From 9bf39ec85bcba5af46d4acee129431721710a688 Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Wed, 8 Jan 2025 09:51:00 +0200 Subject: [PATCH 1/2] add support for ruletype in permission --- codefresh/cfclient/permission.go | 3 +++ codefresh/resource_permission.go | 15 ++++++++++++++- docs/resources/permission.md | 1 + 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/codefresh/cfclient/permission.go b/codefresh/cfclient/permission.go index aaeea946..52aa64e0 100644 --- a/codefresh/cfclient/permission.go +++ b/codefresh/cfclient/permission.go @@ -12,6 +12,7 @@ type Permission struct { RelatedResource string `json:"relatedResource,omitempty"` Action string `json:"action,omitempty"` Account string `json:"account,omitempty"` + RuleType string `json:"ruleType,omitempty"` Tags []string `json:"attributes,omitempty"` } @@ -23,6 +24,7 @@ type NewPermission struct { RelatedResource string `json:"relatedResource,omitempty"` Action string `json:"action,omitempty"` Account string `json:"account,omitempty"` + RuleType string `json:"ruleType,omitempty"` Tags []string `json:"tags,omitempty"` } @@ -93,6 +95,7 @@ func (client *Client) CreatePermission(permission *Permission) (*Permission, err RelatedResource: permission.RelatedResource, Action: permission.Action, Account: permission.Account, + RuleType: permission.RuleType, Tags: permission.Tags, } diff --git a/codefresh/resource_permission.go b/codefresh/resource_permission.go index b6b4c491..0a88e02a 100644 --- a/codefresh/resource_permission.go +++ b/codefresh/resource_permission.go @@ -84,6 +84,13 @@ Action to be allowed. Possible values: "debug", }, false), }, + "rule_type": { + Description: "Rule type - can be either `all` or `any`. If all is specified the rule will apply on resources that have all the tags. If any is specified the rule will apply on resources that have any of the tags. If not specified, deafult behavior is `any`.", + Type: schema.TypeString, + Optional: true, + //Default: "any", + ValidateFunc: validation.StringInSlice([]string{"all", "any"}, false), + }, "tags": { Description: ` The tags for which to apply the permission. Supports two custom tags: @@ -163,7 +170,7 @@ func resourcePermissionUpdate(d *schema.ResourceData, meta interface{}) error { permission := *mapResourceToPermission(d) // In case team, action or relatedResource or resource have changed - a new permission needs to be created (but without recreating the terraform resource as destruction of resources is alarming for end users) - if d.HasChanges("team", "action", "related_resource", "resource") { + if d.HasChanges("team", "action", "related_resource", "resource", "rule_type") { deleteErr := resourcePermissionDelete(d, meta) if deleteErr != nil { @@ -231,6 +238,11 @@ func mapPermissionToResource(permission *cfclient.Permission, d *schema.Resource return err } + err = d.Set("rule_type", permission.RuleType) + if err != nil { + return err + } + return nil } @@ -249,6 +261,7 @@ func mapResourceToPermission(d *schema.ResourceData) *cfclient.Permission { Action: d.Get("action").(string), Resource: d.Get("resource").(string), RelatedResource: d.Get("related_resource").(string), + RuleType: d.Get("rule_type").(string), Tags: tags, } diff --git a/docs/resources/permission.md b/docs/resources/permission.md index 66fc7868..6b6aea79 100644 --- a/docs/resources/permission.md +++ b/docs/resources/permission.md @@ -59,6 +59,7 @@ resource "codefresh_permission" "developers" { - `_id` (String) The permission ID. - `related_resource` (String) Specifies the resource to use when evaluating the tags. Possible values: * project +- `rule_type` (String) Rule type - can be either `all` or `any`. If all is specified the rule will apply on resources that have all the tags. If any is specified the rule will apply on resources that have any of the tags. If not specified, deafult behavior is `any`. - `tags` (Set of String) The tags for which to apply the permission. Supports two custom tags: * untagged: Apply to all resources without tags * (asterisk): Apply to all resources with any tag From cd4856278845d9ad1dd91281ec887c3ab41306e6 Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Wed, 8 Jan 2025 13:44:33 +0200 Subject: [PATCH 2/2] add tests --- codefresh/resource_permission_test.go | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/codefresh/resource_permission_test.go b/codefresh/resource_permission_test.go index 0b4ec91b..57e20c11 100644 --- a/codefresh/resource_permission_test.go +++ b/codefresh/resource_permission_test.go @@ -21,18 +21,19 @@ func TestAccCodefreshPermissionConfig(t *testing.T) { CheckDestroy: testAccCheckCodefreshContextDestroy, Steps: []resource.TestStep{ { - Config: testAccCodefreshPermissionConfig("create", "pipeline", "null", []string{"production", "*"}), + Config: testAccCodefreshPermissionConfig("create", "pipeline", "null", []string{"production", "test"}, "all"), Check: resource.ComposeTestCheckFunc( testAccCheckCodefreshPermissionExists(resourceName), resource.TestCheckResourceAttr(resourceName, "action", "create"), resource.TestCheckResourceAttr(resourceName, "resource", "pipeline"), - resource.TestCheckResourceAttr(resourceName, "tags.0", "*"), + resource.TestCheckResourceAttr(resourceName, "tags.0", "production"), resource.TestCheckResourceAttr(resourceName, "related_resource", ""), - resource.TestCheckResourceAttr(resourceName, "tags.1", "production"), + resource.TestCheckResourceAttr(resourceName, "tags.1", "test"), + resource.TestCheckResourceAttr(resourceName, "rule_type", "all"), ), }, { - Config: testAccCodefreshPermissionConfig("create", "pipeline", "project", []string{"production", "*"}), + Config: testAccCodefreshPermissionConfig("create", "pipeline", "project", []string{"production", "*"}, "any"), Check: resource.ComposeTestCheckFunc( testAccCheckCodefreshPermissionExists(resourceName), resource.TestCheckResourceAttr(resourceName, "action", "create"), @@ -40,6 +41,7 @@ func TestAccCodefreshPermissionConfig(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "related_resource", "project"), resource.TestCheckResourceAttr(resourceName, "tags.0", "*"), resource.TestCheckResourceAttr(resourceName, "tags.1", "production"), + resource.TestCheckResourceAttr(resourceName, "rule_type", "any"), ), }, { @@ -73,7 +75,7 @@ func testAccCheckCodefreshPermissionExists(resource string) resource.TestCheckFu } // CONFIGS -func testAccCodefreshPermissionConfig(action, resource, relatedResource string, tags []string) string { +func testAccCodefreshPermissionConfig(action, resource, relatedResource string, tags []string, ruleType string) string { escapeString := func(str string) string { if str == "null" { return str // null means Terraform should ignore this field @@ -93,6 +95,7 @@ func testAccCodefreshPermissionConfig(action, resource, relatedResource string, resource = %s related_resource = %s tags = [%s] + rule_type = %s } -`, escapeString(action), escapeString(resource), escapeString(relatedResource), strings.Join(tagsEscaped[:], ",")) +`, escapeString(action), escapeString(resource), escapeString(relatedResource), strings.Join(tagsEscaped[:], ","), escapeString(ruleType)) }