Add cloudstack_role resource
#181
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Implement data source for cloudstack_role with read functionality. - Create resource for managing cloudstack_role with CRUD operations. - Update documentation for cloudstack_role data source and resource.
…and improved documentation - Added filter support to the cloudstack_role data source for role retrieval. - Updated resource_cloudstack_role to require either role_id or type. - Enhanced documentation for both data source and resource with examples and argument descriptions.
1. Add required 'type' parameter to role resource configuration in both resource and data source tests 2. Modify testAccCheckCloudStackRoleDestroy function to handle potential panic when accessing l.Roles[0]
ianc769
changed the title
role resource role resource
There was a problem hiding this comment.
Pull Request Overview
This PR adds a new cloudstack_role resource and data source to the CloudStack Terraform provider, enabling users to create, read, update, and delete CloudStack roles through Terraform configuration. The implementation supports both creating roles from a specific type (Admin, ResourceAdmin, DomainAdmin, User) and cloning from existing roles.
- Implements both resource and data source for CloudStack roles
- Adds comprehensive test coverage for role operations
- Updates documentation and website navigation for the new resource
Reviewed Changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| cloudstack/resource_cloudstack_role.go | Core implementation of the role resource with CRUD operations |
| cloudstack/data_source_cloudstack_role.go | Data source implementation for role queries with filtering |
| cloudstack/provider.go | Registers the new resource and data source in the provider |
| cloudstack/resource_cloudstack_role_test.go | Test suite for role resource functionality |
| cloudstack/data_source_cloudstack_role_test.go | Test suite for role data source functionality |
| website/docs/r/role.html.markdown | Resource documentation with usage examples |
| website/docs/d/role.html.markdown | Data source documentation with usage examples |
| website/cloudstack.erb | Website navigation updates to include new documentation |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Co-authored-by: Copilot <[email protected]>
kiranchavala
approved these changes
Sep 9, 2025
There was a problem hiding this comment.
Tested manually , able to create role , read and update
─ terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
# data.cloudstack_role.role_id will be read during apply
# (config refers to values not yet known)
<= data "cloudstack_role" "role_id" {
+ description = (known after apply)
+ id = (known after apply)
+ is_public = (known after apply)
+ name = (known after apply)
+ type = (known after apply)
+ filter {
+ name = "id"
+ value = (known after apply)
}
}
# data.cloudstack_role.role_name will be read during apply
# (depends on a resource or a module with changes pending)
<= data "cloudstack_role" "role_name" {
+ description = (known after apply)
+ id = (known after apply)
+ is_public = (known after apply)
+ name = (known after apply)
+ type = (known after apply)
+ filter {
+ name = "name"
+ value = "foo"
}
}
# cloudstack_role.admin will be created
+ resource "cloudstack_role" "admin" {
+ description = "Administrator role"
+ id = (known after apply)
+ is_public = true
+ name = "foo"
+ type = "Admin"
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ id_filter = (known after apply)
+ name_filter = (known after apply)
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
cloudstack_role.admin: Creating...
cloudstack_role.admin: Creation complete after 1s [id=6ccf1485-41cc-4f5c-bba6-008209b129c4]
data.cloudstack_role.role_id: Reading...
data.cloudstack_role.role_name: Reading...
data.cloudstack_role.role_id: Read complete after 1s [id=6ccf1485-41cc-4f5c-bba6-008209b129c4]
data.cloudstack_role.role_name: Read complete after 1s [id=6ccf1485-41cc-4f5c-bba6-008209b129c4]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Outputs:
id_filter = "foo"
name_filter = "foo"
╭─ ~/Desktop/cloudstack-India-demo/cloudstack-terraform copy ✔ ╱ 15s ╱ Azure subscription 1 ╱ 11:34:59 AM
╰─ terraform apply
cloudstack_role.admin: Refreshing state... [id=6ccf1485-41cc-4f5c-bba6-008209b129c4]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
~ update in-place
<= read (data resources)
Terraform will perform the following actions:
# data.cloudstack_role.role_id will be read during apply
# (depends on a resource or a module with changes pending)
<= data "cloudstack_role" "role_id" {
+ description = (known after apply)
+ id = (known after apply)
+ is_public = (known after apply)
+ name = (known after apply)
+ type = (known after apply)
+ filter {
+ name = "id"
+ value = "6ccf1485-41cc-4f5c-bba6-008209b129c4"
}
}
# data.cloudstack_role.role_name will be read during apply
# (depends on a resource or a module with changes pending)
<= data "cloudstack_role" "role_name" {
+ description = (known after apply)
+ id = (known after apply)
+ is_public = (known after apply)
+ name = (known after apply)
+ type = (known after apply)
+ filter {
+ name = "name"
+ value = "foo3"
}
}
# cloudstack_role.admin will be updated in-place
~ resource "cloudstack_role" "admin" {
id = "6ccf1485-41cc-4f5c-bba6-008209b129c4"
~ name = "foo" -> "foo3"
# (3 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Changes to Outputs:
~ id_filter = "foo" -> (known after apply)
~ name_filter = "foo" -> (known after apply)
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
cloudstack_role.admin: Modifying... [id=6ccf1485-41cc-4f5c-bba6-008209b129c4]
cloudstack_role.admin: Modifications complete after 1s [id=6ccf1485-41cc-4f5c-bba6-008209b129c4]
data.cloudstack_role.role_name: Reading...
data.cloudstack_role.role_id: Reading...
data.cloudstack_role.role_id: Read complete after 0s [id=6ccf1485-41cc-4f5c-bba6-008209b129c4]
data.cloudstack_role.role_name: Read complete after 1s [id=6ccf1485-41cc-4f5c-bba6-008209b129c4]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
Outputs:
id_filter = "foo3"
name_filter = "foo3"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding
roleas a terraform managed resource option -> https://cloudstack.apache.org/api/apidocs-4.20/apis/createRole.htmlContributes to #82
Using this code for example: