diff --git a/codefresh/resource_abac_rules.go b/codefresh/resource_abac_rules.go index 8271e52..d7b9108 100644 --- a/codefresh/resource_abac_rules.go +++ b/codefresh/resource_abac_rules.go @@ -11,7 +11,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" ) -var validSetValues = []string{"REFRESH", "SYNC", "TERMINATE_SYNC", "VIEW_POD_LOGS", "APP_ROLLBACK"} +var validSetValues = []string{"REFRESH", "SYNC", "TERMINATE_SYNC", "VIEW_POD_LOGS", "APP_ROLLBACK", "TRIGGER_PROMOTION", "RETRY_RELEASE", "PROMOTE_TO"} func resourceGitopsAbacRule() *schema.Resource { return &schema.Resource{ @@ -34,11 +34,14 @@ func resourceGitopsAbacRule() *schema.Resource { Description: ` The type of resources the ABAC rules applies to. Possible values: * gitopsApplications + * promotionFlows + * products + * environments `, Type: schema.TypeString, Required: true, ValidateFunc: validation.StringInSlice([]string{ - "gitopsApplications", + "gitopsApplications", "promotionFlows", "products", "environments", }, false), }, "teams": { @@ -67,6 +70,9 @@ Action to be allowed. Possible values: * TERMINATE_SYNC * VIEW_POD_LOGS * APP_ROLLBACK + * TRIGGER_PROMOTION + * RETRY_RELEASE + * PROMOTE_TO `, Type: schema.TypeSet, Required: true, diff --git a/codefresh/resource_abac_rules_test.go b/codefresh/resource_abac_rules_test.go index caa10aa..4226a67 100644 --- a/codefresh/resource_abac_rules_test.go +++ b/codefresh/resource_abac_rules_test.go @@ -6,9 +6,8 @@ import ( "testing" "github.com/codefresh-io/terraform-provider-codefresh/codefresh/cfclient" - "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" funk "github.com/thoas/go-funk" ) @@ -41,6 +40,58 @@ func TestAccCodefreshAbacRulesConfig(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "tags.1", "production"), ), }, + { + Config: testAccCodefreshAbacRulesConfig( + "promotionFlows", + "", + "", + "", + []string{"TRIGGER_PROMOTION"}, + []string{"staging"}, + ), + Check: resource.ComposeTestCheckFunc( + testAccCheckCodefreshAbacRulesExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "entity_type", "promotionFlows"), + resource.TestCheckResourceAttr(resourceName, "actions.0", "TRIGGER_PROMOTION"), + resource.TestCheckResourceAttr(resourceName, "tags.0", "staging"), + ), + }, + { + Config: testAccCodefreshAbacRulesConfig( + "products", + "", + "", + "", + []string{"TRIGGER_PROMOTION", "RETRY_RELEASE"}, + []string{"dev", "qa"}, + ), + Check: resource.ComposeTestCheckFunc( + testAccCheckCodefreshAbacRulesExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "entity_type", "products"), + resource.TestCheckResourceAttr(resourceName, "actions.#", "2"), + resource.TestCheckTypeSetElemAttr(resourceName, "actions.*", "TRIGGER_PROMOTION"), + resource.TestCheckTypeSetElemAttr(resourceName, "actions.*", "RETRY_RELEASE"), + resource.TestCheckResourceAttr(resourceName, "tags.#", "2"), + resource.TestCheckTypeSetElemAttr(resourceName, "tags.*", "dev"), + resource.TestCheckTypeSetElemAttr(resourceName, "tags.*", "qa"), + ), + }, + { + Config: testAccCodefreshAbacRulesConfig( + "environments", + "", + "", + "", + []string{"PROMOTE_TO"}, + []string{"production"}, + ), + Check: resource.ComposeTestCheckFunc( + testAccCheckCodefreshAbacRulesExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "entity_type", "environments"), + resource.TestCheckResourceAttr(resourceName, "actions.0", "PROMOTE_TO"), + resource.TestCheckResourceAttr(resourceName, "tags.0", "production"), + ), + }, { ResourceName: resourceName, ImportState: true, diff --git a/docs/resources/abac_rules.md b/docs/resources/abac_rules.md index 1aecdae..b86cb1c 100644 --- a/docs/resources/abac_rules.md +++ b/docs/resources/abac_rules.md @@ -48,8 +48,14 @@ resource "codefresh_abac_rules" "app_rule" { * TERMINATE_SYNC * VIEW_POD_LOGS * APP_ROLLBACK + * TRIGGER_PROMOTION + * RETRY_RELEASE + * PROMOTE_TO - `entity_type` (String) The type of resources the ABAC rules applies to. Possible values: * gitopsApplications + * promotionFlows + * products + * environments - `teams` (Set of String) The IDs of the teams the ABAC rules apply to. ### Optional