Add protected_branch_ids to gitlab_project_approval_rule (#542)

sirlatrom · web-flow · commit 401790a952df · 2021-07-14T13:57:23.000-07:00
Signed-off-by: Sune Keller &lt;absukl@almbrand.dk&gt;
diff --git a/docs/resources/project_approval_rule.md b/docs/resources/project_approval_rule.md
@@ -17,12 +17,20 @@ resource "gitlab_project_approval_rule" "example-one" {
   group_ids          = [51]
 }
 
-resource "gitlab_project_approval_rule" "example-two" {
+resource "gitlab_branch_protection" "example" {
   project            = 5
-  name               = "Example Rule 2"
-  approvals_required = 1
-  user_ids           = []
-  group_ids          = [52]
+  branch             = "main"
+  push_access_level  = "developer"
+  merge_access_level = "developer"
+}
+
+resource "gitlab_project_approval_rule" "example-two" {
+  project              = 5
+  name                 = "Example Rule 2"
+  approvals_required   = 1
+  user_ids             = []
+  group_ids            = [52]
+  protected_branch_ids = [gitlab_branch_protection.example.id]
 }
 ```
 
@@ -38,7 +46,9 @@ The following arguments are supported:
 
 * `user_ids` - (Optional)  A list of specific User IDs to add to the list of approvers.
 
-* `group_ids` - (Optional) A list of group IDs who's members can approve of the merge request
+* `group_ids` - (Optional) A list of group IDs whose members can approve of the merge request.
+
+* `protected_branch_ids` - (Optional) A list of protected branch IDs for which the rule applies.
 
 ## Import
 
diff --git a/gitlab/resource_gitlab_project_approval_rule.go b/gitlab/resource_gitlab_project_approval_rule.go
@@ -47,16 +47,23 @@ func resourceGitlabProjectApprovalRule() *schema.Resource {
 				Elem:     &schema.Schema{Type: schema.TypeInt},
 				Set:      schema.HashInt,
 			},
+			"protected_branch_ids": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeInt},
+				Set:      schema.HashInt,
+			},
 		},
 	}
 }
 
 func resourceGitlabProjectApprovalRuleCreate(d *schema.ResourceData, meta interface{}) error {
 	options := gitlab.CreateProjectLevelRuleOptions{
-		Name:              gitlab.String(d.Get("name").(string)),
-		ApprovalsRequired: gitlab.Int(d.Get("approvals_required").(int)),
-		UserIDs:           expandApproverIds(d.Get("user_ids")),
-		GroupIDs:          expandApproverIds(d.Get("group_ids")),
+		Name:               gitlab.String(d.Get("name").(string)),
+		ApprovalsRequired:  gitlab.Int(d.Get("approvals_required").(int)),
+		UserIDs:            expandApproverIds(d.Get("user_ids")),
+		GroupIDs:           expandApproverIds(d.Get("group_ids")),
+		ProtectedBranchIDs: expandProtectedBranchIDs(d.Get("protected_branch_ids")),
 	}
 
 	project := d.Get("project").(string)
@@ -106,6 +113,10 @@ func resourceGitlabProjectApprovalRuleRead(d *schema.ResourceData, meta interfac
 		return err
 	}
 
+	if err := d.Set("protected_branch_ids", flattenProtectedBranchIDs(rule.ProtectedBranches)); err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -121,10 +132,11 @@ func resourceGitlabProjectApprovalRuleUpdate(d *schema.ResourceData, meta interf
 	}
 
 	options := gitlab.UpdateProjectLevelRuleOptions{
-		Name:              gitlab.String(d.Get("name").(string)),
-		ApprovalsRequired: gitlab.Int(d.Get("approvals_required").(int)),
-		UserIDs:           expandApproverIds(d.Get("user_ids")),
-		GroupIDs:          expandApproverIds(d.Get("group_ids")),
+		Name:               gitlab.String(d.Get("name").(string)),
+		ApprovalsRequired:  gitlab.Int(d.Get("approvals_required").(int)),
+		UserIDs:            expandApproverIds(d.Get("user_ids")),
+		GroupIDs:           expandApproverIds(d.Get("group_ids")),
+		ProtectedBranchIDs: expandProtectedBranchIDs(d.Get("protected_branch_ids")),
 	}
 
 	log.Printf("[DEBUG] Project %s update gitlab project-level approval rule %s", projectID, *options.Name)
@@ -215,6 +227,16 @@ func flattenApprovalRuleGroupIDs(groups []*gitlab.Group) []int {
 	return groupIDs
 }
 
+func flattenProtectedBranchIDs(protectedBranches []*gitlab.ProtectedBranch) []int {
+	var protectedBranchIDs []int
+
+	for _, protectedBranch := range protectedBranches {
+		protectedBranchIDs = append(protectedBranchIDs, protectedBranch.ID)
+	}
+
+	return protectedBranchIDs
+}
+
 // expandApproverIds Expands an interface into a list of ints to read from state.
 func expandApproverIds(ids interface{}) []int {
 	var approverIDs []int
@@ -225,3 +247,13 @@ func expandApproverIds(ids interface{}) []int {
 
 	return approverIDs
 }
+
+func expandProtectedBranchIDs(ids interface{}) []int {
+	var protectedBranchIDs []int
+
+	for _, id := range ids.(*schema.Set).List() {
+		protectedBranchIDs = append(protectedBranchIDs, id.(int))
+	}
+
+	return protectedBranchIDs
+}
diff --git a/gitlab/resource_gitlab_project_approval_rule_test.go b/gitlab/resource_gitlab_project_approval_rule_test.go
@@ -29,11 +29,12 @@ func TestAccGitLabProjectApprovalRule_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGitlabProjectApprovalRuleExists("gitlab_project_approval_rule.foo", &projectApprovalRule),
 					testAccCheckGitlabProjectApprovalRuleAttributes(&projectApprovalRule, &testAccGitlabProjectApprovalRuleExpectedAttributes{
-						ApproverUsernames: []string{fmt.Sprintf("foo-user-%d", randomInt)},
-						ApprovalsRequired: 3,
-						GroupPaths:        []string{fmt.Sprintf("foo-group-%d", randomInt)},
-						Name:              fmt.Sprintf("foo rule %d", randomInt),
-						RandomInt:         randomInt,
+						ApproverUsernames:    []string{fmt.Sprintf("foo-user-%d", randomInt)},
+						ApprovalsRequired:    3,
+						GroupPaths:           []string{fmt.Sprintf("foo-group-%d", randomInt)},
+						ProtectedBranchNames: []string{"master"},
+						Name:                 fmt.Sprintf("foo rule %d", randomInt),
+						RandomInt:            randomInt,
 					}),
 				),
 			},
@@ -53,8 +54,9 @@ func TestAccGitLabProjectApprovalRule_basic(t *testing.T) {
 							fmt.Sprintf("bar-group-%d", randomInt),
 							fmt.Sprintf("foo-group-%d", randomInt),
 						},
-						Name:      fmt.Sprintf("foo rule %d", randomInt),
-						RandomInt: randomInt,
+						ProtectedBranchNames: []string{"master"},
+						Name:                 fmt.Sprintf("foo rule %d", randomInt),
+						RandomInt:            randomInt,
 					}),
 				),
 			},
@@ -68,10 +70,11 @@ func TestAccGitLabProjectApprovalRule_basic(t *testing.T) {
 							fmt.Sprintf("bar-user-%d", randomInt),
 							fmt.Sprintf("qux-user-%d", randomInt),
 						},
-						ApprovalsRequired: 1,
-						GroupPaths:        []string{fmt.Sprintf("bar-group-%d", randomInt)},
-						Name:              fmt.Sprintf("foo rule %d", randomInt),
-						RandomInt:         randomInt,
+						ApprovalsRequired:    1,
+						GroupPaths:           []string{fmt.Sprintf("bar-group-%d", randomInt)},
+						ProtectedBranchNames: []string{"master"},
+						Name:                 fmt.Sprintf("foo rule %d", randomInt),
+						RandomInt:            randomInt,
 					}),
 				),
 			},
@@ -102,11 +105,12 @@ func TestAccGitLabProjectApprovalRule_import(t *testing.T) {
 }
 
 type testAccGitlabProjectApprovalRuleExpectedAttributes struct {
-	ApprovalsRequired int
-	ApproverUsernames []string
-	GroupPaths        []string
-	Name              string
-	RandomInt         int
+	ApprovalsRequired    int
+	ApproverUsernames    []string
+	GroupPaths           []string
+	ProtectedBranchNames []string
+	Name                 string
+	RandomInt            int
 }
 
 func testAccCheckGitlabProjectApprovalRuleAttributes(projectApprovalRule *gitlab.ProjectApprovalRule, want *testAccGitlabProjectApprovalRuleExpectedAttributes) resource.TestCheckFunc {
@@ -145,6 +149,16 @@ func testAccCheckGitlabProjectApprovalRuleAttributes(projectApprovalRule *gitlab
 			return fmt.Errorf("got groups %s; want %s", groupPaths, want.GroupPaths)
 		}
 
+		var protectedBranchNames []string
+		for _, protectedBranch := range projectApprovalRule.ProtectedBranches {
+			protectedBranchNames = append(protectedBranchNames, protectedBranch.Name)
+		}
+		sort.Strings(protectedBranchNames)
+
+		if !reflect.DeepEqual(protectedBranchNames, want.ProtectedBranchNames) {
+			return fmt.Errorf("got protected branches %v; want %v", protectedBranchNames, want.ProtectedBranchNames)
+		}
+
 		return nil
 	}
 }
@@ -157,100 +171,108 @@ func testAccGitLabProjectApprovalRuleConfig(
 ) string {
 	return fmt.Sprintf(`
 resource "gitlab_user" "foo" {
-	name             = "foo user"
-	username         = "foo-user-%[1]d"
-	password         = "foo12345"
-	email            = "foo-user%[1]d@ssss.com"
-	is_admin         = false
+  name             = "foo user"
+  username         = "foo-user-%[1]d"
+  password         = "foo12345"
+  email            = "foo-user%[1]d@ssss.com"
+  is_admin         = false
   projects_limit   = 2
   can_create_group = false
   is_external      = false
 }
 
 resource "gitlab_user" "bar" {
-	name             = "bar user"
-	username         = "bar-user-%[1]d"
-	password         = "bar12345"
-	email            = "bar-user%[1]d@ssss.com"
-	is_admin         = false
+  name             = "bar user"
+  username         = "bar-user-%[1]d"
+  password         = "bar12345"
+  email            = "bar-user%[1]d@ssss.com"
+  is_admin         = false
   projects_limit   = 2
   can_create_group = false
   is_external      = false
 }
 
 resource "gitlab_user" "baz" {
-	name             = "baz user"
-	username         = "baz-user-%[1]d"
-	password         = "baz12345"
-	email            = "baz-user%[1]d@ssss.com"
-	is_admin         = false
+  name             = "baz user"
+  username         = "baz-user-%[1]d"
+  password         = "baz12345"
+  email            = "baz-user%[1]d@ssss.com"
+  is_admin         = false
   projects_limit   = 2
   can_create_group = false
   is_external      = false
 }
 
 resource "gitlab_user" "qux" {
-	name             = "qux user"
-	username         = "qux-user-%[1]d"
-	password         = "qux12345"
-	email            = "qux-user%[1]d@ssss.com"
-	is_admin         = false
+  name             = "qux user"
+  username         = "qux-user-%[1]d"
+  password         = "qux12345"
+  email            = "qux-user%[1]d@ssss.com"
+  is_admin         = false
   projects_limit   = 2
   can_create_group = false
   is_external      = false
 }
 
 resource "gitlab_project" "foo" {
-	name              = "foo project %[1]d"
-	path              = "foo-project-%[1]d"
-	description       = "Terraform acceptance test - Approval Rule"
-	visibility_level  = "public"
+  name             = "foo project %[1]d"
+  path             = "foo-project-%[1]d"
+  description      = "Terraform acceptance test - Approval Rule"
+  visibility_level = "public"
+}
+
+resource "gitlab_branch_protection" "default" {
+  project            = gitlab_project.foo.id
+  branch             = gitlab_project.foo.default_branch
+  push_access_level  = "maintainer"
+  merge_access_level = "developer"
 }
 
 resource "gitlab_project_membership" "baz" {
-  project_id     = gitlab_project.foo.id
-  user_id        = gitlab_user.baz.id
-  access_level   = "developer"
+  project_id   = gitlab_project.foo.id
+  user_id      = gitlab_user.baz.id
+  access_level = "developer"
 }
 
 resource "gitlab_project_membership" "qux" {
-  project_id     = gitlab_project.foo.id
-  user_id        = gitlab_user.qux.id
-  access_level   = "developer"
+  project_id   = gitlab_project.foo.id
+  user_id      = gitlab_user.qux.id
+  access_level = "developer"
 }
 
 resource "gitlab_group" "foo" {
-	name             = "foo-group %[1]d"
-	path             = "foo-group-%[1]d"
-	description      = "Terraform acceptance tests - Approval Rule"
-	visibility_level = "public"
+  name             = "foo-group %[1]d"
+  path             = "foo-group-%[1]d"
+  description      = "Terraform acceptance tests - Approval Rule"
+  visibility_level = "public"
 }
 
 resource "gitlab_group" "bar" {
-	name             = "bar-group %[1]d"
-	path             = "bar-group-%[1]d"
-	description      = "Terraform acceptance tests - Approval Rule"
-	visibility_level = "public"
+  name             = "bar-group %[1]d"
+  path             = "bar-group-%[1]d"
+  description      = "Terraform acceptance tests - Approval Rule"
+  visibility_level = "public"
 }
 
 resource "gitlab_group_membership" "foo" {
-  group_id         = gitlab_group.foo.id
-  user_id          = gitlab_user.foo.id
-  access_level     = "developer"
+  group_id     = gitlab_group.foo.id
+  user_id      = gitlab_user.foo.id
+  access_level = "developer"
 }
 
 resource "gitlab_group_membership" "bar" {
-  group_id        = gitlab_group.bar.id
-  user_id         = gitlab_user.bar.id
-  access_level    = "developer"
+  group_id     = gitlab_group.bar.id
+  user_id      = gitlab_user.bar.id
+  access_level = "developer"
 }
 
 resource "gitlab_project_approval_rule" "foo" {
-	project            = gitlab_project.foo.id
-	name               = "foo rule %[1]d"
-	approvals_required = %d
-	user_ids           = [%s]
-	group_ids          = [%s]
+  project              = gitlab_project.foo.id
+  name                 = "foo rule %[1]d"
+  approvals_required   = %d
+  user_ids             = [%s]
+  group_ids            = [%s]
+  protected_branch_ids = [gitlab_branch_protection.default.id]
 }
 	`,
 		randomInt,
