Approval (#250)

* Adds a Project Approval Rule resource

Co-authored-by: Julien Pivotto <roidelapluie>
Co-authored-by: Chris Gerber <[email protected]>
Co-authored-by: Emily Ring <[email protected]>

Author: 3 people

docs/resources/project_approval_rule.md

@@ -0,0 +1,49 @@
+# gitlab\_project\_approval\_rule
+
+This resource allows you to create and manage multiple approval rules for your GitLab
+projects. For further information on approval rules, consult the [gitlab
+documentation](https://docs.gitlab.com/ee/api/merge_request_approvals.html#project-level-mr-approvals).
+
+-> This feature requires a GitLab Starter account or above.
+
+## Example Usage
+
+```hcl
+resource "gitlab_project_approval_rule" "example-one" {
+  project            = 5
+  name               = "Example Rule 1"
+  approvals_required = 3
+  user_ids           = [50, 500]
+  group_ids          = [51]
+}
+
+resource "gitlab_project_approval_rule" "example-two" {
+  project            = 5
+  name               = "Example Rule 2"
+  approvals_required = 1
+  user_ids           = []
+  group_ids          = [52]
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `project` - (Required, string) The name or id of the project to add the approval rules.
+
+* `name` - (Required) The name of the approval rule.
+
+* `approvals_required` - (Required) The number of approvals required for this rule.
+
+* `user_ids` - (Optional)  A list of specific User IDs to add to the list of approvers.
+
+* `group_ids` - (Optional) A list of group IDs who's members can approve of the merge request
+
+## Import
+
+GitLab project approval rules can be imported using an id consisting of `project-id:rule-id`, e.g.
+
+```
+$ terraform import gitlab_project_approval_rule.example "12345:6"
+```

gitlab/provider.go

@@ -93,6 +93,7 @@ func Provider() terraform.ResourceProvider {
 			"gitlab_instance_cluster":           resourceGitlabInstanceCluster(),
 			"gitlab_project_mirror":             resourceGitlabProjectMirror(),
 			"gitlab_project_level_mr_approvals": resourceGitlabProjectLevelMRApprovals(),
+			"gitlab_project_approval_rule":      resourceGitlabProjectApprovalRule(),
 		},
 	}
 

gitlab/resource_gitlab_project_approval_rule.go

@@ -0,0 +1,227 @@
+package gitlab
+
+import (
+	"errors"
+	"log"
+	"strconv"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	gitlab "github.com/xanzy/go-gitlab"
+)
+
+// https://docs.gitlab.com/ee/api/merge_request_approvals.html#create-project-level-rule
+var errApprovalRuleNotFound = errors.New("approval rule not found")
+
+func resourceGitlabProjectApprovalRule() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceGitlabProjectApprovalRuleCreate,
+		Read:   resourceGitlabProjectApprovalRuleRead,
+		Update: resourceGitlabProjectApprovalRuleUpdate,
+		Delete: resourceGitlabProjectApprovalRuleDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"project": {
+				Type:     schema.TypeString,
+				ForceNew: true,
+				Required: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"approvals_required": {
+				Type:     schema.TypeInt,
+				Required: true,
+			},
+			"user_ids": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeInt},
+				Set:      schema.HashInt,
+			},
+			"group_ids": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeInt},
+				Set:      schema.HashInt,
+			},
+		},
+	}
+}
+
+func resourceGitlabProjectApprovalRuleCreate(d *schema.ResourceData, meta interface{}) error {
+	options := gitlab.CreateProjectLevelRuleOptions{
+		Name:              gitlab.String(d.Get("name").(string)),
+		ApprovalsRequired: gitlab.Int(d.Get("approvals_required").(int)),
+		UserIDs:           expandApproverIds(d.Get("user_ids")),
+		GroupIDs:          expandApproverIds(d.Get("group_ids")),
+	}
+
+	project := d.Get("project").(string)
+
+	log.Printf("[DEBUG] Project %s create gitlab project-level rule %+v", project, options)
+
+	client := meta.(*gitlab.Client)
+
+	rule, _, err := client.Projects.CreateProjectApprovalRule(project, &options)
+	if err != nil {
+		return err
+	}
+
+	ruleIDString := strconv.Itoa(rule.ID)
+
+	d.SetId(buildTwoPartID(&project, &ruleIDString))
+
+	return resourceGitlabProjectApprovalRuleRead(d, meta)
+}
+
+func resourceGitlabProjectApprovalRuleRead(d *schema.ResourceData, meta interface{}) error {
+	log.Printf("[DEBUG] read gitlab project-level rule %s", d.Id())
+
+	projectID, _, err := parseTwoPartID(d.Id())
+	if err != nil {
+		return err
+	}
+	d.Set("project", projectID)
+
+	rule, err := getApprovalRuleByID(meta.(*gitlab.Client), d.Id())
+	if err != nil {
+		if errors.Is(err, errApprovalRuleNotFound) {
+			d.SetId("")
+			return nil
+		}
+		return err
+	}
+
+	d.Set("name", rule.Name)
+	d.Set("approvals_required", rule.ApprovalsRequired)
+
+	if err := d.Set("group_ids", flattenApprovalRuleGroupIDs(rule.Groups)); err != nil {
+		return err
+	}
+
+	if err := d.Set("user_ids", flattenApprovalRuleUserIDs(rule.Users)); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func resourceGitlabProjectApprovalRuleUpdate(d *schema.ResourceData, meta interface{}) error {
+	projectID, ruleID, err := parseTwoPartID(d.Id())
+	if err != nil {
+		return err
+	}
+
+	ruleIDInt, err := strconv.Atoi(ruleID)
+	if err != nil {
+		return err
+	}
+
+	options := gitlab.UpdateProjectLevelRuleOptions{
+		Name:              gitlab.String(d.Get("name").(string)),
+		ApprovalsRequired: gitlab.Int(d.Get("approvals_required").(int)),
+		UserIDs:           expandApproverIds(d.Get("user_ids")),
+		GroupIDs:          expandApproverIds(d.Get("group_ids")),
+	}
+
+	log.Printf("[DEBUG] Project %s update gitlab project-level approval rule %s", projectID, *options.Name)
+
+	client := meta.(*gitlab.Client)
+
+	_, _, err = client.Projects.UpdateProjectApprovalRule(projectID, ruleIDInt, &options)
+	if err != nil {
+		return err
+	}
+
+	return resourceGitlabProjectApprovalRuleRead(d, meta)
+}
+
+func resourceGitlabProjectApprovalRuleDelete(d *schema.ResourceData, meta interface{}) error {
+	project, ruleID, err := parseTwoPartID(d.Id())
+	if err != nil {
+		return err
+	}
+
+	ruleIDInt, err := strconv.Atoi(ruleID)
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] Project %s delete gitlab project-level approval rule %d", project, ruleIDInt)
+
+	client := meta.(*gitlab.Client)
+
+	_, err = client.Projects.DeleteProjectApprovalRule(project, ruleIDInt)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// getApprovalRuleByID checks the list of rules and finds the one that matches our rule ID.
+func getApprovalRuleByID(client *gitlab.Client, id string) (*gitlab.ProjectApprovalRule, error) {
+	projectID, ruleID, err := parseTwoPartID(id)
+	if err != nil {
+		return nil, err
+	}
+
+	ruleIDInt, err := strconv.Atoi(ruleID)
+	if err != nil {
+		return nil, err
+	}
+
+	log.Printf("[DEBUG] read approval rules for project %s", projectID)
+
+	rules, _, err := client.Projects.GetProjectApprovalRules(projectID)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, r := range rules {
+		if r.ID == ruleIDInt {
+			log.Printf("[DEBUG] found project-level rule %+v", r)
+			return r, nil
+		}
+	}
+
+	return nil, errApprovalRuleNotFound
+}
+
+// flattenApprovalRuleUserIDs flattens a list of approval user ids into a list
+// of ints for storage in state.
+func flattenApprovalRuleUserIDs(users []*gitlab.BasicUser) []int {
+	var userIDs []int
+
+	for _, user := range users {
+		userIDs = append(userIDs, user.ID)
+	}
+
+	return userIDs
+}
+
+// flattenApprovalRuleGroupIDs flattens a list of approval group ids into a list
+// of ints for storage in state.
+func flattenApprovalRuleGroupIDs(groups []*gitlab.Group) []int {
+	var groupIDs []int
+
+	for _, group := range groups {
+		groupIDs = append(groupIDs, group.ID)
+	}
+
+	return groupIDs
+}
+
+// expandApproverIds Expands an interface into a list of ints to read from state.
+func expandApproverIds(ids interface{}) []int {
+	var approverIDs []int
+
+	for _, id := range ids.(*schema.Set).List() {
+		approverIDs = append(approverIDs, id.(int))
+	}
+
+	return approverIDs
+}