feat: RBAC datasources to provider #163
Conversation
ChrisMcKenzie
changed the title
ChrisMcKenzie
force-pushed
the
feature/RBAC-Support-pr2
branch
from
ccb4953 to
531080f
Compare
ChrisMcKenzie
changed the title
|
Change looks good in general, but I think we should treat target and principal identifiers as opaque, and not parse the I think we should first of all add That way those can just be passed as |
internal/api/role.go
Outdated
| } | ||
|
|
||
| roles := make([]Role, 0, len(query.Roles.Edges)) | ||
| for _, edge := range query.Roles.Edges { |
There was a problem hiding this comment.
This needs to handle pagination as results might span over multiple batches (see e.g. FindByURL for repositories)
internal/api/role.go
Outdated
| } | ||
|
|
||
| // GetFilterSchema returns the filter schema for roles. | ||
| func (r roleAPI) GetFilterSchema(ctx context.Context) (*FilterSchema, error) { |
There was a problem hiding this comment.
This (and the type above) doesn't seem to be used?
ok I will work on this change today as well as the other comments |
Cherry-picked from abd2054 with only datasource-related changes. Changes: - Update role.Read() to use filter-based query instead of direct lookup - Add GetFilterSchema() method for role filters - Fix role not found handling This fixes the role datasource query mechanism to align with GraphQL API changes. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
…attributes in api
ChrisMcKenzie
force-pushed
the
feature/RBAC-Support-pr2
branch
from
531080f to
2672f83
Compare
|
Thanks for the changes, I think it's getting there. I have a few more suggestions inline. Also there's bits of the role assignment API that are related to resource creation, those could be probably moved to the branch that adds the resources. |
oh yupp looks like I missed some spots in my clean up was letting claude help with that. will get those fixed up and move that stuff over to the other pr when it is ready |
albertodonato
left a comment
albertodonato
left a comment
There was a problem hiding this comment.
Nice, thanks for the changes!
LGTM, just one minor nit inline.
internal/api/role_assignment.go
Outdated
|
|
||
| // ListByTargetString returns role assignments filtered by an opaque target string. | ||
| // The target string should be in the format "type:id" (e.g., "account-group:uuid", "system:all"). | ||
| func (r roleAssignmentAPI) ListByTargetString(ctx context.Context, targetStr string) ([]RoleAssignment, error) { |
There was a problem hiding this comment.
I think this can now go away, and List can be directly used instead?
● ENG-5987
what
This PR adds two new Terraform data sources for RBAC (Role-Based Access Control):
stacklet_role- Query role information by namestacklet_role_assignments- Query role assignments for specific targets (system, account groups, policy collections, repositories)why
These data sources enable users to:
This is part of the RBAC support feature set, specifically focusing on read-only data sources (resources will be added in a separate PR).
testing
stacklet_roledata sourcejust lint-tf)docs
examples/data-sources/stacklet_role/andexamples/data-sources/stacklet_role_assignments/