Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Run Tasks permissions for Org. and Workspace #383

Merged
merged 1 commit into from May 4, 2022
Merged

Add Run Tasks permissions for Org. and Workspace #383

merged 1 commit into from May 4, 2022

Conversation

glennsarti
Copy link
Contributor

Description

This commit adds the beta API changes for the Run Tasks permissions
as per RFC TF-474:

  • Permission to modify Organization level Run Tasks
  • Permission to modify Workspace level Run Tasks

This commit also adds tests for these beta features.

Testing plan

  1. Create an Organization
  2. Query the Organization permissions and ensure the manage run tasks permission is populated correctly
  3. Create a Workspace
  4. Query the Workspace permissions and ensure the manage run tasks permission is populated correctly

External links

@glennsarti
Copy link
Contributor Author

ENABLE_BETA=1 go test -run TestTeamAccess -v ./... -tags=integration

=== RUN   TestTeamAccessesList
=== RUN   TestTeamAccessesList/with_valid_options
    team_access_integration_test.go:44: paging not supported yet in API
=== RUN   TestTeamAccessesList/with_list_options
    team_access_integration_test.go:50: paging not supported yet in API
=== RUN   TestTeamAccessesList/without_TeamAccessListOptions
=== RUN   TestTeamAccessesList/without_WorkspaceID_options
=== RUN   TestTeamAccessesList/without_a_valid_workspaceID
--- PASS: TestTeamAccessesList (5.21s)
    --- SKIP: TestTeamAccessesList/with_valid_options (0.31s)
    --- SKIP: TestTeamAccessesList/with_list_options (0.00s)
    --- PASS: TestTeamAccessesList/without_TeamAccessListOptions (0.00s)
    --- PASS: TestTeamAccessesList/without_WorkspaceID_options (0.00s)
    --- PASS: TestTeamAccessesList/without_a_valid_workspaceID (0.00s)
=== RUN   TestTeamAccessesAdd
=== RUN   TestTeamAccessesAdd/with_valid_options
=== RUN   TestTeamAccessesAdd/with_valid_custom_options
=== RUN   TestTeamAccessesAdd/with_invalid_custom_options
=== RUN   TestTeamAccessesAdd/when_the_team_already_has_access
=== RUN   TestTeamAccessesAdd/when_options_is_missing_access
=== RUN   TestTeamAccessesAdd/when_options_is_missing_team
=== RUN   TestTeamAccessesAdd/when_options_is_missing_workspace
--- PASS: TestTeamAccessesAdd (5.41s)
    --- PASS: TestTeamAccessesAdd/with_valid_options (0.81s)
    --- PASS: TestTeamAccessesAdd/with_valid_custom_options (0.72s)
    --- PASS: TestTeamAccessesAdd/with_invalid_custom_options (0.24s)
    --- PASS: TestTeamAccessesAdd/when_the_team_already_has_access (1.53s)
    --- PASS: TestTeamAccessesAdd/when_options_is_missing_access (0.00s)
    --- PASS: TestTeamAccessesAdd/when_options_is_missing_team (0.00s)
    --- PASS: TestTeamAccessesAdd/when_options_is_missing_workspace (0.00s)
=== RUN   TestTeamAccessesRead
=== RUN   TestTeamAccessesRead/when_the_team_access_exists
=== RUN   TestTeamAccessesRead/when_the_team_access_exists/permission_attributes_are_decoded
=== RUN   TestTeamAccessesRead/when_the_team_access_exists/team_relationship_is_decoded
=== RUN   TestTeamAccessesRead/when_the_team_access_exists/workspace_relationship_is_decoded
=== RUN   TestTeamAccessesRead/when_the_team_access_does_not_exist
=== RUN   TestTeamAccessesRead/without_a_valid_team_access_ID
--- PASS: TestTeamAccessesRead (3.15s)
    --- PASS: TestTeamAccessesRead/when_the_team_access_exists (0.24s)
        --- PASS: TestTeamAccessesRead/when_the_team_access_exists/permission_attributes_are_decoded (0.00s)
        --- PASS: TestTeamAccessesRead/when_the_team_access_exists/team_relationship_is_decoded (0.00s)
        --- PASS: TestTeamAccessesRead/when_the_team_access_exists/workspace_relationship_is_decoded (0.00s)
    --- PASS: TestTeamAccessesRead/when_the_team_access_does_not_exist (0.22s)
    --- PASS: TestTeamAccessesRead/without_a_valid_team_access_ID (0.00s)
=== RUN   TestTeamAccessesUpdate
=== RUN   TestTeamAccessesUpdate/with_valid_attributes
--- PASS: TestTeamAccessesUpdate (2.89s)
    --- PASS: TestTeamAccessesUpdate/with_valid_attributes (0.25s)
=== RUN   TestTeamAccessesRemove
=== RUN   TestTeamAccessesRemove/with_valid_options
=== RUN   TestTeamAccessesRemove/when_the_team_access_does_not_exist
=== RUN   TestTeamAccessesRemove/when_the_team_access_ID_is_invalid
--- PASS: TestTeamAccessesRemove (2.91s)
    --- PASS: TestTeamAccessesRemove/with_valid_options (0.46s)
    --- PASS: TestTeamAccessesRemove/when_the_team_access_does_not_exist (0.22s)
    --- PASS: TestTeamAccessesRemove/when_the_team_access_ID_is_invalid (0.00s)
=== RUN   TestTeamAccessesReadRunTasks
=== RUN   TestTeamAccessesReadRunTasks/when_the_team_access_exists
=== RUN   TestTeamAccessesReadRunTasks/when_the_team_access_exists/permission_attributes_are_decoded
--- PASS: TestTeamAccessesReadRunTasks (2.93s)
    --- PASS: TestTeamAccessesReadRunTasks/when_the_team_access_exists (0.26s)
        --- PASS: TestTeamAccessesReadRunTasks/when_the_team_access_exists/permission_attributes_are_decoded (0.00s)
=== RUN   TestTeamAccessesUpdateRunTasks
=== RUN   TestTeamAccessesUpdateRunTasks/with_valid_attributes
--- PASS: TestTeamAccessesUpdateRunTasks (3.04s)
    --- PASS: TestTeamAccessesUpdateRunTasks/with_valid_attributes (0.41s)
PASS
ok      github.com/hashicorp/go-tfe     26.047s
?       github.com/hashicorp/go-tfe/examples/organizations      [no test files]
?       github.com/hashicorp/go-tfe/examples/workspaces [no test files]
?       github.com/hashicorp/go-tfe/mocks       [no test files]

@glennsarti
Copy link
Contributor Author

ENABLE_BETA=1 go test -run TestOrganizations -v ./... -tags=integration

=== RUN   TestOrganizationsList
=== RUN   TestOrganizationsList/with_no_list_options
    organization_integration_test.go:32: paging not supported yet in API
=== RUN   TestOrganizationsList/with_list_options
    organization_integration_test.go:38: paging not supported yet in API
--- PASS: TestOrganizationsList (3.05s)
    --- SKIP: TestOrganizationsList/with_no_list_options (0.47s)
    --- SKIP: TestOrganizationsList/with_list_options (0.00s)
=== RUN   TestOrganizationsCreate
=== RUN   TestOrganizationsCreate/with_valid_options
=== RUN   TestOrganizationsCreate/when_no_email_is_provided
=== RUN   TestOrganizationsCreate/when_no_name_is_provided
=== RUN   TestOrganizationsCreate/with_invalid_name
--- PASS: TestOrganizationsCreate (1.03s)
    --- PASS: TestOrganizationsCreate/with_valid_options (0.70s)
    --- PASS: TestOrganizationsCreate/when_no_email_is_provided (0.00s)
    --- PASS: TestOrganizationsCreate/when_no_name_is_provided (0.00s)
    --- PASS: TestOrganizationsCreate/with_invalid_name (0.00s)
=== RUN   TestOrganizationsRead
=== RUN   TestOrganizationsRead/when_the_org_exists
=== RUN   TestOrganizationsRead/when_the_org_exists/permissions_are_properly_decoded
=== RUN   TestOrganizationsRead/when_the_org_exists/timestamps_are_populated
=== RUN   TestOrganizationsRead/with_invalid_name
=== RUN   TestOrganizationsRead/when_the_org_does_not_exist
--- PASS: TestOrganizationsRead (1.68s)
    --- PASS: TestOrganizationsRead/when_the_org_exists (0.39s)
        --- PASS: TestOrganizationsRead/when_the_org_exists/permissions_are_properly_decoded (0.00s)
        --- PASS: TestOrganizationsRead/when_the_org_exists/timestamps_are_populated (0.00s)
    --- PASS: TestOrganizationsRead/with_invalid_name (0.00s)
    --- PASS: TestOrganizationsRead/when_the_org_does_not_exist (0.24s)
=== RUN   TestOrganizationsUpdate
=== RUN   TestOrganizationsUpdate/with_TFC-only_options
=== RUN   TestOrganizationsUpdate/with_valid_options
=== RUN   TestOrganizationsUpdate/with_invalid_name
=== RUN   TestOrganizationsUpdate/when_only_updating_a_subset_of_fields
--- PASS: TestOrganizationsUpdate (4.03s)
    --- PASS: TestOrganizationsUpdate/with_TFC-only_options (1.13s)
    --- PASS: TestOrganizationsUpdate/with_valid_options (1.46s)
    --- PASS: TestOrganizationsUpdate/with_invalid_name (0.00s)
    --- PASS: TestOrganizationsUpdate/when_only_updating_a_subset_of_fields (1.11s)
=== RUN   TestOrganizationsDelete
=== RUN   TestOrganizationsDelete/with_valid_options
=== RUN   TestOrganizationsDelete/with_invalid_name
--- PASS: TestOrganizationsDelete (1.26s)
    --- PASS: TestOrganizationsDelete/with_valid_options (0.94s)
    --- PASS: TestOrganizationsDelete/with_invalid_name (0.00s)
=== RUN   TestOrganizationsReadCapacity
    organization_integration_test.go:239: Capacity queues are not available in the API
--- SKIP: TestOrganizationsReadCapacity (0.00s)
=== RUN   TestOrganizationsReadEntitlements
=== RUN   TestOrganizationsReadEntitlements/when_the_org_exists
=== RUN   TestOrganizationsReadEntitlements/with_invalid_name
=== RUN   TestOrganizationsReadEntitlements/when_the_org_does_not_exist
--- PASS: TestOrganizationsReadEntitlements (1.60s)
    --- PASS: TestOrganizationsReadEntitlements/when_the_org_exists (0.23s)
    --- PASS: TestOrganizationsReadEntitlements/with_invalid_name (0.00s)
    --- PASS: TestOrganizationsReadEntitlements/when_the_org_does_not_exist (0.23s)
=== RUN   TestOrganizationsReadRunQueue
    organization_integration_test.go:332: Capacity queues are not available in the API
--- SKIP: TestOrganizationsReadRunQueue (0.00s)
=== RUN   TestOrganizationsReadRunTasksPermission
=== RUN   TestOrganizationsReadRunTasksPermission/when_the_org_exists
=== RUN   TestOrganizationsReadRunTasksPermission/when_the_org_exists/permissions_are_properly_decoded
--- PASS: TestOrganizationsReadRunTasksPermission (1.41s)
    --- PASS: TestOrganizationsReadRunTasksPermission/when_the_org_exists (0.39s)
        --- PASS: TestOrganizationsReadRunTasksPermission/when_the_org_exists/permissions_are_properly_decoded (0.00s)
PASS
ok      github.com/hashicorp/go-tfe     15.869s
?       github.com/hashicorp/go-tfe/examples/organizations      [no test files]
?       github.com/hashicorp/go-tfe/examples/workspaces [no test files]
?       github.com/hashicorp/go-tfe/mocks       [no test files]

@glennsarti
Copy link
Contributor Author

ENABLE_TEST=1 go test -run TestTeams -v ./... -tags=integration

=== RUN   TestTeamsList
=== RUN   TestTeamsList/without_list_options
    team_integration_test.go:37: paging not supported yet in API
=== RUN   TestTeamsList/with_list_options
    team_integration_test.go:43: paging not supported yet in API
=== RUN   TestTeamsList/without_a_valid_organization
--- PASS: TestTeamsList (2.65s)
    --- SKIP: TestTeamsList/without_list_options (0.33s)
    --- SKIP: TestTeamsList/with_list_options (0.00s)
    --- PASS: TestTeamsList/without_a_valid_organization (0.00s)
=== RUN   TestTeamsCreate
=== RUN   TestTeamsCreate/with_valid_options
=== RUN   TestTeamsCreate/with_sso-team-id
=== RUN   TestTeamsCreate/when_options_is_missing_name
=== RUN   TestTeamsCreate/when_options_has_an_invalid_organization
--- PASS: TestTeamsCreate (1.80s)
    --- PASS: TestTeamsCreate/with_valid_options (0.50s)
    --- PASS: TestTeamsCreate/with_sso-team-id (0.27s)
    --- PASS: TestTeamsCreate/when_options_is_missing_name (0.00s)
    --- PASS: TestTeamsCreate/when_options_has_an_invalid_organization (0.00s)
=== RUN   TestTeamsRead
=== RUN   TestTeamsRead/when_the_team_exists
=== RUN   TestTeamsRead/when_the_team_exists/visibility_is_returned
=== RUN   TestTeamsRead/when_the_team_exists/permissions_are_properly_decoded
=== RUN   TestTeamsRead/when_the_team_exists/organization_access_is_properly_decoded
=== RUN   TestTeamsRead/when_the_team_exists/SSO_team_id_is_returned
=== RUN   TestTeamsRead/when_the_team_does_not_exist
=== RUN   TestTeamsRead/without_a_valid_team_ID
--- PASS: TestTeamsRead (2.65s)
    --- PASS: TestTeamsRead/when_the_team_exists (0.25s)
        --- PASS: TestTeamsRead/when_the_team_exists/visibility_is_returned (0.00s)
        --- PASS: TestTeamsRead/when_the_team_exists/permissions_are_properly_decoded (0.00s)
        --- PASS: TestTeamsRead/when_the_team_exists/organization_access_is_properly_decoded (0.00s)
        --- PASS: TestTeamsRead/when_the_team_exists/SSO_team_id_is_returned (0.00s)
    --- PASS: TestTeamsRead/when_the_team_does_not_exist (0.22s)
    --- PASS: TestTeamsRead/without_a_valid_team_ID (0.00s)
=== RUN   TestTeamsUpdate
=== RUN   TestTeamsUpdate/with_valid_options
=== RUN   TestTeamsUpdate/when_the_team_does_not_exist
=== RUN   TestTeamsUpdate/without_a_valid_team_ID
--- PASS: TestTeamsUpdate (2.33s)
    --- PASS: TestTeamsUpdate/with_valid_options (0.51s)
    --- PASS: TestTeamsUpdate/when_the_team_does_not_exist (0.23s)
    --- PASS: TestTeamsUpdate/without_a_valid_team_ID (0.00s)
=== RUN   TestTeamsDelete
=== RUN   TestTeamsDelete/with_valid_options
=== RUN   TestTeamsDelete/without_valid_team_ID
--- PASS: TestTeamsDelete (1.81s)
    --- PASS: TestTeamsDelete/with_valid_options (0.48s)
    --- PASS: TestTeamsDelete/without_valid_team_ID (0.00s)
=== RUN   TestTeamsUpdateRunTasks
=== RUN   TestTeamsUpdateRunTasks/with_valid_options
--- PASS: TestTeamsUpdateRunTasks (2.15s)
    --- PASS: TestTeamsUpdateRunTasks/with_valid_options (0.50s)
PASS
ok      github.com/hashicorp/go-tfe     13.889s
?       github.com/hashicorp/go-tfe/examples/organizations      [no test files]
?       github.com/hashicorp/go-tfe/examples/workspaces [no test files]
?       github.com/hashicorp/go-tfe/mocks       [no test files]

@glennsarti
Copy link
Contributor Author

ENABLE_BETA=1 go test -run TestWorkspacesRunTasksPermission -v ./... -tags=integration

=== RUN   TestWorkspacesRunTasksPermission
=== RUN   TestWorkspacesRunTasksPermission/when_the_workspace_exists
--- PASS: TestWorkspacesRunTasksPermission (2.12s)
    --- PASS: TestWorkspacesRunTasksPermission/when_the_workspace_exists (0.25s)
PASS
ok      github.com/hashicorp/go-tfe     2.630s
?       github.com/hashicorp/go-tfe/examples/organizations      [no test files]
?       github.com/hashicorp/go-tfe/examples/workspaces [no test files]
?       github.com/hashicorp/go-tfe/mocks       [no test files]

@glennsarti
Copy link
Contributor Author

I've extracted just the permissions pieces from #381

cam-stitt
cam-stitt previously approved these changes Apr 20, 2022
View reviewed changes
Copy link
Member

@cam-stitt cam-stitt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does what it says on the tin.

sebasslash
sebasslash previously approved these changes Apr 21, 2022
View reviewed changes
Copy link
Contributor

@sebasslash sebasslash left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks 🔥

team_access_integration_test.go Outdated Show resolved Hide resolved
@glennsarti glennsarti dismissed stale reviews from sebasslash and cam-stitt via c552d8b April 22, 2022 05:28
@glennsarti
Copy link
Contributor Author

Missed the TeamAccessAddOptions change.

sebasslash
sebasslash previously approved these changes Apr 22, 2022
View reviewed changes
Copy link
Contributor

@sebasslash sebasslash left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Things look good. One minor point for discussion below 👍

team_access.go
@@ -98,6 +98,7 @@ type TeamAccess struct {
StateVersions StateVersionsPermissionType `jsonapi:"attr,state-versions"`
SentinelMocks SentinelMocksPermissionType `jsonapi:"attr,sentinel-mocks"`
WorkspaceLocking bool `jsonapi:"attr,workspace-locking"`
RunTasks bool `jsonapi:"attr,run-tasks"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thinking about this a little more, should we document that this field is in beta and not widely available to everyone? Given I see this causing some manner of confusion.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any reason why all these permissions have to be required?

Run Tasks is due out of beta in a week or so, so no. I don't think it's required.

@glennsarti
Add Run Tasks permissions for Org. and Workspace
94b9c8d 
This commit adds the beta API changes for the Run Tasks permissions
as per RFC TF-474:
* Permission to modify Organization level Run Tasks
* Permission to modify Workspace level Run Tasks

This commit also adds tests for these beta features.
@glennsarti
Copy link
Contributor Author

Had to rebase for the flaky tests

sebasslash
sebasslash approved these changes Apr 27, 2022
View reviewed changes
Copy link
Contributor

@sebasslash sebasslash left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Re-approving. Everything looks good 👍

@glennsarti glennsarti merged commit a5bcb84 into main May 4, 2022
@glennsarti glennsarti deleted the gs/add-run-task-permissions branch May 4, 2022 02:07
@github-actions
Copy link

github-actions bot commented May 4, 2022

Reminder to the contributor that merged this PR: if your changes have added important functionality or fixed a relevant bug, open a follow-up PR to update CHANGELOG.md with a note on your changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cam-stitt cam-stitt cam-stitt approved these changes

@sebasslash sebasslash sebasslash approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@glennsarti @cam-stitt @sebasslash