-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ldap_object_attributes
resource
#5
Conversation
@oliverisaac I added another resource. Would you mind reviewing the changes? The PR also includes some minor typo fixes etc. |
Looks great, love the idea of being able to manage specific attributes on a DN without owning the DN! As I was reading through this I realized we're missing |
Also, to be clear, this is authoritative for the resource? So if I define |
Yes and no, essentially the Another example:
So really only specific values of an attribute are owned if you think about the attribute as a key with multiple values. However not all attributes are multi-value, so if the attribute is single value only, this does not apply. Does that make sense? This is why the READ operation was a bit tricky, because we are only interested in some values of attributes that are predefined. I was also struggling with the IMPORT operation for now, so I will look into this later. Regarding #4 you are correct I wanted to add a |
I also stumbled upon a bug I didn't notice before:
Which is visible in the plan:
There is an empty set element that pops up for updates, which also causes a warning. So the PR is not ready yet |
Create: resourceLDAPObjectAttributesCreate, | ||
Read: resourceLDAPObjectAttributesRead, | ||
Update: resourceLDAPObjectAttributesUpdate, | ||
Delete: resourceLDAPObjectAttributesDelete, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe add Description
here in prep for #4
Ah! That makes sense. This is going to really help me clean up my .tf code around nested groups :)
For #4 and this PR, I just meant adding a |
In our company we have the problem that some groups can not be "owned" by terraform as they are provisioned by other means. For those case
ldap_object
is not sufficient. We therefore need a generic way to introduce additional attribute values to existing objects.That's what the
ldap_object_attributes
resource is for. It owns only a few attributes and their values.For example imagine a group with the following members:
CN=foo,...
Now we want to add several members that are provisioned by terraform. This would look as follows:
Applying this will add
CN=bar,...
as member to the group and leave the pre-existing members in tact. Same applies for changes or destroy.