From a705dd14ccfc26e6c7e4984f1aafa0084093f31d Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Sun, 18 May 2025 18:52:35 +0300 Subject: [PATCH 1/2] runtime env add --- codefresh/resource_permission.go | 4 +++- codefresh/resource_permission_test.go | 33 +++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/codefresh/resource_permission.go b/codefresh/resource_permission.go index 9e7adc14..2130c2b3 100644 --- a/codefresh/resource_permission.go +++ b/codefresh/resource_permission.go @@ -41,6 +41,7 @@ The type of resources the permission applies to. Possible values: * pipeline * cluster * project + * runtime-environment `, Type: schema.TypeString, Required: true, @@ -48,6 +49,7 @@ The type of resources the permission applies to. Possible values: "pipeline", "cluster", "project", + "runtime-environment", }, false), }, "related_resource": { @@ -65,7 +67,7 @@ Specifies the resource to use when evaluating the tags. Possible values: Description: ` Action to be allowed. Possible values: * create - * read + * read (For runtime-environment resource, 'read' means 'assign') * update * delete * run (Only valid for pipeline resource) diff --git a/codefresh/resource_permission_test.go b/codefresh/resource_permission_test.go index 0b4ec91b..4fba4600 100644 --- a/codefresh/resource_permission_test.go +++ b/codefresh/resource_permission_test.go @@ -42,6 +42,16 @@ func TestAccCodefreshPermissionConfig(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "tags.1", "production"), ), }, + { + Config: testAccCodefreshNoRelatedResourcePermissionConfig("create", "runtime-environment", []string{"production", "*"}), + Check: resource.ComposeTestCheckFunc( + testAccCheckCodefreshPermissionExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "action", "create"), + resource.TestCheckResourceAttr(resourceName, "resource", "runtime-environment"), + resource.TestCheckResourceAttr(resourceName, "tags.0", "*"), + resource.TestCheckResourceAttr(resourceName, "tags.1", "production"), + ), + }, { ResourceName: resourceName, ImportState: true, @@ -96,3 +106,26 @@ func testAccCodefreshPermissionConfig(action, resource, relatedResource string, } `, escapeString(action), escapeString(resource), escapeString(relatedResource), strings.Join(tagsEscaped[:], ",")) } + +func testAccCodefreshNoRelatedResourcePermissionConfig(action, resource string, tags []string) string { + escapeString := func(str string) string { + if str == "null" { + return str // null means Terraform should ignore this field + } + return fmt.Sprintf(`"%s"`, str) + } + tagsEscaped := funk.Map(tags, escapeString).([]string) + + return fmt.Sprintf(` + data "codefresh_team" "users" { + name = "users" + } + + resource "codefresh_permission" "test" { + team = data.codefresh_team.users.id + action = %s + resource = %s + tags = [%s] + } +`, escapeString(action), escapeString(resource), strings.Join(tagsEscaped[:], ",")) +} From c8a9807f448587475c426745479b690a936fc8ee Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Tue, 20 May 2025 15:20:54 +0300 Subject: [PATCH 2/2] add runtime-environment resource to permissions --- codefresh/data_current_account_user.go | 1 - codefresh/data_idps.go | 19 +++++++++---------- codefresh/internal/datautil/yaml.go | 4 ++-- .../resource_account_user_association.go | 1 - codefresh/resource_permission.go | 3 +-- codefresh/resource_step_types.go | 2 +- docs/resources/permission.md | 3 ++- 7 files changed, 15 insertions(+), 18 deletions(-) diff --git a/codefresh/data_current_account_user.go b/codefresh/data_current_account_user.go index eeb482b9..8f369f60 100644 --- a/codefresh/data_current_account_user.go +++ b/codefresh/data_current_account_user.go @@ -78,7 +78,6 @@ func mapDataCurrentAccountUserToResource(currentAccount *cfclient.CurrentAccount return err } - err = d.Set("email", user.Email) if err != nil { diff --git a/codefresh/data_idps.go b/codefresh/data_idps.go index 7e1eb76d..4c289867 100644 --- a/codefresh/data_idps.go +++ b/codefresh/data_idps.go @@ -147,19 +147,19 @@ func mapDataIdpToResource(idp cfclient.IDP, d *schema.ResourceData) error { //d.Set("apiURL", idp.ApiURL) // string `json:"apiURL,omitempty"` //d.Set("appId", idp.AppId) // string `json:"appId,omitempty"` //d.Set("authURL", idp.AuthURL) // string `json:"authURL,omitempty"` - err = d.Set("client_host", idp.ClientHost) // string `json:"clientHost,omitempty"` + err = d.Set("client_host", idp.ClientHost) // string `json:"clientHost,omitempty"` if err != nil { return err } - err = d.Set("client_id", idp.ClientId) // string `json:"clientId,omitempty"` + err = d.Set("client_id", idp.ClientId) // string `json:"clientId,omitempty"` if err != nil { return err } - err = d.Set("client_name", idp.ClientName) // string `json:"clientName,omitempty"` + err = d.Set("client_name", idp.ClientName) // string `json:"clientName,omitempty"` if err != nil { return err @@ -171,32 +171,31 @@ func mapDataIdpToResource(idp cfclient.IDP, d *schema.ResourceData) error { return err } - err = d.Set("client_type", idp.ClientType) // string `json:"clientType,omitempty"` + err = d.Set("client_type", idp.ClientType) // string `json:"clientType,omitempty"` if err != nil { return err } - - err = d.Set("cookie_iv", idp.CookieIv) // string `json:"cookieIv,omitempty"` + err = d.Set("cookie_iv", idp.CookieIv) // string `json:"cookieIv,omitempty"` if err != nil { return err } - err = d.Set("cookie_key", idp.CookieKey) // string `json:"cookieKey,omitempty"` + err = d.Set("cookie_key", idp.CookieKey) // string `json:"cookieKey,omitempty"` if err != nil { return err } - err = d.Set("display_name", idp.DisplayName) // string `json:"displayName,omitempty"` + err = d.Set("display_name", idp.DisplayName) // string `json:"displayName,omitempty"` if err != nil { return err } - err = d.Set("_id", idp.ID) // string `json:"_id,omitempty"` + err = d.Set("_id", idp.ID) // string `json:"_id,omitempty"` if err != nil { return err @@ -212,7 +211,7 @@ func mapDataIdpToResource(idp cfclient.IDP, d *schema.ResourceData) error { return err } - err = d.Set("tenant", idp.Tenant) // string `json:"tenant,omitempty"` + err = d.Set("tenant", idp.Tenant) // string `json:"tenant,omitempty"` if err != nil { return err diff --git a/codefresh/internal/datautil/yaml.go b/codefresh/internal/datautil/yaml.go index 72210891..7f603551 100644 --- a/codefresh/internal/datautil/yaml.go +++ b/codefresh/internal/datautil/yaml.go @@ -1,10 +1,10 @@ package datautil import ( - "io" - "strings" "github.com/mikefarah/yq/v4/pkg/yqlib" "gopkg.in/op/go-logging.v1" + "io" + "strings" ) const ( diff --git a/codefresh/resource_account_user_association.go b/codefresh/resource_account_user_association.go index 2ee53a61..320eeebe 100644 --- a/codefresh/resource_account_user_association.go +++ b/codefresh/resource_account_user_association.go @@ -98,7 +98,6 @@ func resourceAccountUserAssociationRead(d *schema.ResourceData, meta interface{} if userID == "" { d.SetId("") - return nil } diff --git a/codefresh/resource_permission.go b/codefresh/resource_permission.go index 2130c2b3..fe974f66 100644 --- a/codefresh/resource_permission.go +++ b/codefresh/resource_permission.go @@ -10,7 +10,6 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" - funk "github.com/thoas/go-funk" ) func resourcePermission() *schema.Resource { @@ -112,7 +111,7 @@ func resourcePermissionCustomDiff(ctx context.Context, diff *schema.ResourceDiff } } if diff.HasChanges("resource", "action") { - if funk.Contains([]string{"run", "approve", "debug"}, diff.Get("action").(string)) && diff.Get("resource").(string) != "pipeline" { + if contains([]string{"run", "approve", "debug"}, diff.Get("action").(string)) && diff.Get("resource").(string) != "pipeline" { return fmt.Errorf("action %v is only valid when resource is 'pipeline'", diff.Get("action").(string)) } } diff --git a/codefresh/resource_step_types.go b/codefresh/resource_step_types.go index a0928890..0a43bf52 100644 --- a/codefresh/resource_step_types.go +++ b/codefresh/resource_step_types.go @@ -10,8 +10,8 @@ import ( "github.com/Masterminds/semver" "github.com/codefresh-io/terraform-provider-codefresh/codefresh/cfclient" - "github.com/codefresh-io/terraform-provider-codefresh/codefresh/internal/schemautil" "github.com/codefresh-io/terraform-provider-codefresh/codefresh/internal/datautil" + "github.com/codefresh-io/terraform-provider-codefresh/codefresh/internal/schemautil" ghodss "github.com/ghodss/yaml" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" diff --git a/docs/resources/permission.md b/docs/resources/permission.md index 66fc7868..48799883 100644 --- a/docs/resources/permission.md +++ b/docs/resources/permission.md @@ -42,7 +42,7 @@ resource "codefresh_permission" "developers" { - `action` (String) Action to be allowed. Possible values: * create - * read + * read (For runtime-environment resource, 'read' means 'assign') * update * delete * run (Only valid for pipeline resource) @@ -52,6 +52,7 @@ resource "codefresh_permission" "developers" { * pipeline * cluster * project + * runtime-environment - `team` (String) The Id of the team the permissions apply to. ### Optional