Allow to filter members by their access_level

Author: ilpianista

gitlab/data_source_gitlab_group_membership.go

@@ -3,12 +3,18 @@ package gitlab
 import (
 	"fmt"
 	"log"
+	"strconv"
+	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/xanzy/go-gitlab"
 )
 
 func dataSourceGitlabGroupMembership() *schema.Resource {
+	acceptedAccessLevels := make([]string, 0, len(accessLevelID))
+	for k := range accessLevelID {
+		acceptedAccessLevels = append(acceptedAccessLevels, k)
+	}
 	return &schema.Resource{
 		Read: dataSourceGitlabGroupMembershipRead,
 		Schema: map[string]*schema.Schema{
@@ -28,6 +34,12 @@ func dataSourceGitlabGroupMembership() *schema.Resource {
 					"group_id",
 				},
 			},
+			"access_level": {
+				Type:         schema.TypeString,
+				Computed:     true,
+				Optional:     true,
+				ValidateFunc: validateValueFunc(acceptedAccessLevels),
+			},
 			"members": {
 				Type:     schema.TypeList,
 				Computed: true,
@@ -111,16 +123,34 @@ func dataSourceGitlabGroupMembershipRead(d *schema.ResourceData, meta interface{
 	d.Set("group_id", group.ID)
 	d.Set("full_path", group.FullPath)
 
-	d.Set("members", flattenGitlabMembers(gm))
-	d.SetId(fmt.Sprintf("%d", group.ID))
+	d.Set("members", flattenGitlabMembers(d, gm))
+
+	var optionsHash strings.Builder
+	optionsHash.WriteString(strconv.Itoa(group.ID))
+
+	if data, ok := d.GetOk("access_level"); ok {
+		optionsHash.WriteString(data.(string))
+	}
+
+	id := schema.HashString(optionsHash.String())
+	d.SetId(fmt.Sprintf("%d", id))
 
 	return nil
 }
 
-func flattenGitlabMembers(members []*gitlab.GroupMember) []interface{} {
+func flattenGitlabMembers(d *schema.ResourceData, members []*gitlab.GroupMember) []interface{} {
 	membersList := []interface{}{}
 
+	var filterAccessLevel gitlab.AccessLevelValue = gitlab.NoPermissions
+	if data, ok := d.GetOk("access_level"); ok {
+		filterAccessLevel = accessLevelID[data.(string)]
+	}
+
 	for _, member := range members {
+		if filterAccessLevel != gitlab.NoPermissions && filterAccessLevel != member.AccessLevel {
+			continue
+		}
+
 		values := map[string]interface{}{
 			"id":           member.ID,
 			"username":     member.Username,

gitlab/data_source_gitlab_group_membership_test.go

@@ -32,6 +32,14 @@ func TestAccDataSourceGitlabMembership_basic(t *testing.T) {
 					resource.TestCheckResourceAttr("data.gitlab_group_membership.foo", "members.1.username", fmt.Sprintf("listest%d", rInt)),
 				),
 			},
+
+			// Get group using its ID, but return maintainers only
+			{
+				Config: testAccDataSourceGitlabGroupMembershipConfigFilterAccessLevel(rInt),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.gitlab_group_membership.foomaintainers", "members.#", "0"),
+				),
+			},
 		},
 	})
 }
@@ -68,3 +76,16 @@ data "gitlab_group_membership" "foo" {
   group_id = "${gitlab_group.foo.id}"
 }`, rInt, rInt)
 }
+
+func testAccDataSourceGitlabGroupMembershipConfigFilterAccessLevel(rInt int) string {
+	return fmt.Sprintf(`
+resource "gitlab_group" "foo" {
+  name = "foo%d"
+  path = "foo%d"
+}
+
+data "gitlab_group_membership" "foomaintainers" {
+  group_id     = "${gitlab_group.foo.id}"
+  access_level = "maintainer"
+}`, rInt, rInt)
+}

website/docs/d/group_membership.html.markdown

@@ -36,6 +36,8 @@ The following arguments are supported:
 
 * `full_path` - (Optional) The full path of the group.
 
+* `access_level` - (Optional) Only return members with the desidered access level. Acceptable values are: `guest`, `reporter`, `developer`, `maintainer`, `owner`.
+
 **Note**: exactly one of group_id or full_path must be provided.
 
 ## Attributes Reference