Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support custom roles in env0_api_key #1009

Closed
PawelTopors opened this issue Jan 31, 2025 · 3 comments · Fixed by #1010
Closed

Support custom roles in env0_api_key #1009

PawelTopors opened this issue Jan 31, 2025 · 3 comments · Fixed by #1010
Assignees
@TomerHeber
Labels
enhancement New feature or request

Comments

@PawelTopors
Copy link

PawelTopors commented Jan 31, 2025
edited
Loading

Is your feature request related to a problem? Please describe.
env0_api_key resource allows defining only Admin or User roles under [organization_role] ((https://registry.terraform.io/providers/env0/env0/latest/docs/resources/api_key#organization_role-2), implementation. The API also supports custom roles and assignment of the token to the projects with permissions parameter.

We would like to request support of using env0_custom_role under organization_role and project permissions in the new block.

Describe the solution you'd like
env0_api_key should accept the same parameters as API and could look like this:

resource "env0_api_key" "this" {
  name              = "name"
  organization_role = "" # Admin, User or any custom role

  project_permissions {
      project_role = "Viewer" # Can be Viewer, Planner, Deployer, Admin
      project_id     = data.env0_project.project1.id
  }
  project_permissions {
      project_role = "Viewer"
      project_id     = data.env0_project..project2.id
  }
}

We want to use it in the following way:

resource "env0_custom_role" "this" {
  name = "Name"
  permissions = [...]
}

resource "env0_api_key" "this" {
  name              = "name"
  organization_role = env0_custom_role.this.id

  project_permissions {
      project_role = "Viewer"
      project_id     = data.env0_project.project1.id
  }
  project_permissions {
      project_role = "Viewer"
      project_id     = data.env0_project..project2.id
  }
}

Important, when organization_role is not Admin or User, at least one project_permissions block is required.

Describe alternatives you've considered

Additional context
@PawelTopors PawelTopors added the enhancement New feature or request label Jan 31, 2025
@TomerHeber TomerHeber self-assigned this Feb 4, 2025
@TomerHeber
Copy link
Collaborator

Hi @PawelTopors - thank you for reporting this.
I will review and pick this up.

@TomerHeber
Copy link
Collaborator

@PawelTopors

Important, when organization_role is not Admin or User, at least one project_permissions block is required.

This is not enforced in the UI. I prefer to align with the UI experience.
Please let me know if you have any concerns.

@TomerHeber TomerHeber mentioned this issue Feb 8, 2025
Merged
@PawelTopors
Copy link
Author

@PawelTopors

Important, when organization_role is not Admin or User, at least one project_permissions block is required.

This is not enforced in the UI. I prefer to align with the UI experience. Please let me know if you have any concerns.

I am okay with that 👌 Thanks!

@github-project-automation github-project-automation bot moved this from To do to Done in Ongoing Issues Feb 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TomerHeber TomerHeber

Labels
enhancement New feature or request
Projects
Ongoing Issues
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feat: support custom roles in env0_api_key env0/terraform-provider-env0
2 participants
@TomerHeber @PawelTopors