Refactored usage scopes

harness · Oct 8, 2021 · ffd3a5e · ffd3a5e
1 parent 0a4eac6
commit ffd3a5e
Show file tree

Hide file tree

Showing 23 changed files with 278 additions and 111 deletions.
diff --git a/docs/data-sources/encrypted_text.md b/docs/data-sources/encrypted_text.md
@@ -19,7 +19,7 @@ Data source for retrieving a Harness application
 
 - **id** (String) Unique identifier of the encrypted secret
 - **name** (String) The name of the encrypted secret
-- **usage_scope** (Block Set) Usage scopes (see [below for nested schema](#nestedblock--usage_scope))
+- **usage_scope** (Block Set) This block is used for scoping the resource to a specific set of applications or environments. (see [below for nested schema](#nestedblock--usage_scope))
 
 ### Read-Only
 
@@ -30,9 +30,8 @@ Data source for retrieving a Harness application
 
 Optional:
 
-- **application_filter_type** (String) Type of application filter applied. ALL if not application id supplied, otherwise NULL
-- **application_id** (String) Id of the application scoping
-- **environment_filter_type** (String) Type of environment filter applied. ALL if not filter applied
-- **environment_id** (String) Id of the environment scoping
+- **application_id** (String) Id of the application to scope to. If empty then this scope applies to all applications.
+- **environment_filter_type** (String) Type of environment filter applied. Cannot be used with `environment_id`. Valid options are NON_PRODUCTION_ENVIRONMENTS, PRODUCTION_ENVIRONMENTS.
+- **environment_id** (String) Id of the id of the specific environment to scope to. Cannot be used with `environment_filter_type`.
 
 
diff --git a/docs/data-sources/secret_manager.md b/docs/data-sources/secret_manager.md
@@ -20,16 +20,15 @@ Data source for retrieving a Harness secret manager
 - **default** (Boolean) True to lookup the id of the default secret manager
 - **id** (String) Unique identifier of the secret manager
 - **name** (String) The name of the secret manager
-- **usage_scope** (Block Set) Usage scopes (see [below for nested schema](#nestedblock--usage_scope))
+- **usage_scope** (Block Set) This block is used for scoping the resource to a specific set of applications or environments. (see [below for nested schema](#nestedblock--usage_scope))
 
 <a id="nestedblock--usage_scope"></a>
 ### Nested Schema for `usage_scope`
 
 Optional:
 
-- **application_filter_type** (String) Type of application filter applied. ALL if not application id supplied, otherwise NULL
-- **application_id** (String) Id of the application scoping
-- **environment_filter_type** (String) Type of environment filter applied. ALL if not filter applied
-- **environment_id** (String) Id of the environment scoping
+- **application_id** (String) Id of the application to scope to. If empty then this scope applies to all applications.
+- **environment_filter_type** (String) Type of environment filter applied. Cannot be used with `environment_id`. Valid options are NON_PRODUCTION_ENVIRONMENTS, PRODUCTION_ENVIRONMENTS.
+- **environment_id** (String) Id of the id of the specific environment to scope to. Cannot be used with `environment_filter_type`.
 
 
diff --git a/docs/guides/usage-scopes.md b/docs/guides/usage-scopes.md
@@ -0,0 +1,58 @@
+---
+subcategory: ""
+page_title: "Configuring usage scopes - Harness Provider"
+description: |-
+    An example of how to apply usage scopes to a resource.
+---
+
+# Configure usage scopes for a resource
+
+There are a number of resources that can be scoped to a specific set of applications and environments. These include cloud providers, secrets, connectors, and more. Configuring it is the same across all of these resources.
+
+In this example we are configuring a cloud provider to be used by any application in any environment.
+
+```terraform
+resource "harness_cloudprovider_kubernetes" "test" {
+  name = "test"
+
+  usage_scope {
+    environment_filter_type = "NON_PRODUCTION_ENVIRONMENTS"
+  }
+
+  usage_scope {
+    environment_filter_type = "PRODUCTION_ENVIRONMENTS"
+  }
+
+}
+```
+
+In this more advanced scenario we show how you can scope the cloud provider to a specific application or to a specific environment.
+
+```terraform
+resource "harness_application" "example" {
+  name = "myapp"
+}
+
+resource "harness_environment" "qa" {
+  name   = "qa"
+  app_id = harness_application.example.id
+  type   = "NON_PROD"
+}
+
+resource "harness_cloudprovider_kubernetes" "k8s" {
+  name = "k8s"
+
+  // Example of scoping to all non-prod environments of a specific application
+  usage_scope {
+    application_id          = harness_application.example.id
+    environment_filter_type = "NON_PRODUCTION_ENVIRONMENTS"
+  }
+
+  // Example of scoping to a specific environment
+  usage_scope {
+    application_id = harness_application.example.id
+    environment_id = harness_environment.qa.id
+  }
+}
+```
+
diff --git a/docs/resources/cloudprovider_aws.md b/docs/resources/cloudprovider_aws.md
@@ -50,7 +50,7 @@ resource "harness_cloudprovider_aws" "aws" {
 - **assume_cross_account_role** (Block List, Max: 1) Configuration for assuming a cross account role. (see [below for nested schema](#nestedblock--assume_cross_account_role))
 - **delegate_selector** (String) Select the Delegate to use via one of its Selectors.
 - **secret_access_key_secret_name** (String) The name of the Harness secret containing the AWS secret access key.
-- **usage_scope** (Block Set) Usage scopes (see [below for nested schema](#nestedblock--usage_scope))
+- **usage_scope** (Block Set) This block is used for scoping the resource to a specific set of applications or environments. (see [below for nested schema](#nestedblock--usage_scope))
 - **use_ec2_iam_credentials** (Boolean) Use the EC2 Instance Profile for Service Accounts.
 - **use_irsa** (Boolean) Use the AWS IAM Role for Service Accounts.
 
@@ -75,10 +75,9 @@ Optional:
 
 Optional:
 
-- **application_filter_type** (String) Type of application filter applied. ALL if not application id supplied, otherwise NULL
-- **application_id** (String) Id of the application scoping
-- **environment_filter_type** (String) Type of environment filter applied. ALL if not filter applied
-- **environment_id** (String) Id of the environment scoping
+- **application_id** (String) Id of the application to scope to. If empty then this scope applies to all applications.
+- **environment_filter_type** (String) Type of environment filter applied. Cannot be used with `environment_id`. Valid options are NON_PRODUCTION_ENVIRONMENTS, PRODUCTION_ENVIRONMENTS.
+- **environment_id** (String) Id of the id of the specific environment to scope to. Cannot be used with `environment_filter_type`.
 
 ## Import
 

diff --git a/docs/resources/cloudprovider_datacenter.md b/docs/resources/cloudprovider_datacenter.md
@@ -27,7 +27,7 @@ resource "harness_cloudprovider_datacenter" "example" {
 
 ### Optional
 
-- **usage_scope** (Block Set) Usage scopes (see [below for nested schema](#nestedblock--usage_scope))
+- **usage_scope** (Block Set) This block is used for scoping the resource to a specific set of applications or environments. (see [below for nested schema](#nestedblock--usage_scope))
 
 ### Read-Only
 
@@ -38,10 +38,9 @@ resource "harness_cloudprovider_datacenter" "example" {
 
 Optional:
 
-- **application_filter_type** (String) Type of application filter applied. ALL if not application id supplied, otherwise NULL
-- **application_id** (String) Id of the application scoping
-- **environment_filter_type** (String) Type of environment filter applied. ALL if not filter applied
-- **environment_id** (String) Id of the environment scoping
+- **application_id** (String) Id of the application to scope to. If empty then this scope applies to all applications.
+- **environment_filter_type** (String) Type of environment filter applied. Cannot be used with `environment_id`. Valid options are NON_PRODUCTION_ENVIRONMENTS, PRODUCTION_ENVIRONMENTS.
+- **environment_id** (String) Id of the id of the specific environment to scope to. Cannot be used with `environment_filter_type`.
 
 ## Import
 

diff --git a/docs/resources/cloudprovider_gcp.md b/docs/resources/cloudprovider_gcp.md
@@ -24,7 +24,7 @@ Resource for creating a GCP cloud provider
 - **delegate_selectors** (List of String) Delegate selectors to use for this provider.
 - **secret_file_id** (String) The id of the secret containing the GCP credentials
 - **skip_validation** (Boolean) Skip validation of GCP configuration.
-- **usage_scope** (Block Set) Usage scopes (see [below for nested schema](#nestedblock--usage_scope))
+- **usage_scope** (Block Set) This block is used for scoping the resource to a specific set of applications or environments. (see [below for nested schema](#nestedblock--usage_scope))
 
 ### Read-Only
 
@@ -35,9 +35,8 @@ Resource for creating a GCP cloud provider
 
 Optional:
 
-- **application_filter_type** (String) Type of application filter applied. ALL if not application id supplied, otherwise NULL
-- **application_id** (String) Id of the application scoping
-- **environment_filter_type** (String) Type of environment filter applied. ALL if not filter applied
-- **environment_id** (String) Id of the environment scoping
+- **application_id** (String) Id of the application to scope to. If empty then this scope applies to all applications.
+- **environment_filter_type** (String) Type of environment filter applied. Cannot be used with `environment_id`. Valid options are NON_PRODUCTION_ENVIRONMENTS, PRODUCTION_ENVIRONMENTS.
+- **environment_id** (String) Id of the id of the specific environment to scope to. Cannot be used with `environment_filter_type`.
 
 
diff --git a/docs/resources/cloudprovider_kubernetes.md b/docs/resources/cloudprovider_kubernetes.md
@@ -54,7 +54,7 @@ resource "harness_cloudprovider_kubernetes" "example" {
 ### Optional
 
 - **skip_validation** (Boolean) Skip validation of Kubernetes configuration.
-- **usage_scope** (Block Set) Usage scopes (see [below for nested schema](#nestedblock--usage_scope))
+- **usage_scope** (Block Set) This block is used for scoping the resource to a specific set of applications or environments. (see [below for nested schema](#nestedblock--usage_scope))
 
 ### Read-Only
 
@@ -120,10 +120,9 @@ Optional:
 
 Optional:
 
-- **application_filter_type** (String) Type of application filter applied. ALL if not application id supplied, otherwise NULL
-- **application_id** (String) Id of the application scoping
-- **environment_filter_type** (String) Type of environment filter applied. ALL if not filter applied
-- **environment_id** (String) Id of the environment scoping
+- **application_id** (String) Id of the application to scope to. If empty then this scope applies to all applications.
+- **environment_filter_type** (String) Type of environment filter applied. Cannot be used with `environment_id`. Valid options are NON_PRODUCTION_ENVIRONMENTS, PRODUCTION_ENVIRONMENTS.
+- **environment_id** (String) Id of the id of the specific environment to scope to. Cannot be used with `environment_filter_type`.
 
 ## Import
 

diff --git a/docs/resources/encrypted_text.md b/docs/resources/encrypted_text.md
@@ -23,12 +23,10 @@ resource "harness_encrypted_text" "example" {
   secret_manager_id = data.harness_secret_manager.default.id
 
   usage_scope {
-    application_filter_type = "ALL"
     environment_filter_type = "PRODUCTION_ENVIRONMENTS"
   }
 
   usage_scope {
-    application_filter_type = "ALL"
     environment_filter_type = "NON_PRODUCTION_ENVIRONMENTS"
   }
 }
@@ -47,7 +45,7 @@ resource "harness_encrypted_text" "example" {
 
 - **inherit_scopes_from_secret_manager** (Boolean) Boolean that indicates whether or not to inherit the usage scopes from the secret manager
 - **scoped_to_account** (Boolean) Boolean that indicates whether or not the secret is scoped to the account
-- **usage_scope** (Block Set) Usage scopes (see [below for nested schema](#nestedblock--usage_scope))
+- **usage_scope** (Block Set) This block is used for scoping the resource to a specific set of applications or environments. (see [below for nested schema](#nestedblock--usage_scope))
 
 ### Read-Only
 
@@ -58,10 +56,9 @@ resource "harness_encrypted_text" "example" {
 
 Optional:
 
-- **application_filter_type** (String) Type of application filter applied. ALL if not application id supplied, otherwise NULL
-- **application_id** (String) Id of the application scoping
-- **environment_filter_type** (String) Type of environment filter applied. ALL if not filter applied
-- **environment_id** (String) Id of the environment scoping
+- **application_id** (String) Id of the application to scope to. If empty then this scope applies to all applications.
+- **environment_filter_type** (String) Type of environment filter applied. Cannot be used with `environment_id`. Valid options are NON_PRODUCTION_ENVIRONMENTS, PRODUCTION_ENVIRONMENTS.
+- **environment_id** (String) Id of the id of the specific environment to scope to. Cannot be used with `environment_filter_type`.
 
 ## Import
 

diff --git a/docs/resources/git_connector.md b/docs/resources/git_connector.md
@@ -51,7 +51,7 @@ resource "harness_git_connector" "example" {
 - **generate_webhook_url** (Boolean) Boolean indicating whether or not to generate a webhook url.
 - **password_secret_id** (String) The id of the secret for connecting to the git repository.
 - **ssh_setting_id** (String) The id of the SSH secret to use
-- **usage_scope** (Block Set) Usage scopes (see [below for nested schema](#nestedblock--usage_scope))
+- **usage_scope** (Block Set) This block is used for scoping the resource to a specific set of applications or environments. (see [below for nested schema](#nestedblock--usage_scope))
 - **username** (String) The name of the user used to connect to the git repository
 
 ### Read-Only
@@ -75,10 +75,9 @@ Optional:
 
 Optional:
 
-- **application_filter_type** (String) Type of application filter applied. ALL if not application id supplied, otherwise NULL
-- **application_id** (String) Id of the application scoping
-- **environment_filter_type** (String) Type of environment filter applied. ALL if not filter applied
-- **environment_id** (String) Id of the environment scoping
+- **application_id** (String) Id of the application to scope to. If empty then this scope applies to all applications.
+- **environment_filter_type** (String) Type of environment filter applied. Cannot be used with `environment_id`. Valid options are NON_PRODUCTION_ENVIRONMENTS, PRODUCTION_ENVIRONMENTS.
+- **environment_id** (String) Id of the id of the specific environment to scope to. Cannot be used with `environment_filter_type`.
 
 ## Import
 

diff --git a/docs/resources/ssh_credential.md b/docs/resources/ssh_credential.md
@@ -58,7 +58,7 @@ resource "harness_ssh_credential" "ssh_creds" {
 
 - **kerberos_authentication** (Block List, Max: 1) Kerberos authentication for SSH. Cannot be used if ssh_authentication is specified (see [below for nested schema](#nestedblock--kerberos_authentication))
 - **ssh_authentication** (Block List, Max: 1) Authentication method for SSH. Cannot be used if kerberos_authentication is specified. Only one of `inline_ssh`, `server_password`, or `ssh_key_file` should be set (see [below for nested schema](#nestedblock--ssh_authentication))
-- **usage_scope** (Block Set) Usage scopes (see [below for nested schema](#nestedblock--usage_scope))
+- **usage_scope** (Block Set) This block is used for scoping the resource to a specific set of applications or environments. (see [below for nested schema](#nestedblock--usage_scope))
 
 ### Read-Only
 
@@ -139,10 +139,9 @@ Optional:
 
 Optional:
 
-- **application_filter_type** (String) Type of application filter applied. ALL if not application id supplied, otherwise NULL
-- **application_id** (String) Id of the application scoping
-- **environment_filter_type** (String) Type of environment filter applied. ALL if not filter applied
-- **environment_id** (String) Id of the environment scoping
+- **application_id** (String) Id of the application to scope to. If empty then this scope applies to all applications.
+- **environment_filter_type** (String) Type of environment filter applied. Cannot be used with `environment_id`. Valid options are NON_PRODUCTION_ENVIRONMENTS, PRODUCTION_ENVIRONMENTS.
+- **environment_id** (String) Id of the id of the specific environment to scope to. Cannot be used with `environment_filter_type`.
 
 ## Import
 

diff --git a/examples/resources/harness_encrypted_text/resource.tf b/examples/resources/harness_encrypted_text/resource.tf
@@ -8,12 +8,10 @@ resource "harness_encrypted_text" "example" {
   secret_manager_id = data.harness_secret_manager.default.id
 
   usage_scope {
-    application_filter_type = "ALL"
     environment_filter_type = "PRODUCTION_ENVIRONMENTS"
   }
 
   usage_scope {
-    application_filter_type = "ALL"
     environment_filter_type = "NON_PRODUCTION_ENVIRONMENTS"
   }
 }
diff --git a/examples/usage_scope/complex.tf b/examples/usage_scope/complex.tf
@@ -0,0 +1,25 @@
+resource "harness_application" "example" {
+  name = "myapp"
+}
+
+resource "harness_environment" "qa" {
+  name   = "qa"
+  app_id = harness_application.example.id
+  type   = "NON_PROD"
+}
+
+resource "harness_cloudprovider_kubernetes" "k8s" {
+  name = "k8s"
+
+  // Example of scoping to all non-prod environments of a specific application
+  usage_scope {
+    application_id          = harness_application.example.id
+    environment_filter_type = "NON_PRODUCTION_ENVIRONMENTS"
+  }
+
+  // Example of scoping to a specific environment
+  usage_scope {
+    application_id = harness_application.example.id
+    environment_id = harness_environment.qa.id
+  }
+}
diff --git a/examples/usage_scope/simple.tf b/examples/usage_scope/simple.tf
@@ -0,0 +1,12 @@
+resource "harness_cloudprovider_kubernetes" "test" {
+  name = "test"
+
+  usage_scope {
+    environment_filter_type = "NON_PRODUCTION_ENVIRONMENTS"
+  }
+
+  usage_scope {
+    environment_filter_type = "PRODUCTION_ENVIRONMENTS"
+  }
+
+}
diff --git a/internal/provider/data_source_encrypted_text_test.go b/internal/provider/data_source_encrypted_text_test.go
@@ -25,7 +25,6 @@ func TestAccDataSourceEncryptedTextByName(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(resourceName, "name", expectedName),
 					resource.TestCheckResourceAttrSet(resourceName, "secret_manager_id"),
-					resource.TestCheckResourceAttr(resourceName, "usage_scope.0.application_filter_type", "ALL"),
 					resource.TestCheckResourceAttr(resourceName, "usage_scope.0.environment_filter_type", "NON_PRODUCTION_ENVIRONMENTS"),
 				),
 			},
@@ -45,7 +44,6 @@ func testAccDataSourceEncryptedTextByName(name string) string {
 			secret_manager_id = data.harness_secret_manager.test.id
 			
 			usage_scope {
-				application_filter_type = "ALL"
 				environment_filter_type = "NON_PRODUCTION_ENVIRONMENTS"
 			}
 		}

diff --git a/internal/provider/resource_cloudprovider_datacenter_test.go b/internal/provider/resource_cloudprovider_datacenter_test.go
@@ -91,12 +91,10 @@ func testAccResourceDataCenterCloudProvider(name string) string {
 			name = "%[1]s"
 
 			usage_scope {
-				application_filter_type = "ALL"
 				environment_filter_type = "NON_PRODUCTION_ENVIRONMENTS"
 			}
 			
 			usage_scope {
-				application_filter_type = "ALL"
 				environment_filter_type = "PRODUCTION_ENVIRONMENTS"
 			}
 		}	

diff --git a/internal/provider/resource_cloudprovider_gcp_test.go b/internal/provider/resource_cloudprovider_gcp_test.go
@@ -92,12 +92,10 @@ func testAccResourceGcpCloudProvider(name string) string {
 			delegate_selectors = ["testing"]
 
 			usage_scope {
-				application_filter_type = "ALL"
 				environment_filter_type = "NON_PRODUCTION_ENVIRONMENTS"
 			}
 			
 			usage_scope {
-				application_filter_type = "ALL"
 				environment_filter_type = "PRODUCTION_ENVIRONMENTS"
 			}
 		}