Provide role scopes as csv to align with config

[danilobuerger]

Config already provides its scopes as csv.

Use-case:

I want to set allowed_parameters in the policy for scopes. However, this is only string based. When using this with terraform and supplying the scopes string based, there will be a constant state drift as the response is different (an array vs a string).

[ilijamt]

Can you provide an example in terraform?

[danilobuerger]

resource "vault_generic_endpoint" "meow" {
  path                 = "gitlab/roles/some-role"
  ignore_absent_fields = true
  data_json = jsonencode({
    name       = "some-name"
    path       = "some-slug"
    token_type = "project-deploy"
    scopes     = ["read_repository"]
    ttl        = 1234
  })
}

this will cause no state diff, but will not work with vaults policy allowed_parameters.
If you use scopes = "read_repository" instead, you will have a permanent state diff, but it will work with vaults policy allowed_parameters.

[ilijamt]

But what happens if you request more than one scope? Because that is a valid use case, and it's one of the reasons I made it an array, because we need to request multiple scopes and not just one.

Can you also provide me with whole tf with the allowed_parameters that you are having an issue with? I want to recreate the whole thing locally so I can test.

[danilobuerger]

But what happens if you request more than one scope?

I might not understand your question. But the same thing happens.

scopes = ["read_user", "api"] no state diff, doesnt work with allowed_parameters
scopes = "read_user, api" permanent state diff, works with allowed_parameters

This MR just changes the response. It will still work as before. Scopes will still accept either a csv or an array. Its just the its response which changes