feat(gitlab_project_access_token): add access_level

MrLuje · MrLuje · commit 5d3ec854470c · 2022-03-29T18:01:14.000+02:00
diff --git a/internal/provider/resource_gitlab_project_access_token.go b/internal/provider/resource_gitlab_project_access_token.go
@@ -90,17 +90,27 @@ var _ = registerResource("gitlab_project_access_token", func() *schema.Resource
 				Type:        schema.TypeInt,
 				Computed:    true,
 			},
+			"access_level": {
+				Description:      fmt.Sprintf("The access level of the associated user_id membership (cf resource_gitlab_project_membership). Valid values are: %s", renderValueListForDocs(validProjectAccessLevelNames)),
+				Type:             schema.TypeString,
+				ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice(validProjectAccessLevelNames, false)),
+				Optional:         true,
+				Default:          accessLevelValueToName[gitlab.MaintainerPermissions],
+				ForceNew:         true,
+			},
 		},
 	}
 })
 
 func resourceGitlabProjectAccessTokenCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	client := meta.(*gitlab.Client)
-
+	accessLevelId := accessLevelNameToValue[d.Get("access_level").(string)]
 	project := d.Get("project").(string)
+
 	options := &gitlab.CreateProjectAccessTokenOptions{
-		Name:   gitlab.String(d.Get("name").(string)),
-		Scopes: stringSetToStringSlice(d.Get("scopes").(*schema.Set)),
+		Name:        gitlab.String(d.Get("name").(string)),
+		Scopes:      stringSetToStringSlice(d.Get("scopes").(*schema.Set)),
+		AccessLevel: &accessLevelId,
 	}
 
 	log.Printf("[DEBUG] create gitlab ProjectAccessToken %s %s for project ID %s", *options.Name, options.Scopes, project)
@@ -172,6 +182,7 @@ func resourceGitlabProjectAccessTokenRead(ctx context.Context, d *schema.Resourc
 				d.Set("created_at", projectAccessToken.CreatedAt.String())
 				d.Set("revoked", projectAccessToken.Revoked)
 				d.Set("user_id", projectAccessToken.UserID)
+				d.Set("access_level", accessLevelValueToName[projectAccessToken.AccessLevel])
 
 				err = d.Set("scopes", projectAccessToken.Scopes)
 				if err != nil {
diff --git a/internal/provider/resource_gitlab_project_access_token_test.go b/internal/provider/resource_gitlab_project_access_token_test.go
@@ -30,9 +30,10 @@ func TestAccGitlabProjectAccessToken_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGitlabProjectAccessTokenExists("gitlab_project_access_token.bar", &pat),
 					testAccCheckGitlabProjectAccessTokenAttributes(&pat, &testAccGitlabProjectAccessTokenExpectedAttributes{
-						name:      "my project token",
-						scopes:    map[string]bool{"read_repository": true, "api": true, "write_repository": true, "read_api": true},
-						expiresAt: "2022-04-01",
+						name:        "my project token",
+						scopes:      map[string]bool{"read_repository": true, "api": true, "write_repository": true, "read_api": true},
+						expiresAt:   "2022-04-01",
+						accessLevel: accessLevelValueToName[gitlab.MaintainerPermissions], // default permission on gitlab side when unspecified
 					}),
 				),
 			},
@@ -92,6 +93,56 @@ func TestAccGitlabProjectAccessToken_basic(t *testing.T) {
 	})
 }
 
+func TestAccGitlabProjectAccessToken_accessLevel(t *testing.T) {
+	var pat testAccGitlabProjectAccessTokenWrapper
+	rInt := acctest.RandInt()
+
+	testAccGitlabProjectStart(t)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: providerFactories,
+		CheckDestroy:      testAccCheckGitlabProjectAccessTokenDestroy,
+		Steps: []resource.TestStep{
+			// Create a project and a Project Access Token
+			{
+				Config: testAccGitlabProjectAccessTokenConfigWithAccessLevel(rInt, accessLevelValueToName[gitlab.MaintainerPermissions]),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGitlabProjectAccessTokenExists("gitlab_project_access_token.bar", &pat),
+					testAccCheckGitlabProjectAccessTokenAttributes(&pat, &testAccGitlabProjectAccessTokenExpectedAttributes{
+						name:        "my project token",
+						scopes:      map[string]bool{"read_repository": true, "api": true, "write_repository": true, "read_api": true},
+						expiresAt:   "2022-04-01",
+						accessLevel: accessLevelValueToName[gitlab.MaintainerPermissions],
+					}),
+				),
+			},
+			// Update the Project Access Token to change the parameters
+			{
+				Config: testAccGitlabProjectAccessTokenConfigWithAccessLevel(rInt, accessLevelValueToName[gitlab.DeveloperPermissions]),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGitlabProjectAccessTokenExists("gitlab_project_access_token.bar", &pat),
+					testAccCheckGitlabProjectAccessTokenAttributes(&pat, &testAccGitlabProjectAccessTokenExpectedAttributes{
+						name:        "my project token",
+						scopes:      map[string]bool{"read_repository": true, "api": true, "write_repository": true, "read_api": true},
+						expiresAt:   "2022-04-01",
+						accessLevel: accessLevelValueToName[gitlab.DeveloperPermissions],
+					}),
+				),
+			},
+			// Verify import
+			{
+				ResourceName:      "gitlab_project_access_token.bar",
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{
+					// the token is only known during creating. We explicitly mention this limitation in the docs.
+					"token",
+				},
+			},
+		}})
+}
+
 func testAccCheckGitlabProjectAccessTokenDoesNotExist(pat *testAccGitlabProjectAccessTokenWrapper) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		return gomega.InterceptGomegaFailure(func() {
@@ -155,9 +206,10 @@ func testAccCheckGitlabProjectAccessTokenExists(n string, pat *testAccGitlabProj
 }
 
 type testAccGitlabProjectAccessTokenExpectedAttributes struct {
-	name      string
-	scopes    map[string]bool
-	expiresAt string
+	name        string
+	scopes      map[string]bool
+	expiresAt   string
+	accessLevel string
 }
 
 type testAccGitlabProjectAccessTokenWrapper struct {
@@ -304,3 +356,24 @@ resource "gitlab_project_variable" "var" {
 
 	`, rInt)
 }
+
+func testAccGitlabProjectAccessTokenConfigWithAccessLevel(rInt int, level string) string {
+	return fmt.Sprintf(`
+resource "gitlab_project" "foo" {
+  name = "foo-%d"
+  description = "Terraform acceptance tests"
+
+  # So that acceptance tests can be run in a gitlab organization
+  # with no billing
+  visibility_level = "public"
+}
+
+resource "gitlab_project_access_token" "bar" {
+  name = "my project token"
+  project = gitlab_project.foo.id
+  expires_at = "2022-04-01"
+  scopes = ["read_repository" , "api", "write_repository", "read_api"]
+  access_level = "%s"
+}
+	`, rInt, level)
+}
