Add inherited_cluster_roles attribute to global_role

[pmatseykanets]

Issue:

rancher/rancher#42967

Problem

inheritedClusterRoles is a new field in global roles. We should be able to set it using rancher terraform provider when creating/updating a global role resource.

Solution

A new attribute inherited_cluster_roles was added to the global role.

Testing

Check that inherited_cluster_roles attribute is correctly populated when a global role is created/updated.

Engineering Testing

Manual Testing

Used a local build of the rancher terraform provider against a local k8s cluster v1.27.4+k3s1 running rancher v2.8 HEAD (c7af81ec9c55b) to create and update a global role with inherited cluster roles.

resource "rancher2_global_role" "test-global-role" {
    name = "test-global-role"
    description = "test-global-role"
    new_user_default = false
    rules {
      api_groups = ["*"]
      resources = ["secrets"]
      verbs = ["create"]
    }
    inherited_cluster_roles = ["cluster-owner"]
}

terraform plan -var-file rancher.tfvars -auto-approve
...
Terraform will perform the following actions:

  # rancher2_global_role.test-global-role will be created
  + resource "rancher2_global_role" "test-global-role" {
      + annotations             = (known after apply)
      + builtin                 = (known after apply)
      + description             = "test-global-role"
      + id                      = (known after apply)
      + inherited_cluster_roles = [
          + "cluster-owner",
        ]
      + labels                  = (known after apply)
      + name                    = "test-global-role"
      + new_user_default        = false

      + rules {
          + api_groups = [
              + "*",
            ]
          + resources  = [
              + "secrets",
            ]
          + verbs      = [
              + "create",
            ]
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.
rancher2_global_role.test-global-role: Creating...
rancher2_global_role.test-global-role: Creation complete after 4s [id=gr-xt2jb]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

k get globalrole gr-xt2jb -o yaml
apiVersion: management.cattle.io/v3
description: test-global-role
displayName: test-global-role
inheritedClusterRoles:
- cluster-owner
kind: GlobalRole
...

Automated Testing

Unit tests updated to cover the new attribute.

QA Testing Considerations

Regressions Considerations

[MbolotSuse]

Couple of small issues, and I think we also need to update the docs/resources/role_template.md file as well.

[crobby]

Aside from the outstanding question on versioning for the rancher bits, I think this looks good.

[eliyamlevy]

LGTM other than rancher version bits as well. Not sure how we handle versioning in this repo.

[thatmidwesterncoder]

echoing LGTM but not sure about the version bumps.

[a-blender]

@pmatseykanets Rancher version bump lgtm, on second thought I think it's the safest option to have TF reference the rancher/rancher commit where the backend for InheritedGlobalRoles was merged in. Can't be 100% sure the provider supports the later commits yet. Good to merge