From c9ba155097b16bf6efde7c8bc2ae36aea4a87749 Mon Sep 17 00:00:00 2001 From: danielm-codefresh Date: Sat, 31 Aug 2024 09:56:42 +0300 Subject: [PATCH 1/3] feat: add abac rules for products, environments, and promotion flows --- codefresh/resource_abac_rules.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/codefresh/resource_abac_rules.go b/codefresh/resource_abac_rules.go index 8271e52..55ea32d 100644 --- a/codefresh/resource_abac_rules.go +++ b/codefresh/resource_abac_rules.go @@ -11,7 +11,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" ) -var validSetValues = []string{"REFRESH", "SYNC", "TERMINATE_SYNC", "VIEW_POD_LOGS", "APP_ROLLBACK"} +var validSetValues = []string{"REFRESH", "SYNC", "TERMINATE_SYNC", "VIEW_POD_LOGS", "APP_ROLLBACK", "TRIGGER_PROMOTION", "RETRY_RELEASE", "PROMOTE_TO"} func resourceGitopsAbacRule() *schema.Resource { return &schema.Resource{ @@ -34,11 +34,14 @@ func resourceGitopsAbacRule() *schema.Resource { Description: ` The type of resources the ABAC rules applies to. Possible values: * gitopsApplications + * promotionFlows + * products + * environments `, Type: schema.TypeString, Required: true, ValidateFunc: validation.StringInSlice([]string{ - "gitopsApplications", + "gitopsApplications, promotionFlows, products, environments", }, false), }, "teams": { @@ -67,6 +70,9 @@ Action to be allowed. Possible values: * TERMINATE_SYNC * VIEW_POD_LOGS * APP_ROLLBACK + * "TRIGGER_PROMOTION" + * "RETRY_RELEASE" + * "PROMOTE_TO" `, Type: schema.TypeSet, Required: true, From 341f8c0ed3c4d9389f52f9313a3dfe87a90cb263 Mon Sep 17 00:00:00 2001 From: danielm-codefresh Date: Tue, 3 Sep 2024 08:51:06 +0300 Subject: [PATCH 2/3] run make docs --- codefresh/resource_abac_rules.go | 8 ++++---- docs/resources/abac_rules.md | 6 ++++++ 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/codefresh/resource_abac_rules.go b/codefresh/resource_abac_rules.go index 55ea32d..d7b9108 100644 --- a/codefresh/resource_abac_rules.go +++ b/codefresh/resource_abac_rules.go @@ -41,7 +41,7 @@ The type of resources the ABAC rules applies to. Possible values: Type: schema.TypeString, Required: true, ValidateFunc: validation.StringInSlice([]string{ - "gitopsApplications, promotionFlows, products, environments", + "gitopsApplications", "promotionFlows", "products", "environments", }, false), }, "teams": { @@ -70,9 +70,9 @@ Action to be allowed. Possible values: * TERMINATE_SYNC * VIEW_POD_LOGS * APP_ROLLBACK - * "TRIGGER_PROMOTION" - * "RETRY_RELEASE" - * "PROMOTE_TO" + * TRIGGER_PROMOTION + * RETRY_RELEASE + * PROMOTE_TO `, Type: schema.TypeSet, Required: true, diff --git a/docs/resources/abac_rules.md b/docs/resources/abac_rules.md index 1aecdae..b86cb1c 100644 --- a/docs/resources/abac_rules.md +++ b/docs/resources/abac_rules.md @@ -48,8 +48,14 @@ resource "codefresh_abac_rules" "app_rule" { * TERMINATE_SYNC * VIEW_POD_LOGS * APP_ROLLBACK + * TRIGGER_PROMOTION + * RETRY_RELEASE + * PROMOTE_TO - `entity_type` (String) The type of resources the ABAC rules applies to. Possible values: * gitopsApplications + * promotionFlows + * products + * environments - `teams` (Set of String) The IDs of the teams the ABAC rules apply to. ### Optional From 837e1398aa7656e05d99e0d4d9ee266927124b8f Mon Sep 17 00:00:00 2001 From: danielm-codefresh Date: Tue, 10 Sep 2024 09:45:29 +0300 Subject: [PATCH 3/3] add tests --- codefresh/resource_abac_rules_test.go | 55 ++++++++++++++++++++++++++- 1 file changed, 53 insertions(+), 2 deletions(-) diff --git a/codefresh/resource_abac_rules_test.go b/codefresh/resource_abac_rules_test.go index caa10aa..4226a67 100644 --- a/codefresh/resource_abac_rules_test.go +++ b/codefresh/resource_abac_rules_test.go @@ -6,9 +6,8 @@ import ( "testing" "github.com/codefresh-io/terraform-provider-codefresh/codefresh/cfclient" - "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" funk "github.com/thoas/go-funk" ) @@ -41,6 +40,58 @@ func TestAccCodefreshAbacRulesConfig(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "tags.1", "production"), ), }, + { + Config: testAccCodefreshAbacRulesConfig( + "promotionFlows", + "", + "", + "", + []string{"TRIGGER_PROMOTION"}, + []string{"staging"}, + ), + Check: resource.ComposeTestCheckFunc( + testAccCheckCodefreshAbacRulesExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "entity_type", "promotionFlows"), + resource.TestCheckResourceAttr(resourceName, "actions.0", "TRIGGER_PROMOTION"), + resource.TestCheckResourceAttr(resourceName, "tags.0", "staging"), + ), + }, + { + Config: testAccCodefreshAbacRulesConfig( + "products", + "", + "", + "", + []string{"TRIGGER_PROMOTION", "RETRY_RELEASE"}, + []string{"dev", "qa"}, + ), + Check: resource.ComposeTestCheckFunc( + testAccCheckCodefreshAbacRulesExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "entity_type", "products"), + resource.TestCheckResourceAttr(resourceName, "actions.#", "2"), + resource.TestCheckTypeSetElemAttr(resourceName, "actions.*", "TRIGGER_PROMOTION"), + resource.TestCheckTypeSetElemAttr(resourceName, "actions.*", "RETRY_RELEASE"), + resource.TestCheckResourceAttr(resourceName, "tags.#", "2"), + resource.TestCheckTypeSetElemAttr(resourceName, "tags.*", "dev"), + resource.TestCheckTypeSetElemAttr(resourceName, "tags.*", "qa"), + ), + }, + { + Config: testAccCodefreshAbacRulesConfig( + "environments", + "", + "", + "", + []string{"PROMOTE_TO"}, + []string{"production"}, + ), + Check: resource.ComposeTestCheckFunc( + testAccCheckCodefreshAbacRulesExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "entity_type", "environments"), + resource.TestCheckResourceAttr(resourceName, "actions.0", "PROMOTE_TO"), + resource.TestCheckResourceAttr(resourceName, "tags.0", "production"), + ), + }, { ResourceName: resourceName, ImportState: true,