chore: support set roles for user in workspace level & support group (#82)

* chore: support set roles for user in workspace level

* fix: lint

* fix: test

* chore: support group

* fix: test

* fix: test

* chore: update examples

Author: ecmadao

VERSION

@@ -1 +1 @@
-1.0.4
+1.0.5

api/client.go

@@ -76,7 +76,7 @@ type Client interface {
 	// GetProjectIAMPolicy gets the project IAM policy by project full name.
 	GetProjectIAMPolicy(ctx context.Context, projectName string) (*v1pb.IamPolicy, error)
 	// SetProjectIAMPolicy sets the project IAM policy.
-	SetProjectIAMPolicy(ctx context.Context, projectName string, iamPolicy *v1pb.IamPolicy) (*v1pb.IamPolicy, error)
+	SetProjectIAMPolicy(ctx context.Context, projectName string, update *v1pb.SetIamPolicyRequest) (*v1pb.IamPolicy, error)
 
 	// Setting
 	// ListSettings lists all settings.
@@ -98,7 +98,7 @@ type Client interface {
 	// CreateVCSProvider creates the vcs provider.
 	CreateVCSProvider(ctx context.Context, vcsID string, vcs *v1pb.VCSProvider) (*v1pb.VCSProvider, error)
 	// UpdateVCSProvider updates the vcs provider.
-	UpdateVCSProvider(ctx context.Context, patch *v1pb.VCSProvider, updateMasks []string) (*v1pb.VCSConnector, error)
+	UpdateVCSProvider(ctx context.Context, patch *v1pb.VCSProvider, updateMasks []string) (*v1pb.VCSProvider, error)
 	// DeleteVCSProvider deletes the vcs provider.
 	DeleteVCSProvider(ctx context.Context, name string) error
 
@@ -127,4 +127,22 @@ type Client interface {
 	DeleteUser(ctx context.Context, userName string) error
 	// UndeleteUser undeletes the user by name.
 	UndeleteUser(ctx context.Context, userName string) (*v1pb.User, error)
+
+	// Group
+	// ListGroup list all groups.
+	ListGroup(ctx context.Context) (*v1pb.ListGroupsResponse, error)
+	// CreateGroup creates the group.
+	CreateGroup(ctx context.Context, email string, group *v1pb.Group) (*v1pb.Group, error)
+	// GetGroup gets the group by name.
+	GetGroup(ctx context.Context, name string) (*v1pb.Group, error)
+	// UpdateGroup updates the group.
+	UpdateGroup(ctx context.Context, patch *v1pb.Group, updateMasks []string) (*v1pb.Group, error)
+	// DeleteGroup deletes the group by name.
+	DeleteGroup(ctx context.Context, name string) error
+
+	// Workspace
+	// GetWorkspaceIAMPolicy gets the workspace IAM policy.
+	GetWorkspaceIAMPolicy(ctx context.Context) (*v1pb.IamPolicy, error)
+	// SetWorkspaceIAMPolicy sets the workspace IAM policy.
+	SetWorkspaceIAMPolicy(ctx context.Context, setIamPolicyRequest *v1pb.SetIamPolicyRequest) (*v1pb.IamPolicy, error)
 }

client/group.go

@@ -0,0 +1,92 @@
+package client
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"strings"
+
+	v1pb "github.com/bytebase/bytebase/proto/generated-go/v1"
+	"google.golang.org/protobuf/encoding/protojson"
+)
+
+// ListGroup list all groups.
+func (c *client) ListGroup(ctx context.Context) (*v1pb.ListGroupsResponse, error) {
+	req, err := http.NewRequestWithContext(ctx, "GET", fmt.Sprintf("%s/%s/groups", c.url, c.version), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	body, err := c.doRequest(req)
+	if err != nil {
+		return nil, err
+	}
+
+	var res v1pb.ListGroupsResponse
+	if err := ProtojsonUnmarshaler.Unmarshal(body, &res); err != nil {
+		return nil, err
+	}
+
+	return &res, nil
+}
+
+// CreateGroup creates the group.
+func (c *client) CreateGroup(ctx context.Context, email string, group *v1pb.Group) (*v1pb.Group, error) {
+	payload, err := protojson.Marshal(group)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "POST", fmt.Sprintf("%s/%s/groups?groupEmail=%s", c.url, c.version, email), strings.NewReader(string(payload)))
+
+	if err != nil {
+		return nil, err
+	}
+
+	body, err := c.doRequest(req)
+	if err != nil {
+		return nil, err
+	}
+
+	var res v1pb.Group
+	if err := ProtojsonUnmarshaler.Unmarshal(body, &res); err != nil {
+		return nil, err
+	}
+
+	return &res, nil
+}
+
+// GetGroup gets the group by name.
+func (c *client) GetGroup(ctx context.Context, name string) (*v1pb.Group, error) {
+	body, err := c.getResource(ctx, name)
+	if err != nil {
+		return nil, err
+	}
+
+	var res v1pb.Group
+	if err := ProtojsonUnmarshaler.Unmarshal(body, &res); err != nil {
+		return nil, err
+	}
+
+	return &res, nil
+}
+
+// UpdateGroup updates the group.
+func (c *client) UpdateGroup(ctx context.Context, patch *v1pb.Group, updateMasks []string) (*v1pb.Group, error) {
+	body, err := c.updateResource(ctx, patch.Name, patch, updateMasks, false /* allow missing = false*/)
+	if err != nil {
+		return nil, err
+	}
+
+	var res v1pb.Group
+	if err := ProtojsonUnmarshaler.Unmarshal(body, &res); err != nil {
+		return nil, err
+	}
+
+	return &res, nil
+}
+
+// DeleteGroup deletes the group by name.
+func (c *client) DeleteGroup(ctx context.Context, name string) error {
+	return c.deleteResource(ctx, name)
+}

client/project.go

@@ -41,10 +41,8 @@ func (c *client) GetProjectIAMPolicy(ctx context.Context, projectName string) (*
 }
 
 // SetProjectIAMPolicy sets the project IAM policy.
-func (c *client) SetProjectIAMPolicy(ctx context.Context, projectName string, iamPolicy *v1pb.IamPolicy) (*v1pb.IamPolicy, error) {
-	payload, err := protojson.Marshal(&v1pb.SetIamPolicyRequest{
-		Policy: iamPolicy,
-	})
+func (c *client) SetProjectIAMPolicy(ctx context.Context, projectName string, update *v1pb.SetIamPolicyRequest) (*v1pb.IamPolicy, error) {
+	payload, err := protojson.Marshal(update)
 	if err != nil {
 		return nil, err
 	}

client/vcs.go

@@ -72,13 +72,13 @@ func (c *client) CreateVCSProvider(ctx context.Context, vcsID string, vcs *v1pb.
 }
 
 // UpdateVCSProvider updates the vcs provider.
-func (c *client) UpdateVCSProvider(ctx context.Context, patch *v1pb.VCSProvider, updateMasks []string) (*v1pb.VCSConnector, error) {
+func (c *client) UpdateVCSProvider(ctx context.Context, patch *v1pb.VCSProvider, updateMasks []string) (*v1pb.VCSProvider, error) {
 	body, err := c.updateResource(ctx, patch.Name, patch, updateMasks, false /* allow missing = false*/)
 	if err != nil {
 		return nil, err
 	}
 
-	var res v1pb.VCSConnector
+	var res v1pb.VCSProvider
 	if err := ProtojsonUnmarshaler.Unmarshal(body, &res); err != nil {
 		return nil, err
 	}

client/workspace.go

@@ -0,0 +1,52 @@
+package client
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"strings"
+
+	v1pb "github.com/bytebase/bytebase/proto/generated-go/v1"
+	"google.golang.org/protobuf/encoding/protojson"
+)
+
+// GetWorkspaceIAMPolicy gets the workspace IAM policy.
+func (c *client) GetWorkspaceIAMPolicy(ctx context.Context) (*v1pb.IamPolicy, error) {
+	body, err := c.getResource(ctx, "workspaces/-:getIamPolicy")
+	if err != nil {
+		return nil, err
+	}
+
+	var res v1pb.IamPolicy
+	if err := ProtojsonUnmarshaler.Unmarshal(body, &res); err != nil {
+		return nil, err
+	}
+
+	return &res, nil
+}
+
+// SetWorkspaceIAMPolicy sets the workspace IAM policy.
+func (c *client) SetWorkspaceIAMPolicy(ctx context.Context, setIamPolicyRequest *v1pb.SetIamPolicyRequest) (*v1pb.IamPolicy, error) {
+	payload, err := protojson.Marshal(setIamPolicyRequest)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "POST", fmt.Sprintf("%s/%s/%s:setIamPolicy", c.url, c.version, "workspaces/-"), strings.NewReader(string(payload)))
+
+	if err != nil {
+		return nil, err
+	}
+
+	body, err := c.doRequest(req)
+	if err != nil {
+		return nil, err
+	}
+
+	var res v1pb.IamPolicy
+	if err := ProtojsonUnmarshaler.Unmarshal(body, &res); err != nil {
+		return nil, err
+	}
+
+	return &res, nil
+}

docs/data-sources/group.md

@@ -0,0 +1,40 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "bytebase_group Data Source - terraform-provider-bytebase"
+subcategory: ""
+description: |-
+  The group data source.
+---
+
+# bytebase_group (Data Source)
+
+The group data source.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The group name in groups/{email} format.
+
+### Read-Only
+
+- `create_time` (String) The group create time in YYYY-MM-DDThh:mm:ss.000Z format
+- `creator` (String) The group creator in users/{email} format.
+- `description` (String) The group description.
+- `id` (String) The ID of this resource.
+- `members` (Set of Object) The members in the group. (see [below for nested schema](#nestedatt--members))
+- `source` (String) Source means where the group comes from. For now we support Entra ID SCIM sync, so the source could be Entra ID.
+- `title` (String) The group title.
+
+<a id="nestedatt--members"></a>
+### Nested Schema for `members`
+
+Read-Only:
+
+- `member` (String)
+- `role` (String)
+
+

docs/data-sources/group_list.md

@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "bytebase_group_list Data Source - terraform-provider-bytebase"
+subcategory: ""
+description: |-
+  The group data source list.
+---
+
+# bytebase_group_list (Data Source)
+
+The group data source list.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `groups` (List of Object) (see [below for nested schema](#nestedatt--groups))
+- `id` (String) The ID of this resource.
+
+<a id="nestedatt--groups"></a>
+### Nested Schema for `groups`
+
+Read-Only:
+
+- `create_time` (String)
+- `creator` (String)
+- `description` (String)
+- `members` (Set of Object) (see [below for nested schema](#nestedobjatt--groups--members))
+- `name` (String)
+- `source` (String)
+- `title` (String)
+
+<a id="nestedobjatt--groups--members"></a>
+### Nested Schema for `groups.members`
+
+Read-Only:
+
+- `member` (String)
+- `role` (String)
+
+

docs/data-sources/instance.md

@@ -23,10 +23,13 @@ The instance data source.
 
 - `data_sources` (List of Object) (see [below for nested schema](#nestedatt--data_sources))
 - `engine` (String) The instance engine. Support MYSQL, POSTGRES, TIDB, SNOWFLAKE, CLICKHOUSE, MONGODB, SQLITE, REDIS, ORACLE, SPANNER, MSSQL, REDSHIFT, MARIADB, OCEANBASE.
+- `engine_version` (String) The engine version.
 - `environment` (String) The environment name for your instance in "environments/{resource id}" format.
 - `external_link` (String) The external console URL managing this instance (e.g. AWS RDS console, your in-house DB instance console)
 - `id` (String) The ID of this resource.
+- `maximum_connections` (Number) The maximum number of connections. The default value is 10.
 - `name` (String) The instance full name in instances/{resource id} format.
+- `sync_interval` (Number) How often the instance is synced in seconds. Default 0, means never sync.
 - `title` (String) The instance title.
 
 <a id="nestedatt--data_sources"></a>

docs/data-sources/instance_list.md

@@ -31,10 +31,13 @@ Read-Only:
 
 - `data_sources` (List of Object) (see [below for nested schema](#nestedobjatt--instances--data_sources))
 - `engine` (String)
+- `engine_version` (String)
 - `environment` (String)
 - `external_link` (String)
+- `maximum_connections` (Number)
 - `name` (String)
 - `resource_id` (String)
+- `sync_interval` (Number)
 - `title` (String)
 
 <a id="nestedobjatt--instances--data_sources"></a>

docs/data-sources/user.md

@@ -27,6 +27,7 @@ The user data source.
 - `last_login_time` (String) The user last login time.
 - `mfa_enabled` (Boolean) The mfa_enabled flag means if the user has enabled MFA.
 - `phone` (String) The user phone.
+- `roles` (Set of String) The user's roles in the workspace level
 - `source` (String) Source means where the user comes from. For now we support Entra ID SCIM sync, so the source could be Entra ID.
 - `state` (String) The user is deleted or not.
 - `title` (String) The user title.

docs/data-sources/user_list.md

@@ -35,6 +35,7 @@ Read-Only:
 - `mfa_enabled` (Boolean)
 - `name` (String)
 - `phone` (String)
+- `roles` (Set of String)
 - `source` (String)
 - `state` (String)
 - `title` (String)

docs/resources/group.md

@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "bytebase_group Resource - terraform-provider-bytebase"
+subcategory: ""
+description: |-
+  The group resource.
+---
+
+# bytebase_group (Resource)
+
+The group resource.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `email` (String) The group email.
+- `members` (Block Set, Min: 1) The members in the group. (see [below for nested schema](#nestedblock--members))
+- `title` (String) The group title.
+
+### Optional
+
+- `description` (String) The group description.
+
+### Read-Only
+
+- `create_time` (String) The group create time in YYYY-MM-DDThh:mm:ss.000Z format
+- `creator` (String) The group creator in users/{email} format.
+- `id` (String) The ID of this resource.
+- `name` (String) The group name in groups/{email} format.
+- `source` (String) Source means where the group comes from. For now we support Entra ID SCIM sync, so the source could be Entra ID.
+
+<a id="nestedblock--members"></a>
+### Nested Schema for `members`
+
+Required:
+
+- `member` (String) The member in users/{email} format.
+- `role` (String) The member's role in the group.
+
+