feat: support custom roles

VERSION

@@ -1 +1 @@
-1.0.17
+1.0.18

api/client.go

@@ -134,6 +134,18 @@ type Client interface {
 	// UndeleteUser undeletes the user by name.
 	UndeleteUser(ctx context.Context, userName string) (*v1pb.User, error)
 
+	// Role
+	// ListRole will returns all roles.
+	ListRole(ctx context.Context) (*v1pb.ListRolesResponse, error)
+	// DeleteRole deletes the role by name.
+	DeleteRole(ctx context.Context, name string) error
+	// CreateRole creates the role.
+	CreateRole(ctx context.Context, roleID string, role *v1pb.Role) (*v1pb.Role, error)
+	// GetRole gets the role by full name.
+	GetRole(ctx context.Context, name string) (*v1pb.Role, error)
+	// UpdateRole updates the role.
+	UpdateRole(ctx context.Context, patch *v1pb.Role, updateMasks []string) (*v1pb.Role, error)
+
 	// Group
 	// ListGroup list all groups.
 	ListGroup(ctx context.Context) (*v1pb.ListGroupsResponse, error)

client/database.go

@@ -69,7 +69,7 @@ func (c *client) listDatabasePerPage(ctx context.Context, parent, filter, pageTo
 		parent,
 		url.QueryEscape(filter),
 		pageSize,
-		pageToken,
+		url.QueryEscape(pageToken),
 	)
 
 	req, err := http.NewRequestWithContext(ctx, "GET", requestURL, nil)

client/role.go

@@ -0,0 +1,92 @@
+package client
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"strings"
+
+	v1pb "github.com/bytebase/bytebase/proto/generated-go/v1"
+	"google.golang.org/protobuf/encoding/protojson"
+)
+
+// GetRole gets the role by full name.
+func (c *client) GetRole(ctx context.Context, name string) (*v1pb.Role, error) {
+	body, err := c.getResource(ctx, name)
+	if err != nil {
+		return nil, err
+	}
+
+	var res v1pb.Role
+	if err := ProtojsonUnmarshaler.Unmarshal(body, &res); err != nil {
+		return nil, err
+	}
+
+	return &res, nil
+}
+
+// CreateRole creates the role.
+func (c *client) CreateRole(ctx context.Context, roleID string, role *v1pb.Role) (*v1pb.Role, error) {
+	payload, err := protojson.Marshal(role)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "POST", fmt.Sprintf("%s/%s/roles?roleId=%s", c.url, c.version, roleID), strings.NewReader(string(payload)))
+
+	if err != nil {
+		return nil, err
+	}
+
+	body, err := c.doRequest(req)
+	if err != nil {
+		return nil, err
+	}
+
+	var res v1pb.Role
+	if err := ProtojsonUnmarshaler.Unmarshal(body, &res); err != nil {
+		return nil, err
+	}
+
+	return &res, nil
+}
+
+// DeleteRole deletes the role by name.
+func (c *client) DeleteRole(ctx context.Context, name string) error {
+	return c.deleteResource(ctx, name)
+}
+
+// UpdateRole updates the role.
+func (c *client) UpdateRole(ctx context.Context, patch *v1pb.Role, updateMasks []string) (*v1pb.Role, error) {
+	body, err := c.updateResource(ctx, patch.Name, patch, updateMasks, false /* allow missing = false*/)
+	if err != nil {
+		return nil, err
+	}
+
+	var res v1pb.Role
+	if err := ProtojsonUnmarshaler.Unmarshal(body, &res); err != nil {
+		return nil, err
+	}
+
+	return &res, nil
+}
+
+// ListRole will returns all roles.
+func (c *client) ListRole(ctx context.Context) (*v1pb.ListRolesResponse, error) {
+	req, err := http.NewRequestWithContext(ctx, "GET", fmt.Sprintf("%s/%s/roles", c.url, c.version), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	body, err := c.doRequest(req)
+	if err != nil {
+		return nil, err
+	}
+
+	var res v1pb.ListRolesResponse
+	if err := ProtojsonUnmarshaler.Unmarshal(body, &res); err != nil {
+		return nil, err
+	}
+
+	return &res, nil
+}

docs/data-sources/role.md

@@ -0,0 +1,31 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "bytebase_role Data Source - terraform-provider-bytebase"
+subcategory: ""
+description: |-
+  The role data source.
+---
+
+# bytebase_role (Data Source)
+
+The role data source.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `resource_id` (String) The role unique resource id.
+
+### Read-Only
+
+- `description` (String) The role description.
+- `id` (String) The ID of this resource.
+- `name` (String) The role full name in roles/{resource id} format.
+- `permissions` (Set of String) The role permissions.
+- `title` (String) The role title.
+- `type` (String) The role type.
+
+

docs/data-sources/role_list.md

@@ -0,0 +1,35 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "bytebase_role_list Data Source - terraform-provider-bytebase"
+subcategory: ""
+description: |-
+  The role data source list.
+---
+
+# bytebase_role_list (Data Source)
+
+The role data source list.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `roles` (List of Object) (see [below for nested schema](#nestedatt--roles))
+
+<a id="nestedatt--roles"></a>
+### Nested Schema for `roles`
+
+Read-Only:
+
+- `description` (String)
+- `name` (String)
+- `permissions` (Set of String)
+- `resource_id` (String)
+- `title` (String)
+- `type` (String)
+
+

docs/resources/role.md

@@ -0,0 +1,34 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "bytebase_role Resource - terraform-provider-bytebase"
+subcategory: ""
+description: |-
+  The role resource. Require ENTERPRISE subscription. Check the docs https://www.bytebase.com/docs/administration/custom-roles/?source=terraform for more information.
+---
+
+# bytebase_role (Resource)
+
+The role resource. Require ENTERPRISE subscription. Check the docs https://www.bytebase.com/docs/administration/custom-roles/?source=terraform for more information.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `permissions` (Set of String) The role permissions. All permissions should start with "bb." prefix.
+- `resource_id` (String) The role unique resource id.
+- `title` (String) The role title.
+
+### Optional
+
+- `description` (String) The role description.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `name` (String) The role full name in roles/{resource id} format.
+- `type` (String) The role type.
+
+

examples/environments/main.tf

@@ -2,7 +2,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.17"
+      version = "1.0.18"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

examples/groups/main.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.17"
+      version = "1.0.18"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

examples/instances/main.tf

@@ -2,7 +2,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.17"
+      version = "1.0.18"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

examples/policies/main.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.17"
+      version = "1.0.18"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

examples/projects/main.tf

@@ -2,7 +2,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.17"
+      version = "1.0.18"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

examples/roles/main.tf

@@ -0,0 +1,25 @@
+terraform {
+  required_providers {
+    bytebase = {
+      version = "1.0.18"
+      # For local development, please use "terraform.local/bytebase/bytebase" instead
+      source = "registry.terraform.io/bytebase/bytebase"
+    }
+  }
+}
+
+provider "bytebase" {
+  # You need to replace the account and key with your Bytebase service account.
+  service_account = "[email protected]"
+  service_key     = "bbs_BxVIp7uQsARl8nR92ZZV"
+  # The Bytebase service URL. You can use the external URL in production.
+  # Check the docs about external URL: https://www.bytebase.com/docs/get-started/install/external-url
+  url = "https://bytebase.example.com"
+}
+
+data "bytebase_role_list" "all" {
+}
+
+output "all_roles" {
+  value = data.bytebase_role_list.all
+}

examples/settings/main.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.17"
+      version = "1.0.18"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

examples/setup/main.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.17"
+      version = "1.0.18"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

examples/setup/role.tf

@@ -0,0 +1,8 @@
+resource "bytebase_role" "auditor" {
+  resource_id = "auditor-role"
+  title       = "Auditor role"
+  description = "This role can only list audit logs"
+  permissions = [
+    "bb.auditLogs.search"
+  ]
+}

examples/setup/users.tf

@@ -7,6 +7,18 @@ resource "bytebase_user" "workspace_dba" {
   roles = ["roles/workspaceDBA"]
 }
 
+# Create or update the user.
+resource "bytebase_user" "workspace_auditor" {
+  depends_on = [
+    bytebase_role.auditor
+  ]
+  title = "Auditor"
+  email = "[email protected]"
+
+  # Grant workspace level roles.
+  roles = [bytebase_role.auditor.name]
+}
+
 # Create or update the user.
 resource "bytebase_user" "project_developer" {
   depends_on = [

examples/users/main.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.17"
+      version = "1.0.18"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

examples/vcs/main.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.17"
+      version = "1.0.18"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }