diff --git a/docs/resources/role_assignment.md b/docs/resources/role_assignment.md index f9332a874..6be7151b1 100644 --- a/docs/resources/role_assignment.md +++ b/docs/resources/role_assignment.md @@ -61,7 +61,7 @@ resource "grafana_role_assignment" "test" { ### Optional -- `service_accounts` (Set of Number) IDs of service accounts that the role should be assigned to. +- `service_accounts` (Set of String) IDs of service accounts that the role should be assigned to. - `teams` (Set of String) IDs of teams that the role should be assigned to. - `users` (Set of Number) IDs of users that the role should be assigned to. diff --git a/internal/resources/grafana/resource_role_assignment.go b/internal/resources/grafana/resource_role_assignment.go index 679abfaf7..87611eb58 100644 --- a/internal/resources/grafana/resource_role_assignment.go +++ b/internal/resources/grafana/resource_role_assignment.go @@ -60,8 +60,13 @@ func ResourceRoleAssignment() *schema.Resource { Optional: true, ForceNew: false, Description: "IDs of service accounts that the role should be assigned to.", + // Ignore the org ID of the team when hashing. It works with or without it. + Set: func(i interface{}) int { + _, saID := SplitOrgResourceID(i.(string)) + return schema.HashString(saID) + }, Elem: &schema.Schema{ - Type: schema.TypeInt, + Type: schema.TypeString, }, }, }, @@ -100,9 +105,11 @@ func UpdateRoleAssignments(ctx context.Context, d *schema.ResourceData, meta int _, teamIDStr := SplitOrgResourceID(t.(string)) teams[i], _ = strconv.Atoi(teamIDStr) } - serviceAccounts, err := collectRoleAssignmentsToFn(d.Get("service_accounts")) - if err != nil { - return diag.Errorf("invalid service account IDs specified %v", err) + serviceAccountsStrings := d.Get("service_accounts").(*schema.Set).List() + serviceAccounts := make([]int, len(serviceAccountsStrings)) + for i, t := range serviceAccountsStrings { + _, saIDStr := SplitOrgResourceID(t.(string)) + serviceAccounts[i], _ = strconv.Atoi(saIDStr) } ra := &gapi.RoleAssignments{ @@ -151,7 +158,11 @@ func setRoleAssignments(assignments *gapi.RoleAssignments, d *schema.ResourceDat if err := d.Set("teams", teams); err != nil { return err } - if err := d.Set("service_accounts", assignments.ServiceAccounts); err != nil { + serviceAccounts := make([]string, len(assignments.ServiceAccounts)) + for i, sa := range assignments.ServiceAccounts { + serviceAccounts[i] = strconv.Itoa(sa) + } + if err := d.Set("service_accounts", serviceAccounts); err != nil { return err } diff --git a/internal/resources/grafana/resource_role_assignment_test.go b/internal/resources/grafana/resource_role_assignment_test.go index a66d0dfc4..03155948b 100644 --- a/internal/resources/grafana/resource_role_assignment_test.go +++ b/internal/resources/grafana/resource_role_assignment_test.go @@ -34,7 +34,7 @@ func TestRoleAssignments(t *testing.T) { "grafana_role_assignment.test", "users.#", "2", ), resource.TestCheckResourceAttr( - "grafana_role_assignment.test", "service_accounts.#", "0", + "grafana_role_assignment.test", "service_accounts.#", "1", ), resource.TestCheckResourceAttr( "grafana_role_assignment.test", "teams.#", "1", @@ -113,10 +113,17 @@ resource "grafana_user" "test_user2" { password = "12345" } +resource "grafana_service_account" "test" { + name = "%[1]s-terraform-test" + role = "Editor" + is_disabled = false + } + resource "grafana_role_assignment" "test" { role_uid = grafana_role.test.uid users = [grafana_user.test_user.id, grafana_user.test_user2.id] teams = [grafana_team.test_team.id] + service_accounts = [grafana_service_account.test.id] } `, name) }