DRAFT member refactor #6520
Open
DRAFT member refactor #6520
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updates `cloudflare_zone` migration tests to use `tf-migrate` instead of `cmd/migrate`.
…ess config (prod) * feat: BOTS-7562 add bot management feedback endpoints to stainless config (prod)
* chore: point Terraform to Go 'next'
* fix(zone): make datasource's zone ID computed optional Resolves cloudflare#6129 * test(zone): fix datasource model/schema parity Updates the `ZonesAccountDataSourceModel` type be useful for both filters and decerilization.
* adding a simple CRUD test fo account tokens * add a test file
…are#6491) * test: Add acceptance tests for cloudflare_api_shield_operation * chore: Add CI acceptance tests for api_shield_operation
* codegen metadata * add migration test for logpush_job * add zone level logpush jobs to sweeper * use MigrationV2TestStep, use zone level job for instant-logs test * handle instant-logs being returned from the API despite not being a valid config value * rename resource test name to be consistent --------- Co-authored-by: stainless-app[bot] <142633134+stainless-app[bot]@users.noreply.github.com>
The Pages API response type uses "Name" instead of "ProjectName". Update the test sweeper to access the correct field from "ProjectListResponse". Fixes compilation error: deployment.ProjectName undefined (type pages.ProjectListResponse has no field or method ProjectName)
fix(pages_project): use correct field name in test sweeper
… fields (cloudflare#6500) not returned by API The API doesn't return all configured input fields in Read responses, causing drift. This preserves input.version (critical), input.enabled cleanup, and additional fields (path, sha256, os_distro_*) from current state when API omits them. Fixes perpetual drift for firewall and os_version posture rules.
…Catalog routes * feat(r2_data_catalog): Configure SDKs/Terraform to use R2 Data Catalog routes
…nce test (cloudflare#6499) Co-authored-by: Henry Clausen <hclausen@cloudflare.com>
…re#6498) Co-authored-by: Henry Clausen <hclausen@cloudflare.com>
…sfy terraform to no detect changes on no changes to the config (cloudflare#6497) * BILLSUB-247 CUSTESC-57375 fix drift issues after apply causing idempotency issues on subsequent applies * BILLSUB-247 CUSTESC-57375 fix wrong computed_optional syntax * Fix zone_subscription Sets field type mismatch --------- Co-authored-by: Sui Mak <sui@cloudflare.com>
… fields (cloudflare#6503) not returned by API The API doesn't return all configured input fields in Read responses, causing drift. This preserves input.version (critical), input.enabled cleanup, and additional fields (path, sha256, os_distro_*) from current state when API omits them. Fixes perpetual drift for firewall and os_version posture rules.
…t with Crowdstrike (cloudflare#6470)
…d enum for rate_plan.id (cloudflare#6505) * fix: add partners_ent as valid enum for rate_plan.id * fix: remove partners_enterprise enum from account subscription --------- Co-authored-by: Sui Mak <sui@cloudflare.com>
…order to import account subscription (cloudflare#6510) Co-authored-by: Sui Mak <sui@cloudflare.com>
* chore: skip invalid change detection * chore: update go sdk to v6.4.0
…loudflare#6504) Co-authored-by: Chris Thorwarth <cthorwarth@cloudflare.com>
…riteOnly (cloudflare#6489) * codegen metadata * wip: moving migrations to be a write-only attribute --------- Co-authored-by: stainless-app[bot] <142633134+stainless-app[bot]@users.noreply.github.com> Co-authored-by: Chris Thorwarth <cthorwarth@cloudflare.com>
* ACCT-11111 making member policies a set * fixing test resource name * removing unnecessary * removing unnecessary * correct client version * fixing resource names and sweeping * manual cleanup of test resources * making resource groups and perm groups sets
- Change global test resource prefix from cf-tf-test- to cftftest_ to fix API name validation errors (fixes list, list_item, snippet) - Add certificate_pack hosts order-insensitive comparison in ModifyPlan to prevent unnecessary replacements - Add UseStateForUnknown() plan modifier to certificate_pack primary_certificate field - Add UseStateForUnknown() plan modifiers to pages_project deployment_configs fields (always_use_latest_compatibility_date, build_image_major_version, compatibility_date, fail_open) to prevent state drift Fixes test failures in: list, list_item, snippet, certificate_pack, pages_domain, pages_project
…_directory_service tests (cloudflare#6513) * fix(cloud_connector_rules): datasource model schema parity * fix: rename e2e test for connectivity_directory_service * fix(account_member): use sdk to setup prereq * fix(cloud_connector_rules): model and schema --------- Co-authored-by: Eric Falcao <efalcao@cloudflare.com>
* fix(test_utils): undefined func * fix(decoder): dont include fields with json tag - * chore(account_subscription): skip test
chore(account_member): dont run acceptance with env variable fix(utils): test assertions
steve-thousand
force-pushed
the
sconrad/account_member-refactor
branch
from
12d967f to
87dc323
Compare
steve-thousand
force-pushed
the
sconrad/account_member-refactor
branch
from
87dc323 to
78d82a1
Compare
stainless-app
bot
force-pushed
the
next
branch
from
b026b4d to
262c3dd
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes being requested
This PR has a number of changes that are meant to address bugs with account_member Imports as well as drift issues around roles and policies.
Changing resource Create function to perform POST + GET
There is a known bug in the POST endpoint for members whereby the response does not return roles. This causes part of our difficulties supporting roles, and some provider-side logic was attempting to fix this by simply preserving the state roles, which isn't great practice.
Roles may be removed in the future, and changing the endpoint is difficult. Instead, we can perform a second GET after the POST to retrieve the full correct state.
Changing roles to a Set
Like other collection fields on policies, list order isn't guaranteed. To avoid unexpected drift, we can make roles into a set.
Changing
ModifyPlanto conditionally set Roles and Policies to "Unknown"Roles vs Policies has been a problematic bit of the Members API. If the API caller provides roles, the server will hand back roles and inferred policies. And If the API caller provides policies, the server will hand back policies and roles. This is for backwards compatibility. But, the unknown response values can cause unintended drift or crashes in terraform.
Earlier fixes for this proved to be problematic. The new fix is to use the user's config to decide if they intend to change roles or policies, and if we can detect that change then we set the corresponding other collection to unknown (eg. if a user changes roles then the planned policies are set to unknown).
Acceptance test run results
Steps to run acceptance tests
Test output
Additional context & links