Skip to content

Conversation

rayennh
Copy link
Contributor

@rayennh rayennh commented Sep 21, 2025

This PR adds a boundary_role data source

# Role from the global scope
data "boundary_role" "global_role" {
  name = "global_role_one"
}

# Role from an org scope
data "boundary_scope" "org" {
  name     = "org_one"
  scope_id = "global"
}

data "boundary_role" "org_role" {
  name     = "org_role_one"
  scope_id = data.boundary_scope.org.id
}
Acceptance tests
$ TF_ACC=1 go test -run TestAccRoleRead -v ./internal/provider      
=== RUN   TestAccRoleReadGlobal
--- PASS: TestAccRoleReadGlobal (6.41s)
=== RUN   TestAccRoleReadOrg
--- PASS: TestAccRoleReadOrg (7.74s)
PASS
ok      github.com/hashicorp/terraform-provider-boundary/internal/provider      15.070s
Manual tests
resource "boundary_user" "user1" {
  name     = "user1"
  scope_id = "global"
}

resource "boundary_user" "user2" {
  name     = "user2"
  scope_id = "global"
}

resource "boundary_role" "role1" {
  name          = "role1"
  description   = "role1"
  scope_id      = "global"
  principal_ids = [boundary_user.user1.id, boundary_user.user2.id]
  grant_strings = [
    "ids=*;type=*;actions=*"
  ]
}

data "boundary_role" "role1" {
  depends_on    = [boundary_role.role1]
  name          = "role1"
}

output "role1" {
  value = data.boundary_role.role1
}

Ouputs:

role1 = {
  "description" = "role1"
  "grant_scope_ids" = toset([
    "this",
  ])
  "grant_strings" = toset([
    "ids=*;type=*;actions=*",
  ])
  "id" = "r_nW9WkB5wt2"
  "name" = "role1"
  "principal_ids" = toset([
    "u_KMw42wKFLf",
    "u_zneRiD9zOO",
  ])
  "principals" = toset([
    {
      "id" = "u_KMw42wKFLf"
      "scope_id" = "global"
      "type" = "user"
    },
    {
      "id" = "u_zneRiD9zOO"
      "scope_id" = "global"
      "type" = "user"
    },
  ])
  "scope" = tolist([
    {
      "description" = "Global Scope"
      "id" = "global"
      "name" = "global"
      "parent_scope_id" = ""
      "type" = "global"
    },
  ])
  "scope_id" = "global"
}

closes #548

@rayennh rayennh requested a review from a team as a code owner September 21, 2025 17:26
Copy link

hashicorp-cla-app bot commented Sep 21, 2025

CLA assistant check
All committers have signed the CLA.

@rayennh rayennh force-pushed the feat/data-source-role branch from a59ad2a to 7fe6648 Compare September 21, 2025 17:38
Copy link
Collaborator

@moduli moduli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution! Have a couple of comments

Steps: []resource.TestStep{
{
Config: testConfig(url, roleReadGlobal),
Check: resource.ComposeTestCheckFunc(
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What are your thoughts on adding additional checks for some of the other fields in the data source, like grant_strings or principal_ids?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I should have been more explicit in the earlier comment. Thanks for adding the checks to those fields. Could we include all of the fields that we expect to be returned? I think the only remaining one now is grant_scope_ids?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I should have added those checks in the initial commit, my mistake. Thanks for spotting that !

@louisruch
Copy link
Collaborator

Thanks for the contribution! In addition to what Mike mentioned above could you also rebase against main, the tests are failing because of a version mismatch of the Boundary version being used in some unrelated tests, rebasing should make those tests go 🟢

@rayennh rayennh force-pushed the feat/data-source-role branch from 34d1de6 to 0c0d731 Compare October 9, 2025 21:33
@rayennh
Copy link
Contributor Author

rayennh commented Oct 9, 2025

Thank you for the review and the time you spent on it 🙏 Changes made following your feedbacks :

  • Fixed the typo in the example
  • Improved tests : added checks for grant_strings and principal_ids. I used the TestCheckResourceAttrPair helper which isn’t used elsewhere in the repo but seemed appropriate here (let me know if you prefer a different approach !)
  • Rebased against main

@rayennh rayennh requested a review from moduli October 9, 2025 21:47
Steps: []resource.TestStep{
{
Config: testConfig(url, roleReadGlobal),
Check: resource.ComposeTestCheckFunc(
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I should have been more explicit in the earlier comment. Thanks for adding the checks to those fields. Could we include all of the fields that we expect to be returned? I think the only remaining one now is grant_scope_ids?

@rayennh rayennh requested a review from moduli October 10, 2025 08:26
Copy link
Collaborator

@louisruch louisruch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution <3

@louisruch louisruch merged commit e9f7b89 into hashicorp:main Oct 10, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Feature Request] Add datasource "boundary_role"

3 participants