feat(security-email): add support for security email (#497)

Signed-off-by: Michal Wasilewski <[email protected]>

Author: mwasilew2

docs/resources/security_email.md

@@ -0,0 +1,30 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "spacelift_security_email Resource - terraform-provider-spacelift"
+subcategory: ""
+description: |-
+  spacelift_security_email represents an email address that receives notifications about security issues in Spacelift.
+---
+
+# spacelift_security_email (Resource)
+
+`spacelift_security_email` represents an email address that receives notifications about security issues in Spacelift.
+
+## Example Usage
+
+```terraform
+resource "spacelift_security_email" "example" {
+  email = "[email protected]"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `email` (String) Email address to which the security notifications are sent
+
+### Read-Only
+
+- `id` (String) The ID of this resource.

examples/resources/spacelift_security_email/resource.tf

@@ -0,0 +1,3 @@
+resource "spacelift_security_email" "example" {
+  email = "[email protected]"
+}

spacelift/internal/structs/security_email.go

@@ -0,0 +1,5 @@
+package structs
+
+type SecurityEmail struct {
+	Email string `graphql:"email"`
+}

spacelift/provider.go

@@ -119,6 +119,7 @@ func Provider(commit, version string) plugin.ProviderFunc {
 				"spacelift_space":                        resourceSpace(),
 				"spacelift_scheduled_task":               resourceScheduledTask(),
 				"spacelift_scheduled_delete_stack":       resourceScheduledDeleteStack(),
+				"spacelift_security_email":               resourceSecurityEmail(),
 				"spacelift_stack":                        resourceStack(),
 				"spacelift_stack_dependency":             resourceStackDependency(),
 				"spacelift_stack_dependency_reference":   resourceStackDependencyReference(),

spacelift/resource_security_email.go

@@ -0,0 +1,91 @@
+package spacelift
+
+import (
+	"context"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/spacelift-io/terraform-provider-spacelift/spacelift/internal"
+)
+
+func resourceSecurityEmail() *schema.Resource {
+	return &schema.Resource{
+		Description: "" +
+			"`spacelift_security_email` represents an email address that " +
+			"receives notifications about security issues in Spacelift.",
+
+		CreateContext: resourceSecurityEmailCreate,
+		ReadContext:   resourceSecurityEmailRead,
+		UpdateContext: resourceSecurityEmailUpdate,
+		DeleteContext: resourceSecurityEmailDelete,
+
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"email": {
+				Type:        schema.TypeString,
+				Description: "Email address to which the security notifications are sent",
+				Required:    true,
+			},
+		},
+	}
+}
+
+func resourceSecurityEmailCreate(ctx context.Context, data *schema.ResourceData, i interface{}) diag.Diagnostics {
+	var mutation struct {
+		SecurityEmail *string `graphql:"accountUpdateSecurityEmail(securityEmail: $securityEmail)"`
+	}
+
+	variables := map[string]interface{}{"securityEmail": toString(data.Get("email"))}
+	if err := i.(*internal.Client).Mutate(ctx, "AccountUpdateSecurityEmail", &mutation, variables); err != nil {
+		return diag.Errorf("could not create security email: %v", err)
+	}
+
+	data.SetId(time.Now().String())
+
+	return resourceSecurityEmailRead(ctx, data, i)
+}
+
+func resourceSecurityEmailRead(ctx context.Context, data *schema.ResourceData, i interface{}) diag.Diagnostics {
+	var query struct {
+		SecurityEmail *string `graphql:"securityEmail"`
+	}
+	if err := i.(*internal.Client).Query(ctx, "SecurityEmail", &query, nil); err != nil {
+		return diag.Errorf("could not query for security email: %v", err)
+	}
+
+	if query.SecurityEmail == nil {
+		data.SetId("")
+		return nil
+	}
+
+	data.Set("email", query.SecurityEmail)
+
+	return nil
+}
+
+func resourceSecurityEmailUpdate(ctx context.Context, data *schema.ResourceData, i interface{}) diag.Diagnostics {
+	var mutation struct {
+		SecurityEmail *string `graphql:"accountUpdateSecurityEmail(securityEmail: $email)"`
+	}
+	variables := map[string]interface{}{
+		"email": toString(data.Get("email")),
+	}
+	if err := i.(*internal.Client).Mutate(ctx, "AccountUpdateSecurityEmail", &mutation, variables); err != nil {
+		return diag.Errorf("could not create security email: %v", err)
+	}
+
+	return resourceSecurityEmailRead(ctx, data, i)
+}
+
+func resourceSecurityEmailDelete(ctx context.Context, data *schema.ResourceData, i interface{}) diag.Diagnostics {
+	data.SetId("")
+	return diag.Diagnostics{{
+		Severity: diag.Warning,
+		Summary:  "deleting security email is not supported, the resource has been removed from the state, but is left configured in Spacelift",
+	}}
+}

spacelift/resource_security_email_test.go

@@ -0,0 +1,49 @@
+package spacelift
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	. "github.com/spacelift-io/terraform-provider-spacelift/spacelift/internal/testhelpers"
+)
+
+var securityEmailSimple = `
+resource "spacelift_security_email" "test" {
+	email = "%s"
+}
+`
+
+func Test_resourceSecurityEmail(t *testing.T) {
+	const resourceName = "spacelift_security_email.test"
+
+	t.Run("creates and updates a security email without an error", func(t *testing.T) {
+		randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)
+		emailAddress := fmt.Sprintf("%[email protected]", randomID)
+		emailAddress2 := fmt.Sprintf("%[email protected]", randomID)
+
+		testSteps(t, []resource.TestStep{
+			{
+				Config: fmt.Sprintf(securityEmailSimple, emailAddress),
+				Check: Resource(
+					resourceName,
+					Attribute("email", Equals(emailAddress)),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: fmt.Sprintf(securityEmailSimple, emailAddress2),
+				Check: Resource(
+					resourceName,
+					Attribute("email", Equals(emailAddress2)),
+				),
+			},
+		})
+	})
+}