Feat: refactor team role assignment #823
Conversation
| @@ -0,0 +1,12 @@ | |||
| package client | |||
There was a problem hiding this comment.
moved this to a common location.
| @@ -0,0 +1,82 @@ | |||
| package client | |||
There was a problem hiding this comment.
all relevant resources are now using this API code.
Deleted the rest of the files (above).
| @@ -0,0 +1,133 @@ | |||
| package client_test | |||
There was a problem hiding this comment.
unit test for the new code.
| @@ -86,31 +88,15 @@ func resourceTeamEnvironmentAssignmentRead(ctx context.Context, d *schema.Resour | |||
| return nil | |||
| } | |||
|
|
|||
| func resourceTeamEnvironmentAssignmentUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { | |||
There was a problem hiding this comment.
create and update are the same.
| EnvironmentId string `json:"environmentId,omitempty"` | ||
| OrganizationId string `json:"organizationId,omitempty"` | ||
| ProjectId string `json:"projectId,omitempty"` |
There was a problem hiding this comment.
how can you add validation that 1 of them will be sent/exist?
There was a problem hiding this comment.
The terraform resource schema's forces correctness for the end-user.
If I add a validation (which I could) it would be used to detect developer bugs, and not end-user errors
I don't mind adding validations. However, it will not add much value (just a little bit).
Let me know - happy to add if you think it's required.
There was a problem hiding this comment.
The terraform resource schema's forces correctness for the end-user.
Good enough for me
client/team_role_assignment_test.go
Outdated
| Describe("CreateOrUpdate", func() { | ||
| Describe("Success", func() { |
There was a problem hiding this comment.
please add separate tests for each scope level (org, project, env).
see if needed in the whole file.
There was a problem hiding this comment.
I added seperate test cases for the Get and Delete.
However, CreateOrUpdate behaves the same irrespective of the type. Therefore, it's a little redundant.
For completeness sake, I'll add it.
| func resourceTeamEnvironmentAssignmentCreateOrUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { | ||
| apiClient := meta.(client.ApiClientInterface) |
There was a problem hiding this comment.
A general comment, I was triggered by this line.
User Environment Assignment has the same structure and API behind the scenes.
using userId instead of teamId and maybe the path is different (in 3 of the APIs).
We probably should commonize / reuse / sync the structure of your changes to that scope too.
is there anything to sync there?
There was a problem hiding this comment.
Yes - we could make an extra step.
Probably need to repeat this whole exercise for users.
right now user assignments are using different APIs (project, environment, organization). Therefore, if they're merged to one API (?), we can do that extra step afterwards.
There was a problem hiding this comment.
repeat this whole exercise for users.
currently, only the env level has the new api.
so not urgent, anyways Org and Project will have the old apis for now.
| const ( | ||
| Admin string = "Admin" | ||
| Deployer string = "Deployer" | ||
| Planner string = "Planner" | ||
| Viewer string = "Viewer" | ||
| ) | ||
|
|
||
| func IsBuiltinProjectRole(role string) bool { | ||
| return role == Admin || role == Deployer || role == Planner || role == Viewer | ||
| } |
There was a problem hiding this comment.
those are suitable for both Environment and Project default roles.
for OrganizationRoles we have User, Admin.
why there is no IsBuiltintRole for the other scopes?
are we missing tests?
There was a problem hiding this comment.
This is because of the schema used by resourceTeamProjectAssignment:
Schema: map[string]*schema.Schema{
"team_id": {
Type: schema.TypeString,
Description: "id of the team",
Required: true,
ForceNew: true,
},
"project_id": {
Type: schema.TypeString,
Description: "id of the project",
Required: true,
ForceNew: true,
},
"role": {
Type: schema.TypeString,
Description: "the assigned built-in role (Admin, Planner, Viewer, Deployer)",
Optional: true,
ValidateDiagFunc: ValidateRole,
ExactlyOneOf: []string{"custom_role_id", "role"},
},
"custom_role_id": {
Type: schema.TypeString,
Description: "id of the assigned custom role",
Optional: true,
ExactlyOneOf: []string{"custom_role_id", "role"},
ValidateDiagFunc: ValidateNotEmptyString,
},
},
}
It's the only one using role and custom_role_id - instead of just role_id.
I thought of deprecating these two fields and adding a role_id instead... but haven't done so yet.
What we can do, is add a proper validation for the other resources (organization and environment). (They're documented, but there's no schema level enforcement).
There was a problem hiding this comment.
- Yeah we need a schema validation for Org and Environment too.
role(orrole_id) should be anuuidor one of the builtins (list depends on scope) [then we can deprecate]
each can be in different PR.
There was a problem hiding this comment.
choosing role for both - probably will make less breaking change
There was a problem hiding this comment.
will add validation.
I'll deprecate the existing two fields.
This will be done in a follow-up PR.
There was a problem hiding this comment.
sorry I'm a bit confused, in the platform we don't use role_id at all, is it ok the behaviour here will be different?
There was a problem hiding this comment.
WDYM by not using the id at all?
we do for being able to assign a custom role (uuid) or default role (constant string)
github-actions
bot
added
the
ready to merge
Thank you. Will add the additional tests and merge. |
| const ( | ||
| Admin string = "Admin" | ||
| Deployer string = "Deployer" | ||
| Planner string = "Planner" | ||
| Viewer string = "Viewer" |
There was a problem hiding this comment.
these are common for both organization/project/environment ?
There was a problem hiding this comment.
not at this stage.
Not all are allowed for each of the types.
There will be a follow-up PR that will leverage these.
Tests added. |
TomerHeber
added
pending final review
and removed
reviewed - awaiting author
pending final review
labels
Solution
Part of #817
All team role assignment resources are now using the same API code.