Prepare 2.7.0 release (#98)

* prepare release (#80) (#188) * Do not allow 0% segment rule weights (#189) * Prevent users from setting a 0% rollout * Update changelog * Fix bug * Fix flag trigger creation panic (#190) * Backmerge/release 2.4.1 (#191) * Backmerge v2.4.1 * fix merge conflicts * Add Slack webhooks to audit_log_subscription (#192) * backmerge v2.5.0 (#193) * Use jennifer to generate audit log subscription configs (#194) * Run terraform provider acceptance tests daily and notify of failures (#196) * Update changelog branch (#195) * [ sc-143291] update autogenerated audit_log_subscription configs (#197) * update autogenerated configs to account for hideMemberDetails change to DDog integration * update changelog * Add test * Update CHANGELOG.md Co-authored-by: Henry Barrow <[email protected]> Co-authored-by: Henry Barrow <[email protected]> * Increase checkpoint-api.harhicorp.com timeout to 10s (#198) * Updated destination tests to use random env keys to avoid env conflict errors * [sc 148065] add approvals bypass to terraform docs (#200) * update docs to mention bypassing approval requests * update changelog * typo * Apply suggestions from code review Co-authored-by: Henry Barrow <[email protected]> Co-authored-by: Henry Barrow <[email protected]> * Backmerge/release 2.6.0 (#201) * prepare release (#80) * Prepare 2.4.1 release (#82) * prepare 2.5.0 release (#87) Co-authored-by: Isabelle Miller <[email protected]> * prepare 2.6.0 release (#91) * prepare release (#80) (#188) * Do not allow 0% segment rule weights (#189) * Prevent users from setting a 0% rollout * Update changelog * Fix bug * Fix flag trigger creation panic (#190) * Backmerge/release 2.4.1 (#191) * Backmerge v2.4.1 * fix merge conflicts * Add Slack webhooks to audit_log_subscription (#192) * backmerge v2.5.0 (#193) * Use jennifer to generate audit log subscription configs (#194) * Run terraform provider acceptance tests daily and notify of failures (#196) * Update changelog branch (#195) * [ sc-143291] update autogenerated audit_log_subscription configs (#197) * update autogenerated configs to account for hideMemberDetails change to DDog integration * update changelog * Add test * Update CHANGELOG.md Co-authored-by: Henry Barrow <[email protected]> Co-authored-by: Henry Barrow <[email protected]> * Increase checkpoint-api.harhicorp.com timeout to 10s (#198) * Updated destination tests to use random env keys to avoid env conflict errors * [sc 148065] add approvals bypass to terraform docs (#200) * update docs to mention bypassing approval requests * update changelog * typo * Apply suggestions from code review Co-authored-by: Henry Barrow <[email protected]> Co-authored-by: Henry Barrow <[email protected]> * prepare 2.5.1 release Co-authored-by: Isabelle Miller <[email protected]> Co-authored-by: Henry Barrow <[email protected]> Co-authored-by: Clifford Tawiah <[email protected]> Co-authored-by: Cliff Tawiah <[email protected]> Co-authored-by: Isabelle Miller <[email protected]> Co-authored-by: Henry Barrow <[email protected]> Co-authored-by: Clifford Tawiah <[email protected]> Co-authored-by: Cliff Tawiah <[email protected]> * fix doc issues (#202) * [sc-149869] roll back documentation changes regarding (#203) * Revert "[sc 148065] add approvals bypass to terraform docs (#200)" This reverts commit e722f06. * update changelog * update changelog * backmerge 2.6.1 (#204) * Imiller/sc 151834/add base permissions to custom role resource (#205) * update changelog * messed up the version number * add base permissions to custom role resource & doc * update tests * auto-generate integration configs Co-authored-by: Henry Barrow <[email protected]> Co-authored-by: Fabian <[email protected]> Co-authored-by: Clifford Tawiah <[email protected]> Co-authored-by: Cliff Tawiah <[email protected]>
launchdarkly · May 5, 2022 · 17292e6 · 17292e6
1 parent 9f560bd
commit 17292e6
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,12 @@
+## [2.7.0] (Unreleased)
+
+FEATURES:
+
+- Added the `base_permissions` field to the `launchdarkly_custom_role` resource.
+
 ## [2.6.1] (April 12, 2022)
 
-NOTES: 
+NOTES:
 
 - Removed callout to `bypassRequiredApproval` action in documentation pending further development.
 - Fix formatting in some documentation
@@ -9,7 +15,7 @@ NOTES:
 
 ENHANCEMENTS:
 
-- Added the `hide_member_details` argument to the Datadog `config` for the `launchdarkly_audit_log_subscription` resource.  When `hide_member_details` is `true`, LaunchDarkly member information will be redacted before events are sent to Datadog.
+- Added the `hide_member_details` argument to the Datadog `config` for the `launchdarkly_audit_log_subscription` resource. When `hide_member_details` is `true`, LaunchDarkly member information will be redacted before events are sent to Datadog.
 
 NOTES:
 

diff --git a/launchdarkly/audit_log_subscription_configs_generated.go b/launchdarkly/audit_log_subscription_configs_generated.go
diff --git a/launchdarkly/keys.go b/launchdarkly/keys.go
@@ -9,6 +9,7 @@ const (
 	APPROVAL_SETTINGS                = "approval_settings"
 	ARCHIVED                         = "archived"
 	ATTRIBUTE                        = "attribute"
+	BASE_PERMISSIONS                 = "base_permissions"
 	BUCKET_BY                        = "bucket_by"
 	CAN_APPLY_DECLINED_CHANGES       = "can_apply_declined_changes"
 	CAN_REVIEW_OWN_REQUEST           = "can_review_own_request"

diff --git a/launchdarkly/resource_launchdarkly_custom_role.go b/launchdarkly/resource_launchdarkly_custom_role.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 
 	ldapi "github.com/launchdarkly/api-client-go/v7"
 )
@@ -41,6 +42,13 @@ func resourceCustomRole() *schema.Resource {
 				Optional:    true,
 				Description: "Description of the custom role",
 			},
+			BASE_PERMISSIONS: {
+				Type:             schema.TypeString,
+				Optional:         true,
+				Description:      "The base permission level - either reader or no_access. Defaults to reader",
+				ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"reader", "no_access"}, false)),
+				Default:          "reader",
+			},
 			POLICY:            policyArraySchema(),
 			POLICY_STATEMENTS: policyStatementsSchema(policyStatementSchemaOptions{}),
 		},
@@ -52,6 +60,7 @@ func resourceCustomRoleCreate(ctx context.Context, d *schema.ResourceData, metaR
 	customRoleKey := d.Get(KEY).(string)
 	customRoleName := d.Get(NAME).(string)
 	customRoleDescription := d.Get(DESCRIPTION).(string)
+	customRoleBasePermissions := d.Get(BASE_PERMISSIONS).(string)
 	customRolePolicies := policiesFromResourceData(d)
 	policyStatements, err := policyStatementsFromResourceData(d.Get(POLICY_STATEMENTS).([]interface{}))
 	if err != nil {
@@ -67,6 +76,9 @@ func resourceCustomRoleCreate(ctx context.Context, d *schema.ResourceData, metaR
 		Description: ldapi.PtrString(customRoleDescription),
 		Policy:      customRolePolicies,
 	}
+	if customRoleBasePermissions != "" {
+		customRoleBody.BasePermissions = ldapi.PtrString(customRoleBasePermissions)
+	}
 
 	_, _, err = client.ld.CustomRolesApi.PostCustomRole(client.ctx).CustomRolePost(customRoleBody).Execute()
 
@@ -102,6 +114,7 @@ func resourceCustomRoleRead(ctx context.Context, d *schema.ResourceData, metaRaw
 	_ = d.Set(KEY, customRole.Key)
 	_ = d.Set(NAME, customRole.Name)
 	_ = d.Set(DESCRIPTION, customRole.Description)
+	_ = d.Set(BASE_PERMISSIONS, customRole.BasePermissions)
 
 	// Because "policy" is now deprecated in favor of "policy_statements", only set "policy" if it has
 	// already been set by the user.
@@ -128,6 +141,7 @@ func resourceCustomRoleUpdate(ctx context.Context, d *schema.ResourceData, metaR
 	customRoleKey := d.Get(KEY).(string)
 	customRoleName := d.Get(NAME).(string)
 	customRoleDescription := d.Get(DESCRIPTION).(string)
+	customRoleBasePermissions := d.Get(BASE_PERMISSIONS).(string)
 	customRolePolicies := policiesFromResourceData(d)
 	policyStatements, err := policyStatementsFromResourceData(d.Get(POLICY_STATEMENTS).([]interface{}))
 	if err != nil {
@@ -143,6 +157,9 @@ func resourceCustomRoleUpdate(ctx context.Context, d *schema.ResourceData, metaR
 			patchReplace("/description", &customRoleDescription),
 			patchReplace("/policy", &customRolePolicies),
 		}}
+	if customRoleBasePermissions != "" {
+		patch.Patch = append(patch.Patch, patchReplace("/basePermissions", &customRoleBasePermissions))
+	}
 
 	_, _, err = client.ld.CustomRolesApi.PatchCustomRole(client.ctx, customRoleKey).PatchWithComment(patch).Execute()
 	if err != nil {

diff --git a/launchdarkly/resource_launchdarkly_custom_role_test.go b/launchdarkly/resource_launchdarkly_custom_role_test.go
@@ -14,7 +14,8 @@ const (
 	resource "launchdarkly_custom_role" "test" {
 		key = "%s"
 		name = "Custom role - %s"
-		description= "Deny all actions on production environments"
+		description = "Deny all actions on production environments"
+		base_permissions = "no_access"
 		policy {
 			actions = ["*"]	
 			effect = "deny"
@@ -100,6 +101,7 @@ func TestAccCustomRole_Create(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, KEY, key),
 					resource.TestCheckResourceAttr(resourceName, NAME, "Custom role - "+name),
 					resource.TestCheckResourceAttr(resourceName, DESCRIPTION, "Deny all actions on production environments"),
+					resource.TestCheckResourceAttr(resourceName, BASE_PERMISSIONS, "no_access"),
 					resource.TestCheckResourceAttr(resourceName, "policy.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "policy.0.actions.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "policy.0.actions.0", "*"),
@@ -164,6 +166,7 @@ func TestAccCustomRole_CreateWithNotStatements(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, KEY, key),
 					resource.TestCheckResourceAttr(resourceName, NAME, "Custom role - "+name),
 					resource.TestCheckResourceAttr(resourceName, DESCRIPTION, "Don't allow all actions on non-staging environments"),
+					resource.TestCheckResourceAttr(resourceName, BASE_PERMISSIONS, "reader"),
 					resource.TestCheckResourceAttr(resourceName, "policy.#", "0"),
 					resource.TestCheckResourceAttr(resourceName, "policy_statements.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "policy_statements.0.not_actions.#", "1"),
@@ -205,6 +208,7 @@ func TestAccCustomRole_Update(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, KEY, key),
 					resource.TestCheckResourceAttr(resourceName, NAME, "Updated - "+name),
 					resource.TestCheckResourceAttr(resourceName, DESCRIPTION, ""), // should be empty after removal
+					resource.TestCheckResourceAttr(resourceName, BASE_PERMISSIONS, "reader"),
 					resource.TestCheckResourceAttr(resourceName, "policy.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "policy.0.actions.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "policy.0.actions.0", "*"),

diff --git a/website/docs/r/custom_role.html.markdown b/website/docs/r/custom_role.html.markdown
@@ -42,6 +42,8 @@ resource "launchdarkly_custom_role" "example" {
 
 - `description` - (Optional) The description of the custom role.
 
+- `base_permissions` - (Optional) The base permission level. Either `reader` or `no_access`. Defaults to `reader` if not set.
+
 - `policy_statements` - (Required) The custom role policy block. To learn more, read [Policies in custom roles](https://docs.launchdarkly.com/docs/policies-in-custom-roles).
 
 Custom role `policy_statements` blocks are composed of the following arguments: