Skip to content

Commit aa380e2

Browse files
ethanndicksonethanndickson
authored
fix: correctly patch template acl (#90)
1 parent 8a9647f commit aa380e2

File tree

2 files changed

+58
-20
lines changed

2 files changed

+58
-20
lines changed

internal/provider/template_resource.go

Lines changed: 23 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -531,7 +531,7 @@ func (r *TemplateResource) Create(ctx context.Context, req resource.CreateReques
531531
if resp.Diagnostics.HasError() {
532532
return
533533
}
534-
err = client.UpdateTemplateACL(ctx, templateResp.ID, convertACLToRequest(acl))
534+
err = client.UpdateTemplateACL(ctx, templateResp.ID, convertACLToRequest(codersdk.TemplateACL{}, acl))
535535
if err != nil {
536536
resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to create template ACL: %s", err))
537537
return
@@ -684,7 +684,13 @@ func (r *TemplateResource) Update(ctx context.Context, req resource.UpdateReques
684684
if resp.Diagnostics.HasError() {
685685
return
686686
}
687-
err := client.UpdateTemplateACL(ctx, templateID, convertACLToRequest(acl))
687+
curACL, err := client.TemplateACL(ctx, templateID)
688+
if err != nil {
689+
resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to get template ACL: %s", err))
690+
return
691+
}
692+
693+
err = client.UpdateTemplateACL(ctx, templateID, convertACLToRequest(curACL, acl))
688694
if err != nil {
689695
resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to update template ACL: %s", err))
690696
return
@@ -1053,15 +1059,27 @@ func markActive(ctx context.Context, client *codersdk.Client, templateID uuid.UU
10531059
return nil
10541060
}
10551061

1056-
func convertACLToRequest(permissions ACL) codersdk.UpdateTemplateACL {
1062+
func convertACLToRequest(curACL codersdk.TemplateACL, newACL ACL) codersdk.UpdateTemplateACL {
10571063
var userPerms = make(map[string]codersdk.TemplateRole)
1058-
for _, perm := range permissions.UserPermissions {
1064+
for _, perm := range newACL.UserPermissions {
10591065
userPerms[perm.ID.ValueString()] = codersdk.TemplateRole(perm.Role.ValueString())
10601066
}
10611067
var groupPerms = make(map[string]codersdk.TemplateRole)
1062-
for _, perm := range permissions.GroupPermissions {
1068+
for _, perm := range newACL.GroupPermissions {
10631069
groupPerms[perm.ID.ValueString()] = codersdk.TemplateRole(perm.Role.ValueString())
10641070
}
1071+
// For each user or group to remove, we need to set their role to empty
1072+
// string.
1073+
for _, perm := range curACL.Users {
1074+
if _, ok := userPerms[perm.ID.String()]; !ok {
1075+
userPerms[perm.ID.String()] = ""
1076+
}
1077+
}
1078+
for _, perm := range curACL.Groups {
1079+
if _, ok := groupPerms[perm.ID.String()]; !ok {
1080+
groupPerms[perm.ID.String()] = ""
1081+
}
1082+
}
10651083
return codersdk.UpdateTemplateACL{
10661084
UserPerms: userPerms,
10671085
GroupPerms: groupPerms,

internal/provider/template_resource_test.go

Lines changed: 35 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -357,6 +357,12 @@ func TestAccTemplateResourceEnterprise(t *testing.T) {
357357
firstUser, err := client.User(ctx, codersdk.Me)
358358
require.NoError(t, err)
359359

360+
group, err := client.CreateGroup(ctx, firstUser.OrganizationIDs[0], codersdk.CreateGroupRequest{
361+
Name: "bosses",
362+
QuotaAllowance: 200,
363+
})
364+
require.NoError(t, err)
365+
360366
cfg1 := testAccTemplateResourceConfig{
361367
URL: client.URL.String(),
362368
Token: client.SessionToken(),
@@ -366,13 +372,6 @@ func TestAccTemplateResourceEnterprise(t *testing.T) {
366372
// Auto-generated version name
367373
Directory: PtrTo("../../integration/template-test/example-template"),
368374
Active: PtrTo(true),
369-
// TODO(ethanndickson): Remove this when we add in `*.tfvars` parsing
370-
TerraformVariables: []testAccTemplateKeyValueConfig{
371-
{
372-
Key: PtrTo("name"),
373-
Value: PtrTo("world"),
374-
},
375-
},
376375
},
377376
},
378377
ACL: testAccTemplateACLConfig{
@@ -381,6 +380,10 @@ func TestAccTemplateResourceEnterprise(t *testing.T) {
381380
Key: PtrTo(firstUser.OrganizationIDs[0].String()),
382381
Value: PtrTo("use"),
383382
},
383+
{
384+
Key: PtrTo(group.ID.String()),
385+
Value: PtrTo("admin"),
386+
},
384387
},
385388
UserACL: []testAccTemplateKeyValueConfig{
386389
{
@@ -392,11 +395,14 @@ func TestAccTemplateResourceEnterprise(t *testing.T) {
392395
}
393396

394397
cfg2 := cfg1
395-
cfg2.ACL.null = true
398+
cfg2.ACL.GroupACL = slices.Clone(cfg2.ACL.GroupACL[1:])
396399

397400
cfg3 := cfg2
398-
cfg3.AllowUserAutostart = PtrTo(false)
399-
cfg3.AutostopRequirement = testAccAutostopRequirementConfig{
401+
cfg3.ACL.null = true
402+
403+
cfg4 := cfg3
404+
cfg4.AllowUserAutostart = PtrTo(false)
405+
cfg4.AutostopRequirement = testAccAutostopRequirementConfig{
400406
DaysOfWeek: PtrTo([]string{"monday", "tuesday"}),
401407
Weeks: PtrTo(int64(2)),
402408
}
@@ -409,19 +415,33 @@ func TestAccTemplateResourceEnterprise(t *testing.T) {
409415
{
410416
Config: cfg1.String(t),
411417
Check: resource.ComposeAggregateTestCheckFunc(
412-
resource.TestCheckResourceAttr("coderd_template.test", "acl.groups.#", "1"),
418+
resource.TestCheckResourceAttr("coderd_template.test", "acl.groups.#", "2"),
413419
resource.TestMatchTypeSetElemNestedAttrs("coderd_template.test", "acl.groups.*", map[string]*regexp.Regexp{
414-
"id": regexp.MustCompile(".+"),
420+
"id": regexp.MustCompile(firstUser.OrganizationIDs[0].String()),
415421
"role": regexp.MustCompile("^use$"),
416422
}),
423+
resource.TestMatchTypeSetElemNestedAttrs("coderd_template.test", "acl.groups.*", map[string]*regexp.Regexp{
424+
"id": regexp.MustCompile(group.ID.String()),
425+
"role": regexp.MustCompile("^admin$"),
426+
}),
427+
resource.TestCheckResourceAttr("coderd_template.test", "acl.users.#", "1"),
417428
resource.TestMatchTypeSetElemNestedAttrs("coderd_template.test", "acl.users.*", map[string]*regexp.Regexp{
418-
"id": regexp.MustCompile(".+"),
429+
"id": regexp.MustCompile(firstUser.ID.String()),
419430
"role": regexp.MustCompile("^admin$"),
420431
}),
421432
),
422433
},
423434
{
424435
Config: cfg2.String(t),
436+
Check: resource.ComposeAggregateTestCheckFunc(
437+
resource.TestMatchTypeSetElemNestedAttrs("coderd_template.test", "acl.users.*", map[string]*regexp.Regexp{
438+
"id": regexp.MustCompile(firstUser.ID.String()),
439+
"role": regexp.MustCompile("^admin$"),
440+
}),
441+
),
442+
},
443+
{
444+
Config: cfg3.String(t),
425445
Check: resource.ComposeAggregateTestCheckFunc(
426446
resource.TestCheckNoResourceAttr("coderd_template.test", "acl"),
427447
func(s *terraform.State) error {
@@ -439,7 +459,7 @@ func TestAccTemplateResourceEnterprise(t *testing.T) {
439459
if len(acl.Groups) != 1 {
440460
return fmt.Errorf("expected 1 group ACL, got %d", len(acl.Groups))
441461
}
442-
if acl.Groups[0].Role != "use" && acl.Groups[0].ID != firstUser.OrganizationIDs[0] {
462+
if acl.Groups[0].Role != "admin" && acl.Groups[0].ID != group.ID {
443463
return fmt.Errorf("expected group ACL to be 'use' for %s, got %s", firstUser.OrganizationIDs[0].String(), acl.Groups[0].Role)
444464
}
445465
if len(acl.Users) != 1 {
@@ -453,7 +473,7 @@ func TestAccTemplateResourceEnterprise(t *testing.T) {
453473
),
454474
},
455475
{
456-
Config: cfg3.String(t),
476+
Config: cfg4.String(t),
457477
Check: resource.ComposeAggregateTestCheckFunc(
458478
resource.TestCheckResourceAttr("coderd_template.test", "allow_user_auto_start", "false"),
459479
resource.TestCheckResourceAttr("coderd_template.test", "auto_stop_requirement.days_of_week.#", "2"),

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy