-
Notifications
You must be signed in to change notification settings - Fork 103
/
Copy pathteam_project_access.go
337 lines (278 loc) · 11.8 KB
/
team_project_access.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package tfe
import (
"context"
"fmt"
"net/url"
)
// Compile-time proof of interface implementation.
var _ TeamProjectAccesses = (*teamProjectAccesses)(nil)
// TeamProjectAccesses describes all the team project access related methods that the Terraform
// Enterprise API supports
//
// TFE API docs: Documentation will be linked once this feature is available
// **Note: This functionality is still in BETA and subject to change.**
type TeamProjectAccesses interface {
// List all project accesses for a given project.
List(ctx context.Context, options TeamProjectAccessListOptions) (*TeamProjectAccessList, error)
// Add team access for a project.
Add(ctx context.Context, options TeamProjectAccessAddOptions) (*TeamProjectAccess, error)
// Read team access by project ID.
Read(ctx context.Context, teamProjectAccessID string) (*TeamProjectAccess, error)
// Update team access on a project.
Update(ctx context.Context, teamProjectAccessID string, options TeamProjectAccessUpdateOptions) (*TeamProjectAccess, error)
// Remove team access from a project.
Remove(ctx context.Context, teamProjectAccessID string) error
}
// teamProjectAccesses implements TeamProjectAccesses
type teamProjectAccesses struct {
client *Client
}
// TeamProjectAccessType represents a team project access type.
type TeamProjectAccessType string
const (
TeamProjectAccessAdmin TeamProjectAccessType = "admin"
TeamProjectAccessMaintain TeamProjectAccessType = "maintain"
TeamProjectAccessWrite TeamProjectAccessType = "write"
TeamProjectAccessRead TeamProjectAccessType = "read"
TeamProjectAccessCustom TeamProjectAccessType = "custom"
)
// TeamProjectAccessList represents a list of team project accesses
type TeamProjectAccessList struct {
*Pagination
Items []*TeamProjectAccess
}
// TeamProjectAccess represents a project access for a team
type TeamProjectAccess struct {
ID string `jsonapi:"primary,team-projects"`
Access TeamProjectAccessType `jsonapi:"attr,access"`
ProjectAccess *TeamProjectAccessProjectPermissions `jsonapi:"attr,project-access"`
WorkspaceAccess *TeamProjectAccessWorkspacePermissions `jsonapi:"attr,workspace-access"`
// Relations
Team *Team `jsonapi:"relation,team"`
Project *Project `jsonapi:"relation,project"`
}
// ProjectPermissions represents the team's permissions on its project
type TeamProjectAccessProjectPermissions struct {
ProjectSettingsPermission ProjectSettingsPermissionType `jsonapi:"attr,settings"`
ProjectTeamsPermission ProjectTeamsPermissionType `jsonapi:"attr,teams"`
}
// WorkspacePermissions represents the team's permission on all workspaces in its project
type TeamProjectAccessWorkspacePermissions struct {
WorkspaceRunsPermission WorkspaceRunsPermissionType `jsonapi:"attr,runs"`
WorkspaceSentinelMocksPermission WorkspaceSentinelMocksPermissionType `jsonapi:"attr,sentinel-mocks"`
WorkspaceStateVersionsPermission WorkspaceStateVersionsPermissionType `jsonapi:"attr,state-versions"`
WorkspaceVariablesPermission WorkspaceVariablesPermissionType `jsonapi:"attr,variables"`
WorkspaceCreatePermission bool `jsonapi:"attr,create"`
WorkspaceLockingPermission bool `jsonapi:"attr,locking"`
WorkspaceMovePermission bool `jsonapi:"attr,move"`
WorkspaceDeletePermission bool `jsonapi:"attr,delete"`
WorkspaceRunTasksPermission bool `jsonapi:"attr,run-tasks"`
}
// ProjectSettingsPermissionType represents the permissiontype to a project's settings
type ProjectSettingsPermissionType string
const (
ProjectSettingsPermissionRead ProjectSettingsPermissionType = "read"
ProjectSettingsPermissionUpdate ProjectSettingsPermissionType = "update"
ProjectSettingsPermissionDelete ProjectSettingsPermissionType = "delete"
)
// ProjectTeamsPermissionType represents the permissiontype to a project's teams
type ProjectTeamsPermissionType string
const (
ProjectTeamsPermissionNone ProjectTeamsPermissionType = "none"
ProjectTeamsPermissionRead ProjectTeamsPermissionType = "read"
ProjectTeamsPermissionManage ProjectTeamsPermissionType = "manage"
)
// WorkspaceRunsPermissionType represents the permissiontype to project workspaces' runs
type WorkspaceRunsPermissionType string
const (
WorkspaceRunsPermissionRead WorkspaceRunsPermissionType = "read"
WorkspaceRunsPermissionPlan WorkspaceRunsPermissionType = "plan"
WorkspaceRunsPermissionApply WorkspaceRunsPermissionType = "apply"
)
// WorkspaceSentinelMocksPermissionType represents the permissiontype to project workspaces' sentinel-mocks
type WorkspaceSentinelMocksPermissionType string
const (
WorkspaceSentinelMocksPermissionNone WorkspaceSentinelMocksPermissionType = "none"
WorkspaceSentinelMocksPermissionRead WorkspaceSentinelMocksPermissionType = "read"
)
// WorkspaceStateVersionsPermissionType represents the permissiontype to project workspaces' state-versions
type WorkspaceStateVersionsPermissionType string
const (
WorkspaceStateVersionsPermissionNone WorkspaceStateVersionsPermissionType = "none"
WorkspaceStateVersionsPermissionReadOutputs WorkspaceStateVersionsPermissionType = "read-outputs"
WorkspaceStateVersionsPermissionRead WorkspaceStateVersionsPermissionType = "read"
WorkspaceStateVersionsPermissionWrite WorkspaceStateVersionsPermissionType = "write"
)
// WorkspaceVariablesPermissionType represents the permissiontype to project workspaces' variables
type WorkspaceVariablesPermissionType string
const (
WorkspaceVariablesPermissionNone WorkspaceVariablesPermissionType = "none"
WorkspaceVariablesPermissionRead WorkspaceVariablesPermissionType = "read"
WorkspaceVariablesPermissionWrite WorkspaceVariablesPermissionType = "write"
)
type TeamProjectAccessProjectPermissionsOptions struct {
Settings *ProjectSettingsPermissionType `json:"settings,omitempty"`
Teams *ProjectTeamsPermissionType `json:"teams,omitempty"`
}
type TeamProjectAccessWorkspacePermissionsOptions struct {
Runs *WorkspaceRunsPermissionType `json:"runs,omitempty"`
SentinelMocks *WorkspaceSentinelMocksPermissionType `json:"sentinel-mocks,omitempty"`
StateVersions *WorkspaceStateVersionsPermissionType `json:"state-versions,omitempty"`
Variables *WorkspaceVariablesPermissionType `json:"variables,omitempty"`
Create *bool `json:"create,omitempty"`
Locking *bool `json:"locking,omitempty"`
Move *bool `json:"move,omitempty"`
Delete *bool `json:"delete,omitempty"`
RunTasks *bool `json:"run-tasks,omitempty"`
}
// TeamProjectAccessListOptions represents the options for listing team project accesses
type TeamProjectAccessListOptions struct {
ListOptions
ProjectID string `url:"filter[project][id]"`
}
// TeamProjectAccessAddOptions represents the options for adding team access for a project
type TeamProjectAccessAddOptions struct {
// Type is a public field utilized by JSON:API to
// set the resource type via the field tag.
// It is not a user-defined value and does not need to be set.
// https://jsonapi.org/format/#crud-creating
Type string `jsonapi:"primary,team-projects"`
// The type of access to grant.
Access TeamProjectAccessType `jsonapi:"attr,access"`
// The levels that project and workspace permissions grant
ProjectAccess *TeamProjectAccessProjectPermissionsOptions `jsonapi:"attr,project-access,omitempty"`
WorkspaceAccess *TeamProjectAccessWorkspacePermissionsOptions `jsonapi:"attr,workspace-access,omitempty"`
// The team to add to the project
Team *Team `jsonapi:"relation,team"`
// The project to which the team is to be added.
Project *Project `jsonapi:"relation,project"`
}
// TeamProjectAccessUpdateOptions represents the options for updating a team project access
type TeamProjectAccessUpdateOptions struct {
// Type is a public field utilized by JSON:API to
// set the resource type via the field tag.
// It is not a user-defined value and does not need to be set.
// https://jsonapi.org/format/#crud-creating
Type string `jsonapi:"primary,team-projects"`
// The type of access to grant.
Access *TeamProjectAccessType `jsonapi:"attr,access,omitempty"`
ProjectAccess *TeamProjectAccessProjectPermissionsOptions `jsonapi:"attr,project-access,omitempty"`
WorkspaceAccess *TeamProjectAccessWorkspacePermissionsOptions `jsonapi:"attr,workspace-access,omitempty"`
}
// List all team accesses for a given project.
func (s *teamProjectAccesses) List(ctx context.Context, options TeamProjectAccessListOptions) (*TeamProjectAccessList, error) {
if err := options.valid(); err != nil {
return nil, err
}
req, err := s.client.NewRequest("GET", "team-projects", &options)
if err != nil {
return nil, err
}
tpal := &TeamProjectAccessList{}
err = req.Do(ctx, tpal)
if err != nil {
return nil, err
}
return tpal, nil
}
// Add team access for a project.
func (s *teamProjectAccesses) Add(ctx context.Context, options TeamProjectAccessAddOptions) (*TeamProjectAccess, error) {
if err := options.valid(); err != nil {
return nil, err
}
if err := validateTeamProjectAccessType(options.Access); err != nil {
return nil, err
}
req, err := s.client.NewRequest("POST", "team-projects", &options)
if err != nil {
return nil, err
}
tpa := &TeamProjectAccess{}
err = req.Do(ctx, tpa)
if err != nil {
return nil, err
}
return tpa, nil
}
// Read a team project access by its ID.
func (s *teamProjectAccesses) Read(ctx context.Context, teamProjectAccessID string) (*TeamProjectAccess, error) {
if !validStringID(&teamProjectAccessID) {
return nil, ErrInvalidTeamProjectAccessID
}
u := fmt.Sprintf("team-projects/%s", url.QueryEscape(teamProjectAccessID))
req, err := s.client.NewRequest("GET", u, nil)
if err != nil {
return nil, err
}
tpa := &TeamProjectAccess{}
err = req.Do(ctx, tpa)
if err != nil {
return nil, err
}
return tpa, nil
}
// Update team access for a project.
func (s *teamProjectAccesses) Update(ctx context.Context, teamProjectAccessID string, options TeamProjectAccessUpdateOptions) (*TeamProjectAccess, error) {
if !validStringID(&teamProjectAccessID) {
return nil, ErrInvalidTeamProjectAccessID
}
if err := validateTeamProjectAccessType(*options.Access); err != nil {
return nil, err
}
u := fmt.Sprintf("team-projects/%s", url.QueryEscape(teamProjectAccessID))
req, err := s.client.NewRequest("PATCH", u, &options)
if err != nil {
return nil, err
}
ta := &TeamProjectAccess{}
err = req.Do(ctx, ta)
if err != nil {
return nil, err
}
return ta, err
}
// Remove team access from a project.
func (s *teamProjectAccesses) Remove(ctx context.Context, teamProjectAccessID string) error {
if !validStringID(&teamProjectAccessID) {
return ErrInvalidTeamProjectAccessID
}
u := fmt.Sprintf("team-projects/%s", url.QueryEscape(teamProjectAccessID))
req, err := s.client.NewRequest("DELETE", u, nil)
if err != nil {
return err
}
return req.Do(ctx, nil)
}
func (o TeamProjectAccessListOptions) valid() error {
if !validStringID(&o.ProjectID) {
return ErrInvalidProjectID
}
return nil
}
func (o TeamProjectAccessAddOptions) valid() error {
if err := validateTeamProjectAccessType(o.Access); err != nil {
return err
}
if o.Team == nil {
return ErrRequiredTeam
}
if o.Project == nil {
return ErrRequiredProject
}
return nil
}
func validateTeamProjectAccessType(t TeamProjectAccessType) error {
switch t {
case TeamProjectAccessAdmin,
TeamProjectAccessMaintain,
TeamProjectAccessWrite,
TeamProjectAccessRead,
TeamProjectAccessCustom:
// do nothing
default:
return ErrInvalidTeamProjectAccessType
}
return nil
}