Merge branch 'staging'

CHANGELOG.md

@@ -16,3 +16,7 @@
 * Introduced support for User resource
 * Introduced support for Role resource 
 * Added enhancement to HEC token resource to retry previous failed deployment task when creating, updating, deleting Hec Tokens
+
+## Version v1.2.1
+* Fixes bug found in Roles resource in which `srch_indexes_default` was set to value of `srch_indexes_allowed`
+* Introduces workaround to allow zero value to be set for Roles resource fields where valid. See [Roles Documentation](https://registry.terraform.io/providers/splunk/scp/latest/docs/resources/roles). 

README.md

@@ -1,6 +1,11 @@
 # Terraform Provider for Splunk Cloud Platform 
 
-At this point in time, this provider only supports the index resource for Splunk Cloud Platform deployments. 
+At this point in time, this provider supports the following resources for Splunk Cloud Platform deployments.
+- Indexes
+- Hec Tokens
+- IP Allowlist 
+- Users
+- Roles
 
 ```
 Copyright 2023 Splunk Inc. 

docs/index.md

@@ -23,7 +23,7 @@ Instead, it is recommended to using a dedicated secret store such as Vault or AW
 The following attributes must be set for the provider to work.
 - `server`
 - `stack`
-- Either `auth_token` or `username`/`password`
+- Either `auth_token` or `username`/`password` NOTE: IL2 environment will not be able to use `username`/`password` for authentication.
 
 ## Schema
 

docs/resources/roles.md

@@ -75,6 +75,22 @@ Defaults are currently set to:
 
 ## Notes/Troubleshooting
 
+### Setting fields to zero value
+**Issue**: The [GetOk](https://pkg.go.dev/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema#ResourceData.GetOk) 
+implementation in the Legacy SDK does not recognize zero values for fields. However, 0 is a valid value for various fields 
+such as `cumulative_rt_srch_jobs_quota` and `rt_srch_jobs_quota`
+
+**Solution:** If possible, please set these values to a non-zero value. If you would like to set either of these fields 
+to zero, the user can choose to manage this field exclusively through UI/ACS API/ACS CLI - only adding the field to their 
+configuration if they would like to set it to a non-zero value. 
+
+Alternatively users should upgrade to at least v1.2.1 of this provider to leverage a workaround which relies on the 
+[GetChange](https://pkg.go.dev/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema#ResourceData.GetChange) 
+functionality of the Legacy SDK. The caveat is that you must run `terraform apply` twice when first creating a new role in 
+order for the zero values to be set (they will only be set when updating a resource, not when creating one). Please note that 
+terraform config and real infrastructure should converge after the second run of `terraform apply`. 
+
+
 ### Terraform Import 
 **Issue:** If you receive a 409 conflict error when creating a resource, either use a different role name to create a new resource, or use `terraform import` to bring
   the resource under terraform management. 

internal/roles/role_resource.go

@@ -302,6 +302,8 @@ func resourceRoleUpdate(ctx context.Context, d *schema.ResourceData, m interface
 	patchParam := v2.PatchRoleInfoParams{
 		FederatedSearchManageAck: roleParam,
 	}
+	tflog.Info(ctx, fmt.Sprintf("updated role resource: %d\n", patchRequest.CumulativeRTSrchJobsQuota))
+
 	patchRequestBody := v2.PatchRoleInfoJSONRequestBody{
 		RolesInfo:                 patchRequest.RolesInfo,
 		CumulativeRTSrchJobsQuota: patchRequest.CumulativeRTSrchJobsQuota,
@@ -320,7 +322,7 @@ func resourceRoleUpdate(ctx context.Context, d *schema.ResourceData, m interface
 		return diag.Errorf(fmt.Sprintf("Error waiting for role (%s) to be updated: %s", roleName, err))
 	}
 
-	tflog.Info(ctx, fmt.Sprintf("updated hec resource: %s\n", roleName))
+	tflog.Info(ctx, fmt.Sprintf("updated role resource: %s\n", roleName))
 	return resourceRoleRead(ctx, d, m)
 }
 
@@ -349,14 +351,24 @@ func parseRoleRequest(d *schema.ResourceData) (*v2.RolesRequest, string) {
 	name := d.Get(schemaKeyName).(string)
 
 	// RolesRequest attributes
+
+	//	workaround to allow 0 value, repeated for all fields where 0 is valid value
 	if value, ok := d.GetOk(schemaKeyCumulativeRTSrchJobsQuota); ok {
 		parsedData := value.(int)
 		rolesRequest.CumulativeRTSrchJobsQuota = &parsedData
+	} else if d.HasChange(schemaKeyCumulativeRTSrchJobsQuota) {
+		_, new_val := d.GetChange(schemaKeyCumulativeRTSrchJobsQuota)
+		parsedData := new_val.(int)
+		rolesRequest.CumulativeRTSrchJobsQuota = &parsedData
 	}
 
 	if value, ok := d.GetOk(schemaKeyCumulativeSrchJobsQuota); ok {
 		parsedData := value.(int)
 		rolesRequest.CumulativeSrchJobsQuota = &parsedData
+	} else if d.HasChange(schemaKeyCumulativeSrchJobsQuota) {
+		_, new_val := d.GetChange(schemaKeyCumulativeSrchJobsQuota)
+		parsedData := new_val.(int)
+		rolesRequest.CumulativeSrchJobsQuota = &parsedData
 	}
 
 	if value, ok := d.GetOk(schemaKeyDefaultApp); ok {
@@ -375,18 +387,22 @@ func parseRoleRequest(d *schema.ResourceData) (*v2.RolesRequest, string) {
 		rolesRequest.Capabilities = &parsedData
 	}
 
+	// workaround to allow zero value
 	if value, ok := d.GetOk(schemaKeyRTSrchJobsQuota); ok {
 		parsedData := value.(int)
 		rolesRequest.RtSrchJobsQuota = &parsedData
+	} else if d.HasChange(schemaKeyRTSrchJobsQuota) {
+		_, new_val := d.GetChange(schemaKeyRTSrchJobsQuota)
+		parsedData := new_val.(int)
+		rolesRequest.RtSrchJobsQuota = &parsedData
 	}
 
 	if value, ok := d.GetOk(schemaKeySrchDiskQuota); ok {
 		parsedData := value.(int)
 		rolesRequest.SrchDiskQuota = &parsedData
-	}
-
-	if value, ok := d.GetOk(schemaKeySrchDiskQuota); ok {
-		parsedData := value.(int)
+	} else if d.HasChange(schemaKeySrchDiskQuota) {
+		_, new_val := d.GetChange(schemaKeySrchDiskQuota)
+		parsedData := new_val.(int)
 		rolesRequest.SrchDiskQuota = &parsedData
 	}
 
@@ -402,22 +418,34 @@ func parseRoleRequest(d *schema.ResourceData) (*v2.RolesRequest, string) {
 
 	if values, ok := d.GetOk(schemaKeySrchIndexesDefault); ok {
 		parsedData := utils.ParseSetValues(values)
-		rolesRequest.SrchIndexesAllowed = &parsedData
+		rolesRequest.SrchIndexesDefault = &parsedData
 	}
 
 	if value, ok := d.GetOk(schemaKeySrchJobsQuota); ok {
 		parsedData := value.(int)
 		rolesRequest.SrchJobsQuota = &parsedData
+	} else if d.HasChange(schemaKeySrchJobsQuota) {
+		_, new_val := d.GetChange(schemaKeySrchJobsQuota)
+		parsedData := new_val.(int)
+		rolesRequest.SrchJobsQuota = &parsedData
 	}
 
 	if value, ok := d.GetOk(schemaKeySrchTimeEarliest); ok {
 		parsedData := value.(int)
 		rolesRequest.SrchTimeEarliest = &parsedData
+	} else if d.HasChange(schemaKeySrchTimeEarliest) {
+		_, new_val := d.GetChange(schemaKeySrchTimeEarliest)
+		parsedData := new_val.(int)
+		rolesRequest.SrchTimeEarliest = &parsedData
 	}
 
 	if value, ok := d.GetOk(schemaKeySrchTimeWin); ok {
 		parsedData := value.(int)
 		rolesRequest.SrchTimeWin = &parsedData
+	} else if d.HasChange(schemaKeySrchTimeWin) {
+		_, new_val := d.GetChange(schemaKeySrchTimeWin)
+		parsedData := new_val.(int)
+		rolesRequest.SrchTimeWin = &parsedData
 	}
 	return &rolesRequest, name
 }