Backport #2153 to release/v15 for #2198
Please add this issue to the proper milestone.
Copied from PR:
Summary
- Add
user_principal_id field to rancher2_global_role_binding resource, enabling assignment of global roles to remote users via their principal ID
- Follows the same pattern already used in
rancher2_cluster_role_template_binding and rancher2_project_role_template_binding
- Adds
user_principal_id to the data source as well for completeness
Related
Fixes #2152
Changes
| File |
Change |
rancher2/schema_global_role_binding.go |
Added user_principal_id field to schema |
rancher2/structure_global_role_binding.go |
Added flatten/expand support for UserPrincipalID |
rancher2/data_source_rancher2_global_role_binding.go |
Added user_principal_id computed attribute |
rancher2/structure_global_role_binding_test.go |
Added test coverage for user_principal_id |
docs/resources/global_role_binding.md |
Added argument reference, example, and note |
docs/data-sources/global_role_binding.md |
Added attribute reference |
Testing
TestFlattenGlobalRoleBinding — PASSTestExpandGlobalRoleBinding — PASSgo build ./... — compiles cleanly
Breaking Change Notice
This is a breaking change for existing rancher2_global_role_binding resources.
The user_principal_id field uses ForceNew: true, which means that on upgrade, Terraform will detect a diff between the config (which does not specify user_principal_id) and the state (which will be populated from the Rancher API during refresh). This triggers a destroy and recreate of all existing global role bindings managed by Terraform.
This matches the pattern used in rancher2_cluster_role_template_binding and rancher2_project_role_template_binding, where ForceNew: true was eventually adopted for identity-related fields. The field is immutable at the Rancher API level — a global role binding's principal cannot be changed without recreating the binding.
Generated with
This PR was made with OpenCode using model Qwen3.6-35B-A3B.
Backport #2153 to release/v15 for #2198
Please add this issue to the proper milestone.
Copied from PR:
Summary
user_principal_idfield torancher2_global_role_bindingresource, enabling assignment of global roles to remote users via their principal IDrancher2_cluster_role_template_bindingandrancher2_project_role_template_bindinguser_principal_idto the data source as well for completenessRelated
Fixes #2152
Changes
rancher2/schema_global_role_binding.gouser_principal_idfield to schemarancher2/structure_global_role_binding.goUserPrincipalIDrancher2/data_source_rancher2_global_role_binding.gouser_principal_idcomputed attributerancher2/structure_global_role_binding_test.gouser_principal_iddocs/resources/global_role_binding.mddocs/data-sources/global_role_binding.mdTesting
TestFlattenGlobalRoleBinding— PASSTestExpandGlobalRoleBinding— PASSgo build ./...— compiles cleanlyBreaking Change Notice
This is a breaking change for existing
rancher2_global_role_bindingresources.The
user_principal_idfield usesForceNew: true, which means that on upgrade, Terraform will detect a diff between the config (which does not specifyuser_principal_id) and the state (which will be populated from the Rancher API during refresh). This triggers a destroy and recreate of all existing global role bindings managed by Terraform.This matches the pattern used in
rancher2_cluster_role_template_bindingandrancher2_project_role_template_binding, whereForceNew: truewas eventually adopted for identity-related fields. The field is immutable at the Rancher API level — a global role binding's principal cannot be changed without recreating the binding.Generated with
This PR was made with OpenCode using model Qwen3.6-35B-A3B.