grafana_role_assignment: Support new service account ID format (#1036)

When #824 was done, this was missed because there were no tests for it
grafana · Sep 14, 2023 · a35e6d3 · a35e6d3
1 parent cd23418
commit a35e6d3
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 7 deletions.
diff --git a/docs/resources/role_assignment.md b/docs/resources/role_assignment.md
@@ -61,7 +61,7 @@ resource "grafana_role_assignment" "test" {
 
 ### Optional
 
-- `service_accounts` (Set of Number) IDs of service accounts that the role should be assigned to.
+- `service_accounts` (Set of String) IDs of service accounts that the role should be assigned to.
 - `teams` (Set of String) IDs of teams that the role should be assigned to.
 - `users` (Set of Number) IDs of users that the role should be assigned to.
 

diff --git a/internal/resources/grafana/resource_role_assignment.go b/internal/resources/grafana/resource_role_assignment.go
@@ -60,8 +60,13 @@ func ResourceRoleAssignment() *schema.Resource {
 				Optional:    true,
 				ForceNew:    false,
 				Description: "IDs of service accounts that the role should be assigned to.",
+				// Ignore the org ID of the team when hashing. It works with or without it.
+				Set: func(i interface{}) int {
+					_, saID := SplitOrgResourceID(i.(string))
+					return schema.HashString(saID)
+				},
 				Elem: &schema.Schema{
-					Type: schema.TypeInt,
+					Type: schema.TypeString,
 				},
 			},
 		},
@@ -100,9 +105,11 @@ func UpdateRoleAssignments(ctx context.Context, d *schema.ResourceData, meta int
 		_, teamIDStr := SplitOrgResourceID(t.(string))
 		teams[i], _ = strconv.Atoi(teamIDStr)
 	}
-	serviceAccounts, err := collectRoleAssignmentsToFn(d.Get("service_accounts"))
-	if err != nil {
-		return diag.Errorf("invalid service account IDs specified %v", err)
+	serviceAccountsStrings := d.Get("service_accounts").(*schema.Set).List()
+	serviceAccounts := make([]int, len(serviceAccountsStrings))
+	for i, t := range serviceAccountsStrings {
+		_, saIDStr := SplitOrgResourceID(t.(string))
+		serviceAccounts[i], _ = strconv.Atoi(saIDStr)
 	}
 
 	ra := &gapi.RoleAssignments{
@@ -151,7 +158,11 @@ func setRoleAssignments(assignments *gapi.RoleAssignments, d *schema.ResourceDat
 	if err := d.Set("teams", teams); err != nil {
 		return err
 	}
-	if err := d.Set("service_accounts", assignments.ServiceAccounts); err != nil {
+	serviceAccounts := make([]string, len(assignments.ServiceAccounts))
+	for i, sa := range assignments.ServiceAccounts {
+		serviceAccounts[i] = strconv.Itoa(sa)
+	}
+	if err := d.Set("service_accounts", serviceAccounts); err != nil {
 		return err
 	}
 

diff --git a/internal/resources/grafana/resource_role_assignment_test.go b/internal/resources/grafana/resource_role_assignment_test.go
@@ -34,7 +34,7 @@ func TestRoleAssignments(t *testing.T) {
 						"grafana_role_assignment.test", "users.#", "2",
 					),
 					resource.TestCheckResourceAttr(
-						"grafana_role_assignment.test", "service_accounts.#", "0",
+						"grafana_role_assignment.test", "service_accounts.#", "1",
 					),
 					resource.TestCheckResourceAttr(
 						"grafana_role_assignment.test", "teams.#", "1",
@@ -113,10 +113,17 @@ resource "grafana_user" "test_user2" {
 	password = "12345"
 }
 
+resource "grafana_service_account" "test" {
+	name        = "%[1]s-terraform-test"
+	role        = "Editor"
+	is_disabled = false
+  }
+
 resource "grafana_role_assignment" "test" {
   role_uid = grafana_role.test.uid
   users = [grafana_user.test_user.id, grafana_user.test_user2.id]
   teams = [grafana_team.test_team.id]
+  service_accounts = [grafana_service_account.test.id]
 }
 `, name)
 }