fix: [CCDS-101356]: Prevent users to configure multiple blocks for gi…

…tops resources where this is applicable (#1080) * fix: [CDS-101356]: Limit gitops list blocks to max 1 item * update docs * update docs * update docs * add changelog file * fix: [CDS-101356]: Limit gitops list blocks to max 1 item
harness · Oct 10, 2024 · 14ae2eb · 14ae2eb
1 parent c17d1e4
commit 14ae2eb
Show file tree

Hide file tree

Showing 27 changed files with 123 additions and 90 deletions.
diff --git a/.changelog/1080.txt b/.changelog/1080.txt
@@ -0,0 +1,3 @@
+```release-note:fix
+gitops_resoruces - update GitOps resources schema to limit the number of blocks that can be configured for single fields
+```
diff --git a/docs/data-sources/platform_gitops_app_project_mapping.md b/docs/data-sources/platform_gitops_app_project_mapping.md
@@ -14,10 +14,10 @@ Resource for managing the Harness GitOps Application Project Mappings.
 
 ```terraform
 data "harness_platform_gitops_app_project_mapping" "example" {
-  account_id = "account_id"
-  org_id     = "organization_id"
-  project_id = "project_id"
-  agent_id   = "agent_id"
+  account_id     = "account_id"
+  org_id         = "organization_id"
+  project_id     = "project_id"
+  agent_id       = "agent_id"
   argo_proj_name = "argo_proj_name"
 }
 ```
@@ -29,11 +29,11 @@ data "harness_platform_gitops_app_project_mapping" "example" {
 
 - `account_id` (String) Account identifier of the GitOps agent's Application Project.
 - `agent_id` (String) Agent identifier for which the ArgoCD and Harness project mapping is to be created.
-- `identifier` (String) Identifier of the GitOps Application Project.
+- `argo_project_name` (String) ArgoCD Project name which is to be mapped to the Harness project.
 - `org_id` (String) Organization identifier of the GitOps agent's Application Project.
 - `project_id` (String) Project identifier of the GitOps agent's Application Project.
 
 ### Read-Only
 
-- `argo_project_name` (String) ArgoCD Project name which is to be mapped to the Harness project.
 - `id` (String) The ID of this resource.
+- `identifier` (String) Identifier of the GitOps Application Project.
diff --git a/docs/data-sources/platform_gitops_applications.md b/docs/data-sources/platform_gitops_applications.md
@@ -97,6 +97,7 @@ Read-Only:
 Read-Only:
 
 - `destination` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--destination))
+- `project` (String)
 - `source` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--source))
 - `sync_policy` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--sync_policy))
 
@@ -126,26 +127,26 @@ Read-Only:
 - `target_revision` (String)
 
 <a id="nestedobjatt--application--spec--source--directory"></a>
-### Nested Schema for `application.spec.source.target_revision`
+### Nested Schema for `application.spec.source.directory`
 
 Read-Only:
 
 - `exclude` (String)
 - `include` (String)
-- `jsonnet` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--source--target_revision--jsonnet))
+- `jsonnet` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--source--directory--jsonnet))
 - `recurse` (Boolean)
 
-<a id="nestedobjatt--application--spec--source--target_revision--jsonnet"></a>
-### Nested Schema for `application.spec.source.target_revision.jsonnet`
+<a id="nestedobjatt--application--spec--source--directory--jsonnet"></a>
+### Nested Schema for `application.spec.source.directory.jsonnet`
 
 Read-Only:
 
-- `ext_vars` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--source--target_revision--jsonnet--ext_vars))
+- `ext_vars` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--source--directory--jsonnet--ext_vars))
 - `libs` (List of String)
-- `tlas` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--source--target_revision--jsonnet--tlas))
+- `tlas` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--source--directory--jsonnet--tlas))
 
-<a id="nestedobjatt--application--spec--source--target_revision--jsonnet--ext_vars"></a>
-### Nested Schema for `application.spec.source.target_revision.jsonnet.tlas`
+<a id="nestedobjatt--application--spec--source--directory--jsonnet--ext_vars"></a>
+### Nested Schema for `application.spec.source.directory.jsonnet.ext_vars`
 
 Read-Only:
 
@@ -154,8 +155,8 @@ Read-Only:
 - `value` (String)
 
 
-<a id="nestedobjatt--application--spec--source--target_revision--jsonnet--tlas"></a>
-### Nested Schema for `application.spec.source.target_revision.jsonnet.tlas`
+<a id="nestedobjatt--application--spec--source--directory--jsonnet--tlas"></a>
+### Nested Schema for `application.spec.source.directory.jsonnet.tlas`
 
 Read-Only:
 
@@ -167,29 +168,29 @@ Read-Only:
 
 
 <a id="nestedobjatt--application--spec--source--helm"></a>
-### Nested Schema for `application.spec.source.target_revision`
+### Nested Schema for `application.spec.source.helm`
 
 Read-Only:
 
-- `file_parameters` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--source--target_revision--file_parameters))
-- `parameters` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--source--target_revision--parameters))
+- `file_parameters` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--source--helm--file_parameters))
+- `parameters` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--source--helm--parameters))
 - `pass_credentials` (Boolean)
 - `release_name` (String)
 - `value_files` (List of String)
 - `values` (String)
 - `version` (String)
 
-<a id="nestedobjatt--application--spec--source--target_revision--file_parameters"></a>
-### Nested Schema for `application.spec.source.target_revision.file_parameters`
+<a id="nestedobjatt--application--spec--source--helm--file_parameters"></a>
+### Nested Schema for `application.spec.source.helm.file_parameters`
 
 Read-Only:
 
 - `name` (String)
 - `path` (String)
 
 
-<a id="nestedobjatt--application--spec--source--target_revision--parameters"></a>
-### Nested Schema for `application.spec.source.target_revision.parameters`
+<a id="nestedobjatt--application--spec--source--helm--parameters"></a>
+### Nested Schema for `application.spec.source.helm.parameters`
 
 Read-Only:
 
@@ -200,15 +201,15 @@ Read-Only:
 
 
 <a id="nestedobjatt--application--spec--source--ksonnet"></a>
-### Nested Schema for `application.spec.source.target_revision`
+### Nested Schema for `application.spec.source.ksonnet`
 
 Read-Only:
 
 - `environment` (String)
-- `parameters` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--source--target_revision--parameters))
+- `parameters` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--source--ksonnet--parameters))
 
-<a id="nestedobjatt--application--spec--source--target_revision--parameters"></a>
-### Nested Schema for `application.spec.source.target_revision.parameters`
+<a id="nestedobjatt--application--spec--source--ksonnet--parameters"></a>
+### Nested Schema for `application.spec.source.ksonnet.parameters`
 
 Read-Only:
 
@@ -219,7 +220,7 @@ Read-Only:
 
 
 <a id="nestedobjatt--application--spec--source--kustomize"></a>
-### Nested Schema for `application.spec.source.target_revision`
+### Nested Schema for `application.spec.source.kustomize`
 
 Read-Only:
 
@@ -234,15 +235,15 @@ Read-Only:
 
 
 <a id="nestedobjatt--application--spec--source--plugin"></a>
-### Nested Schema for `application.spec.source.target_revision`
+### Nested Schema for `application.spec.source.plugin`
 
 Read-Only:
 
-- `env` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--source--target_revision--env))
+- `env` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--source--plugin--env))
 - `name` (String)
 
-<a id="nestedobjatt--application--spec--source--target_revision--env"></a>
-### Nested Schema for `application.spec.source.target_revision.env`
+<a id="nestedobjatt--application--spec--source--plugin--env"></a>
+### Nested Schema for `application.spec.source.plugin.env`
 
 Read-Only:
 
@@ -262,7 +263,7 @@ Read-Only:
 - `sync_options` (List of String)
 
 <a id="nestedobjatt--application--spec--sync_policy--automated"></a>
-### Nested Schema for `application.spec.sync_policy.sync_options`
+### Nested Schema for `application.spec.sync_policy.automated`
 
 Read-Only:
 
@@ -272,15 +273,15 @@ Read-Only:
 
 
 <a id="nestedobjatt--application--spec--sync_policy--retry"></a>
-### Nested Schema for `application.spec.sync_policy.sync_options`
+### Nested Schema for `application.spec.sync_policy.retry`
 
 Read-Only:
 
-- `backoff` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--sync_policy--sync_options--backoff))
+- `backoff` (List of Object) (see [below for nested schema](#nestedobjatt--application--spec--sync_policy--retry--backoff))
 - `limit` (String)
 
-<a id="nestedobjatt--application--spec--sync_policy--sync_options--backoff"></a>
-### Nested Schema for `application.spec.sync_policy.sync_options.backoff`
+<a id="nestedobjatt--application--spec--sync_policy--retry--backoff"></a>
+### Nested Schema for `application.spec.sync_policy.retry.backoff`
 
 Read-Only:
 

diff --git a/docs/data-sources/platform_gitops_cluster.md b/docs/data-sources/platform_gitops_cluster.md
@@ -83,7 +83,7 @@ Read-Only:
 - `username` (String)
 
 <a id="nestedobjatt--request--cluster--config--exec_provider_config"></a>
-### Nested Schema for `request.cluster.config.username`
+### Nested Schema for `request.cluster.config.exec_provider_config`
 
 Read-Only:
 
@@ -95,7 +95,7 @@ Read-Only:
 
 
 <a id="nestedobjatt--request--cluster--config--tls_client_config"></a>
-### Nested Schema for `request.cluster.config.username`
+### Nested Schema for `request.cluster.config.tls_client_config`
 
 Read-Only:
 
@@ -119,7 +119,7 @@ Read-Only:
 - `server_version` (String)
 
 <a id="nestedobjatt--request--cluster--info--cache_info"></a>
-### Nested Schema for `request.cluster.info.server_version`
+### Nested Schema for `request.cluster.info.cache_info`
 
 Read-Only:
 
@@ -129,16 +129,16 @@ Read-Only:
 
 
 <a id="nestedobjatt--request--cluster--info--connection_state"></a>
-### Nested Schema for `request.cluster.info.server_version`
+### Nested Schema for `request.cluster.info.connection_state`
 
 Read-Only:
 
-- `attempted_at` (List of Object) (see [below for nested schema](#nestedobjatt--request--cluster--info--server_version--attempted_at))
+- `attempted_at` (List of Object) (see [below for nested schema](#nestedobjatt--request--cluster--info--connection_state--attempted_at))
 - `message` (String)
 - `status` (String)
 
-<a id="nestedobjatt--request--cluster--info--server_version--attempted_at"></a>
-### Nested Schema for `request.cluster.info.server_version.attempted_at`
+<a id="nestedobjatt--request--cluster--info--connection_state--attempted_at"></a>
+### Nested Schema for `request.cluster.info.connection_state.attempted_at`
 
 Read-Only:
 

diff --git a/docs/data-sources/platform_gitops_repo_cred.md b/docs/data-sources/platform_gitops_repo_cred.md
@@ -38,10 +38,10 @@ data "harness_platform_gitops_repo_cred" "test" {
 
 ### Read-Only
 
-- `creds` (List of Object) credential details. (see [below for nested schema](#nestedatt--creds))
+- `creds` (Block List) credential details. (see [below for nested schema](#nestedblock--creds))
 - `id` (String) The ID of this resource.
 
-<a id="nestedatt--creds"></a>
+<a id="nestedblock--creds"></a>
 ### Nested Schema for `creds`
 
 Read-Only:
@@ -50,11 +50,11 @@ Read-Only:
 - `github_app_enterprise_base_url` (String) Specifies the GitHub API URL for GitHub app authentication.
 - `github_app_id` (String) Specifies the Github App ID of the app used to access the repo for GitHub app authentication.
 - `github_app_installation_id` (String) Specifies the ID of the installed GitHub App for GitHub app authentication.
-- `github_app_private_key` (String) github_app_private_key specifies the private key PEM data for authentication via GitHub app.
-- `password` (String) Password or PAT to be used for authenticating the remote repository.
-- `ssh_private_key` (String) SSH Key in PEM format for authenticating the repository. Used only for Git repository.
-- `tls_client_cert_data` (String) Certificate in PEM format for authenticating at the repo server. This is used for mTLS.
-- `tls_client_cert_key` (String) Private key in PEM format for authenticating at the repo server. This is used for mTLS.
+- `github_app_private_key` (String, Sensitive) github_app_private_key specifies the private key PEM data for authentication via GitHub app.
+- `password` (String, Sensitive) Password or PAT to be used for authenticating the remote repository.
+- `ssh_private_key` (String, Sensitive) SSH Key in PEM format for authenticating the repository. Used only for Git repository.
+- `tls_client_cert_data` (String, Sensitive) Certificate in PEM format for authenticating at the repo server. This is used for mTLS.
+- `tls_client_cert_key` (String, Sensitive) Private key in PEM format for authenticating at the repo server. This is used for mTLS.
 - `type` (String) Type specifies the type of the repoCreds.Can be either 'git' or 'helm. 'git' is assumed if empty or absent
 - `url` (String) URL of the remote repository. Make sure you pass at least an org, this will not work if you just provide the host, for eg. "https://github.com"
-- `username` (String) Username to be used for authenticating the remote repository.
+- `username` (String, Sensitive) Username to be used for authenticating the remote repository.
diff --git a/docs/resources/platform_gitops_agent.md b/docs/resources/platform_gitops_agent.md
@@ -41,7 +41,7 @@ Enum: "AGENT_TYPE_UNSET" "CONNECTED_ARGO_PROVIDER" "MANAGED_ARGO_PROVIDER"
 ### Optional
 
 - `description` (String) Description of the GitOps agent.
-- `metadata` (Block List) Metadata of the agent. (see [below for nested schema](#nestedblock--metadata))
+- `metadata` (Block List, Max: 1) Metadata of the agent. (see [below for nested schema](#nestedblock--metadata))
 - `operator` (String) The Operator to use for the Harness GitOps agent. Enum: "ARGO" "FLAMINGO"
 - `org_id` (String) Organization identifier of the GitOps agent.
 - `project_id` (String) Project identifier of the GitOps agent.

diff --git a/docs/resources/platform_gitops_app_project.md b/docs/resources/platform_gitops_app_project.md
@@ -197,16 +197,16 @@ resource "harness_platform_gitops_app_project" "test" {
 
 ### Required
 
-- `account_id` (String) Account identifier of the GitOps Agent where argo project will exist.
-- `agent_id` (String) Agent identifier of the agent where argo project will exist (include scope prefix)
-- `project` (Block List, Min: 1) GitOps project configuration. (see [below for nested schema](#nestedblock--project))
+- `account_id` (String) Account identifier of the GitOps project/agent.
+- `agent_id` (String) Agent identifier of the GitOps project. Project is created on agent scope.
+- `project` (Block List, Min: 1, Max: 1) GitOps project configuration. (see [below for nested schema](#nestedblock--project))
 
 ### Optional
 
-- `org_id` (String) Org identifier of the GitOps Agent where argo project is to be created.
-- `project_id` (String) Project identifier of the Gitops Agent where argo project is to be created.
-- `query_name` (String) Identifier for the GitOps Argo project.
-- `upsert` (Boolean) Indicates if the argo project should be updated if existing and inserted if not.
+- `org_id` (String) Org identifier of the GitOps agent for which project is created.
+- `project_id` (String) Project identifier of the GitOps agent for which project is created.
+- `query_name` (String) Identifier for the GitOps project.
+- `upsert` (Boolean) Indicates if the GitOps project should be updated if existing and inserted if not.
 
 ### Read-Only
 
@@ -216,9 +216,8 @@ resource "harness_platform_gitops_app_project" "test" {
 ### Nested Schema for `project`
 
 Required:
-
-- `metadata` (Block List, Min: 1) K8s object metadata for the Argo project. (see [below for nested schema](#nestedblock--project--metadata))
-- `spec` (Block List, Min: 1) Specification details for the Argo project. (see [below for nested schema](#nestedblock--project--spec))
+- `metadata` (Block List, Min: 1, Max: 1) Metadata details for the GitOps project. (see [below for nested schema](#nestedblock--project--metadata))
+- `spec` (Block List, Min: 1, Max: 1) Specification details for the GitOps project. (see [below for nested schema](#nestedblock--project--spec))
 
 <a id="nestedblock--project--metadata"></a>
 ### Nested Schema for `project.metadata`

diff --git a/docs/resources/platform_gitops_applications.md b/docs/resources/platform_gitops_applications.md
@@ -66,7 +66,7 @@ resource "harness_platform_gitops_applications" "example" {
 
 - `account_id` (String) Account identifier of the GitOps application.
 - `agent_id` (String) Agent identifier of the GitOps application.
-- `application` (Block List, Min: 1) Definition of the GitOps application resource. (see [below for nested schema](#nestedblock--application))
+- `application` (Block List, Min: 1, Max: 1) Definition of the GitOps application resource. (see [below for nested schema](#nestedblock--application))
 - `cluster_id` (String) Cluster identifier of the GitOps application.
 - `name` (String) Name of the GitOps application.
 - `org_id` (String) Organization identifier of the GitOps application.
@@ -94,11 +94,11 @@ resource "harness_platform_gitops_applications" "example" {
 
 Required:
 
-- `metadata` (Block List, Min: 1) Metadata corresponding to the resources. This includes all the objects a user must create. (see [below for nested schema](#nestedblock--application--metadata))
+- `metadata` (Block List, Min: 1, Max: 1) Metadata corresponding to the resources. This includes all the objects a user must create. (see [below for nested schema](#nestedblock--application--metadata))
 
 Optional:
 
-- `spec` (Block List) Specifications of the GitOps application. This includes the repository URL, application definition, source, destination and sync policy. (see [below for nested schema](#nestedblock--application--spec))
+- `spec` (Block List, Max: 1) Specifications of the GitOps application. This includes the repository URL, application definition, source, destination and sync policy. (see [below for nested schema](#nestedblock--application--spec))
 
 <a id="nestedblock--application--metadata"></a>
 ### Nested Schema for `application.metadata`
@@ -141,7 +141,7 @@ Optional:
 - `destination` (Block List) Information about the GitOps application's destination. (see [below for nested schema](#nestedblock--application--spec--destination))
 - `project` (String) The ArgoCD project name corresponding to this GitOps application. Value must match mappings of ArgoCD projects to harness project.
 - `source` (Block List) Contains all information about the source of the GitOps application. (see [below for nested schema](#nestedblock--application--spec--source))
-- `sync_policy` (Block List) Controls when a sync will be performed in response to updates in git. (see [below for nested schema](#nestedblock--application--spec--sync_policy))
+- `sync_policy` (Block List, Max: 1) Controls when a sync will be performed in response to updates in git. (see [below for nested schema](#nestedblock--application--spec--sync_policy))
 
 <a id="nestedblock--application--spec--destination"></a>
 ### Nested Schema for `application.spec.destination`
@@ -303,8 +303,8 @@ Optional:
 
 Optional:
 
-- `automated` (Block List) Controls the behavior of an automated sync. (see [below for nested schema](#nestedblock--application--spec--sync_policy--automated))
-- `retry` (Block List) Contains information about the strategy to apply when a sync failed. (see [below for nested schema](#nestedblock--application--spec--sync_policy--retry))
+- `automated` (Block List, Max: 1) Controls the behavior of an automated sync. (see [below for nested schema](#nestedblock--application--spec--sync_policy--automated))
+- `retry` (Block List, Max: 1) Contains information about the strategy to apply when a sync failed. (see [below for nested schema](#nestedblock--application--spec--sync_policy--retry))
 - `sync_options` (List of String) Options allow you to specify whole app sync-options.
 
 <a id="nestedblock--application--spec--sync_policy--automated"></a>
@@ -322,7 +322,7 @@ Optional:
 
 Optional:
 
-- `backoff` (Block List) Backoff strategy to use on subsequent retries for failing syncs. (see [below for nested schema](#nestedblock--application--spec--sync_policy--retry--backoff))
+- `backoff` (Block List, Max: 1) Backoff strategy to use on subsequent retries for failing syncs. (see [below for nested schema](#nestedblock--application--spec--sync_policy--retry--backoff))
 - `limit` (String) Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed.
 
 <a id="nestedblock--application--spec--sync_policy--retry--backoff"></a>