feat(project-acls): add support for project acl

[codydiehl]

This extends the existing ACL Policy support to include project level ACL's by simply providing a project value.

If project is provided it will be a project ACL. It not its a standard default System ACL.

This depends on the extension I have put a PR in here first for this to function:

rundeck/go-rundeck#4

I have built the provider and have tested that System ACL and Project ACL functionality all works as intended.

Initial Creation

Mar-04 15:53:07 ~\GitHub\terraform-provider-rundeck\test-project-acl
> terraform apply -auto-approve
╷
│ Warning: Provider development overrides are in effect
│
│ The following provider development overrides are set in the CLI configuration:
│  - rundeck/rundeck in c:\Users\codydiehl\GitHub\terraform-provider-rundeck
│
│ The behavior may therefore not match any released version of the provider and applying changes may cause the state to    
│ become incompatible with published releases.
╵

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the    
following symbols:
  + create

Terraform will perform the following actions:

  # rundeck_acl_policy.project_test will be created
  + resource "rundeck_acl_policy" "project_test" {
      + id      = (known after apply)
      + name    = "test-project.aclpolicy"
      + policy  = <<-EOT
            description: Test Project ACL
            for:
              resource:
                - allow: [read, run]
              job:
                - allow: [read, run]
              node:
                - allow: [read]
            by:
              group: [users]
        EOT
      + project = "project-testing"
    }

  # rundeck_acl_policy.system_test will be created
  + resource "rundeck_acl_policy" "system_test" {
      + id     = (known after apply)
      + name   = "test-system.aclpolicy"
      + policy = <<-EOT
            description: Test System ACL
            context:
              project: "project-testing"
            for:
              resource:
                - allow: [read, run]
              job:
                - allow: [read, run]
              node:
                - allow: [read]
            by:
              group: [users]
        EOT
    }

Plan: 2 to add, 0 to change, 0 to destroy.
rundeck_acl_policy.system_test: Creating...
rundeck_acl_policy.project_test: Creating...
rundeck_acl_policy.system_test: Creation complete after 1s [id=test-system.aclpolicy]
rundeck_acl_policy.project_test: Creation complete after 1s [id=test-project.aclpolicy]

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

Update to ACL Policy

Mar-04 15:53:36 ~\GitHub\terraform-provider-rundeck\test-project-acl
> terraform apply -auto-approve
╷
│ Warning: Provider development overrides are in effect
│
│ The following provider development overrides are set in the CLI configuration:
│  - rundeck/rundeck in c:\Users\codydiehl\GitHub\terraform-provider-rundeck
│
│ The behavior may therefore not match any released version of the provider and applying changes may cause the state to    
│ become incompatible with published releases.
╵
rundeck_acl_policy.project_test: Refreshing state... [id=test-project.aclpolicy]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the    
following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # rundeck_acl_policy.project_test will be updated in-place
  ~ resource "rundeck_acl_policy" "project_test" {
        id      = "test-project.aclpolicy"
        name    = "test-project.aclpolicy"
      ~ policy  = <<-EOT
            description: Test Project ACL
            for:
              resource:
                - allow: [read, run]
              job:
                - allow: [read, run]
          +   node:
          +     - allow: [read]
            by:
              group: [users]
        EOT
        # (1 unchanged attribute hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.
rundeck_acl_policy.project_test: Modifying... [id=test-project.aclpolicy]
rundeck_acl_policy.project_test: Modifications complete after 1s [id=test-project.aclpolicy]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

Deletion

Mar-04 15:54:40 ~\GitHub\terraform-provider-rundeck\test-project-acl
> terraform destroy -auto-approve
╷
│ Warning: Provider development overrides are in effect
│
│ The following provider development overrides are set in the CLI configuration:
│  - rundeck/rundeck in c:\Users\codydiehl\GitHub\terraform-provider-rundeck
│
│ The behavior may therefore not match any released version of the provider and applying changes may cause the state to    
│ become incompatible with published releases.
╵
rundeck_acl_policy.project_test: Refreshing state... [id=test-project.aclpolicy]
rundeck_acl_policy.system_test: Refreshing state... [id=test-system.aclpolicy]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the    
following symbols:
  - destroy

Terraform will perform the following actions:

  # rundeck_acl_policy.project_test will be destroyed
  - resource "rundeck_acl_policy" "project_test" {
      - id      = "test-project.aclpolicy" -> null
      - name    = "test-project.aclpolicy" -> null
      - policy  = <<-EOT
            description: Test Project ACL
            for:
              resource:
                - allow: [read, run]
              job:
                - allow: [read, run]
              node:
                - allow: [read]
            by:
              group: [users]
        EOT -> null
      - project = "project-testing" -> null
    }

  # rundeck_acl_policy.system_test will be destroyed
  - resource "rundeck_acl_policy" "system_test" {
      - id     = "test-system.aclpolicy" -> null
      - name   = "test-system.aclpolicy" -> null
      - policy = <<-EOT
            description: Test System ACL
            context:
              project: "project-testing"
            for:
              resource:
                - allow: [read, run]
              job:
                - allow: [read, run]
              node:
                - allow: [read]
            by:
              group: [users]
        EOT -> null
    }

Plan: 0 to add, 0 to change, 2 to destroy.
rundeck_acl_policy.system_test: Destroying... [id=test-system.aclpolicy]
rundeck_acl_policy.project_test: Destroying... [id=test-project.aclpolicy]
rundeck_acl_policy.system_test: Destruction complete after 0s
rundeck_acl_policy.project_test: Destruction complete after 0s

Destroy complete! Resources: 2 destroyed.

This was done with the following terraform:

terraform {
  required_providers {
    rundeck = {
      source = "rundeck/rundeck"
    }
  }
}

provider "rundeck" {
  url         = "" # update these
  auth_token  = "" # update these
  api_version = "" # update these
}


resource "rundeck_acl_policy" "system_test" {
  name    = "test-system.aclpolicy"
  policy  = <<-EOT
    description: Test System ACL
    context:
      project: project-testing
    for:
      resource:
        - allow: [read, run]
      job:
        - allow: [read, run]
      node:
        - allow: [read]
    by:
      group: [users]
  EOT
}

# Test project-level ACL (new functionality)
resource "rundeck_acl_policy" "project_test" {
  name    = "test-project.aclpolicy"
  project = "project-testing"
  policy  = <<-EOT
    description: Test Project ACL
    for:
      resource:
        - allow: [read, run]
      job:
        - allow: [read, run]
      node:
        - allow: [read]
    by:
      group: [users]
  EOT
}

I have confirmed that the ACL policies existed in the project settings as well as the system ACL's and that it all looked good.

I will validate imports and report back as well.

However this will remain in draft until the go-rundeck PR is hopefully good to merge.

[codydiehl]

the tests fail because obviously the go-rundeck PR needs to be merged first.
we can re-run after that is hopefully merged.

[fdevans]

I'll need to help coordinate some of the go-rundeck changes if the V2 doesn't have what's needed here. Appreciate the help and engagement here! Email me at forrest@pagerduty.com. Would love to catch up on your use cases.