Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Support for ruleType (any,all) in codefresh_permission resource #158

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

feat: Support for ruleType (any,all) in codefresh_permission resource #158

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9bf39ec
add support for ruletype in permission
ilia-medvedev-codefresh Jan 8, 2025
cd48562
add tests
ilia-medvedev-codefresh Jan 8, 2025
a398986
Merge branch 'master' into feat/permission-rule-type
ilia-medvedev-codefresh Jan 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions codefresh/cfclient/permission.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ type Permission struct {
RelatedResource string `json:"relatedResource,omitempty"`
Action string `json:"action,omitempty"`
Account string `json:"account,omitempty"`
RuleType string `json:"ruleType,omitempty"`
Tags []string `json:"attributes,omitempty"`
}

Expand All @@ -23,6 +24,7 @@ type NewPermission struct {
RelatedResource string `json:"relatedResource,omitempty"`
Action string `json:"action,omitempty"`
Account string `json:"account,omitempty"`
RuleType string `json:"ruleType,omitempty"`
Tags []string `json:"tags,omitempty"`
}

Expand Down Expand Up @@ -93,6 +95,7 @@ func (client *Client) CreatePermission(permission *Permission) (*Permission, err
RelatedResource: permission.RelatedResource,
Action: permission.Action,
Account: permission.Account,
RuleType: permission.RuleType,
Tags: permission.Tags,
}

Expand Down
15 changes: 14 additions & 1 deletion codefresh/resource_permission.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,13 @@ Action to be allowed. Possible values:
"debug",
}, false),
},
"rule_type": {
Description: "Rule type - can be either `all` or `any`. If all is specified the rule will apply on resources that have all the tags. If any is specified the rule will apply on resources that have any of the tags. If not specified, deafult behavior is `any`.",
Type: schema.TypeString,
Optional: true,
//Default: "any",
ValidateFunc: validation.StringInSlice([]string{"all", "any"}, false),
},
"tags": {
Description: `
The tags for which to apply the permission. Supports two custom tags:
Expand Down Expand Up @@ -163,7 +170,7 @@ func resourcePermissionUpdate(d *schema.ResourceData, meta interface{}) error {
permission := *mapResourceToPermission(d)

// In case team, action or relatedResource or resource have changed - a new permission needs to be created (but without recreating the terraform resource as destruction of resources is alarming for end users)
if d.HasChanges("team", "action", "related_resource", "resource") {
if d.HasChanges("team", "action", "related_resource", "resource", "rule_type") {
deleteErr := resourcePermissionDelete(d, meta)

if deleteErr != nil {
Expand Down Expand Up @@ -231,6 +238,11 @@ func mapPermissionToResource(permission *cfclient.Permission, d *schema.Resource
return err
}

err = d.Set("rule_type", permission.RuleType)
if err != nil {
return err
}

return nil
}

Expand All @@ -249,6 +261,7 @@ func mapResourceToPermission(d *schema.ResourceData) *cfclient.Permission {
Action: d.Get("action").(string),
Resource: d.Get("resource").(string),
RelatedResource: d.Get("related_resource").(string),
RuleType: d.Get("rule_type").(string),
Tags: tags,
}

Expand Down
15 changes: 9 additions & 6 deletions codefresh/resource_permission_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,25 +21,27 @@ func TestAccCodefreshPermissionConfig(t *testing.T) {
CheckDestroy: testAccCheckCodefreshContextDestroy,
Steps: []resource.TestStep{
{
Config: testAccCodefreshPermissionConfig("create", "pipeline", "null", []string{"production", "*"}),
Config: testAccCodefreshPermissionConfig("create", "pipeline", "null", []string{"production", "test"}, "all"),
Check: resource.ComposeTestCheckFunc(
testAccCheckCodefreshPermissionExists(resourceName),
resource.TestCheckResourceAttr(resourceName, "action", "create"),
resource.TestCheckResourceAttr(resourceName, "resource", "pipeline"),
resource.TestCheckResourceAttr(resourceName, "tags.0", "*"),
resource.TestCheckResourceAttr(resourceName, "tags.0", "production"),
resource.TestCheckResourceAttr(resourceName, "related_resource", ""),
resource.TestCheckResourceAttr(resourceName, "tags.1", "production"),
resource.TestCheckResourceAttr(resourceName, "tags.1", "test"),
resource.TestCheckResourceAttr(resourceName, "rule_type", "all"),
),
},
{
Config: testAccCodefreshPermissionConfig("create", "pipeline", "project", []string{"production", "*"}),
Config: testAccCodefreshPermissionConfig("create", "pipeline", "project", []string{"production", "*"}, "any"),
Check: resource.ComposeTestCheckFunc(
testAccCheckCodefreshPermissionExists(resourceName),
resource.TestCheckResourceAttr(resourceName, "action", "create"),
resource.TestCheckResourceAttr(resourceName, "resource", "pipeline"),
resource.TestCheckResourceAttr(resourceName, "related_resource", "project"),
resource.TestCheckResourceAttr(resourceName, "tags.0", "*"),
resource.TestCheckResourceAttr(resourceName, "tags.1", "production"),
resource.TestCheckResourceAttr(resourceName, "rule_type", "any"),
),
},
{
Expand Down Expand Up @@ -73,7 +75,7 @@ func testAccCheckCodefreshPermissionExists(resource string) resource.TestCheckFu
}

// CONFIGS
func testAccCodefreshPermissionConfig(action, resource, relatedResource string, tags []string) string {
func testAccCodefreshPermissionConfig(action, resource, relatedResource string, tags []string, ruleType string) string {
escapeString := func(str string) string {
if str == "null" {
return str // null means Terraform should ignore this field
Expand All @@ -93,6 +95,7 @@ func testAccCodefreshPermissionConfig(action, resource, relatedResource string,
resource = %s
related_resource = %s
tags = [%s]
rule_type = %s
}
`, escapeString(action), escapeString(resource), escapeString(relatedResource), strings.Join(tagsEscaped[:], ","))
`, escapeString(action), escapeString(resource), escapeString(relatedResource), strings.Join(tagsEscaped[:], ","), escapeString(ruleType))
}
1 change: 1 addition & 0 deletions docs/resources/permission.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ resource "codefresh_permission" "developers" {
- `_id` (String) The permission ID.
- `related_resource` (String) Specifies the resource to use when evaluating the tags. Possible values:
* project
- `rule_type` (String) Rule type - can be either `all` or `any`. If all is specified the rule will apply on resources that have all the tags. If any is specified the rule will apply on resources that have any of the tags. If not specified, deafult behavior is `any`.
- `tags` (Set of String) The tags for which to apply the permission. Supports two custom tags:
* untagged: Apply to all resources without tags
* (asterisk): Apply to all resources with any tag
Expand Down
Loading