configure ovh client and allow cms project to access zoho client

iac/modules/cloudflare_token/main.tf

@@ -10,6 +10,7 @@ locals {
     for p in data.cloudflare_account_api_token_permission_groups_list.all.result :
     "${split(".", p.scopes[0])[length(split(".", p.scopes[0])) - 1]}:${p.name}" => p.id
   }
+  permission_map_from_id = zipmap(values(local.permission_map), keys(local.permission_map))
 
   # Résout les permissions (si présentes) pour chaque catégorie
   selected_account_permissions = var.permissions.account != null ? compact([
@@ -63,8 +64,8 @@ resource "cloudflare_account_token" "token" {
   expires_on = null
 
   lifecycle {
-    ignore_changes       = [expires_on]
-    replace_triggered_by = [null_resource.cloudflare_account_token_replace]
+    ignore_changes       = [expires_on, policies] # ignore permission id change as unstable
+    replace_triggered_by = [null_resource.cloudflare_account_token_replace] # replace permission name change d
     precondition {
       condition     = length(local.missing_permissions) == 0
       error_message = local.error_message
@@ -72,8 +73,9 @@ resource "cloudflare_account_token" "token" {
   }
 }
 
-resource "null_resource" "cloudflare_account_token_replace" {
+resource "null_resource" "cloudflare_account_token_replace" { # replace token when permission names change
   triggers = {
-    "policies" = sha256(join("", local.selected_account_permissions, local.selected_bucket_permissions))
+    "account_permissions" = sha256(join("",sort([for p_id in local.selected_account_permissions: lookup(local.permission_map_from_id, p_id)])))
+    "bucket_permissions"  = sha256(join("",sort([for p_id in local.selected_bucket_permissions: lookup(local.permission_map_from_id, p_id)])))
   }
 }