Support for ACL grants in acl policy #331
Labels
enhancement
New feature or request
Comments
theexiile1305
changed the title
knyar
added a commit
that referenced
this issue
Feb 14, 2024
The `acl` argument of the `tailscale_acl` resource can now be a HuJSON string. Instead of unmarshalling it into an `ACL` message of the [API client](/~https://github.com/tailscale/tailscale-client-go) just to have the client serialize it into JSON again, policy content gets passed to the Tailscale API verbatim. This allows users to define their policy as HuJSON strings, with comments being preserved. Since JSON is a subset of HuJSON, this is backwards compatible, so I am not adding a separate field for this as has been previously suggested in #227. Validation is now performed by calling the [Validate and test policy file](/~https://github.com/tailscale/tailscale/blob/main/api.md#validate-and-test-policy-file) API, which will help catch any semantic errors in the policy at `terraform plan` stage (for example, when a syntactically correct policy contains configuration that is not supported by the Tailnet's current [pricing plan](https://tailscale.com/pricing)). Finally, this will also allow users to use new fields in the policy without requiring a new release of the Terraform provider. I've also added a new `hujson` field to the `tailscale_acl` data resource that shows current policy as a HuJSON string. Fixes #331 Fixes #227 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
knyar
added a commit
that referenced
this issue
Feb 14, 2024
The `acl` argument of the `tailscale_acl` resource can now be a HuJSON string. Instead of unmarshalling `acl` into an `ACL` struct of the [API client](/~https://github.com/tailscale/tailscale-client-go) just to have the client serialize it into JSON again, policy content gets passed to the Tailscale API verbatim. This allows users to define their policy as HuJSON strings, with comments being preserved. Since JSON is a subset of HuJSON, this is backwards compatible, so I am not adding a separate field for this as has been previously suggested in #227. Validation is now performed by calling the [Validate and test policy file](/~https://github.com/tailscale/tailscale/blob/main/api.md#validate-and-test-policy-file) API, which will help catch any semantic errors in the policy at `terraform plan` stage (for example, when a syntactically correct policy contains configuration that is not supported by the Tailnet's current [pricing plan](https://tailscale.com/pricing)). Finally, this will also allow users to use new fields in the policy without requiring a new release of the Terraform provider. I've also added a new `hujson` field to the `tailscale_acl` data resource that shows current policy as a HuJSON string. Fixes #331 Fixes #227 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
knyar
added a commit
that referenced
this issue
Feb 14, 2024
The `acl` argument of the `tailscale_acl` resource can now be a HuJSON string. Instead of unmarshalling `acl` into an `ACL` struct of the [API client](/~https://github.com/tailscale/tailscale-client-go) just to have the client serialize it into JSON again, policy content gets passed to the Tailscale API verbatim. This allows users to define their policy as HuJSON strings, with comments being preserved. Since JSON is a subset of HuJSON, this is backwards compatible, so I am not adding a separate field for this as has been previously suggested in #227. Validation is now performed by calling the [Validate and test policy file](/~https://github.com/tailscale/tailscale/blob/main/api.md#validate-and-test-policy-file) API, which will help catch any semantic errors in the policy at `terraform plan` stage (for example, when a syntactically correct policy contains configuration that is not supported by the Tailnet's current [pricing plan](https://tailscale.com/pricing)). Finally, this will also allow users to use new fields in the policy without requiring a new release of the Terraform provider. I've also added a new `hujson` field to the `tailscale_acl` data resource that shows current policy as a HuJSON string. Fixes #331 Fixes #227 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
knyar
added a commit
that referenced
this issue
Feb 14, 2024
The `acl` argument of the `tailscale_acl` resource can now be a HuJSON string. Instead of unmarshalling `acl` into an `ACL` struct of the [API client](/~https://github.com/tailscale/tailscale-client-go) just to have the client serialize it into JSON again, policy content gets passed to the Tailscale API verbatim. This allows users to define their policy as HuJSON strings, with comments being preserved. Since JSON is a subset of HuJSON, this is backwards compatible, so I am not adding a separate field for this as has been previously suggested in #227. Validation is now performed by calling the [Validate and test policy file](/~https://github.com/tailscale/tailscale/blob/main/api.md#validate-and-test-policy-file) API, which will help catch any semantic errors in the policy at `terraform plan` stage (for example, when a syntactically correct policy contains configuration that is not supported by the Tailnet's current [pricing plan](https://tailscale.com/pricing)). Finally, this will also allow users to use new fields in the policy without requiring a new release of the Terraform provider. I've also added a new `hujson` field to the `tailscale_acl` data resource that shows current policy as a HuJSON string. Fixes #331 Fixes #227 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
knyar
added a commit
that referenced
this issue
Feb 15, 2024
The `acl` argument of the `tailscale_acl` resource can now be a HuJSON string. Instead of unmarshalling `acl` into an `ACL` struct of the [API client](/~https://github.com/tailscale/tailscale-client-go) just to have the client serialize it into JSON again, policy content gets passed to the Tailscale API verbatim. This allows users to define their policy as HuJSON strings, with comments being preserved. Since JSON is a subset of HuJSON, this is backwards compatible, so I am not adding a separate field for this as has been previously suggested in #227. Validation is now performed by calling the [Validate and test policy file](/~https://github.com/tailscale/tailscale/blob/main/api.md#validate-and-test-policy-file) API, which will help catch any semantic errors in the policy at `terraform plan` stage (for example, when a syntactically correct policy contains configuration that is not supported by the Tailnet's current [pricing plan](https://tailscale.com/pricing)). Finally, this will also allow users to use new fields in the policy without requiring a new release of the Terraform provider. I've also added a new `hujson` field to the `tailscale_acl` data resource that shows current policy as a HuJSON string. Fixes #331 Fixes #227 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
It's apparently not possible to create acl grants aka the object
grantsobject in the acl policy.Describe the solution you'd like
A way to create the
grantsobejct in thetailscale_aclressource.Additional context
In the following example,
terraform validateandterrraform planreturn the error json:unknown field "grants". (This error may be caused by a new ACL function that is not yet supported by this terraform provider. If you are using a valid ACL field, please raise an issue (/~https://github.com/tailscale/terraform-provider-tailscale/issues/new/choose)The text was updated successfully, but these errors were encountered: