Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add variable sets permission to team project #1021

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
+104 −0
Open

Add variable sets permission to team project #1021

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
79d0852
add variable sets permission to team project
netramali Dec 16, 2024
5c2d6f0
Merge branch 'main' into netramali/TF-22972-add-project-varset-permis…
netramali Jan 9, 2025
8539a9e
Merge branch 'main' into netramali/TF-22972-add-project-varset-permis…
netramali Jan 10, 2025
55d5f2f
add changelog
netramali Jan 10, 2025
687244f
revert test temp
netramali Jan 10, 2025
372b311
test added
netramali Jan 10, 2025
09fe349
test added
netramali Jan 10, 2025
a616287
beta
netramali Jan 10, 2025
1f49cd3
beta test flag
netramali Jan 10, 2025
c339dc6
beta test
netramali Jan 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# Unreleased

* Add BETA support for adding custom project permission for variable sets `ProjectVariableSetsPermission` by @netramali [21879](https://github.com/hashicorp/atlas/pull/21879)

# v1.73.0

## Enhancements
Expand Down
15 changes: 15 additions & 0 deletions team_project_access.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,9 @@ type TeamProjectAccess struct {
type TeamProjectAccessProjectPermissions struct {
ProjectSettingsPermission ProjectSettingsPermissionType `jsonapi:"attr,settings"`
ProjectTeamsPermission ProjectTeamsPermissionType `jsonapi:"attr,teams"`
// ProjectVariableSetsPermission represents read, manage, and no access custom permission for project-level variable sets
// This relation is considered BETA, SUBJECT TO CHANGE, and likely unavailable to most users.
ProjectVariableSetsPermission ProjectVariableSetsPermissionType `jsonapi:"attr,variable-sets"`
}

// WorkspacePermissions represents the team's permission on all workspaces in its project
Expand Down Expand Up @@ -104,6 +107,16 @@ const (
ProjectTeamsPermissionManage ProjectTeamsPermissionType = "manage"
)

// ProjectVariableSetsPermissionType represents the permission type to a project's variable sets
// This relation is considered BETA, SUBJECT TO CHANGE, and likely unavailable to most users.
type ProjectVariableSetsPermissionType string

const (
ProjectVariableSetsPermissionNone ProjectVariableSetsPermissionType = "none"
ProjectVariableSetsPermissionRead ProjectVariableSetsPermissionType = "read"
ProjectVariableSetsPermissionWrite ProjectVariableSetsPermissionType = "write"
)

// WorkspaceRunsPermissionType represents the permissiontype to project workspaces' runs
type WorkspaceRunsPermissionType string

Expand Down Expand Up @@ -143,6 +156,8 @@ const (
type TeamProjectAccessProjectPermissionsOptions struct {
Settings *ProjectSettingsPermissionType `json:"settings,omitempty"`
Teams *ProjectTeamsPermissionType `json:"teams,omitempty"`
// This relation is considered BETA, SUBJECT TO CHANGE, and likely unavailable to most users.
VariableSets *ProjectVariableSetsPermissionType `json:"variable-sets,omitempty"`
}

type TeamProjectAccessWorkspacePermissionsOptions struct {
Expand Down
82 changes: 82 additions & 0 deletions team_project_access_integration_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -221,6 +221,45 @@ func TestTeamProjectAccessesAdd(t *testing.T) {
}
})

t.Run("with valid options for custom variable sets permissions", func(t *testing.T) {
skipUnlessBeta(t)
options := TeamProjectAccessAddOptions{
Access: *ProjectAccess(TeamProjectAccessCustom),
Team: tmTest,
Project: pTest,
ProjectAccess: &TeamProjectAccessProjectPermissionsOptions{
VariableSets: ProjectVariableSetsPermission(ProjectVariableSetsPermissionWrite),
},
WorkspaceAccess: &TeamProjectAccessWorkspacePermissionsOptions{
Runs: WorkspaceRunsPermission(WorkspaceRunsPermissionApply),
},
}

tpa, err := client.TeamProjectAccess.Add(ctx, options)
t.Cleanup(func() {
err := client.TeamProjectAccess.Remove(ctx, tpa.ID)
if err != nil {
t.Logf("error removing team access (%s): %s", tpa.ID, err)
}
})

require.NoError(t, err)

// Get a refreshed view from the API.
refreshed, err := client.TeamProjectAccess.Read(ctx, tpa.ID)
require.NoError(t, err)

for _, item := range []*TeamProjectAccess{
tpa,
refreshed,
} {
assert.NotEmpty(t, item.ID)
assert.Equal(t, options.Access, item.Access)
assert.Equal(t, *options.ProjectAccess.VariableSets, item.ProjectAccess.ProjectVariableSetsPermission)
assert.Equal(t, *options.WorkspaceAccess.Runs, item.WorkspaceAccess.WorkspaceRunsPermission)
}
})

t.Run("with valid options for some custom TeamProject permissions", func(t *testing.T) {
options := TeamProjectAccessAddOptions{
Access: *ProjectAccess(TeamProjectAccessCustom),
Expand Down Expand Up @@ -389,6 +428,48 @@ func TestTeamProjectAccessesUpdate(t *testing.T) {
assert.Equal(t, true, tpa.WorkspaceAccess.WorkspaceRunTasksPermission)
})

t.Run("with valid custom permissions attributes for variable sets permissions", func(t *testing.T) {
skipUnlessBeta(t)
// create tpaCustomTest to verify unupdated attributes stay the same for custom permissions
// because going from admin to read to custom changes the values of all custom permissions
tm2Test, tm2TestCleanup := createTeam(t, client, orgTest)
defer tm2TestCleanup()

TpaOptions := TeamProjectAccessAddOptions{
Access: *ProjectAccess(TeamProjectAccessCustom),
Team: tm2Test,
Project: pTest,
}

tpaCustomTest, err := client.TeamProjectAccess.Add(ctx, TpaOptions)
require.NoError(t, err)

options := TeamProjectAccessUpdateOptions{
Access: ProjectAccess(TeamProjectAccessCustom),
ProjectAccess: &TeamProjectAccessProjectPermissionsOptions{
VariableSets: ProjectVariableSetsPermission(ProjectVariableSetsPermissionRead),
},
WorkspaceAccess: &TeamProjectAccessWorkspacePermissionsOptions{
Create: Bool(false),
},
}

tpa, err := client.TeamProjectAccess.Update(ctx, tpaCustomTest.ID, options)
require.NoError(t, err)
require.NotNil(t, options.ProjectAccess)
require.NotNil(t, options.WorkspaceAccess)
assert.Equal(t, *options.ProjectAccess.VariableSets, tpa.ProjectAccess.ProjectVariableSetsPermission)
assert.Equal(t, false, tpa.WorkspaceAccess.WorkspaceCreatePermission)
// assert that other attributes remain the same
assert.Equal(t, tpaCustomTest.ProjectAccess.ProjectSettingsPermission, tpa.ProjectAccess.ProjectSettingsPermission)
assert.Equal(t, tpaCustomTest.WorkspaceAccess.WorkspaceLockingPermission, tpa.WorkspaceAccess.WorkspaceLockingPermission)
assert.Equal(t, tpaCustomTest.WorkspaceAccess.WorkspaceMovePermission, tpa.WorkspaceAccess.WorkspaceMovePermission)
assert.Equal(t, tpaCustomTest.WorkspaceAccess.WorkspaceDeletePermission, tpa.WorkspaceAccess.WorkspaceDeletePermission)
assert.Equal(t, tpaCustomTest.WorkspaceAccess.WorkspaceRunsPermission, tpa.WorkspaceAccess.WorkspaceRunsPermission)
assert.Equal(t, tpaCustomTest.WorkspaceAccess.WorkspaceSentinelMocksPermission, tpa.WorkspaceAccess.WorkspaceSentinelMocksPermission)
assert.Equal(t, tpaCustomTest.WorkspaceAccess.WorkspaceStateVersionsPermission, tpa.WorkspaceAccess.WorkspaceStateVersionsPermission)
})

t.Run("with valid custom permissions attributes for some permissions", func(t *testing.T) {
// create tpaCustomTest to verify unupdated attributes stay the same for custom permissions
// because going from admin to read to custom changes the values of all custom permissions
Expand Down Expand Up @@ -429,6 +510,7 @@ func TestTeamProjectAccessesUpdate(t *testing.T) {
assert.Equal(t, tpaCustomTest.WorkspaceAccess.WorkspaceSentinelMocksPermission, tpa.WorkspaceAccess.WorkspaceSentinelMocksPermission)
assert.Equal(t, tpaCustomTest.WorkspaceAccess.WorkspaceStateVersionsPermission, tpa.WorkspaceAccess.WorkspaceStateVersionsPermission)
})

t.Run("with invalid custom permissions attributes", func(t *testing.T) {
options := TeamProjectAccessUpdateOptions{
Access: ProjectAccess(TeamProjectAccessCustom),
Expand Down
5 changes: 5 additions & 0 deletions type_helpers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,11 @@ func ProjectTeamsPermission(v ProjectTeamsPermissionType) *ProjectTeamsPermissio
return &v
}

// ProjectVariableSetsPermission returns a pointer to the given team access project type.
func ProjectVariableSetsPermission(v ProjectVariableSetsPermissionType) *ProjectVariableSetsPermissionType {
return &v
}

// WorkspaceRunsPermission returns a pointer to the given team access project type.
func WorkspaceRunsPermission(v WorkspaceRunsPermissionType) *WorkspaceRunsPermissionType {
return &v
Expand Down
Loading