feat: add abac rules for products, environments, and promotion flows (#151)

danielm-codefresh · web-flow · commit 0fcb6a2d65bc · 2024-09-10T17:30:34.000+03:00
diff --git a/codefresh/resource_abac_rules.go b/codefresh/resource_abac_rules.go
@@ -11,7 +11,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 )
 
-var validSetValues = []string{"REFRESH", "SYNC", "TERMINATE_SYNC", "VIEW_POD_LOGS", "APP_ROLLBACK"}
+var validSetValues = []string{"REFRESH", "SYNC", "TERMINATE_SYNC", "VIEW_POD_LOGS", "APP_ROLLBACK", "TRIGGER_PROMOTION", "RETRY_RELEASE", "PROMOTE_TO"}
 
 func resourceGitopsAbacRule() *schema.Resource {
 	return &schema.Resource{
@@ -34,11 +34,14 @@ func resourceGitopsAbacRule() *schema.Resource {
 				Description: `
 The type of resources the ABAC rules applies to. Possible values:
 	* gitopsApplications
+	* promotionFlows
+	* products
+	* environments
 				`,
 				Type:     schema.TypeString,
 				Required: true,
 				ValidateFunc: validation.StringInSlice([]string{
-					"gitopsApplications",
+					"gitopsApplications", "promotionFlows", "products", "environments",
 				}, false),
 			},
 			"teams": {
@@ -67,6 +70,9 @@ Action to be allowed. Possible values:
 	* TERMINATE_SYNC
 	* VIEW_POD_LOGS
 	* APP_ROLLBACK
+	* TRIGGER_PROMOTION
+	* RETRY_RELEASE
+	* PROMOTE_TO
 				`,
 				Type:     schema.TypeSet,
 				Required: true,
diff --git a/codefresh/resource_abac_rules_test.go b/codefresh/resource_abac_rules_test.go
@@ -6,9 +6,8 @@ import (
 	"testing"
 
 	"github.com/codefresh-io/terraform-provider-codefresh/codefresh/cfclient"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
-
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
 	funk "github.com/thoas/go-funk"
 )
 
@@ -41,6 +40,58 @@ func TestAccCodefreshAbacRulesConfig(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "tags.1", "production"),
 				),
 			},
+			{
+				Config: testAccCodefreshAbacRulesConfig(
+					"promotionFlows",
+					"",
+					"",
+					"",
+					[]string{"TRIGGER_PROMOTION"},
+					[]string{"staging"},
+				),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCodefreshAbacRulesExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "entity_type", "promotionFlows"),
+					resource.TestCheckResourceAttr(resourceName, "actions.0", "TRIGGER_PROMOTION"),
+					resource.TestCheckResourceAttr(resourceName, "tags.0", "staging"),
+				),
+			},
+			{
+				Config: testAccCodefreshAbacRulesConfig(
+					"products",
+					"",
+					"",
+					"",
+					[]string{"TRIGGER_PROMOTION", "RETRY_RELEASE"},
+					[]string{"dev", "qa"},
+				),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCodefreshAbacRulesExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "entity_type", "products"),
+					resource.TestCheckResourceAttr(resourceName, "actions.#", "2"),
+					resource.TestCheckTypeSetElemAttr(resourceName, "actions.*", "TRIGGER_PROMOTION"),
+					resource.TestCheckTypeSetElemAttr(resourceName, "actions.*", "RETRY_RELEASE"),
+					resource.TestCheckResourceAttr(resourceName, "tags.#", "2"),
+					resource.TestCheckTypeSetElemAttr(resourceName, "tags.*", "dev"),
+					resource.TestCheckTypeSetElemAttr(resourceName, "tags.*", "qa"),
+				),
+			},
+			{
+				Config: testAccCodefreshAbacRulesConfig(
+					"environments",
+					"",
+					"",
+					"",
+					[]string{"PROMOTE_TO"},
+					[]string{"production"},
+				),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCodefreshAbacRulesExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "entity_type", "environments"),
+					resource.TestCheckResourceAttr(resourceName, "actions.0", "PROMOTE_TO"),
+					resource.TestCheckResourceAttr(resourceName, "tags.0", "production"),
+				),
+			},
 			{
 				ResourceName:      resourceName,
 				ImportState:       true,
diff --git a/docs/resources/abac_rules.md b/docs/resources/abac_rules.md
@@ -48,8 +48,14 @@ resource "codefresh_abac_rules" "app_rule" {
 	* TERMINATE_SYNC
 	* VIEW_POD_LOGS
 	* APP_ROLLBACK
+	* TRIGGER_PROMOTION
+	* RETRY_RELEASE
+	* PROMOTE_TO
 - `entity_type` (String) The type of resources the ABAC rules applies to. Possible values:
 	* gitopsApplications
+	* promotionFlows
+	* products
+	* environments
 - `teams` (Set of String) The IDs of the teams the ABAC rules apply to.
 
 ### Optional
