Merge pull request #65 from cloudsmith-io/NO-TICKET/data_source_repo_…

…privilege NO-TICKET: Data source for repo privileges
cloudsmith-io · Nov 22, 2023 · bc98d7d · bc98d7d
2 parents cf96885 + 8d3788e
commit bc98d7d
Show file tree

Hide file tree

Showing 5 changed files with 208 additions and 10 deletions.
diff --git a/cloudsmith/data_source_repository_privileges.go b/cloudsmith/data_source_repository_privileges.go
@@ -0,0 +1,103 @@
+package cloudsmith
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+// dataSourceRepositoryPrivileges returns the data source schema and read function.
+func dataSourceRepositoryPrivileges() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceRepositoryPrivilegesRead,
+
+		Schema: map[string]*schema.Schema{
+			"organization": {
+				Type:        schema.TypeString,
+				Description: "Organization to which this repository belongs.",
+				Required:    true,
+			},
+			"repository": {
+				Type:        schema.TypeString,
+				Description: "Repository to fetch privileges information.",
+				Required:    true,
+			},
+			"service": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"privilege": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"slug": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+			"team": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"privilege": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"slug": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+			"user": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"privilege": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"slug": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+// dataSourceRepositoryPrivilegesRead retrieves privileges information for the specified repository.
+func dataSourceRepositoryPrivilegesRead(d *schema.ResourceData, m interface{}) error {
+	pc := m.(*providerConfig)
+
+	organization := d.Get("organization").(string)
+	repository := d.Get("repository").(string)
+
+	req := pc.APIClient.ReposApi.ReposPrivilegesList(pc.Auth, organization, repository)
+
+	privileges, resp, err := pc.APIClient.ReposApi.ReposPrivilegesListExecute(req)
+	if err != nil {
+		if is404(resp) {
+			d.SetId("")
+			return nil
+		}
+
+		return err
+	}
+
+	d.Set("service", flattenRepositoryPrivilegeServices(privileges.GetPrivileges()))
+	d.Set("team", flattenRepositoryPrivilegeTeams(privileges.GetPrivileges()))
+	d.Set("user", flattenRepositoryPrivilegeUsers(privileges.GetPrivileges()))
+
+	d.SetId(fmt.Sprintf("%s/%s", organization, repository))
+
+	return nil
+}
diff --git a/cloudsmith/data_source_repository_privileges_test.go b/cloudsmith/data_source_repository_privileges_test.go
@@ -0,0 +1,57 @@
+package cloudsmith
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+// TestAccDataSourceRepositoryPrivileges_basic tests the basic functionality of the data source.
+func TestAccDataSourceRepositoryPrivileges_basic(t *testing.T) {
+	t.Parallel()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccRepositoryCheckDestroy("cloudsmith_repository.test"),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceRepositoryPrivilegesConfigBasic,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.cloudsmith_repository_privileges.test_data", "service.#"),
+				),
+			},
+		},
+	})
+}
+
+var testAccDataSourceRepositoryPrivilegesConfigBasic = fmt.Sprintf(`
+resource "cloudsmith_repository" "test" {
+	name      = "terraform-acc-test-read-privs"
+	namespace = "%s"
+}
+
+resource "cloudsmith_service" "test" {
+	name         = "TF Test Service Data Privs"
+	organization = cloudsmith_repository.test.namespace
+	role         = "Member"
+}
+
+resource "cloudsmith_repository_privileges" "test" {
+    organization = cloudsmith_repository.test.namespace
+    repository   = cloudsmith_repository.test.slug
+
+	service {
+		privilege = "Read"
+		slug      = cloudsmith_service.test.slug
+	}
+}
+
+data "cloudsmith_repository_privileges" "test_data" {
+	organization = cloudsmith_repository_privileges.test.organization
+	repository   = cloudsmith_repository_privileges.test.repository
+	depends_on = [cloudsmith_repository.test]
+  }
+`, os.Getenv("CLOUDSMITH_NAMESPACE"))
diff --git a/cloudsmith/provider.go b/cloudsmith/provider.go
@@ -29,11 +29,12 @@ func Provider() *schema.Provider {
 			},
 		},
 		DataSourcesMap: map[string]*schema.Resource{
-			"cloudsmith_namespace":    dataSourceNamespace(),
-			"cloudsmith_organization": dataSourceOrganization(),
-			"cloudsmith_package":      dataSourcePackage(),
-			"cloudsmith_package_list": dataSourcePackageList(),
-			"cloudsmith_repository":   dataSourceRepository(),
+			"cloudsmith_namespace":             dataSourceNamespace(),
+			"cloudsmith_organization":          dataSourceOrganization(),
+			"cloudsmith_package":               dataSourcePackage(),
+			"cloudsmith_package_list":          dataSourcePackageList(),
+			"cloudsmith_repository":            dataSourceRepository(),
+			"cloudsmith_repository_privileges": dataSourceRepositoryPrivileges(),
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			"cloudsmith_entitlement":             resourceEntitlement(),

diff --git a/cloudsmith/resource_repository_privileges.go b/cloudsmith/resource_repository_privileges.go
@@ -182,11 +182,6 @@ func resourceRepositoryPrivilegesRead(d *schema.ResourceData, m interface{}) err
 
 	req := pc.APIClient.ReposApi.ReposPrivilegesList(pc.Auth, organization, repository)
 
-	// TODO: add a proper loop here to ensure we always get all privs,
-	// regardless of how many are configured.
-	req = req.Page(1)
-	req = req.PageSize(1000)
-
 	privileges, resp, err := pc.APIClient.ReposApi.ReposPrivilegesListExecute(req)
 	if err != nil {
 		if is404(resp) {

diff --git a/docs/data-sources/repository_privileges.md b/docs/data-sources/repository_privileges.md
@@ -0,0 +1,42 @@
+# Repository Privileges Data Source
+
+The `cloudsmith_repository_privileges` data source allows you to retrieve information about repository privileges, including service accounts, teams, and users, for a specific repository.
+
+## Example Usage
+
+```hcl
+provider "cloudsmith" {
+	api_key = "my-api-key"
+}
+
+resource "cloudsmith_repository" "test" {
+	name = "terraform-acc-test-privileges"
+	namespace = "<your-namespace>"
+}
+
+data "cloudsmith_repository_privileges" "test_data" {
+	organization = cloudsmith_repository.test.namespace
+	repository = cloudsmith_repository.test.slug
+}
+```
+
+## Argument Reference
+
+* organization (Required): The organization to which the repository belongs.
+* repository (Required): The repository for which privileges information is retrieved.
+
+## Attribute Reference
+
+The following attributes are available:
+
+* service: A set containing privileges information for service accounts.
+	* privilege: The privilege level (Admin, Write, Read).
+	* slug: The unique identifier for the service account.
+
+* team: A set containing privileges information for teams.
+	* privilege: The privilege level (Admin, Write, Read).
+	* slug: The unique identifier for the team.
+
+* user: A set containing privileges information for users.
+	* privilege: The privilege level (Admin, Write, Read).
+	* slug: The unique identifier for the user.