feat(CodeArts/Deploy): support application permission management

huaweicloud · Jan 8, 2025 · e7d0d59 · e7d0d59
1 parent c2be21c
commit e7d0d59
Show file tree

Hide file tree

Showing 7 changed files with 601 additions and 16 deletions.
diff --git a/docs/resources/codearts_deploy_application.md b/docs/resources/codearts_deploy_application.md
@@ -2,7 +2,8 @@
 subcategory: "CodeArts Deploy"
 layout: "huaweicloud"
 page_title: "HuaweiCloud: huaweicloud_codearts_deploy_application"
-description: ""
+description: |-
+  Manages a CodeArts deploy application resource within HuaweiCloud.
 ---
 
 # huaweicloud_codearts_deploy_application
@@ -100,6 +101,9 @@ The following arguments are supported:
 
   -> When value is **true**, it's unable to update other parameters.
 
+* `permission_level` - (Optional, String) Specifies the permission level.
+  Valid values are **instance** and **project**. Defaults to **project**.
+
 <a name="DeployApplication_operation_list"></a>
 The `operation_list` block supports:
 
@@ -139,7 +143,7 @@ In addition to all arguments above, the following attributes are exported:
 
 * `can_copy` - Indicates whether the user has the copy permission.
 
-* `can_manage` - Check whether the user has the management permission, including adding, deleting, modifying,
+* `can_manage` - Indicates whether the user has the management permission, including adding, deleting, modifying,
   querying deployment and permission modification.
 
 * `can_create_env` - Indicates whether the user has the permission to create an environment.
@@ -154,6 +158,35 @@ In addition to all arguments above, the following attributes are exported:
 
 * `steps` - The deployment steps. The example value is `{"step1":"XXX", "step2":"XXX"}`.
 
+* `permission_matrix` - Indicates the permission matrix.
+  The [permission_matrix](#attrblock--permission_matrix) structure is documented below.
+
+<a name="attrblock--permission_matrix"></a>
+The `permission_matrix` block supports:
+
+* `role_id` - Indicates the role ID.
+
+* `role_name` - Indicates the role name.
+
+* `role_type` - Indicates the role type.
+
+* `can_modify` - Indicates whether the role has the editing permission.
+
+* `can_delete` - Indicates whether the role has the deletion permission.
+
+* `can_view` - Indicates whether the role has the view permission.
+
+* `can_execute` - Indicates whether the role has the deployment permission.
+
+* `can_copy` - Indicates whether the role has the copy permission.
+
+* `can_manage` - Check whether the role has the management permission, including adding, deleting, modifying,
+  querying deployment and permission modification.
+
+* `can_create_env` - Indicates whether the role has the permission to create an environment.
+
+* `can_disable` - Indicates whether the role has the permission to disable the application.
+
 ## Import
 
 The CodeArts deploy application resource can be imported using the `id`, e.g.

diff --git a/docs/resources/codearts_deploy_application_permission.md b/docs/resources/codearts_deploy_application_permission.md
@@ -0,0 +1,82 @@
+---
+subcategory: "CodeArts Deploy"
+layout: "huaweicloud"
+page_title: "HuaweiCloud: huaweicloud_codearts_deploy_application_permission"
+description: |-
+  Manages a CodeArts deploy application permission resource within HuaweiCloud.
+---
+
+# huaweicloud_codearts_deploy_application_permission
+
+Manages a CodeArts deploy application permission resource within HuaweiCloud.
+
+-> Only when the applications using instance level permission, this resource is available.
+
+## Example Usage
+
+```hcl
+variable "project_id" {}
+variable "application_ids" {}
+variable "role_id" {}
+
+resource "huaweicloud_codearts_deploy_group_permission" "test" {
+  project_id      = var.project_id
+  application_ids = var.application_ids
+
+  roles {
+    role_id        = var.role_id
+    can_modify     = true
+    can_disable    = true
+    can_delete     = true
+    can_view       = true
+    can_execute    = true
+    can_copy       = true
+    can_manage     = true
+    can_create_env = true
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String, ForceNew) Specifies the region in which to create the resource.
+  If omitted, the provider-level region will be used.
+  Changing this creates a new resource.
+
+* `project_id` - (Required, String, ForceNew) Specifies the project ID for CodeArts service.
+  Changing this creates a new resource.
+
+* `application_ids` - (Required, List) Specifies the application IDs.
+
+* `roles` - (Required, List) Specifies the role permissions list.
+  The [roles](#block--roles) structure is documented below.
+
+<a name="block--roles"></a>
+The `roles` block supports:
+
+* `role_id` - (Required, String) Specifies the role ID.
+
+* `can_copy` - (Required, Bool) Specifies whether the role has the copy permission.
+
+* `can_create_env` - (Required, Bool) Specifies whether the role has the permission to create an environment.
+
+* `can_delete` - (Required, Bool) Specifies whether the role has the deletion permission.
+
+* `can_disable` - (Required, Bool) Specifies whether the role has the permission to disable application.
+
+* `can_execute` - (Required, Bool) Specifies whether the role has the deployment permission.
+
+* `can_manage` - (Required, Bool) Specifies whether the role has the management permission, including adding, deleting,
+  modifying, querying deployment and permission modification.
+
+* `can_modify` - (Required, Bool) Specifies whether the role has the editing permission.
+
+* `can_view` - (Required, Bool) Specifies whether the role has the view permission.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The resource ID.
diff --git a/huaweicloud/provider.go b/huaweicloud/provider.go
@@ -2253,6 +2253,7 @@ func Provider() *schema.Provider {
 			"huaweicloud_codearts_repository": codearts.ResourceRepository(),
 
 			"huaweicloud_codearts_deploy_application":            codeartsdeploy.ResourceDeployApplication(),
+			"huaweicloud_codearts_deploy_application_permission": codeartsdeploy.ResourceDeployApplicationPermission(),
 			"huaweicloud_codearts_deploy_application_group":      codeartsdeploy.ResourceDeployApplicationGroup(),
 			"huaweicloud_codearts_deploy_application_group_move": codeartsdeploy.ResourceDeployApplicationGroupMove(),
 			"huaweicloud_codearts_deploy_environment":            codeartsdeploy.ResourceDeployEnvironment(),

diff --git a/...ptance/codeartsdeploy/resource_huaweicloud_codearts_deploy_application_permission_test.go b/...ptance/codeartsdeploy/resource_huaweicloud_codearts_deploy_application_permission_test.go
@@ -0,0 +1,49 @@
+package codeartsdeploy
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
+)
+
+func TestAccDeployApplicationPermissionModify_basic(t *testing.T) {
+	rName := acceptance.RandomAccResourceName()
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { acceptance.TestAccPreCheck(t) },
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		CheckDestroy:      nil,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDeployApplicationPermissionModify_basic(rName, false),
+			},
+			{
+				Config: testAccDeployApplicationPermissionModify_basic(rName, true),
+			},
+		},
+	})
+}
+
+func testAccDeployApplicationPermissionModify_basic(rName string, value bool) string {
+	return fmt.Sprintf(`
+%s
+
+resource "huaweicloud_codearts_deploy_application_permission" "test" {
+  project_id      = huaweicloud_codearts_deploy_application.test.project_id
+  application_ids = [huaweicloud_codearts_deploy_application.test.id]
+
+  roles {
+    role_id        = try(huaweicloud_codearts_deploy_application.test.permission_matrix[2].role_id, "")
+    can_modify     = %t
+    can_disable    = true
+    can_delete     = true
+    can_view       = true
+    can_execute    = true
+    can_copy       = true
+    can_manage     = true
+    can_create_env = true
+  }
+}`, testDeployApplication_basic(rName), value)
+}
diff --git a/...rvices/acceptance/codeartsdeploy/resource_huaweicloud_codearts_deploy_application_test.go b/...rvices/acceptance/codeartsdeploy/resource_huaweicloud_codearts_deploy_application_test.go
@@ -76,6 +76,7 @@ func TestAccDeployApplication_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(rName, "trigger_source", "0"),
 					resource.TestCheckResourceAttr(rName, "steps.step1", "Download Package"),
 					resource.TestCheckResourceAttr(rName, "is_disable", "false"),
+					resource.TestCheckResourceAttr(rName, "permission_level", "instance"),
 					resource.TestCheckResourceAttrSet(rName, "created_at"),
 					resource.TestCheckResourceAttrSet(rName, "updated_at"),
 					resource.TestCheckResourceAttrSet(rName, "project_name"),
@@ -105,6 +106,7 @@ func TestAccDeployApplication_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(rName, "trigger_source", "0"),
 					resource.TestCheckResourceAttr(rName, "steps.step1", "Download Package"),
 					resource.TestCheckResourceAttr(rName, "is_disable", "true"),
+					resource.TestCheckResourceAttr(rName, "permission_level", "project"),
 					resource.TestCheckResourceAttrSet(rName, "created_at"),
 					resource.TestCheckResourceAttrSet(rName, "updated_at"),
 					resource.TestCheckResourceAttrSet(rName, "project_name"),
@@ -231,12 +233,13 @@ func testDeployApplication_basic(name string) string {
 %[1]s
 
 resource "huaweicloud_codearts_deploy_application" "test" {
-  project_id     = huaweicloud_codearts_project.test.id
-  name           = "%[2]s"
-  description    = "test description"
-  is_draft       = true
-  create_type    = "template"
-  trigger_source = "0"
+  project_id       = huaweicloud_codearts_project.test.id
+  name             = "%[2]s"
+  description      = "test description"
+  is_draft         = true
+  create_type      = "template"
+  trigger_source   = "0"
+  permission_level = "instance"
 
   operation_list {
     name        = "Download Package"
@@ -279,13 +282,14 @@ func testDeployApplication_update(name string) string {
 %[1]s
 
 resource "huaweicloud_codearts_deploy_application" "test" {
-  project_id     = huaweicloud_codearts_project.test.id
-  name           = "%[2]s-update"
-  is_draft       = false
-  create_type    = "template"
-  trigger_source = "0"
-  is_disable     = true
-  group_id       = huaweicloud_codearts_deploy_application_group.test.id
+  project_id       = huaweicloud_codearts_project.test.id
+  name             = "%[2]s-update"
+  is_draft         = false
+  create_type      = "template"
+  trigger_source   = "0"
+  is_disable       = true
+  group_id         = huaweicloud_codearts_deploy_application_group.test.id
+  permission_level = "project"
 
   operation_list {
     name        = "Download Package"