Update project resource: add shared_with_groups option

Fix: error when updating shared groups but not the project

Update gitlab_project resource: use new DeleteSharedProjectFromGroup method

Update project: rename group_access to group_access_level

Update project: remove plan diff for shared_with_group expire_at parameter and add data validation for group_access_level

Update resource project: remove shared_with_group.expires_at

Update resource project: improve handling of shared_with_groups

Update resource project: add shared_with_group option tests

Author: Jordan Caussat

gitlab/resource_gitlab_project.go

@@ -93,6 +93,28 @@ func resourceGitlabProject() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"shared_with_groups": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"group_id": {
+							Type:     schema.TypeInt,
+							Required: true,
+						},
+						"group_access_level": {
+							Type:     schema.TypeString,
+							Required: true,
+							ValidateFunc: validation.StringInSlice([]string{
+								"guest", "reporter", "developer", "master"}, false),
+						},
+						"group_name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -114,6 +136,7 @@ func resourceGitlabProjectSetToState(d *schema.ResourceData, project *gitlab.Pro
 	d.Set("http_url_to_repo", project.HTTPURLToRepo)
 	d.Set("web_url", project.WebURL)
 	d.Set("runners_token", project.RunnersToken)
+	d.Set("shared_with_groups", flattenSharedWithGroupsOptions(project))
 }
 
 func resourceGitlabProjectCreate(d *schema.ResourceData, meta interface{}) error {
@@ -146,6 +169,18 @@ func resourceGitlabProjectCreate(d *schema.ResourceData, meta interface{}) error
 		return err
 	}
 
+	if v, ok := d.GetOk("shared_with_groups"); ok {
+		options := expandSharedWithGroupsOptions(v.([]interface{}))
+
+		for _, option := range options {
+			log.Printf("[DEBUG] project shared with group %v", option)
+			_, err := client.Projects.ShareProjectWithGroup(project.ID, option)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
 	d.SetId(fmt.Sprintf("%d", project.ID))
 
 	return resourceGitlabProjectRead(d, meta)
@@ -211,11 +246,16 @@ func resourceGitlabProjectUpdate(d *schema.ResourceData, meta interface{}) error
 		options.SnippetsEnabled = gitlab.Bool(d.Get("snippets_enabled").(bool))
 	}
 
-	log.Printf("[DEBUG] update gitlab project %s", d.Id())
+	if *options != (gitlab.EditProjectOptions{}) {
+		log.Printf("[DEBUG] update gitlab project %s", d.Id())
+		_, _, err := client.Projects.EditProject(d.Id(), options)
+		if err != nil {
+			return err
+		}
+	}
 
-	_, _, err := client.Projects.EditProject(d.Id(), options)
-	if err != nil {
-		return err
+	if d.HasChange("shared_with_groups") {
+		updateSharedWithGroups(d, meta)
 	}
 
 	return resourceGitlabProjectRead(d, meta)
@@ -258,3 +298,124 @@ func resourceGitlabProjectDelete(d *schema.ResourceData, meta interface{}) error
 	}
 	return nil
 }
+
+func expandSharedWithGroupsOptions(d []interface{}) []*gitlab.ShareWithGroupOptions {
+	shareWithGroupOptionsList := []*gitlab.ShareWithGroupOptions{}
+
+	for _, config := range d {
+		data := config.(map[string]interface{})
+
+		groupAccess := accessLevelNameToValue[data["group_access_level"].(string)]
+
+		shareWithGroupOptions := &gitlab.ShareWithGroupOptions{
+			GroupID:     gitlab.Int(data["group_id"].(int)),
+			GroupAccess: &groupAccess,
+		}
+
+		shareWithGroupOptionsList = append(shareWithGroupOptionsList,
+			shareWithGroupOptions)
+	}
+
+	return shareWithGroupOptionsList
+}
+
+func flattenSharedWithGroupsOptions(project *gitlab.Project) []interface{} {
+	sharedWithGroups := project.SharedWithGroups
+	sharedWithGroupsList := []interface{}{}
+
+	for _, option := range sharedWithGroups {
+		values := map[string]interface{}{
+			"group_id": option.GroupID,
+			"group_access_level": accessLevelValueToName[gitlab.AccessLevelValue(
+				option.GroupAccessLevel)],
+			"group_name": option.GroupName,
+		}
+
+		sharedWithGroupsList = append(sharedWithGroupsList, values)
+	}
+
+	return sharedWithGroupsList
+}
+
+func findGroupProjectSharedWith(target *gitlab.ShareWithGroupOptions,
+	groups []*gitlab.ShareWithGroupOptions) (*gitlab.ShareWithGroupOptions, int, error) {
+	for i, group := range groups {
+		if *group.GroupID == *target.GroupID {
+			return group, i, nil
+		}
+	}
+
+	return nil, 0, fmt.Errorf("group not found")
+}
+
+func getGroupsProjectSharedWith(project *gitlab.Project) []*gitlab.ShareWithGroupOptions {
+	sharedGroups := []*gitlab.ShareWithGroupOptions{}
+
+	for _, group := range project.SharedWithGroups {
+		sharedGroups = append(sharedGroups, &gitlab.ShareWithGroupOptions{
+			GroupID: gitlab.Int(group.GroupID),
+			GroupAccess: gitlab.AccessLevel(gitlab.AccessLevelValue(
+				group.GroupAccessLevel)),
+		})
+	}
+
+	return sharedGroups
+}
+
+func updateSharedWithGroups(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*gitlab.Client)
+
+	var groupsToUnshare []*gitlab.ShareWithGroupOptions
+	var groupsToShare []*gitlab.ShareWithGroupOptions
+
+	// Get target groups from the TF config and current groups from Gitlab server
+	targetGroups := expandSharedWithGroupsOptions(
+		d.Get("shared_with_groups").([]interface{}))
+	project, _, err := client.Projects.GetProject(d.Id())
+	if err != nil {
+		return err
+	}
+	currentGroups := getGroupsProjectSharedWith(project)
+
+	for _, targetGroup := range targetGroups {
+		currentGroup, index, err := findGroupProjectSharedWith(targetGroup, currentGroups)
+
+		// If no corresponding group is found, it must be added
+		if err != nil {
+			groupsToShare = append(groupsToShare, targetGroup)
+			continue
+		}
+
+		// If group is different it must be deleted and added again
+		if *targetGroup.GroupAccess != *currentGroup.GroupAccess {
+			groupsToShare = append(groupsToShare, targetGroup)
+			groupsToUnshare = append(groupsToUnshare, targetGroup)
+		}
+
+		// Remove currentGroup from from list
+		currentGroups = append(currentGroups[:index], currentGroups[index+1:]...)
+	}
+
+	// All groups still present in currentGroup must be deleted
+	groupsToUnshare = append(groupsToUnshare, currentGroups...)
+
+	// Unshare groups to delete and update
+	for _, group := range groupsToUnshare {
+		log.Printf("[DEBUG] update shared_with_group: unshare %d", *group.GroupID)
+		_, err := client.Projects.DeleteSharedProjectFromGroup(d.Id(), *group.GroupID)
+		if err != nil {
+			return err
+		}
+	}
+
+	// Share groups to add and update
+	for _, group := range groupsToShare {
+		log.Printf("[DEBUG] update shared_with_group: share %d", *group.GroupID)
+		_, err := client.Projects.ShareProjectWithGroup(d.Id(), group)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}

gitlab/resource_gitlab_project_test.go

@@ -66,6 +66,72 @@ func TestAccGitlabProject_basic(t *testing.T) {
 					}),
 				),
 			},
+			//Update the project to share the project with a group
+			{
+				Config: testAccGitlabProjectSharedWithGroup(rInt),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGitlabProjectExists("gitlab_project.foo", &project),
+					testAccCheckGitlabProjectAttributes(&project, &testAccGitlabProjectExpectedAttributes{
+						Name:                 fmt.Sprintf("foo-%d", rInt),
+						Path:                 fmt.Sprintf("foo.%d", rInt),
+						Description:          "Terraform acceptance tests",
+						IssuesEnabled:        true,
+						MergeRequestsEnabled: true,
+						WikiEnabled:          true,
+						SnippetsEnabled:      true,
+						Visibility:           gitlab.PublicVisibility,
+						SharedWithGroups: []struct {
+							GroupID          int
+							GroupName        string
+							GroupAccessLevel int
+						}{{0, "", 30}},
+					}),
+				),
+			},
+			//Update the project to share the project with more groups
+			{
+				Config: testAccGitlabProjectSharedWithGroup2(rInt),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGitlabProjectExists("gitlab_project.foo", &project),
+					testAccCheckGitlabProjectAttributes(&project, &testAccGitlabProjectExpectedAttributes{
+						Name:                 fmt.Sprintf("foo-%d", rInt),
+						Path:                 fmt.Sprintf("foo.%d", rInt),
+						Description:          "Terraform acceptance tests",
+						IssuesEnabled:        true,
+						MergeRequestsEnabled: true,
+						WikiEnabled:          true,
+						SnippetsEnabled:      true,
+						Visibility:           gitlab.PublicVisibility,
+						SharedWithGroups: []struct {
+							GroupID          int
+							GroupName        string
+							GroupAccessLevel int
+						}{{0, "", 10}, {0, "", 30}},
+					}),
+				),
+			},
+			//Update the project to unshare the project from 1 group
+			{
+				Config: testAccGitlabProjectSharedWithGroup(rInt),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGitlabProjectExists("gitlab_project.foo", &project),
+					testAccCheckGitlabProjectAttributes(&project, &testAccGitlabProjectExpectedAttributes{
+						Name:                 fmt.Sprintf("foo-%d", rInt),
+						Path:                 fmt.Sprintf("foo.%d", rInt),
+						Description:          "Terraform acceptance tests",
+						IssuesEnabled:        true,
+						MergeRequestsEnabled: true,
+						WikiEnabled:          true,
+						SnippetsEnabled:      true,
+						Visibility:           gitlab.PublicVisibility,
+						SharedWithGroups: []struct {
+							GroupID          int
+							GroupName        string
+							GroupAccessLevel int
+						}{{0, "", 30}},
+					}),
+				),
+			},
 		},
 	})
 }
@@ -142,6 +208,11 @@ type testAccGitlabProjectExpectedAttributes struct {
 	WikiEnabled          bool
 	SnippetsEnabled      bool
 	Visibility           gitlab.VisibilityValue
+	SharedWithGroups     []struct {
+		GroupID          int
+		GroupName        string
+		GroupAccessLevel int
+	}
 }
 
 func testAccCheckGitlabProjectAttributes(project *gitlab.Project, want *testAccGitlabProjectExpectedAttributes) resource.TestCheckFunc {
@@ -180,6 +251,12 @@ func testAccCheckGitlabProjectAttributes(project *gitlab.Project, want *testAccG
 			return fmt.Errorf("got visibility %q; want %q", project.Visibility, want.Visibility)
 		}
 
+		for i, group := range project.SharedWithGroups {
+			if group.GroupAccessLevel != want.SharedWithGroups[i].GroupAccessLevel {
+				return fmt.Errorf("got shared with groups access: %d; want %d", group.GroupAccessLevel, want.SharedWithGroups[i].GroupAccessLevel)
+			}
+		}
+
 		return nil
 	}
 }
@@ -258,3 +335,64 @@ resource "gitlab_project" "foo" {
 }
 	`, rInt, rInt)
 }
+
+func testAccGitlabProjectSharedWithGroup(rInt int) string {
+	return fmt.Sprintf(`
+resource "gitlab_project" "foo" {
+  name = "foo-%d"
+  path = "foo.%d"
+  description = "Terraform acceptance tests"
+  visibility_level = "public"
+
+  shared_with_groups = [
+    {
+		group_id           = "${gitlab_group.foo.id}"
+        group_access_level = "developer"
+    }
+  ]
+}
+
+resource "gitlab_group" "foo" {
+  name = "foo-name-%d"
+  path = "foo-path-%d"
+  description = "Terraform acceptance tests!"
+  visibility_level = "public"
+}
+	`, rInt, rInt, rInt, rInt)
+}
+
+func testAccGitlabProjectSharedWithGroup2(rInt int) string {
+	return fmt.Sprintf(`
+resource "gitlab_project" "foo" {
+  name = "foo-%d"
+  path = "foo.%d"
+  description = "Terraform acceptance tests"
+  visibility_level = "public"
+
+  shared_with_groups = [
+    {
+		group_id           = "${gitlab_group.foo.id}"
+        group_access_level = "guest"
+	},
+	{
+		group_id           = "${gitlab_group.foo2.id}"
+        group_access_level = "developer"
+    }
+  ]
+}
+
+resource "gitlab_group" "foo" {
+  name = "foo-name-%d"
+  path = "foo-path-%d"
+  description = "Terraform acceptance tests!"
+  visibility_level = "public"
+}
+
+resource "gitlab_group" "foo2" {
+  name = "foo2-name-%d"
+  path = "foo2-path-%d"
+  description = "Terraform acceptance tests!"
+  visibility_level = "public"
+}
+	`, rInt, rInt, rInt, rInt, rInt, rInt)
+}

gitlab/util.go

@@ -10,6 +10,22 @@ import (
 	"time"
 )
 
+var accessLevelNameToValue = map[string]gitlab.AccessLevelValue{
+	"guest":     gitlab.GuestPermissions,
+	"reporter":  gitlab.ReporterPermissions,
+	"developer": gitlab.DeveloperPermissions,
+	"master":    gitlab.MasterPermissions,
+	"owner":     gitlab.OwnerPermission,
+}
+
+var accessLevelValueToName = map[gitlab.AccessLevelValue]string{
+	gitlab.GuestPermissions:     "guest",
+	gitlab.ReporterPermissions:  "reporter",
+	gitlab.DeveloperPermissions: "developer",
+	gitlab.MasterPermissions:    "master",
+	gitlab.OwnerPermission:      "owner",
+}
+
 // copied from ../github/util.go
 func validateValueFunc(values []string) schema.SchemaValidateFunc {
 	return func(v interface{}, k string) (we []string, errors []error) {