Merge pull request #131 from DrFaust92/group-permission

add group permission resource

Author: DrFaust92

bitbucket/provider.go

@@ -68,37 +68,38 @@ func Provider() *schema.Provider {
 		},
 		ConfigureFunc: providerConfigure,
 		ResourcesMap: map[string]*schema.Resource{
-			"bitbucket_hook":                      resourceHook(),
-			"bitbucket_group":                     resourceGroup(),
-			"bitbucket_group_membership":          resourceGroupMembership(),
-			"bitbucket_default_reviewers":         resourceDefaultReviewers(),
-			"bitbucket_repository":                resourceRepository(),
-			"bitbucket_forked_repository":         resourceForkedRepository(),
-			"bitbucket_repository_variable":       resourceRepositoryVariable(),
-			"bitbucket_project":                   resourceProject(),
-			"bitbucket_project_branching_model":   resourceProjectBranchingModel(),
-			"bitbucket_project_default_reviewers": resourceProjectDefaultReviewers(),
-			"bitbucket_deploy_key":                resourceDeployKey(),
-			"bitbucket_pipeline_ssh_key":          resourcePipelineSshKey(),
-			"bitbucket_pipeline_ssh_known_host":   resourcePipelineSshKnownHost(),
-			"bitbucket_pipeline_schedule":         resourcePipelineSchedule(),
-			"bitbucket_ssh_key":                   resourceSshKey(),
-			"bitbucket_branch_restriction":        resourceBranchRestriction(),
-			"bitbucket_branching_model":           resourceBranchingModel(),
-			"bitbucket_deployment":                resourceDeployment(),
-			"bitbucket_deployment_variable":       resourceDeploymentVariable(),
-			"bitbucket_workspace_hook":            resourceWorkspaceHook(),
+			"bitbucket_branch_restriction":          resourceBranchRestriction(),
+			"bitbucket_branching_model":             resourceBranchingModel(),
+			"bitbucket_default_reviewers":           resourceDefaultReviewers(),
+			"bitbucket_deploy_key":                  resourceDeployKey(),
+			"bitbucket_deployment":                  resourceDeployment(),
+			"bitbucket_deployment_variable":         resourceDeploymentVariable(),
+			"bitbucket_forked_repository":           resourceForkedRepository(),
+			"bitbucket_group":                       resourceGroup(),
+			"bitbucket_group_membership":            resourceGroupMembership(),
+			"bitbucket_hook":                        resourceHook(),
+			"bitbucket_pipeline_schedule":           resourcePipelineSchedule(),
+			"bitbucket_pipeline_ssh_key":            resourcePipelineSshKey(),
+			"bitbucket_pipeline_ssh_known_host":     resourcePipelineSshKnownHost(),
+			"bitbucket_project":                     resourceProject(),
+			"bitbucket_project_branching_model":     resourceProjectBranchingModel(),
+			"bitbucket_project_default_reviewers":   resourceProjectDefaultReviewers(),
+			"bitbucket_repository":                  resourceRepository(),
+			"bitbucket_repository_group_permission": resourceRepositoryGroupPermission(),
+			"bitbucket_repository_variable":         resourceRepositoryVariable(),
+			"bitbucket_ssh_key":                     resourceSshKey(),
+			"bitbucket_workspace_hook":              resourceWorkspaceHook(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
+			"bitbucket_current_user":              dataCurrentUser(),
 			"bitbucket_group":                     dataGroup(),
-			"bitbucket_groups":                    dataGroups(),
 			"bitbucket_group_members":             dataGroupMembers(),
+			"bitbucket_groups":                    dataGroups(),
+			"bitbucket_hook_types":                dataHookTypes(),
 			"bitbucket_ip_ranges":                 dataIPRanges(),
 			"bitbucket_pipeline_oidc_config":      dataPipelineOidcConfig(),
 			"bitbucket_pipeline_oidc_config_keys": dataPipelineOidcConfigKeys(),
-			"bitbucket_hook_types":                dataHookTypes(),
 			"bitbucket_user":                      dataUser(),
-			"bitbucket_current_user":              dataCurrentUser(),
 			"bitbucket_workspace":                 dataWorkspace(),
 			"bitbucket_workspace_members":         dataWorkspaceMembers(),
 		},

bitbucket/resource_repository_group_permission.go

@@ -0,0 +1,187 @@
+package bitbucket
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"strings"
+
+	"github.com/DrFaust92/bitbucket-go-client"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+)
+
+type RepositoryGroupPermission struct {
+	Permission string           `json:"permission"`
+	Group      *RepositoryGroup `json:"group,omitempty"`
+}
+
+type RepositoryGroup struct {
+	Name      string              `json:"name,omitempty"`
+	Slug      string              `json:"slug,omitempty"`
+	Workspace bitbucket.Workspace `json:"workspace,omitempty"`
+}
+
+func resourceRepositoryGroupPermission() *schema.Resource {
+	return &schema.Resource{
+		CreateWithoutTimeout: resourceRepositoryGroupPermissionPut,
+		ReadWithoutTimeout:   resourceRepositoryGroupPermissionRead,
+		UpdateWithoutTimeout: resourceRepositoryGroupPermissionPut,
+		DeleteWithoutTimeout: resourceRepositoryGroupPermissionDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"workspace": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"repo_slug": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"group_slug": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"permission": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validation.StringInSlice([]string{"admin", "write", "read"}, false),
+			},
+		},
+	}
+}
+
+func createRepositoryGroupPermission(d *schema.ResourceData) *RepositoryGroupPermission {
+
+	permission := &RepositoryGroupPermission{
+		Permission: d.Get("permission").(string),
+	}
+
+	return permission
+}
+
+func resourceRepositoryGroupPermissionPut(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	client := m.(Clients).httpClient
+	permission := createRepositoryGroupPermission(d)
+
+	payload, err := json.Marshal(permission)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	workspace := d.Get("workspace").(string)
+	repoSlug := d.Get("repo_slug").(string)
+	groupSlug := d.Get("group_slug").(string)
+
+	permissionReq, err := client.Put(fmt.Sprintf("2.0/repositories/%s/%s/permissions-config/groups/%s",
+		workspace,
+		repoSlug,
+		groupSlug,
+	), bytes.NewBuffer(payload))
+
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	body, readerr := io.ReadAll(permissionReq.Body)
+	if readerr != nil {
+		return diag.FromErr(readerr)
+	}
+
+	decodeerr := json.Unmarshal(body, &permission)
+	if decodeerr != nil {
+		return diag.FromErr(decodeerr)
+	}
+
+	if d.IsNewResource() {
+		d.SetId(fmt.Sprintf("%s:%s:%s", workspace, repoSlug, groupSlug))
+	}
+
+	return resourceRepositoryGroupPermissionRead(ctx, d, m)
+}
+
+func resourceRepositoryGroupPermissionRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	client := m.(Clients).httpClient
+
+	workspace, repoSlug, groupSlug, err := repositoryGroupPermissionId(d.Id())
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	permissionReq, err := client.Get(fmt.Sprintf("2.0/repositories/%s/%s/permissions-config/groups/%s",
+		workspace,
+		repoSlug,
+		groupSlug,
+	))
+
+	if permissionReq.StatusCode == http.StatusNotFound {
+		log.Printf("[WARN] Repository Group Permission (%s) not found, removing from state", d.Id())
+		d.SetId("")
+		return nil
+	}
+
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	var permission RepositoryGroupPermission
+
+	body, readerr := io.ReadAll(permissionReq.Body)
+	if readerr != nil {
+		return diag.FromErr(readerr)
+	}
+
+	log.Printf("Repository Group Permission raw is: %#v", string(body))
+
+	decodeerr := json.Unmarshal(body, &permission)
+	if decodeerr != nil {
+		return diag.FromErr(decodeerr)
+	}
+
+	log.Printf("Repository Group Permission decoded is: %#v", permission)
+
+	d.Set("permission", permission.Permission)
+	d.Set("group_slug", permission.Group.Slug)
+	d.Set("workspace", permission.Group.Workspace.Slug)
+	d.Set("repo_slug", repoSlug)
+
+	return nil
+}
+
+func resourceRepositoryGroupPermissionDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	client := m.(Clients).httpClient
+
+	workspace, repoSlug, groupSlug, err := repositoryGroupPermissionId(d.Id())
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	_, err = client.Delete(fmt.Sprintf("2.0/repositories/%s/%s/permissions-config/groups/%s",
+		workspace,
+		repoSlug,
+		groupSlug,
+	))
+
+	return diag.FromErr(err)
+}
+
+func repositoryGroupPermissionId(id string) (string, string, string, error) {
+	parts := strings.Split(id, ":")
+
+	if len(parts) != 3 {
+		return "", "", "", fmt.Errorf("unexpected format of ID (%q), expected WORKSPACE:REPO-SLUG:GROUP-SLUG", id)
+	}
+
+	return parts[0], parts[1], parts[2], nil
+}

bitbucket/resource_repository_group_permission_test.go

@@ -0,0 +1,107 @@
+package bitbucket
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+)
+
+func TestAccBitbucketRepositoryGroupPermission_basic(t *testing.T) {
+	var repositoryGroupPermission RepositoryGroupPermission
+	resourceName := "bitbucket_repository_group_permission.test"
+	workspace := os.Getenv("BITBUCKET_TEAM")
+	rName := acctest.RandomWithPrefix("tf-test")
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckBitbucketRepositoryGroupPermissionDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccBitbucketRepositoryGroupPermissionConfig(workspace, rName, "read"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckBitbucketRepositoryGroupPermissionExists(resourceName, &repositoryGroupPermission),
+					resource.TestCheckResourceAttrPair(resourceName, "repo_slug", "bitbucket_repository.test", "name"),
+					resource.TestCheckResourceAttrPair(resourceName, "group_slug", "bitbucket_group.test", "slug"),
+					resource.TestCheckResourceAttr(resourceName, "workspace", workspace),
+					resource.TestCheckResourceAttr(resourceName, "permission", "read"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccBitbucketRepositoryGroupPermissionConfig(workspace, rName, "write"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckBitbucketRepositoryGroupPermissionExists(resourceName, &repositoryGroupPermission),
+					resource.TestCheckResourceAttrPair(resourceName, "repo_slug", "bitbucket_repository.test", "name"),
+					resource.TestCheckResourceAttrPair(resourceName, "group_slug", "bitbucket_group.test", "slug"),
+					resource.TestCheckResourceAttr(resourceName, "workspace", workspace),
+					resource.TestCheckResourceAttr(resourceName, "permission", "write"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckBitbucketRepositoryGroupPermissionDestroy(s *terraform.State) error {
+	client := testAccProvider.Meta().(Clients).httpClient
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "bitbucket_repository_group_permission" {
+			continue
+		}
+
+		response, err := client.Get(fmt.Sprintf("2.0/repositories/%s/%s/permissions-config/groups/%s", rs.Primary.Attributes["workspace"], rs.Primary.Attributes["repo_slug"], rs.Primary.Attributes["group_slug"]))
+
+		if err == nil {
+			return fmt.Errorf("The resource was found should have errored")
+		}
+
+		if response.StatusCode != http.StatusNotFound {
+			return fmt.Errorf("Repository Group Permission still exists")
+		}
+
+	}
+	return nil
+}
+
+func testAccCheckBitbucketRepositoryGroupPermissionExists(n string, repositoryGroupPermission *RepositoryGroupPermission) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found %s", n)
+		}
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No Repository Group Permission ID is set")
+		}
+		return nil
+	}
+}
+
+func testAccBitbucketRepositoryGroupPermissionConfig(workspace, rName, permission string) string {
+	return fmt.Sprintf(`
+resource "bitbucket_repository" "test" {
+  owner = %[1]q
+  name  = %[2]q
+}
+
+resource "bitbucket_group" "test" {
+  workspace  = %[1]q
+  name       = %[2]q
+}
+
+resource "bitbucket_repository_group_permission" "test" {
+  workspace  = %[1]q
+  repo_slug  = bitbucket_repository.test.name
+  group_slug = bitbucket_group.test.slug
+  permission = %[3]q
+}
+`, workspace, rName, permission)
+}