From 8aef054704d384b601ca523cfdb42141a601198f Mon Sep 17 00:00:00 2001 From: Julianna Tetreault Date: Thu, 21 Mar 2024 16:17:35 -0500 Subject: [PATCH 1/6] Add manage permissions to team org access --- CHANGELOG.md | 9 +++- team.go | 50 +++++++++++-------- team_integration_test.go | 105 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 141 insertions(+), 23 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3ac71f0ad..adbc387eb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,7 @@ * Add `Stages` field to `WorkspaceRunTask`. by @glennsarti [#865](https://github.com/hashicorp/go-tfe/pull/865) * Changing BETA `OrganizationScoped` attribute of `OAuthClient` to be a pointer for bug fix by @netramali [884](https://github.com/hashicorp/go-tfe/pull/884) * Adds `Query` parameter to `VariableSetListOptions` to allow searching variable sets by name, by @JarrettSpiker[#877](https://github.com/hashicorp/go-tfe/pull/877) +* Adds `ManageTeams`, `ManageOrganizationAccess`, and `AccessSecretTeams` permissions to team `OrganizationAccess` by @juliannatetreault []() ## Deprecations * The `Stage` field has been deprecated on `WorkspaceRunTask`. Instead, use `Stages`. by @glennsarti [#865](https://github.com/hashicorp/go-tfe/pull/865) @@ -51,7 +52,13 @@ ## Bug fixes * Change the error message for `ErrWorkspaceStillProcessing` to be the same error message returned by the API by @uturunku1 [#864](https://github.com/hashicorp/go-tfe/pull/864) -# v1.47.0 +## Features +*For Terraform Enterprise users who have data retention policies defined on Organizations or Workspaces: A new DataRetentionPolicyChoice relation has been added to reflect that [data retention policies are polymorphic](https://developer.hashicorp.com/terraform/enterprise/api-docs/data-retention-policies#data-retention-policy-types). Organizations and workspaces may be related to a `DataRetentionPolicyDeleteOlder` or `DataRetentionPolicyDontDelete` record through the `DataRetentionPolicyChoice` struct. Data retention policies can be read using `ReadDataRetentionPolicyChoice`, and set or updated (including changing their type) using `SetDataRetentionPolicyDeleteOlder` or `SetDataRetentionPolicyDontDelete` by @JarrettSpiker [#652](https://github.com/hashicorp/go-tfe/pull/844) + +## Deprecations +* The `DataRetentionPolicy` type, and the `DataRetentionPolicy` relationship on `Organization` and `Workspace`s have been deprecated. The `DataRetentionPolicy` type is equivalent to the new `DataRetentionPolicyDeleteOlder`. The Data retention policy relationships on `Organization` and `Workspace`s are now [polymorphic](https://developer.hashicorp.com/terraform/enterprise/api-docs/data-retention-policies#data-retention-policy-types), and are represented by the `DataRetentionPolicyChoice` relationship. The existing `DataRetentionPolicy` relationship will continue to be populated when reading an `Organization` or `Workspace`, but it may be removed in a future release. @JarrettSpiker [#652](https://github.com/hashicorp/go-tfe/pull/844) +* The `SetDataRetentionPolicy` function on `Organizations` and `Workspaces` is now deprecated in favour of `SetDataRetentionPolicyDeleteOlder` or `SetDataRetentionPolicyDontDelete`. `SetDataRetentionPolicy` will only update the data retention policy when communicating with TFE versions v202311 and v202312. @JarrettSpiker [#652](https://github.com/hashicorp/go-tfe/pull/844) +* The `ReadDataRetentionPolicy` function on `Organizations` and `Workspaces` is now deprecated in favour of `ReadDataRetentionPolicyChoice`. `ReadDataRetentionPolicyChoice` may return the different multiple data retention policy types added in TFE 202401-1. `SetDataRetentionPolicy` will only update the data retention policy when communicating with TFE versions v202311 and v202312. @JarrettSpiker [#652](https://github.com/hashicorp/go-tfe/pull/844) ## Enhancements * Adds BETA `description` attribute to `Project` by @netramali [#861](https://github.com/hashicorp/go-tfe/pull/861) diff --git a/team.go b/team.go index 298551f07..52e9a7dda 100644 --- a/team.go +++ b/team.go @@ -61,17 +61,20 @@ type Team struct { // OrganizationAccess represents the team's permissions on its organization type OrganizationAccess struct { - ManagePolicies bool `jsonapi:"attr,manage-policies"` - ManagePolicyOverrides bool `jsonapi:"attr,manage-policy-overrides"` - ManageWorkspaces bool `jsonapi:"attr,manage-workspaces"` - ManageVCSSettings bool `jsonapi:"attr,manage-vcs-settings"` - ManageProviders bool `jsonapi:"attr,manage-providers"` - ManageModules bool `jsonapi:"attr,manage-modules"` - ManageRunTasks bool `jsonapi:"attr,manage-run-tasks"` - ManageProjects bool `jsonapi:"attr,manage-projects"` - ReadWorkspaces bool `jsonapi:"attr,read-workspaces"` - ReadProjects bool `jsonapi:"attr,read-projects"` - ManageMembership bool `jsonapi:"attr,manage-membership"` + ManagePolicies bool `jsonapi:"attr,manage-policies"` + ManagePolicyOverrides bool `jsonapi:"attr,manage-policy-overrides"` + ManageWorkspaces bool `jsonapi:"attr,manage-workspaces"` + ManageVCSSettings bool `jsonapi:"attr,manage-vcs-settings"` + ManageProviders bool `jsonapi:"attr,manage-providers"` + ManageModules bool `jsonapi:"attr,manage-modules"` + ManageRunTasks bool `jsonapi:"attr,manage-run-tasks"` + ManageProjects bool `jsonapi:"attr,manage-projects"` + ReadWorkspaces bool `jsonapi:"attr,read-workspaces"` + ReadProjects bool `jsonapi:"attr,read-projects"` + ManageMembership bool `jsonapi:"attr,manage-membership"` + ManageTeams bool `jsonapi:"attr,manage-teams"` + ManageOrganizationAccess bool `jsonapi:"attr,manage-organization-access"` + AccessSecretTeams bool `jsonapi:"attr,access-secret-teams"` } // TeamPermissions represents the current user's permissions on the team. @@ -147,17 +150,20 @@ type TeamUpdateOptions struct { // OrganizationAccessOptions represents the organization access options of a team. type OrganizationAccessOptions struct { - ManagePolicies *bool `json:"manage-policies,omitempty"` - ManagePolicyOverrides *bool `json:"manage-policy-overrides,omitempty"` - ManageWorkspaces *bool `json:"manage-workspaces,omitempty"` - ManageVCSSettings *bool `json:"manage-vcs-settings,omitempty"` - ManageProviders *bool `json:"manage-providers,omitempty"` - ManageModules *bool `json:"manage-modules,omitempty"` - ManageRunTasks *bool `json:"manage-run-tasks,omitempty"` - ManageProjects *bool `json:"manage-projects,omitempty"` - ReadWorkspaces *bool `json:"read-workspaces,omitempty"` - ReadProjects *bool `json:"read-projects,omitempty"` - ManageMembership *bool `json:"manage-membership,omitempty"` + ManagePolicies *bool `json:"manage-policies,omitempty"` + ManagePolicyOverrides *bool `json:"manage-policy-overrides,omitempty"` + ManageWorkspaces *bool `json:"manage-workspaces,omitempty"` + ManageVCSSettings *bool `json:"manage-vcs-settings,omitempty"` + ManageProviders *bool `json:"manage-providers,omitempty"` + ManageModules *bool `json:"manage-modules,omitempty"` + ManageRunTasks *bool `json:"manage-run-tasks,omitempty"` + ManageProjects *bool `json:"manage-projects,omitempty"` + ReadWorkspaces *bool `json:"read-workspaces,omitempty"` + ReadProjects *bool `json:"read-projects,omitempty"` + ManageMembership *bool `json:"manage-membership,omitempty"` + ManageTeams *bool `jsonapi:"attr,manage-teams,omitempty"` + ManageOrganizationAccess *bool `jsonapi:"attr,manage-organization-access,omitempty"` + AccessSecretTeams *bool `jsonapi:"attr,access-secret-teams,omitempty"` } // List all the teams of the given organization. diff --git a/team_integration_test.go b/team_integration_test.go index 77d17aff5..c3cec10bd 100644 --- a/team_integration_test.go +++ b/team_integration_test.go @@ -482,3 +482,108 @@ func TestTeamsUpdateManageManageMembership(t *testing.T) { originalTeamAccess.ManageMembership = true assert.Equal(t, originalTeamAccess, refreshed.OrganizationAccess) } + +func TestTeamsUpdateManageOrganizationAccess(t *testing.T) { + client := testClient(t) + ctx := context.Background() + + orgTest, orgTestCleanup := createOrganization(t, client) + defer orgTestCleanup() + + tmTest, tmTestCleanup := createTeam(t, client, orgTest) + defer tmTestCleanup() + + teamRead, err := client.Teams.Read(ctx, tmTest.ID) + require.NoError(t, err) + assert.False(t, teamRead.OrganizationAccess.ManageOrganizationAccess, "manage organization access is false by default") + + originalTeamAccess := teamRead.OrganizationAccess + + options := TeamUpdateOptions{ + OrganizationAccess: &OrganizationAccessOptions{ + ManageOrganizationAccess: Bool(true), + }, + } + + tm, err := client.Teams.Update(ctx, tmTest.ID, options) + require.NoError(t, err) + assert.True(t, tm.OrganizationAccess.ManageOrganizationAccess) + + refreshed, err := client.Teams.Read(ctx, tmTest.ID) + require.NoError(t, err) + assert.True(t, refreshed.OrganizationAccess.ManageOrganizationAccess) + + // Check that other org access fields are not updated + originalTeamAccess.ManageOrganizationAccess = true + assert.Equal(t, originalTeamAccess, refreshed.OrganizationAccess) +} + +func TestTeamsUpdateAccessSecretTeams(t *testing.T) { + client := testClient(t) + ctx := context.Background() + + orgTest, orgTestCleanup := createOrganization(t, client) + defer orgTestCleanup() + + tmTest, tmTestCleanup := createTeam(t, client, orgTest) + defer tmTestCleanup() + + teamRead, err := client.Teams.Read(ctx, tmTest.ID) + require.NoError(t, err) + assert.False(t, teamRead.OrganizationAccess.AccessSecretTeams, "access secret teams is false by default") + + originalTeamAccess := teamRead.OrganizationAccess + + options := TeamUpdateOptions{ + OrganizationAccess: &OrganizationAccessOptions{ + AccessSecretTeams: Bool(true), + }, + } + + tm, err := client.Teams.Update(ctx, tmTest.ID, options) + require.NoError(t, err) + assert.True(t, tm.OrganizationAccess.AccessSecretTeams) + + refreshed, err := client.Teams.Read(ctx, tmTest.ID) + require.NoError(t, err) + assert.True(t, refreshed.OrganizationAccess.AccessSecretTeams) + + // Check that other org access fields are not updated + originalTeamAccess.AccessSecretTeams = true + assert.Equal(t, originalTeamAccess, refreshed.OrganizationAccess) +} + +func TestTeamsUpdateManageTeams(t *testing.T) { + client := testClient(t) + ctx := context.Background() + + orgTest, orgTestCleanup := createOrganization(t, client) + defer orgTestCleanup() + + tmTest, tmTestCleanup := createTeam(t, client, orgTest) + defer tmTestCleanup() + + teamRead, err := client.Teams.Read(ctx, tmTest.ID) + require.NoError(t, err) + assert.False(t, teamRead.OrganizationAccess.ManageTeams, "manage teams is false by default") + + originalTeamAccess := teamRead.OrganizationAccess + + options := TeamUpdateOptions{ + OrganizationAccess: &OrganizationAccessOptions{ + ManageTeams: Bool(true), + }, + } + + tm, err := client.Teams.Update(ctx, tmTest.ID, options) + require.NoError(t, err) + assert.True(t, tm.OrganizationAccess.ManageTeams) + + refreshed, err := client.Teams.Read(ctx, tmTest.ID) + require.NoError(t, err) + assert.True(t, refreshed.OrganizationAccess.ManageTeams) + + // Check that other org access fields are not updated + originalTeamAccess.ManageTeams = true + assert.Equal(t, originalTeamAccess, refreshed.OrganizationAccess) +} From b24865a006f8166d291fcb8365b417c23c7bdb56 Mon Sep 17 00:00:00 2001 From: Julianna Tetreault Date: Mon, 25 Mar 2024 12:19:52 -0500 Subject: [PATCH 2/6] Update changelog --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index adbc387eb..f4d205efa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -46,6 +46,7 @@ ## Enhancements * Adds `Variables` relationship field to `Workspace` by @arybolovlev [#872](https://github.com/hashicorp/go-tfe/pull/872) +* Adds `ManageTeams`, `ManageOrganizationAccess`, and `AccessSecretTeams` permissions to team `OrganizationAccess` by @juliannatetreault [#874](https://github.com/hashicorp/go-tfe/pull/874) # v1.47.1 @@ -60,6 +61,8 @@ * The `SetDataRetentionPolicy` function on `Organizations` and `Workspaces` is now deprecated in favour of `SetDataRetentionPolicyDeleteOlder` or `SetDataRetentionPolicyDontDelete`. `SetDataRetentionPolicy` will only update the data retention policy when communicating with TFE versions v202311 and v202312. @JarrettSpiker [#652](https://github.com/hashicorp/go-tfe/pull/844) * The `ReadDataRetentionPolicy` function on `Organizations` and `Workspaces` is now deprecated in favour of `ReadDataRetentionPolicyChoice`. `ReadDataRetentionPolicyChoice` may return the different multiple data retention policy types added in TFE 202401-1. `SetDataRetentionPolicy` will only update the data retention policy when communicating with TFE versions v202311 and v202312. @JarrettSpiker [#652](https://github.com/hashicorp/go-tfe/pull/844) +# v1.47.0 + ## Enhancements * Adds BETA `description` attribute to `Project` by @netramali [#861](https://github.com/hashicorp/go-tfe/pull/861) * Adds `Read` method to `TestVariables` by @aaabdelgany [#851](https://github.com/hashicorp/go-tfe/pull/851) From 5382e02e541c2f14fcd6a8e9472491c075df907e Mon Sep 17 00:00:00 2001 From: Julianna Tetreault Date: Wed, 17 Apr 2024 08:47:59 -0500 Subject: [PATCH 3/6] Update changelog post-rebase --- CHANGELOG.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f4d205efa..186ae6f9f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,7 +24,7 @@ * Add `Stages` field to `WorkspaceRunTask`. by @glennsarti [#865](https://github.com/hashicorp/go-tfe/pull/865) * Changing BETA `OrganizationScoped` attribute of `OAuthClient` to be a pointer for bug fix by @netramali [884](https://github.com/hashicorp/go-tfe/pull/884) * Adds `Query` parameter to `VariableSetListOptions` to allow searching variable sets by name, by @JarrettSpiker[#877](https://github.com/hashicorp/go-tfe/pull/877) -* Adds `ManageTeams`, `ManageOrganizationAccess`, and `AccessSecretTeams` permissions to team `OrganizationAccess` by @juliannatetreault []() +* Adds `ManageTeams`, `ManageOrganizationAccess`, and `AccessSecretTeams` permissions to team `OrganizationAccess` by @juliannatetreault [#874](https://github.com/hashicorp/go-tfe/pull/874) ## Deprecations * The `Stage` field has been deprecated on `WorkspaceRunTask`. Instead, use `Stages`. by @glennsarti [#865](https://github.com/hashicorp/go-tfe/pull/865) @@ -46,7 +46,6 @@ ## Enhancements * Adds `Variables` relationship field to `Workspace` by @arybolovlev [#872](https://github.com/hashicorp/go-tfe/pull/872) -* Adds `ManageTeams`, `ManageOrganizationAccess`, and `AccessSecretTeams` permissions to team `OrganizationAccess` by @juliannatetreault [#874](https://github.com/hashicorp/go-tfe/pull/874) # v1.47.1 From 79c54410e789f0ecc2be058de83251cc37445a61 Mon Sep 17 00:00:00 2001 From: Julianna Tetreault Date: Wed, 24 Apr 2024 10:35:26 -0500 Subject: [PATCH 4/6] Update changelog entry --- CHANGELOG.md | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 186ae6f9f..e40f6c3f8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,5 @@ # Unreleased +* Adds `ManageTeams`, `ManageOrganizationAccess`, and `AccessSecretTeams` permissions to team `OrganizationAccess` by @juliannatetreault [#874](https://github.com/hashicorp/go-tfe/pull/874) # v1.52.0 @@ -24,7 +25,6 @@ * Add `Stages` field to `WorkspaceRunTask`. by @glennsarti [#865](https://github.com/hashicorp/go-tfe/pull/865) * Changing BETA `OrganizationScoped` attribute of `OAuthClient` to be a pointer for bug fix by @netramali [884](https://github.com/hashicorp/go-tfe/pull/884) * Adds `Query` parameter to `VariableSetListOptions` to allow searching variable sets by name, by @JarrettSpiker[#877](https://github.com/hashicorp/go-tfe/pull/877) -* Adds `ManageTeams`, `ManageOrganizationAccess`, and `AccessSecretTeams` permissions to team `OrganizationAccess` by @juliannatetreault [#874](https://github.com/hashicorp/go-tfe/pull/874) ## Deprecations * The `Stage` field has been deprecated on `WorkspaceRunTask`. Instead, use `Stages`. by @glennsarti [#865](https://github.com/hashicorp/go-tfe/pull/865) @@ -52,14 +52,6 @@ ## Bug fixes * Change the error message for `ErrWorkspaceStillProcessing` to be the same error message returned by the API by @uturunku1 [#864](https://github.com/hashicorp/go-tfe/pull/864) -## Features -*For Terraform Enterprise users who have data retention policies defined on Organizations or Workspaces: A new DataRetentionPolicyChoice relation has been added to reflect that [data retention policies are polymorphic](https://developer.hashicorp.com/terraform/enterprise/api-docs/data-retention-policies#data-retention-policy-types). Organizations and workspaces may be related to a `DataRetentionPolicyDeleteOlder` or `DataRetentionPolicyDontDelete` record through the `DataRetentionPolicyChoice` struct. Data retention policies can be read using `ReadDataRetentionPolicyChoice`, and set or updated (including changing their type) using `SetDataRetentionPolicyDeleteOlder` or `SetDataRetentionPolicyDontDelete` by @JarrettSpiker [#652](https://github.com/hashicorp/go-tfe/pull/844) - -## Deprecations -* The `DataRetentionPolicy` type, and the `DataRetentionPolicy` relationship on `Organization` and `Workspace`s have been deprecated. The `DataRetentionPolicy` type is equivalent to the new `DataRetentionPolicyDeleteOlder`. The Data retention policy relationships on `Organization` and `Workspace`s are now [polymorphic](https://developer.hashicorp.com/terraform/enterprise/api-docs/data-retention-policies#data-retention-policy-types), and are represented by the `DataRetentionPolicyChoice` relationship. The existing `DataRetentionPolicy` relationship will continue to be populated when reading an `Organization` or `Workspace`, but it may be removed in a future release. @JarrettSpiker [#652](https://github.com/hashicorp/go-tfe/pull/844) -* The `SetDataRetentionPolicy` function on `Organizations` and `Workspaces` is now deprecated in favour of `SetDataRetentionPolicyDeleteOlder` or `SetDataRetentionPolicyDontDelete`. `SetDataRetentionPolicy` will only update the data retention policy when communicating with TFE versions v202311 and v202312. @JarrettSpiker [#652](https://github.com/hashicorp/go-tfe/pull/844) -* The `ReadDataRetentionPolicy` function on `Organizations` and `Workspaces` is now deprecated in favour of `ReadDataRetentionPolicyChoice`. `ReadDataRetentionPolicyChoice` may return the different multiple data retention policy types added in TFE 202401-1. `SetDataRetentionPolicy` will only update the data retention policy when communicating with TFE versions v202311 and v202312. @JarrettSpiker [#652](https://github.com/hashicorp/go-tfe/pull/844) - # v1.47.0 ## Enhancements From 121da84f659bd6b6f6a993be163a04eeb6440b67 Mon Sep 17 00:00:00 2001 From: Julianna Tetreault Date: Wed, 24 Apr 2024 11:23:35 -0500 Subject: [PATCH 5/6] Updates the OrganizationAccessOptions struct --- team.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/team.go b/team.go index 52e9a7dda..dcee1d7b7 100644 --- a/team.go +++ b/team.go @@ -161,9 +161,9 @@ type OrganizationAccessOptions struct { ReadWorkspaces *bool `json:"read-workspaces,omitempty"` ReadProjects *bool `json:"read-projects,omitempty"` ManageMembership *bool `json:"manage-membership,omitempty"` - ManageTeams *bool `jsonapi:"attr,manage-teams,omitempty"` - ManageOrganizationAccess *bool `jsonapi:"attr,manage-organization-access,omitempty"` - AccessSecretTeams *bool `jsonapi:"attr,access-secret-teams,omitempty"` + ManageTeams *bool `json:"manage-teams,omitempty"` + ManageOrganizationAccess *bool `json:"manage-organization-access,omitempty"` + AccessSecretTeams *bool `json:"access-secret-teams,omitempty"` } // List all the teams of the given organization. From 86d24e41cec9342a245ca7e2a9ab040487b3a780 Mon Sep 17 00:00:00 2001 From: Julianna Tetreault Date: Wed, 1 May 2024 08:53:45 -0500 Subject: [PATCH 6/6] Updates granular permission tests in team_integration_test.go --- team_integration_test.go | 54 +++++++++++++++++++++++++++++----------- 1 file changed, 39 insertions(+), 15 deletions(-) diff --git a/team_integration_test.go b/team_integration_test.go index c3cec10bd..04a1306be 100644 --- a/team_integration_test.go +++ b/team_integration_test.go @@ -483,7 +483,7 @@ func TestTeamsUpdateManageManageMembership(t *testing.T) { assert.Equal(t, originalTeamAccess, refreshed.OrganizationAccess) } -func TestTeamsUpdateManageOrganizationAccess(t *testing.T) { +func TestTeamsUpdateManageTeams(t *testing.T) { client := testClient(t) ctx := context.Background() @@ -495,30 +495,35 @@ func TestTeamsUpdateManageOrganizationAccess(t *testing.T) { teamRead, err := client.Teams.Read(ctx, tmTest.ID) require.NoError(t, err) - assert.False(t, teamRead.OrganizationAccess.ManageOrganizationAccess, "manage organization access is false by default") + assert.False(t, teamRead.OrganizationAccess.ManageTeams, "manage teams is false by default") originalTeamAccess := teamRead.OrganizationAccess options := TeamUpdateOptions{ OrganizationAccess: &OrganizationAccessOptions{ - ManageOrganizationAccess: Bool(true), + // **Note: ManageTeams requires ManageMembership.** + ManageMembership: Bool(true), + ManageTeams: Bool(true), }, } tm, err := client.Teams.Update(ctx, tmTest.ID, options) require.NoError(t, err) - assert.True(t, tm.OrganizationAccess.ManageOrganizationAccess) + assert.True(t, tm.OrganizationAccess.ManageMembership) + assert.True(t, tm.OrganizationAccess.ManageTeams) refreshed, err := client.Teams.Read(ctx, tmTest.ID) require.NoError(t, err) - assert.True(t, refreshed.OrganizationAccess.ManageOrganizationAccess) + assert.True(t, refreshed.OrganizationAccess.ManageMembership) + assert.True(t, refreshed.OrganizationAccess.ManageTeams) // Check that other org access fields are not updated - originalTeamAccess.ManageOrganizationAccess = true + originalTeamAccess.ManageMembership = true + originalTeamAccess.ManageTeams = true assert.Equal(t, originalTeamAccess, refreshed.OrganizationAccess) } -func TestTeamsUpdateAccessSecretTeams(t *testing.T) { +func TestTeamsUpdateManageOrganizationAccess(t *testing.T) { client := testClient(t) ctx := context.Background() @@ -530,30 +535,39 @@ func TestTeamsUpdateAccessSecretTeams(t *testing.T) { teamRead, err := client.Teams.Read(ctx, tmTest.ID) require.NoError(t, err) - assert.False(t, teamRead.OrganizationAccess.AccessSecretTeams, "access secret teams is false by default") + assert.False(t, teamRead.OrganizationAccess.ManageOrganizationAccess, "manage organization access is false by default") originalTeamAccess := teamRead.OrganizationAccess options := TeamUpdateOptions{ OrganizationAccess: &OrganizationAccessOptions{ - AccessSecretTeams: Bool(true), + // **Note: ManageOrganizationAccess requires ManageMembership and ManageTeams.** + ManageMembership: Bool(true), + ManageTeams: Bool(true), + ManageOrganizationAccess: Bool(true), }, } tm, err := client.Teams.Update(ctx, tmTest.ID, options) require.NoError(t, err) - assert.True(t, tm.OrganizationAccess.AccessSecretTeams) + assert.True(t, tm.OrganizationAccess.ManageMembership) + assert.True(t, tm.OrganizationAccess.ManageTeams) + assert.True(t, tm.OrganizationAccess.ManageOrganizationAccess) refreshed, err := client.Teams.Read(ctx, tmTest.ID) require.NoError(t, err) - assert.True(t, refreshed.OrganizationAccess.AccessSecretTeams) + assert.True(t, refreshed.OrganizationAccess.ManageMembership) + assert.True(t, refreshed.OrganizationAccess.ManageTeams) + assert.True(t, refreshed.OrganizationAccess.ManageOrganizationAccess) // Check that other org access fields are not updated - originalTeamAccess.AccessSecretTeams = true + originalTeamAccess.ManageMembership = true + originalTeamAccess.ManageTeams = true + originalTeamAccess.ManageOrganizationAccess = true assert.Equal(t, originalTeamAccess, refreshed.OrganizationAccess) } -func TestTeamsUpdateManageTeams(t *testing.T) { +func TestTeamsUpdateAccessSecretTeams(t *testing.T) { client := testClient(t) ctx := context.Background() @@ -565,25 +579,35 @@ func TestTeamsUpdateManageTeams(t *testing.T) { teamRead, err := client.Teams.Read(ctx, tmTest.ID) require.NoError(t, err) - assert.False(t, teamRead.OrganizationAccess.ManageTeams, "manage teams is false by default") + assert.False(t, teamRead.OrganizationAccess.AccessSecretTeams, "access secret teams is false by default") originalTeamAccess := teamRead.OrganizationAccess options := TeamUpdateOptions{ OrganizationAccess: &OrganizationAccessOptions{ - ManageTeams: Bool(true), + // **Note: AccessSecretTeams requires at least one granular permission to be set + // for it to be set, and ManageTeams requires ManageMembership.** + ManageMembership: Bool(true), + ManageTeams: Bool(true), + AccessSecretTeams: Bool(true), }, } tm, err := client.Teams.Update(ctx, tmTest.ID, options) require.NoError(t, err) + assert.True(t, tm.OrganizationAccess.ManageMembership) assert.True(t, tm.OrganizationAccess.ManageTeams) + assert.True(t, tm.OrganizationAccess.AccessSecretTeams) refreshed, err := client.Teams.Read(ctx, tmTest.ID) require.NoError(t, err) + assert.True(t, refreshed.OrganizationAccess.ManageMembership) assert.True(t, refreshed.OrganizationAccess.ManageTeams) + assert.True(t, refreshed.OrganizationAccess.AccessSecretTeams) // Check that other org access fields are not updated + originalTeamAccess.ManageMembership = true originalTeamAccess.ManageTeams = true + originalTeamAccess.AccessSecretTeams = true assert.Equal(t, originalTeamAccess, refreshed.OrganizationAccess) }