refactor(settings): settings client uses permission handling from core lib

go.mod

@@ -4,7 +4,7 @@ go 1.24.3
 
 require (
 	github.com/anknown/ahocorasick v0.0.0-20190904063843-d75dbd5169c0
-	github.com/dynatrace/dynatrace-configuration-as-code-core v0.8.1-0.20250513082749-4a52a35af3c3
+	github.com/dynatrace/dynatrace-configuration-as-code-core v0.8.1-0.20250516114212-0186e259e881
 	github.com/go-logr/logr v1.4.2
 	github.com/go-logr/zapr v1.3.0
 	github.com/google/go-cmp v0.7.0

go.sum

@@ -9,8 +9,8 @@ github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx2
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dynatrace/dynatrace-configuration-as-code-core v0.8.1-0.20250513082749-4a52a35af3c3 h1:457hWDZrF5vcBwvE5ekKhMNNfpjAoKMIksKTDey5Olc=
-github.com/dynatrace/dynatrace-configuration-as-code-core v0.8.1-0.20250513082749-4a52a35af3c3/go.mod h1:3cRc4TbyVxH62R7GwIvvOgOoOQ4R2EnZa6wWjOD7jCQ=
+github.com/dynatrace/dynatrace-configuration-as-code-core v0.8.1-0.20250516114212-0186e259e881 h1:cZpDHcnvoDFwjqFosnc7RtJIh1boKp8g/Ayb6SUh0rY=
+github.com/dynatrace/dynatrace-configuration-as-code-core v0.8.1-0.20250516114212-0186e259e881/go.mod h1:3cRc4TbyVxH62R7GwIvvOgOoOQ4R2EnZa6wWjOD7jCQ=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=

pkg/client/dtclient/settings_client.go

@@ -32,6 +32,7 @@ import (
 
 	coreapi "github.com/dynatrace/dynatrace-configuration-as-code-core/api"
 	corerest "github.com/dynatrace/dynatrace-configuration-as-code-core/api/rest"
+	coresettings "github.com/dynatrace/dynatrace-configuration-as-code-core/clients/settings/permissions"
 	"github.com/dynatrace/dynatrace-configuration-as-code/v2/internal/cache"
 	"github.com/dynatrace/dynatrace-configuration-as-code/v2/internal/featureflags"
 	"github.com/dynatrace/dynatrace-configuration-as-code/v2/internal/filter"
@@ -174,6 +175,9 @@ type SettingsClient struct {
 	// client is a rest client used to target platform enabled environments
 	client *corerest.Client
 
+	// permissionClient is used for CRUD operations on settings object permissions
+	permissionClient *coresettings.Client
+
 	// settingsSchemaAPIPath is the API path to use for accessing settings schemas
 	settingsSchemaAPIPath string
 
@@ -247,10 +251,18 @@ type (
 
 	Accessor struct {
 		Type TypeAccessor `json:"type"`
+		// ID is only needed and valid for TypeAccessor Group and User, but not for AllUsers
+		ID string `json:"id,omitempty"`
 	}
+	// PermissionObject contains the Accessor, and a slice of Permissions.
 	PermissionObject struct {
+		Accessor *Accessor `json:"accessor,omitempty"`
+
+		// Explanation:
+		// 	- If Permissions is empty, the Accessor has no permissions
+		// 	- If Permissions contains "r", the Accessor has read access
+		// 	- If Permissions contains "w", the Accessor has write access
 		Permissions []TypePermissions `json:"permissions"`
-		Accessor    *Accessor         `json:"accessor,omitempty"`
 	}
 
 	postResponse struct {
@@ -282,12 +294,10 @@ type (
 )
 
 const (
-	settingsSchemaAPIPathClassic      = "/api/v2/settings/schemas"
-	settingsSchemaAPIPathPlatform     = "/platform/classic/environment-api/v2/settings/schemas"
-	settingsObjectAPIPathClassic      = "/api/v2/settings/objects"
-	settingsObjectAPIPathPlatform     = "/platform/classic/environment-api/v2/settings/objects"
-	settingsPermissionAllUsersAPIPath = "/platform/classic/environment-api/v2/settings/objects/{objectId}/permissions/all-users" // GET, PUT, DELETE
-	settingsPermissionAPIPath         = "/platform/classic/environment-api/v2/settings/objects/{objectId}/permissions"           // POST
+	settingsSchemaAPIPathClassic  = "/api/v2/settings/schemas"
+	settingsSchemaAPIPathPlatform = "/platform/classic/environment-api/v2/settings/schemas"
+	settingsObjectAPIPathClassic  = "/api/v2/settings/objects"
+	settingsObjectAPIPathPlatform = "/platform/classic/environment-api/v2/settings/objects"
 )
 
 func WithExternalIDGenerator(g idutils.ExternalIDGenerator) func(client *SettingsClient) {
@@ -350,6 +360,7 @@ func NewPlatformSettingsClient(client *corerest.Client, opts ...func(dynatraceCl
 	d := &SettingsClient{
 		serverVersion:         version.Version{},
 		client:                client,
+		permissionClient:      coresettings.NewClient(client),
 		retrySettings:         DefaultRetrySettings,
 		settingsSchemaAPIPath: settingsSchemaAPIPathPlatform,
 		settingsObjectAPIPath: settingsObjectAPIPathPlatform,
@@ -373,6 +384,7 @@ func NewClassicSettingsClient(client *corerest.Client, opts ...func(dynatraceCli
 	d := &SettingsClient{
 		serverVersion:         version.Version{},
 		client:                client,
+		permissionClient:      coresettings.NewClient(client),
 		retrySettings:         DefaultRetrySettings,
 		settingsSchemaAPIPath: settingsSchemaAPIPathClassic,
 		settingsObjectAPIPath: settingsObjectAPIPathClassic,
@@ -626,7 +638,7 @@ func (d *SettingsClient) modifyPermission(ctx context.Context, objectID string,
 	if permissions != nil {
 		return d.UpsertPermission(ctx, objectID, PermissionObject{
 			Permissions: permissions,
-			Accessor:    &Accessor{AllUsers},
+			Accessor:    &Accessor{Type: AllUsers},
 		})
 	}
 
@@ -937,16 +949,7 @@ func (d *SettingsClient) Delete(ctx context.Context, objectID string) error {
 }
 
 func (d *SettingsClient) GetPermission(ctx context.Context, objectID string) (PermissionObject, error) {
-	path, err := getPermissionPathWithID(objectID)
-	if err != nil {
-		return PermissionObject{}, err
-	}
-
-	resp, err := coreapi.AsResponseOrError(d.client.GET(
-		ctx,
-		path,
-		corerest.RequestOptions{CustomShouldRetryFunc: corerest.RetryIfTooManyRequests},
-	))
+	resp, err := d.permissionClient.GetAllUsersAccessor(ctx, objectID)
 
 	// when the API returns a 404 it means that you don't have permission (no-access), or the object does not exist
 	if coreapi.IsNotFoundError(err) {
@@ -974,47 +977,24 @@ func (d *SettingsClient) UpsertPermission(ctx context.Context, objectID string,
 		return fmt.Errorf("failed to marshal permission: %w", err)
 	}
 
-	path, err := getPermissionPathWithID(objectID)
-	if err != nil {
-		return err
-	}
-
-	_, err = coreapi.AsResponseOrError(d.client.GET(
-		ctx,
-		path,
-		corerest.RequestOptions{CustomShouldRetryFunc: corerest.RetryIfTooManyRequests},
-	))
+	_, err = d.permissionClient.GetAllUsersAccessor(ctx, objectID)
 
 	// When there is no error the object is found and we update it.
 	if err == nil {
-		_, err = coreapi.AsResponseOrError(d.client.PUT(
-			ctx,
-			path,
-			bytes.NewReader(payload),
-			corerest.RequestOptions{CustomShouldRetryFunc: corerest.RetryIfTooManyRequests},
-		))
-
+		_, err = d.permissionClient.UpdateAllUsersAccessor(ctx, objectID, payload)
 		if err != nil {
 			return fmt.Errorf("failed to update permission: %w", err)
 		}
 
 		return nil
 	}
 
-	// On a 404 we step throw and try to create the object on remote in any other error we exit
+	// On a 404 we step through and try to create the object on remote in any other error we exit
 	if !coreapi.IsNotFoundError(err) {
 		return fmt.Errorf("failed to get permission: %w", err)
 	}
 
-	// endpoint for POST is different to PUT
-	path = strings.ReplaceAll(settingsPermissionAPIPath, "{objectId}", objectID)
-	_, err = coreapi.AsResponseOrError(d.client.POST(
-		ctx,
-		path,
-		bytes.NewReader(payload),
-		corerest.RequestOptions{CustomShouldRetryFunc: corerest.RetryIfTooManyRequests},
-	))
-
+	_, err = d.permissionClient.Create(ctx, objectID, payload)
 	if err != nil {
 		return fmt.Errorf("failed to create permission: %w", err)
 	}
@@ -1023,28 +1003,11 @@ func (d *SettingsClient) UpsertPermission(ctx context.Context, objectID string,
 }
 
 func (d *SettingsClient) DeletePermission(ctx context.Context, objectID string) error {
-	path, err := getPermissionPathWithID(objectID)
-	if err != nil {
-		return err
-	}
-	_, err = coreapi.AsResponseOrError(d.client.DELETE(
-		ctx,
-		path,
-		corerest.RequestOptions{CustomShouldRetryFunc: corerest.RetryIfTooManyRequests},
-	))
+	_, err := d.permissionClient.DeleteAllUsersAccessor(ctx, objectID)
 
 	// deployments with "none" for all-user will always try to delete. This could be an update (restricted to shared) or it stays the same (delete 404)
 	if err != nil && !coreapi.IsNotFoundError(err) {
 		return fmt.Errorf("failed to delete permission object: %w", err)
 	}
 	return nil
 }
-
-// When using the settingsPermissionAllUsersAPIPath we need to add the objectID into path
-func getPermissionPathWithID(id string) (string, error) {
-	if id == "" {
-		return "", fmt.Errorf("id cannot be empty")
-	}
-
-	return strings.ReplaceAll(settingsPermissionAllUsersAPIPath, "{objectId}", id), nil
-}