Add workload Id and job ACLs

[IamTheFij]

Adds support for passing ACLs for workloads when defining a policy.

I'm not sure how to write unit tests for this as the test section seemed like it was for acceptance testing. I wasn't able to get acceptance testing to run locally on my machine yet.

Fixes #306

[hashicorp-cla]

All committers have signed the CLA.

[lgfa29]

Thanks for the PR @IamTheFij, and apologies for the delay in review it.

I left a few comments but it would also be nice to have some tests and documentation updates about this. What problems were you facing in running the tests locally?

I'm not sure if you've seen it, but we have some instructions in our README:
https://github.com/hashicorp/terraform-provider-nomad#developing-the-provider

For this work I think we can update testResourceACLPolicy_initialConfig to include some JobACL config:

terraform-provider-nomad/nomad/resource_acl_policy_test.go

Lines 114 to 127 in 77c12b0

	func testResourceACLPolicy_initialConfig(name string) string {
	return fmt.Sprintf(`
	resource "nomad_acl_policy" "test" {
	name = "%s"
	description = "A Terraform acctest ACL policy"
	rules_hcl = <<EOT
	namespace "default" {
	policy = "read"
	capabilities = ["submit-job"]
	}
	EOT
	}
	`, name)
	}

And then update testResourceACLPolicy_initialCheck to verify the job identity was set.

A more complete test would be to test the validation I mentioned. For this you can add a ExpectError to your TestStep to verify that the resource is invalid.

For the docs, we would need to update https://github.com/hashicorp/terraform-provider-nomad/blob/main/website/docs/r/acl_policy.html.markdown to include the new field. If you run make website you can preview your changes.

Let us know if you need help with any of this 🙂

[IamTheFij]

I managed to get acceptance testing running with some tweaks to the shell scripts used. I can cut another PR for those later, if interested. Right now I'm getting a test failure and I haven't quite been able to figure out what's wrong.

I'm seeing

=== RUN   TestResourceACLPolicy_import
    testing.go:705: Step 1 error: ImportStateVerify attributes not equivalent. Difference is shown below. Top is actual, bottom is expected.
        
        (map[string]string) {
        }
        
        
        (map[string]string) (len=5) {
         (string) (len=9) "job_acl.#": (string) (len=1) "1",
         (string) (len=15) "job_acl.0.group": (string) "",
         (string) (len=16) "job_acl.0.job_id": (string) (len=3) "job",
         (string) (len=19) "job_acl.0.namespace": (string) (len=7) "default",
         (string) (len=14) "job_acl.0.task": (string) ""
        }

I'm not sure where the expected and actual values come from. Given that the Check step passes, I'm confident the parsing is working correctly. I did some reading on how ImportStateVerify works and I've found that a resource that uses Importer.State = schema.ImportStatePassthrough should determine the state from the read function. I've verified the read function by spitting out a panic with a message including the entire resource and it appears to have the data as well. (as an aside, I'm not sure how to get it to spit out debug logs when running tests)

I've pushed the latest. Any ideas on what I'm missing?

[IamTheFij]

Any advice on getting this test working so it can get across the finish line?

[lgfa29]

Looking good! Sorry for the delay in getting back to you here.

After the read method is fixed I think the only bits missing are updating the documentation and adding a CHANGELOG entry. Something like:

## 1.4.21 (Unreleased)
+ IMPROVEMENTS:
+ * resource/nomad_acl_policy: add support for `job_acl` ([#314](https://github.com/hashicorp/terraform-provider-nomad/pull/314))

## 1.4.20 (April 20, 2023)

[IamTheFij]

I haven't tested the website because the make target is broken. It executes website-provider on https://github.com/hashicorp/terraform-website, but that target doesn't exist there.

It looks like the target was added back in 2018 with this PR, but as of 2022 it was reportedly absent: hashicorp/terraform-provider-tfe#503.

It looks like this is because the whole system was rewritten and the Makefile removed with this PR: hashicorp/terraform-website#2010 and then added back without this ability in this PR: hashicorp/terraform-website#2013

[lgfa29]

Hum...yeah, that is weird. I'm not sure what happened with the website preview but I ran the changes through https://registry.terraform.io/tools/doc-preview and they look good. I pushed a commit with minor touch-ups.

I also realized that we may need to update the nomad_acl_policy data source, but I have bother you enough in this PR 😄

Thank you for the contribution!