response in read * dependencies: updating to `v0.20230105.1121404` of `github.com/hashicorp/go-azure-sdk` * Docs: Fix incorrect properties (hashicorp#19864) * updating to include hashicorp#19872 * updating to include hashicorp#19871 * `azurerm_synapse_linked_service` - report error during create/update (hashicorp#19849) * Update changelog for hashicorp#19849 * `azurerm_dedicated_host` - add support for`LSv3-Type1` type (hashicorp#19875) * Update changelog for hashicorp#19875 * Fix typo in README.md (hashicorp#19878) * `azurerm_storage_share` - Update document for property `access_tier` (hashicorp#19880) Fixes hashicorp#19819 * v3.38.0 * `azurerm_nginx_deployment` - add new GA sku for nginx deployment (hashicorp#19882) * add insensitive parser for APIM Api until migrated to go-azure-sdk * `azurerm_stream_analytics_stream_input_eventhub_v2` - Add an example for MSI auth (hashicorp#19679) * `document` add example for data source `azurerm_disk_encryption_set` (hashicorp#19907) * fix app conf feature no label update (hashicorp#19900) * data source `azurerm_shared_image` - support `purchase_plan` (hashicorp#19873) * Update for hashicorp#19873 and #199000 * `azurerm_logic_app_action_http` - `body` property support "@" symbol (hashicorp#19754) * Update for hashicorp#19754 * `document` - fix import command of `azurerm_api_management_identity_profider_aadb2c` (hashicorp#19910) * Update for hashicorp#19866 * support spark verison 3.3 (hashicorp#19866) * GHA - Add waiting-response label and comment for failures (hashicorp#19895) * `azurerm_databox_edge_device` - swap to typed sdk, add data source. (hashicorp#19914) * `azurerm_cost_anomaly_alert` - New resource (hashicorp#19899) Fixes hashicorp#18062 * CHANGELOG hashicorp#19899 * `azurerm_media_services_account` - support for `encryption`, `public_network_access_enabled` properties (hashicorp#19891) * CHANGELOG hashicorp#19891 * New Data Source: `azurerm_private_dns_resolver` (hashicorp#19885) * CHANGELOG hashicorp#19885 * `azurerm_eventhub_namespace` - adding wait before deletion (hashicorp#19165) * `azurerm_sentinel_automation_rule` - Support for `triggers_on`, `triggers_when` and `condition_json` (deprecates the `condition` property) (hashicorp#19309) Co-authored-by: kt <kt@katbyte.me> Fix hashicorp#18620 * CHANGELOG hashicorp#19309 * `Site Recovery` - swap sdk and upgrade to 2022-10-01, support `network_interface.is_primary` property (hashicorp#19571) Co-authored-by: kt <kt@katbyte.me> * CHANGELOG hashicorp#19571 * New Resource `azurerm_network_manager_subscription_connection` (hashicorp#19617) * CHANGELOG hashicorp#19617 * `azurerm_storage_account` - Add 403 (previously only 401) as a valid status code for lacking permissions to list keys (hashicorp#19645) Co-authored-by: kt <kt@katbyte.me> Fix hashicorp#19622 * CHANGELOG hashicorp#19645 * `azurerm_storage_account` - Add code check for `restore_policy` prerequisites (hashicorp#19822) Co-authored-by: kt <kt@katbyte.me> Fix hashicorp#19799 * New Resource: azurerm_lab_service_lab (hashicorp#19852) * CHANGELOG hashicorp#19852 * `azurerm_public_ip` - fix ddos diff from old version (hashicorp#19860) resolves hashicorp#19855 * `azurerm_maintenance_configuration` - support `in_guest_user_patch_mode` and `install_patches` properties (hashicorp#19865) fixes hashicorp#19790 * CHANGELOG hashicorp#19865 * `azurerm_web_pubsub_hub` - modify event handler type from typeSet to TypeList to respect the user's input order (hashicorp#19886) fix hashicorp#19876 * CHANGELOG hashicorp#19886 * CHANGELOG hashicorp#19825 * `azurerm_api_management_custom_domain` - Allow setting IdentityClientId for retrieving SSL cert from key vault (hashicorp#19881) * `azurerm_mysql_flexible_server` add suport for customer_managed_key (hashicorp#19905) fixes hashicorp#19842 * CHANGELOG hashicorp#19905 * `azurerm_storage_account` - Support `allowed_copy_scope` (hashicorp#19906) Fix hashicorp#19888 * CHANGELOG hashicorp#19906 * New Resource: `azurerm_private_endpoint_application_security_group_association` (hashicorp#19825) Co-authored-by: kt <kt@katbyte.me> Fixes hashicorp#17665 * Doc: `policy_set_definition`'s `policy_definition_id` should not use `policy_set_definition_id` (hashicorp#19929) Fixes hashicorp#19003 * Docs: fix missed properties in document of `automation`, `network`, `fluidrelay server`, etc. (hashicorp#19913) * Docs: fix tf doc issues of `azurerm_media_asset_filter`, `azurerm_media_live_event_output`, `azurerm_sql_database`, `azurerm_analysis_services_server` and `azurerm_mssql_managed_instance_vulnerability_assessment` (hashicorp#19937) * dox fix * update code * Initial check-in... (hashicorp#19927) * Updating based on 3fd84505 * `azurerm_kubernetes_cluster` - `api_server_vnet_integration_enabled` and `api_server_subnet_id` added (PREVIEW) (hashicorp#19438) * `azurerm_kubernetes_cluster` - `api_server_vnet_integration_enabled` and `api_server_subnet_id` added * AccTests * Docs * Make move from subnet to no subnet impossible * Rewrite of `api_server_*` properties to `api_server_access_profile` block * Add subnet id validation * Fix read * Enhance other tests and last doc thingiez * fmt * Fix tests with `private_cluster_on` * Implement comment * Update for hashicorp#19927 and hashicorp#19438 * `azurerm_log_analytics_data_export_rule` - fix `destination_resource_id` doesn't accept Event Hub Namespace (hashicorp#19868) * fix issue 19861 * update code * update code * Update for hashicorp#19868 * update api mangement diagnostic document (hashicorp#19960) Co-authored-by: xuzhang3 <Zhangxu894765> * update machine learning workspace doc (hashicorp#19959) Co-authored-by: xuzhang3 <Zhangxu894765> * `azurerm_vmware_netapp_volume_attachment` - update docs (hashicorp#19958) * fix delete logic for netapp volume * update netapp docs * update file extension * `azurerm_policy_set_definition` - fix empty group names on update (hashicorp#19890) * Add missing groupNames field to policy_set_definition update method (hashicorp#13791) * convert set to string[] * Add acceptance test for `policy_definition_reference.policy_group_names` * fix alignment of comment * remove unneeded comments * Update for hashicorp#19890 * Update GHA for PR Labelling to `CodelyTV/pr-size-labeler@v1` (hashicorp#19961) * resource `azurerm_storage_queue` - add `resource_manager_id` * `azurerm_storage_data_lake_gen2_path`/`azurerm_storage_data_lake_gen2_filesystem` - ACLs generated by default are no longer stored in state to prevent perpetual state diffs (hashicorp#18494) * Update changelog for hashicorp#18494 * Minor documentation change to fix issue 19766 (hashicorp#19974) * Correct changelog typo (hashicorp#19973) * minor frontdoor docs update (hashicorp#19975) * updating to include hashicorp#19969 * `azurerm_app_configuration_key` - fix no label regression issue (hashicorp#19979) * `azurerm_spring_cloud_api_portal` - fix failed testcases (hashicorp#19978) * `azurerm_monitor_diagnostic_setting` - deprecate `log` in favour of `enabled_log` (hashicorp#19504) * deprecate log in favour of enabked_log and disabled_log * deprecate log in favour of enabled_log * add check for empty string * add 4.0 beta flag and review comments * fix ids * use parser in update * fix tests * review comments * fix import id error * update changelog for hashicorp#19504 * `document` - remove redundant space in import commands (hashicorp#19986) * App Service Re-allignment (hashicorp#19685) * Updated for hashicorp#19685 * `document` - Fix wrong import commands (hashicorp#19984) * `azurerm_app_service_source_control_token` - fix import command (hashicorp#19987) * `external_id` needs to reference tenant id when adding AAD group (hashicorp#19981) * publish contributor docs with mkdocs (hashicorp#19883) * mkdocs update permissions (hashicorp#19990) * `azurerm_cosmosdb_account` - remove default value for `default_identity_type` per new API behavior (hashicorp#19956) * Update changelog for hashicorp#19956 * New Data Source: `azurerm_private_dns_resolver_dns_forwarding_ruleset` (hashicorp#19941) * Update changelog for hashicorp#19941 * New Data Source: `azurerm_private_dns_resolver_outbound_endpoint` (hashicorp#19950) * Update changelog for hashicorp#19950 * r/lab_service_lab: passwords are now sensitive / the flatten blocks now set an object (hashicorp#19988) * New Data Source: `azurerm_private_dns_resolver_inbound_endpoint` (hashicorp#19948) * Update changelog for hashicorp#19948 * New Resource `azurerm_media_services_account_filter` (hashicorp#19964) * CHANGELOG hashicorp#19964 * New Resource: `azurerm_lab_service_user` (hashicorp#19957) * CHANGELOG hashicorp#19957 * New Data Source: `azurerm_private_dns_resolver_virtual_network_link` (hashicorp#19951) * Update changelog for hashicorp#19951 * Update CHANGELOG.md (hashicorp#19993) * New resource - `azurerm_application_insights_standard_web_test` (hashicorp#19954) Fixes hashicorp#14184 * CHANGELOG hashicorp#19954 * New Data Source: `azurerm_private_dns_resolver_forwarding_rule` (hashicorp#19947) * Update changelog for hashicorp#19947 * `azurerm_spring_cloud_gateway` - support for the `application_performance_monitoring_types `, `environment_variables` `sensitive_environment_variables` properties (hashicorp#19884) * CHANGELOG hashicorp#19884 * New Resource `azurerm_network_manager_management_group_connection` (hashicorp#19621) * CHANGELOG hashicorp#19621 * New resource: `azurerm_storage_account_local_user` (hashicorp#19592) Co-authored-by: Tom Harvey <tombuildsstuff@users.noreply.github.com> Co-authored-by: kt <kt@katbyte.me> Fix hashicorp#19536 * CHANGELOG hashicorp#19592 * New resource: `azurerm_sentinel_data_connector_threat_intelligence_taxii` (hashicorp#19209) * CHANGELOG hashicorp#19209 * v3.39.0 * `azurerm_cosmosdb_sql_container` - Fix property `included_path` can not be removed issue (hashicorp#19998) * fix issue 19901 * update code * update code * update code * `azurerm_log_analytics `- fixing crash during read (hashicorp#20011) * Update changelog for hashicorp#20011 * Update changelog for hashicorp#19998 * v3.39.1 * fugue PR 2: Remove calls to listKeys on storage * fugue PR 7: Make location optional for network interface * fugue PR 11: fixes for storage account * fugue PR 17: Toggle Printf logging with TF_LOG * fugue PR 18: remove validation func for snapshot name * fugue PR 20: Allow "all" access policy permissions for key vault * fugue PR 25: add configuration set to mysql and postgres * fugue PR 27: Remove storageAccessKey from sqldb extended_auditing_policy * fugue PR 28: Reader only access, adjust validations, dont read secrets * fugue PR 34: Removes admin_username and admin_password from the Container Registry schema * fugue PR 35: Reader permissions support for CosmosDB and Redis * fugue PR 36: Disable validation and remove password field in container_group * fugue PR 39: Added role_type to the Read function. * fugue PR 40: allow for missing OsProfile ComputerName and AdminUsername * fugue PR 42: Handle nil sku in vm scale sets * fugue PR 46: Profile strings can be nil * fugue PR 47: Azure scan failing for azurerm_virtual_machine_scale_set Looks like all the profile is nil * fugue PR 48: Impose 30-second timeout for azurerm_postgresql_configuration_set * fugue PR 51: Add rate limiting * chore: fixed the ID to fetch only the mysql/postgres server * chore: added debug info * chore: added update metodas so we can run it with terraform * feat: add provider module (CLOUD-1078) (#54) * fix permissions for azurerm_storage_account (#55) * comment out list keys Co-authored-by: kt <kt@katbyte.me> Co-authored-by: Xu Wu <xuwu1@microsoft.com> Co-authored-by: Elena Xin <39109137+sinbai@users.noreply.github.com> Co-authored-by: Zhenhua Hu <zhhu@microsoft.com> Co-authored-by: Neil Ye <yechenwei2007@hotmail.com> Co-authored-by: Tao <104055472+teowa@users.noreply.github.com> Co-authored-by: Yichun Ma <yicma@microsoft.com> Co-authored-by: Heng Lu <79895375+ms-henglu@users.noreply.github.com> Co-authored-by: Xiaxin <92154856+xiaxyi@users.noreply.github.com> Co-authored-by: keiranm <keiranm@gmail.com> Co-authored-by: hc-github-team-tf-azure <> Co-authored-by: magodo <wztdyl@sina.com> Co-authored-by: JT <100274846+jiaweitao001@users.noreply.github.com> Co-authored-by: ziyeqf <51212351+ziyeqf@users.noreply.github.com> Co-authored-by: lonegunmanb <lonegunmanb@hotmail.com> Co-authored-by: zjhe <hezijie@microsoft.com> Co-authored-by: Tom Harvey <tombuildsstuff@users.noreply.github.com> Co-authored-by: Yun Liu <yunliu1@microsoft.com> Co-authored-by: Steph <steph@hashicorp.com> Co-authored-by: tombuildsstuff <git@tom.ibuildstuff.eu> Co-authored-by: jackofallops <11830746+jackofallops@users.noreply.github.com> Co-authored-by: steweg <steweg@gmail.com> Co-authored-by: Pierre-Rudolf Gerlach <pgerlach@gmail.com> Co-authored-by: Martijn Baay <martijn.baay@gmail.com> Co-authored-by: Alexander Guth <alexander@familie-guth.com> Co-authored-by: Alexander Guth <alexander.guth@pwc.com> Co-authored-by: Matthew Frahry <mbfrahry@gmail.com> Co-authored-by: Assaf Giladi <123assaf@gmail.com> Co-authored-by: Vaz <74464807+vazsingh@users.noreply.github.com> Co-authored-by: jackofallops <steve@sourceoftruth.co.uk> Co-authored-by: catriona-m <86247157+catriona-m@users.noreply.github.com> Co-authored-by: aristosvo <8375124+aristosvo@users.noreply.github.com> Co-authored-by: Paul Chvl <pchanvallon@gmail.com> Co-authored-by: William <williamoconnor@me.com> Co-authored-by: bwilczynski <me@bwilczynski.com> Co-authored-by: Wodans Son <20408400+WodansSon@users.noreply.github.com> Co-authored-by: xuzhang3 <57888764+xuzhang3@users.noreply.github.com> Co-authored-by: aurelschwitter <35366240+aurelschwitter@users.noreply.github.com> Co-authored-by: Stephen Jennings <stephen.g.jennings@gmail.com> Co-authored-by: dkuzmenok <103177770+dkuzmenok@users.noreply.github.com> Co-authored-by: Neil McG <116887567+McGon-Fid@users.noreply.github.com> Co-authored-by: Oscar <oscar.ssentoogo@spacelinx.com> Co-authored-by: Robert Brandsø <62336565+robertbrandso@users.noreply.github.com> Co-authored-by: ricardo-snyk <ricardo.ferrazleal@snyk.io> Co-authored-by: Evan Nemerson <100213719+evan-snyk@users.noreply.github.com>
|
This functionality has been released in v3.39.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
By default, API is adding default rules for ACLs. You can overwrite them, modify, but they are always being added to a specific filesystem path.
That created a never-ending apply/plan cycle, when terraform expects to have specific list of ACLs and API adjusts it from their side.
Changes
The change is checking whether terraform wants to modify default ACLs, and if no - hides them from the list.
That makes sure we don't mix auto-added ACLs with the ones we do not expect to see. That is applied only to non-custom ACL entries.
Issues
Resolves #10814.
Resolves #11435.
Tests